Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write)
- Coverity fix for localStorage write issue: For storing datas
in browser localStorage so changed it to sessionStorage
Change-Id: Ie35774b610b08e1e412394bd2ec544c013ac8730
Signed-off-by: SANDHYA.JS <sandhya.j@tataelxsi.co.in>
diff --git a/src/services/AuthenticationService.ts b/src/services/AuthenticationService.ts
index 0621763..3498f1f 100644
--- a/src/services/AuthenticationService.ts
+++ b/src/services/AuthenticationService.ts
@@ -98,12 +98,12 @@
this.restService = this.injector.get(RestService);
this.modalService = this.injector.get(NgbModal);
this.idle = this.injector.get(Idle);
- if (localStorage.getItem('id_token') !== null) {
+ if (sessionStorage.getItem('id_token') !== null) {
this.loggedIn.next(true);
} else {
this.loggedIn.next(false);
}
- this.userName.next(localStorage.getItem('username'));
+ this.userName.next(sessionStorage.getItem('username'));
}
/**
@@ -150,26 +150,26 @@
/** set local storage on auth process @public */
public setLocalStorage(data: ProjectModel): void {
- localStorage.setItem('id_token', data.id);
- localStorage.setItem('expires', data.expires.toString());
- localStorage.setItem('username', data.username);
- localStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false');
- localStorage.setItem('project_id', data.project_id);
- localStorage.setItem('project', data.project_name);
- localStorage.setItem('token_state', data.id);
+ sessionStorage.setItem('id_token', data.id);
+ sessionStorage.setItem('expires', data.expires.toString());
+ sessionStorage.setItem('username', data.username);
+ sessionStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false');
+ sessionStorage.setItem('project_id', data.project_id);
+ sessionStorage.setItem('project', data.project_name);
+ sessionStorage.setItem('token_state', data.id);
this.projectName$.next(data.project_name);
}
/** Destory tokens API response handling @public */
public logoutResponse(): void {
this.loggedIn.next(false);
- const langCode: string = localStorage.getItem('languageCode');
- const redirecturl: string = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl');
- const osmVersion: string = isNullOrUndefined(localStorage.getItem('osmVersion')) ? '' : localStorage.getItem('osmVersion');
- localStorage.clear();
- localStorage.setItem('languageCode', langCode);
- localStorage.setItem('returnUrl', redirecturl);
- localStorage.setItem('token_state', null);
- localStorage.setItem('osmVersion', osmVersion);
+ const langCode: string = sessionStorage.getItem('languageCode');
+ const redirecturl: string = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl');
+ const osmVersion: string = isNullOrUndefined(sessionStorage.getItem('osmVersion')) ? '' : sessionStorage.getItem('osmVersion');
+ sessionStorage.clear();
+ sessionStorage.setItem('languageCode', langCode);
+ sessionStorage.setItem('returnUrl', redirecturl);
+ sessionStorage.setItem('token_state', null);
+ sessionStorage.setItem('osmVersion', osmVersion);
this.idle.stop();
this.router.navigate(['login']).catch();
}
@@ -178,13 +178,13 @@
*/
public logout(): void {
this.returnUrl = this.router.url;
- localStorage.setItem('returnUrl', this.returnUrl);
+ sessionStorage.setItem('returnUrl', this.returnUrl);
this.modalService.dismissAll();
this.destoryToken();
}
/** Destory tokens on logout @private */
private destoryToken(): void {
- const tokenID: string = localStorage.getItem('id_token');
+ const tokenID: string = sessionStorage.getItem('id_token');
if (tokenID !== null) {
const deletingURl: string = environment.GENERATETOKEN_URL + '/' + tokenID;
this.restService.deleteResource(deletingURl).subscribe((res: {}) => {