Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write)
- Coverity fix for localStorage write issue: For storing datas
in browser localStorage so changed it to sessionStorage
Change-Id: Ie35774b610b08e1e412394bd2ec544c013ac8730
Signed-off-by: SANDHYA.JS <sandhya.j@tataelxsi.co.in>
diff --git a/src/services/AcessGuardService.ts b/src/services/AcessGuardService.ts
index 42d36a5..1ee7f64 100644
--- a/src/services/AcessGuardService.ts
+++ b/src/services/AcessGuardService.ts
@@ -34,7 +34,7 @@
*/
public canLoad(route: Route): Observable<boolean> | Promise<boolean> | boolean {
// Need to get the Role and valid here for authorization
- if (localStorage.getItem('role') === 'Admin') {
+ if (sessionStorage.getItem('role') === 'Admin') {
return true;
} else {
return false;
diff --git a/src/services/AuthInterceptorService.ts b/src/services/AuthInterceptorService.ts
index 8c5a9d7..9c17b56 100644
--- a/src/services/AuthInterceptorService.ts
+++ b/src/services/AuthInterceptorService.ts
@@ -68,7 +68,7 @@
public intercept(req: HttpRequest<{}>, next: HttpHandler): Observable<HttpSentEvent |
// tslint:disable-next-line:no-any
HttpHeaderResponse | HttpProgressEvent | HttpResponse<{}> | HttpUserEvent<any> | any> {
- const idToken: string = localStorage.getItem('id_token');
+ const idToken: string = sessionStorage.getItem('id_token');
const excludedUrl: string[] = ['osm/admin/v1/tokens', 'assets/i18n/', 'osm/version'];
if (excludedUrl.some((x: string): boolean => { return req.url.includes(x); })) { return next.handle(req); }
if (idToken.length > 0) {
diff --git a/src/services/AuthenticationService.ts b/src/services/AuthenticationService.ts
index 0621763..3498f1f 100644
--- a/src/services/AuthenticationService.ts
+++ b/src/services/AuthenticationService.ts
@@ -98,12 +98,12 @@
this.restService = this.injector.get(RestService);
this.modalService = this.injector.get(NgbModal);
this.idle = this.injector.get(Idle);
- if (localStorage.getItem('id_token') !== null) {
+ if (sessionStorage.getItem('id_token') !== null) {
this.loggedIn.next(true);
} else {
this.loggedIn.next(false);
}
- this.userName.next(localStorage.getItem('username'));
+ this.userName.next(sessionStorage.getItem('username'));
}
/**
@@ -150,26 +150,26 @@
/** set local storage on auth process @public */
public setLocalStorage(data: ProjectModel): void {
- localStorage.setItem('id_token', data.id);
- localStorage.setItem('expires', data.expires.toString());
- localStorage.setItem('username', data.username);
- localStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false');
- localStorage.setItem('project_id', data.project_id);
- localStorage.setItem('project', data.project_name);
- localStorage.setItem('token_state', data.id);
+ sessionStorage.setItem('id_token', data.id);
+ sessionStorage.setItem('expires', data.expires.toString());
+ sessionStorage.setItem('username', data.username);
+ sessionStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false');
+ sessionStorage.setItem('project_id', data.project_id);
+ sessionStorage.setItem('project', data.project_name);
+ sessionStorage.setItem('token_state', data.id);
this.projectName$.next(data.project_name);
}
/** Destory tokens API response handling @public */
public logoutResponse(): void {
this.loggedIn.next(false);
- const langCode: string = localStorage.getItem('languageCode');
- const redirecturl: string = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl');
- const osmVersion: string = isNullOrUndefined(localStorage.getItem('osmVersion')) ? '' : localStorage.getItem('osmVersion');
- localStorage.clear();
- localStorage.setItem('languageCode', langCode);
- localStorage.setItem('returnUrl', redirecturl);
- localStorage.setItem('token_state', null);
- localStorage.setItem('osmVersion', osmVersion);
+ const langCode: string = sessionStorage.getItem('languageCode');
+ const redirecturl: string = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl');
+ const osmVersion: string = isNullOrUndefined(sessionStorage.getItem('osmVersion')) ? '' : sessionStorage.getItem('osmVersion');
+ sessionStorage.clear();
+ sessionStorage.setItem('languageCode', langCode);
+ sessionStorage.setItem('returnUrl', redirecturl);
+ sessionStorage.setItem('token_state', null);
+ sessionStorage.setItem('osmVersion', osmVersion);
this.idle.stop();
this.router.navigate(['login']).catch();
}
@@ -178,13 +178,13 @@
*/
public logout(): void {
this.returnUrl = this.router.url;
- localStorage.setItem('returnUrl', this.returnUrl);
+ sessionStorage.setItem('returnUrl', this.returnUrl);
this.modalService.dismissAll();
this.destoryToken();
}
/** Destory tokens on logout @private */
private destoryToken(): void {
- const tokenID: string = localStorage.getItem('id_token');
+ const tokenID: string = sessionStorage.getItem('id_token');
if (tokenID !== null) {
const deletingURl: string = environment.GENERATETOKEN_URL + '/' + tokenID;
this.restService.deleteResource(deletingURl).subscribe((res: {}) => {
diff --git a/src/services/ProjectService.ts b/src/services/ProjectService.ts
index c22f33a..0473e6b 100644
--- a/src/services/ProjectService.ts
+++ b/src/services/ProjectService.ts
@@ -77,13 +77,13 @@
/** Get current project details from local storage @public */
public getCurrentProjectDetails(): Observable<{}> {
- const project: string = localStorage.getItem('project_id');
+ const project: string = sessionStorage.getItem('project_id');
return this.restService.getResource(environment.PROJECTS_URL + '/' + project);
}
/** Returns all the projects for a particular users @public */
public getUserProjects(): Observable<{}> {
- const username: string = localStorage.getItem('username');
+ const username: string = sessionStorage.getItem('username');
return this.restService.getResource(environment.USERS_URL + '/' + username);
}
@@ -92,8 +92,8 @@
this.getUserProjects().subscribe((projects: UserDetail) => {
const projectList: {}[] = projects.project_role_mappings;
projectList.filter((list: ProjectModel) => {
- if (list.project === localStorage.getItem('project_id')) {
- localStorage.setItem('project', list.project_name);
+ if (list.project === sessionStorage.getItem('project_id')) {
+ sessionStorage.setItem('project', list.project_name);
this.authService.projectName$.next(list.project_name);
}
});
@@ -107,7 +107,7 @@
/** Toggle projects on selection @public */
public switchProjectModal(list: ProjectData): void {
- const username: string = localStorage.getItem('username');
+ const username: string = sessionStorage.getItem('username');
this.modalService.open(SwitchProjectComponent, { backdrop: 'static' })
.componentInstance.params = { projectID: list.project, username };
}