Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

CQL and URL injection

Description

At least three java files have CQL and/or URL injection issues because special characters are not masked before passing them on.

provides methods that mask CQL and URL parameter Strings:

https://github.com/folio-org/raml-module-builder/blob/v35.0.3/util/src/main/java/org/folio/util/StringUtil.java

Please make a code review of all .java files of mod-ncip and fix all CQL and URL injection issues.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Michelle Suranofsky January 19, 2023 at 4:38 PM

- yes - I've updated the status to reflect that.

Axel Dörrer January 19, 2023 at 4:21 PM

is this work still in progress?

Michelle Suranofsky December 1, 2022 at 4:41 PM

  - yes I will make the changes.  thank you!

Craig McNally December 1, 2022 at 4:34 PM

can you please take a look at this?

Done

Details

Assignee

Reporter

Labels

Priority

Development Team

EBSCO - FSE

Fix versions

RCA Group

Implementation coding issue

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created November 22, 2022 at 12:44 PM
Updated March 22, 2023 at 1:11 PM
Resolved February 23, 2023 at 1:26 PM
TestRail: Cases
TestRail: Runs