Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write)
- Coverity fix for localStorage write issue: For storing datas
in browser localStorage so changed it to sessionStorage
Change-Id: I3fdce439b923e006b44a50a42fab19b7ffbcdec6
Signed-off-by: SANDHYA.JS <sandhya.j@tataelxsi.co.in>
diff --git a/src/app/utilities/change-password/ChangePasswordComponent.ts b/src/app/utilities/change-password/ChangePasswordComponent.ts
index 4c6aa5a..2b32a8b 100644
--- a/src/app/utilities/change-password/ChangePasswordComponent.ts
+++ b/src/app/utilities/change-password/ChangePasswordComponent.ts
@@ -61,7 +61,7 @@
public ngOnInit(): void {
// eslint-disable-next-line security/detect-non-literal-fs-filename
const modalRef: NgbModalRef = this.modalService.open(AddEditUserComponent, { backdrop: 'static', keyboard: false });
- modalRef.componentInstance.userID = localStorage.getItem('user_id');
+ modalRef.componentInstance.userID = sessionStorage.getItem('user_id');
if (this.editType === 'changePassword') {
modalRef.componentInstance.userTitle = this.translateService.instant('PAGE.USERS.EDITCREDENTIALS');
}
diff --git a/src/app/utilities/project-link/ProjectLinkComponent.ts b/src/app/utilities/project-link/ProjectLinkComponent.ts
index 5f956f2..86feb97 100644
--- a/src/app/utilities/project-link/ProjectLinkComponent.ts
+++ b/src/app/utilities/project-link/ProjectLinkComponent.ts
@@ -63,13 +63,13 @@
}
public ngOnInit(): void {
- this.selectedProject = localStorage.getItem('project');
+ this.selectedProject = sessionStorage.getItem('project');
this.getAdminProjects();
}
/** Get the admin projects to be selectable @public */
public getAdminProjects(): void {
- const username: string = localStorage.getItem('username');
+ const username: string = sessionStorage.getItem('username');
this.restService.getResource(environment.USERS_URL + '/' + username).subscribe((projects: UserDetail) => {
this.projectList = projects.project_role_mappings;
this.isPresent = this.projectList.some((item: ProjectData) => item.project === this.value.project);
diff --git a/src/app/utilities/switch-project/SwitchProjectComponent.ts b/src/app/utilities/switch-project/SwitchProjectComponent.ts
index f3dffcb..b7bc9a4 100644
--- a/src/app/utilities/switch-project/SwitchProjectComponent.ts
+++ b/src/app/utilities/switch-project/SwitchProjectComponent.ts
@@ -124,12 +124,12 @@
};
this.restService.postResource(apiURLHeader, payLoad).subscribe((data: LOCALSTORAGE) => {
if (data) {
- localStorage.setItem('id_token', data.id);
- localStorage.setItem('project_id', this.params.projectID);
- localStorage.setItem('expires', data.expires.toString());
- localStorage.setItem('username', data.username);
- localStorage.setItem('project', data.project_name);
- localStorage.setItem('token_state', data.id);
+ sessionStorage.setItem('id_token', data.id);
+ sessionStorage.setItem('project_id', this.params.projectID);
+ sessionStorage.setItem('expires', data.expires.toString());
+ sessionStorage.setItem('username', data.username);
+ sessionStorage.setItem('project', data.project_name);
+ sessionStorage.setItem('token_state', data.id);
this.activeModal.close();
if (this.router.url.includes('history-operations')) {
this.router.navigate(['/instances/ns']).then((): void => {
diff --git a/src/app/utilities/users-action/UsersActionComponent.ts b/src/app/utilities/users-action/UsersActionComponent.ts
index 04fd58a..799779d 100644
--- a/src/app/utilities/users-action/UsersActionComponent.ts
+++ b/src/app/utilities/users-action/UsersActionComponent.ts
@@ -74,8 +74,8 @@
* Lifecyle Hooks the trigger before component is instantiate
*/
public ngOnInit(): void {
- this.isAdminShow = localStorage.getItem('admin_show') === 'true' ? true : false;
- this.isUserShow = localStorage.getItem('user_show') === 'true' ? true : false;
+ this.isAdminShow = sessionStorage.getItem('admin_show') === 'true' ? true : false;
+ this.isUserShow = sessionStorage.getItem('user_show') === 'true' ? true : false;
if (!isNullOrUndefined(this.value.user_status)) {
this.isUserStatus = this.value.user_status;
}
@@ -134,8 +134,8 @@
public unlockRenewUser(editType: string): void {
// eslint-disable-next-line security/detect-non-literal-fs-filename
const modalRef: NgbModalRef = this.modalService.open(WarningComponent, { backdrop: 'static' });
- localStorage.setItem('renew', 'true');
- const id: string = localStorage.getItem('user_id');
+ sessionStorage.setItem('renew', 'true');
+ const id: string = sessionStorage.getItem('user_id');
if (editType === 'unlock') {
modalRef.componentInstance.heading = this.translateService.instant('Unlock User');
modalRef.componentInstance.confirmationMessage = this.translateService.instant('Are you sure want to unlock this user');
diff --git a/src/app/utilities/warning/WarningComponent.ts b/src/app/utilities/warning/WarningComponent.ts
index c687fb0..d52e989 100644
--- a/src/app/utilities/warning/WarningComponent.ts
+++ b/src/app/utilities/warning/WarningComponent.ts
@@ -113,7 +113,7 @@
const modalData: MODALCLOSERESPONSEDATA = {
message: 'Done'
};
- const id: string = localStorage.getItem('user_id');
+ const id: string = sessionStorage.getItem('user_id');
const payLoad: UNLOCKPARAMS = {};
if (this.editType === 'unlock') {
payLoad.system_admin_id = id;