Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write)
- Coverity fix for localStorage write issue: For storing datas
in browser localStorage so changed it to sessionStorage
Change-Id: Ie35774b610b08e1e412394bd2ec544c013ac8730
Signed-off-by: SANDHYA.JS <sandhya.j@tataelxsi.co.in>
diff --git a/src/app/AppComponent.ts b/src/app/AppComponent.ts
index 04ad8d8..5af5609 100644
--- a/src/app/AppComponent.ts
+++ b/src/app/AppComponent.ts
@@ -86,7 +86,7 @@
public idleTimeOut(): void {
this.idle.onTimeout.subscribe(() => {
this.idle.stop();
- if (localStorage.getItem('id_token') !== null) {
+ if (sessionStorage.getItem('id_token') !== null) {
this.authService.logout();
}
});
diff --git a/src/app/AppModule.ts b/src/app/AppModule.ts
index 70f10dc..c4efae0 100644
--- a/src/app/AppModule.ts
+++ b/src/app/AppModule.ts
@@ -221,14 +221,14 @@
return async (): Promise<any> => {
await injector.get(LOCATION_INITIALIZED, Promise.resolve(null));
translate.setDefaultLang('en');
- const languageCode: string = localStorage.getItem('languageCode');
+ const languageCode: string = sessionStorage.getItem('languageCode');
if (languageCode !== null && languageCode !== undefined && languageCode !== '') {
await translate.use(languageCode).toPromise().catch(() => {
translate.setDefaultLang('en');
});
} else {
await translate.use('en').toPromise();
- localStorage.setItem('languageCode', 'en');
+ sessionStorage.setItem('languageCode', 'en');
}
};
}
diff --git a/src/app/dashboard/DashboardComponent.ts b/src/app/dashboard/DashboardComponent.ts
index 56b79a4..47162e5 100644
--- a/src/app/dashboard/DashboardComponent.ts
+++ b/src/app/dashboard/DashboardComponent.ts
@@ -173,7 +173,7 @@
*/
public ngOnInit(): void {
this.username$ = this.authService.username;
- this.isAdmin = (localStorage.getItem('isAdmin') === 'true') ? true : false;
+ this.isAdmin = (sessionStorage.getItem('isAdmin') === 'true') ? true : false;
this.selectedProject = this.authService.ProjectName;
this.checkAdminPrivilege();
this.getUserAccessedProjects();
diff --git a/src/app/layouts/breadcrumb/BreadcrumbComponent.ts b/src/app/layouts/breadcrumb/BreadcrumbComponent.ts
index e273cda..d8d38be 100644
--- a/src/app/layouts/breadcrumb/BreadcrumbComponent.ts
+++ b/src/app/layouts/breadcrumb/BreadcrumbComponent.ts
@@ -98,7 +98,7 @@
if (!isNullOrUndefined(item.title)) {
item.title = item.title.replace('{type}', this.checkTitle(item, child.snapshot.params.type));
item.title = item.title.replace('{id}', child.snapshot.params.id);
- item.title = item.title.replace('{project}', localStorage.getItem('project'));
+ item.title = item.title.replace('{project}', sessionStorage.getItem('project'));
}
if (!isNullOrUndefined(item.url)) {
item.url = item.url.replace('{type}', child.snapshot.params.type);
diff --git a/src/app/layouts/header/HeaderComponent.ts b/src/app/layouts/header/HeaderComponent.ts
index b496ff1..f90b5b6 100644
--- a/src/app/layouts/header/HeaderComponent.ts
+++ b/src/app/layouts/header/HeaderComponent.ts
@@ -85,7 +85,7 @@
/** Lifecyle Hooks the trigger before component is instantiate @public */
public ngOnInit(): void {
- this.isAdmin = (localStorage.getItem('isAdmin') === 'true') ? true : false;
+ this.isAdmin = (sessionStorage.getItem('isAdmin') === 'true') ? true : false;
this.selectedProject = this.authService.ProjectName;
this.authService.ProjectName.subscribe((projectNameFinal: string): void => {
this.getSelectedProject = projectNameFinal;
@@ -94,7 +94,7 @@
this.projectService.setHeaderProjects();
this.projectList$ = this.projectService.projectList;
this.PACKAGEVERSION = environment.packageVersion;
- const getLocalStorageVersion: string = localStorage.getItem('osmVersion');
+ const getLocalStorageVersion: string = sessionStorage.getItem('osmVersion');
if (getLocalStorageVersion === null) {
this.showNewVersion();
} else if (getLocalStorageVersion !== this.sharedService.osmVersion) {
@@ -115,7 +115,7 @@
/** Close Version and add in local storage @public */
public closeVersion(): void {
this.toShowNewTag = false;
- localStorage.setItem('osmVersion', this.sharedService.osmVersion);
+ sessionStorage.setItem('osmVersion', this.sharedService.osmVersion);
}
/** Implementation of model for UserSettings options.@public */
diff --git a/src/app/login/LoginComponent.ts b/src/app/login/LoginComponent.ts
index 2f4f67e..06d4f64 100644
--- a/src/app/login/LoginComponent.ts
+++ b/src/app/login/LoginComponent.ts
@@ -103,7 +103,7 @@
userName: ['', [Validators.required]],
password: ['', [Validators.required]]
});
- this.returnUrl = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl');
+ this.returnUrl = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl');
}
/**
@@ -122,7 +122,7 @@
this.router.navigate([this.returnUrl]).catch(() => {
// Catch Navigation Error
});
- localStorage.removeItem('returnUrl');
+ sessionStorage.removeItem('returnUrl');
}, (err: HttpErrorResponse) => {
this.isLoadingResults = false;
this.restService.handleError(err, 'post');
diff --git a/src/app/sdn-controller/SDNControllerModule.ts b/src/app/sdn-controller/SDNControllerModule.ts
index 6da4a5c..b1fe4b5 100644
--- a/src/app/sdn-controller/SDNControllerModule.ts
+++ b/src/app/sdn-controller/SDNControllerModule.ts
@@ -37,7 +37,7 @@
import { SDNControllerInfoComponent } from 'SDNControllerInfoComponent';
/** To halndle project information */
-const projectInfo: {} = localStorage.getItem('project') !== null ? { title: localStorage.getItem('project'), url: '/' } : {};
+const projectInfo: {} = sessionStorage.getItem('project') !== null ? { title: sessionStorage.getItem('project'), url: '/' } : {};
/**
* configures routers
diff --git a/src/app/user-settings/UserSettingsComponent.ts b/src/app/user-settings/UserSettingsComponent.ts
index 19b525f..df69f4f 100644
--- a/src/app/user-settings/UserSettingsComponent.ts
+++ b/src/app/user-settings/UserSettingsComponent.ts
@@ -81,7 +81,7 @@
this.usersettingsForm = this.formBuilder.group({
selectedLanguage: [null, [Validators.required]]
});
- const setLanguage: string = localStorage.getItem('languageCode');
+ const setLanguage: string = sessionStorage.getItem('languageCode');
if (setLanguage !== null && this.validateLanguageList(setLanguage)) {
// tslint:disable-next-line:no-backbone-get-set-outside-model
this.usersettingsForm.get('selectedLanguage').setValue(setLanguage);
@@ -99,7 +99,7 @@
this.submitted = true;
if (!this.usersettingsForm.invalid) {
const selectedLanguage: string = this.usersettingsForm.value.selectedLanguage;
- localStorage.setItem('languageCode', this.usersettingsForm.value.selectedLanguage);
+ sessionStorage.setItem('languageCode', this.usersettingsForm.value.selectedLanguage);
this.translateService.use(selectedLanguage);
location.reload();
}
diff --git a/src/app/users/add-user/AddEditUserComponent.ts b/src/app/users/add-user/AddEditUserComponent.ts
index d988548..6d76373 100644
--- a/src/app/users/add-user/AddEditUserComponent.ts
+++ b/src/app/users/add-user/AddEditUserComponent.ts
@@ -227,10 +227,10 @@
/** Method to check loggedin username and update @private */
private checkUsername(payLoad: LOGINPARAMS): void {
- const logUsername: string = localStorage.getItem('username');
+ const logUsername: string = sessionStorage.getItem('username');
if (this.userType === 'editUserName' && logUsername === this.userName) {
this.authService.userName.next(payLoad.username);
- localStorage.setItem('username', payLoad.username);
+ sessionStorage.setItem('username', payLoad.username);
}
}
}
diff --git a/src/app/utilities/project-link/ProjectLinkComponent.ts b/src/app/utilities/project-link/ProjectLinkComponent.ts
index 35c5b2c..1ee079c 100644
--- a/src/app/utilities/project-link/ProjectLinkComponent.ts
+++ b/src/app/utilities/project-link/ProjectLinkComponent.ts
@@ -62,13 +62,13 @@
}
public ngOnInit(): void {
- this.selectedProject = localStorage.getItem('project');
+ this.selectedProject = sessionStorage.getItem('project');
this.getAdminProjects();
}
/** Get the admin projects to be selectable @public */
public getAdminProjects(): void {
- const username: string = localStorage.getItem('username');
+ const username: string = sessionStorage.getItem('username');
this.restService.getResource(environment.USERS_URL + '/' + username).subscribe((projects: UserDetail) => {
this.projectList = projects.project_role_mappings;
this.isPresent = this.projectList.some((item: ProjectData) => item.project === this.value.project);
diff --git a/src/app/utilities/switch-project/SwitchProjectComponent.ts b/src/app/utilities/switch-project/SwitchProjectComponent.ts
index 1df6a16..66e0f4b 100644
--- a/src/app/utilities/switch-project/SwitchProjectComponent.ts
+++ b/src/app/utilities/switch-project/SwitchProjectComponent.ts
@@ -119,12 +119,12 @@
};
this.restService.postResource(apiURLHeader, payLoad).subscribe((data: LOCALSTORAGE) => {
if (data) {
- localStorage.setItem('id_token', data.id);
- localStorage.setItem('project_id', this.params.projectID);
- localStorage.setItem('expires', data.expires.toString());
- localStorage.setItem('username', data.username);
- localStorage.setItem('project', data.project_name);
- localStorage.setItem('token_state', data.id);
+ sessionStorage.setItem('id_token', data.id);
+ sessionStorage.setItem('project_id', this.params.projectID);
+ sessionStorage.setItem('expires', data.expires.toString());
+ sessionStorage.setItem('username', data.username);
+ sessionStorage.setItem('project', data.project_name);
+ sessionStorage.setItem('token_state', data.id);
this.activeModal.close();
location.reload();
this.isLoadingResults = false;