Alexander Wels has posted comments on this change. Change subject: engine, webadmin: Webadmin read reports.xml from remote reports app ......................................................................
Patch Set 27: (1 comment) http://gerrit.ovirt.org/#/c/29723/27/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/RedirectServlet.java File backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/servlet/RedirectServlet.java: Line 47: redirectUrl += "?"; Line 48: } else { Line 49: redirectUrl += "&"; Line 50: } Line 51: redirectUrl += queryString; Findbugs has an issue with this line. You are basically passing the passed in query string straight into the header without sanitizing it first (with the sendRedirect). More information can be found here [1] Basically to make find bugs happy you need to sanitize, or encode the query string. [1] https://www.owasp.org/index.php/HTTP_Response_Splitting Line 52: } Line 53: response.sendRedirect(redirectUrl); Line 54: } -- To view, visit http://gerrit.ovirt.org/29723 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I76db7ab889f21de083bb3c8276e8abb77b68fdb3 Gerrit-PatchSet: 27 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Alexander Wels <aw...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Alona Kaplan <alkap...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Shirly Radco <sra...@redhat.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: Yaniv Dary <yd...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
