Alon Bar-Lev has posted comments on this change. Change subject: userportal,webadmin: token generation fix ......................................................................
Patch Set 1: (1 comment) http://gerrit.ovirt.org/#/c/30849/1/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java File frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/OvirtXsrfTokenServiceServlet.java: Line 19: return new XsrfToken(generateTokenValueResponse()); Line 20: } Line 21: Line 22: private String generateTokenValueResponse() { Line 23: byte[] cookieBytes = getThreadLocalRequest().getSession().getId().getBytes(); > Similar code exists in XsrfTokenServiceServlet#generateTokenValue about the encoding, first it is partial correct, and using jre defaults within a container which is shared is not wise, also all static code scanners alerts that. Line 24: return StringUtils.toHexString(Md5Utils.getMd5Digest(cookieBytes)); Line 25: } -- To view, visit http://gerrit.ovirt.org/30849 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3e9a234bada73873f398d4220808f573810440dc Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Einav Cohen <eco...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
