Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write) 64/13364/1
authorSANDHYA.JS <sandhya.j@tataelxsi.co.in>
Wed, 10 May 2023 17:28:14 +0000 (22:58 +0530)
committerSANDHYA.JS <sandhya.j@tataelxsi.co.in>
Wed, 10 May 2023 17:28:14 +0000 (22:58 +0530)
- Coverity fix for localStorage write issue: For storing datas
  in browser localStorage so changed it to sessionStorage

Change-Id: Icfd7a540723715d1daf544091e59fd2c151a225e
Signed-off-by: SANDHYA.JS <sandhya.j@tataelxsi.co.in>
16 files changed:
src/app/AppComponent.ts
src/app/AppModule.ts
src/app/dashboard/DashboardComponent.ts
src/app/layouts/breadcrumb/BreadcrumbComponent.ts
src/app/layouts/header/HeaderComponent.ts
src/app/login/LoginComponent.ts
src/app/sdn-controller/SDNControllerModule.ts
src/app/user-settings/UserSettingsComponent.ts
src/app/users/add-user/AddEditUserComponent.ts
src/app/utilities/change-password/ChangePasswordComponent.ts
src/app/utilities/project-link/ProjectLinkComponent.ts
src/app/utilities/switch-project/SwitchProjectComponent.ts
src/services/AcessGuardService.ts
src/services/AuthInterceptorService.ts
src/services/AuthenticationService.ts
src/services/ProjectService.ts

index 04ad8d8..5af5609 100644 (file)
@@ -86,7 +86,7 @@ export class AppComponent {
     public idleTimeOut(): void {
         this.idle.onTimeout.subscribe(() => {
             this.idle.stop();
-            if (localStorage.getItem('id_token') !== null) {
+            if (sessionStorage.getItem('id_token') !== null) {
                 this.authService.logout();
             }
         });
index 5244bb2..5f8e6a6 100644 (file)
@@ -243,14 +243,14 @@ export function appInitializerFactory(translate: TranslateService, injector: Inj
     return async (): Promise<any> => {
         await injector.get(LOCATION_INITIALIZED, Promise.resolve(null));
         translate.setDefaultLang('en');
-        const languageCode: string = localStorage.getItem('languageCode');
+        const languageCode: string = sessionStorage.getItem('languageCode');
         if (languageCode !== null && languageCode !== undefined && languageCode !== '') {
             await translate.use(languageCode).toPromise().catch((): void => {
                 translate.setDefaultLang('en');
             });
         } else {
             await translate.use('en').toPromise();
-            localStorage.setItem('languageCode', 'en');
+            sessionStorage.setItem('languageCode', 'en');
         }
     };
 }
index b3e48e4..3c856dd 100644 (file)
@@ -198,7 +198,7 @@ export class DashboardComponent implements OnInit {
      */
     public ngOnInit(): void {
         this.username$ = this.authService.username;
-        this.isAdmin = (localStorage.getItem('isAdmin') === 'true') ? true : false;
+        this.isAdmin = (sessionStorage.getItem('isAdmin') === 'true') ? true : false;
         this.selectedProject = this.authService.ProjectName;
         this.checkAdminPrivilege();
         this.getUserAccessedProjects();
index e273cda..d8d38be 100644 (file)
@@ -98,7 +98,7 @@ export class BreadcrumbComponent implements OnInit {
           if (!isNullOrUndefined(item.title)) {
             item.title = item.title.replace('{type}', this.checkTitle(item, child.snapshot.params.type));
             item.title = item.title.replace('{id}', child.snapshot.params.id);
-            item.title = item.title.replace('{project}', localStorage.getItem('project'));
+            item.title = item.title.replace('{project}', sessionStorage.getItem('project'));
           }
           if (!isNullOrUndefined(item.url)) {
             item.url = item.url.replace('{type}', child.snapshot.params.type);
index b496ff1..f90b5b6 100644 (file)
@@ -85,7 +85,7 @@ export class HeaderComponent implements OnInit {
 
     /** Lifecyle Hooks the trigger before component is instantiate @public */
     public ngOnInit(): void {
-        this.isAdmin = (localStorage.getItem('isAdmin') === 'true') ? true : false;
+        this.isAdmin = (sessionStorage.getItem('isAdmin') === 'true') ? true : false;
         this.selectedProject = this.authService.ProjectName;
         this.authService.ProjectName.subscribe((projectNameFinal: string): void => {
             this.getSelectedProject = projectNameFinal;
@@ -94,7 +94,7 @@ export class HeaderComponent implements OnInit {
         this.projectService.setHeaderProjects();
         this.projectList$ = this.projectService.projectList;
         this.PACKAGEVERSION = environment.packageVersion;
-        const getLocalStorageVersion: string = localStorage.getItem('osmVersion');
+        const getLocalStorageVersion: string = sessionStorage.getItem('osmVersion');
         if (getLocalStorageVersion === null) {
             this.showNewVersion();
         } else if (getLocalStorageVersion !== this.sharedService.osmVersion) {
@@ -115,7 +115,7 @@ export class HeaderComponent implements OnInit {
     /** Close Version and add in local storage  @public */
     public closeVersion(): void {
         this.toShowNewTag = false;
-        localStorage.setItem('osmVersion', this.sharedService.osmVersion);
+        sessionStorage.setItem('osmVersion', this.sharedService.osmVersion);
     }
 
     /** Implementation of model for UserSettings options.@public */
index 8c6f5a3..06d8688 100644 (file)
@@ -125,7 +125,7 @@ export class LoginComponent implements OnInit {
             userName: ['', [Validators.required]],
             password: ['', [Validators.required]]
         });
-        this.returnUrl = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl');
+        this.returnUrl = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl');
     }
 
     /**
@@ -150,7 +150,7 @@ export class LoginComponent implements OnInit {
                         // Catch Navigation Error
                     });
                 }
-                localStorage.removeItem('returnUrl');
+                sessionStorage.removeItem('returnUrl');
             }, (err: HttpErrorResponse): void => {
                 this.isLoadingResults = false;
                 this.restService.handleError(err, 'post');
index 6da4a5c..b1fe4b5 100644 (file)
@@ -37,7 +37,7 @@ import { SDNControllerDetailsComponent } from 'SDNControllerDetailsComponent';
 import { SDNControllerInfoComponent } from 'SDNControllerInfoComponent';
 
 /** To halndle project information */
-const projectInfo: {} = localStorage.getItem('project') !== null ? { title: localStorage.getItem('project'), url: '/' } : {};
+const projectInfo: {} = sessionStorage.getItem('project') !== null ? { title: sessionStorage.getItem('project'), url: '/' } : {};
 
 /**
  * configures  routers
index 19b525f..df69f4f 100644 (file)
@@ -81,7 +81,7 @@ export class UserSettingsComponent implements OnInit {
         this.usersettingsForm = this.formBuilder.group({
             selectedLanguage: [null, [Validators.required]]
         });
-        const setLanguage: string = localStorage.getItem('languageCode');
+        const setLanguage: string = sessionStorage.getItem('languageCode');
         if (setLanguage !== null && this.validateLanguageList(setLanguage)) {
             // tslint:disable-next-line:no-backbone-get-set-outside-model
             this.usersettingsForm.get('selectedLanguage').setValue(setLanguage);
@@ -99,7 +99,7 @@ export class UserSettingsComponent implements OnInit {
         this.submitted = true;
         if (!this.usersettingsForm.invalid) {
             const selectedLanguage: string = this.usersettingsForm.value.selectedLanguage;
-            localStorage.setItem('languageCode', this.usersettingsForm.value.selectedLanguage);
+            sessionStorage.setItem('languageCode', this.usersettingsForm.value.selectedLanguage);
             this.translateService.use(selectedLanguage);
             location.reload();
         }
index 0e9456a..34678ed 100644 (file)
@@ -79,7 +79,7 @@ export class AddEditUserComponent implements OnInit {
     public isPassword: boolean;
 
     /** Variable holds value for first login user @public */
-    public isFirstLogin: boolean = Boolean(localStorage.getItem('firstLogin') === 'true');
+    public isFirstLogin: boolean = Boolean(sessionStorage.getItem('firstLogin') === 'true');
 
     /** Instance of the rest service @private */
     private restService: RestService;
@@ -270,10 +270,10 @@ export class AddEditUserComponent implements OnInit {
 
     /** Method to check loggedin username and update  @private */
     private checkUsername(payLoad: LOGINPARAMS): void {
-        const logUsername: string = localStorage.getItem('username');
+        const logUsername: string = sessionStorage.getItem('username');
         if (this.userType === 'editUserName' && logUsername === this.userName) {
             this.authService.userName.next(payLoad.username);
-            localStorage.setItem('username', payLoad.username);
+            sessionStorage.setItem('username', payLoad.username);
         }
     }
 }
index a2036ff..54cf356 100644 (file)
@@ -60,7 +60,7 @@ export class ChangePasswordComponent implements OnInit {
     /** Lifecyle Hooks the trigger before component is instantiate @public */
     public ngOnInit(): void {
         const modalRef: NgbModalRef = this.modalService.open(AddEditUserComponent, { backdrop: 'static', keyboard: false });
-        modalRef.componentInstance.userID = localStorage.getItem('user_id');
+        modalRef.componentInstance.userID = sessionStorage.getItem('user_id');
         if (this.editType === 'changePassword') {
             modalRef.componentInstance.userTitle = this.translateService.instant('PAGE.USERS.EDITCREDENTIALS');
         }
index 35c5b2c..1ee079c 100644 (file)
@@ -62,13 +62,13 @@ export class ProjectLinkComponent implements OnInit {
   }
 
   public ngOnInit(): void {
-    this.selectedProject = localStorage.getItem('project');
+    this.selectedProject = sessionStorage.getItem('project');
     this.getAdminProjects();
   }
 
   /** Get the admin projects to be selectable @public */
   public getAdminProjects(): void {
-    const username: string = localStorage.getItem('username');
+    const username: string = sessionStorage.getItem('username');
     this.restService.getResource(environment.USERS_URL + '/' + username).subscribe((projects: UserDetail) => {
       this.projectList = projects.project_role_mappings;
       this.isPresent = this.projectList.some((item: ProjectData) => item.project === this.value.project);
index dffb63a..8555146 100644 (file)
@@ -124,12 +124,12 @@ export class SwitchProjectComponent implements OnInit {
       };
       this.restService.postResource(apiURLHeader, payLoad).subscribe((data: LOCALSTORAGE) => {
         if (data) {
-          localStorage.setItem('id_token', data.id);
-          localStorage.setItem('project_id', this.params.projectID);
-          localStorage.setItem('expires', data.expires.toString());
-          localStorage.setItem('username', data.username);
-          localStorage.setItem('project', data.project_name);
-          localStorage.setItem('token_state', data.id);
+          sessionStorage.setItem('id_token', data.id);
+          sessionStorage.setItem('project_id', this.params.projectID);
+          sessionStorage.setItem('expires', data.expires.toString());
+          sessionStorage.setItem('username', data.username);
+          sessionStorage.setItem('project', data.project_name);
+          sessionStorage.setItem('token_state', data.id);
           this.activeModal.close();
           if (this.router.url.includes('history-operations')) {
             this.router.navigate(['/instances/ns']).then((): void => {
index 42d36a5..1ee7f64 100644 (file)
@@ -34,7 +34,7 @@ export class AcessGuardService implements CanLoad {
      */
     public canLoad(route: Route): Observable<boolean> | Promise<boolean> | boolean {
         // Need to get the Role and valid here for authorization
-        if (localStorage.getItem('role') === 'Admin') {
+        if (sessionStorage.getItem('role') === 'Admin') {
             return true;
         } else {
             return false;
index 8c5a9d7..9c17b56 100644 (file)
@@ -68,7 +68,7 @@ export class AuthInterceptorService implements HttpInterceptor {
     public intercept(req: HttpRequest<{}>, next: HttpHandler): Observable<HttpSentEvent |
         // tslint:disable-next-line:no-any
         HttpHeaderResponse | HttpProgressEvent | HttpResponse<{}> | HttpUserEvent<any> | any> {
-        const idToken: string = localStorage.getItem('id_token');
+        const idToken: string = sessionStorage.getItem('id_token');
         const excludedUrl: string[] = ['osm/admin/v1/tokens', 'assets/i18n/', 'osm/version'];
         if (excludedUrl.some((x: string): boolean => { return req.url.includes(x); })) { return next.handle(req); }
         if (idToken.length > 0) {
index 0399c59..1d49da3 100644 (file)
@@ -83,16 +83,16 @@ export class AuthenticationService {
         this.restService = this.injector.get(RestService);
         this.modalService = this.injector.get(NgbModal);
         this.idle = this.injector.get(Idle);
-        if (localStorage.getItem('username') !== null) {
+        if (sessionStorage.getItem('username') !== null) {
             this.loggedIn.next(true);
             this.changePassword.next(false);
-        } else if (localStorage.getItem('firstLogin') !== null) {
+        } else if (sessionStorage.getItem('firstLogin') !== null) {
             this.changePassword.next(true);
             this.loggedIn.next(false);
         } else {
             this.loggedIn.next(false);
         }
-        this.userName.next(localStorage.getItem('username'));
+        this.userName.next(sessionStorage.getItem('username'));
         this.redirectToPage();
     }
 
@@ -136,9 +136,9 @@ export class AuthenticationService {
         return this.restService.postResource(apiURLHeader, this.payLoad)
             .pipe(map((data: ProjectModel): BehaviorSubject<boolean> => {
                 if (data.message === 'change_password') {
-                    localStorage.setItem('firstLogin', 'true');
-                    localStorage.setItem('id_token', data.id);
-                    localStorage.setItem('user_id', data.user_id);
+                    sessionStorage.setItem('firstLogin', 'true');
+                    sessionStorage.setItem('id_token', data.id);
+                    sessionStorage.setItem('user_id', data.user_id);
                     this.idle.watch(true);
                     this.changePassword.next(true);
                     this.loggedIn.next(false);
@@ -174,27 +174,27 @@ export class AuthenticationService {
 
     /** set local storage on auth process @public */
     public setLocalStorage(data: ProjectModel): void {
-        localStorage.setItem('id_token', data.id);
-        localStorage.setItem('expires', data.expires.toString());
-        localStorage.setItem('username', data.username);
-        localStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false');
-        localStorage.setItem('project_id', data.project_id);
-        localStorage.setItem('project', data.project_name);
-        localStorage.setItem('token_state', data.id);
+        sessionStorage.setItem('id_token', data.id);
+        sessionStorage.setItem('expires', data.expires.toString());
+        sessionStorage.setItem('username', data.username);
+        sessionStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false');
+        sessionStorage.setItem('project_id', data.project_id);
+        sessionStorage.setItem('project', data.project_name);
+        sessionStorage.setItem('token_state', data.id);
         this.projectName$.next(data.project_name);
     }
     /** Destory tokens API response handling @public */
     public logoutResponse(): void {
         this.loggedIn.next(false);
         this.changePassword.next(false);
-        const langCode: string = localStorage.getItem('languageCode');
-        const redirecturl: string = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl');
-        const osmVersion: string = isNullOrUndefined(localStorage.getItem('osmVersion')) ? '' : localStorage.getItem('osmVersion');
-        localStorage.clear();
-        localStorage.setItem('languageCode', langCode);
-        localStorage.setItem('returnUrl', redirecturl);
-        localStorage.setItem('token_state', null);
-        localStorage.setItem('osmVersion', osmVersion);
+        const langCode: string = sessionStorage.getItem('languageCode');
+        const redirecturl: string = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl');
+        const osmVersion: string = isNullOrUndefined(sessionStorage.getItem('osmVersion')) ? '' : sessionStorage.getItem('osmVersion');
+        sessionStorage.clear();
+        sessionStorage.setItem('languageCode', langCode);
+        sessionStorage.setItem('returnUrl', redirecturl);
+        sessionStorage.setItem('token_state', null);
+        sessionStorage.setItem('osmVersion', osmVersion);
         this.idle.stop();
         this.router.navigate(['login']).catch();
     }
@@ -203,13 +203,13 @@ export class AuthenticationService {
      */
     public logout(): void {
         this.returnUrl = this.router.url;
-        localStorage.setItem('returnUrl', this.returnUrl);
+        sessionStorage.setItem('returnUrl', this.returnUrl);
         this.modalService.dismissAll();
         this.destoryToken();
     }
     /** Destory tokens on logout @public */
     public destoryToken(): void {
-        const tokenID: string = localStorage.getItem('id_token');
+        const tokenID: string = sessionStorage.getItem('id_token');
         if (tokenID !== null) {
             const deletingURl: string = environment.GENERATETOKEN_URL + '/' + tokenID;
             this.restService.deleteResource(deletingURl).subscribe((res: {}): void => {
@@ -222,9 +222,9 @@ export class AuthenticationService {
 
     /** Return to previous page deny access to changepassword */
     public redirectToPage(): void {
-        if (window.location.pathname === '/changepassword' && localStorage.getItem('username') !== null) {
+        if (window.location.pathname === '/changepassword' && sessionStorage.getItem('username') !== null) {
             window.history.back();
-        } else if (window.location.pathname === '/' && localStorage.getItem('firstLogin') === 'true') {
+        } else if (window.location.pathname === '/' && sessionStorage.getItem('firstLogin') === 'true') {
             this.router.navigate(['/login']).catch();
         }
     }
index c22f33a..0473e6b 100644 (file)
@@ -77,13 +77,13 @@ export class ProjectService {
 
     /** Get current project details from local storage @public */
     public getCurrentProjectDetails(): Observable<{}> {
-        const project: string = localStorage.getItem('project_id');
+        const project: string = sessionStorage.getItem('project_id');
         return this.restService.getResource(environment.PROJECTS_URL + '/' + project);
     }
 
     /** Returns all the projects for a particular users @public */
     public getUserProjects(): Observable<{}> {
-        const username: string = localStorage.getItem('username');
+        const username: string = sessionStorage.getItem('username');
         return this.restService.getResource(environment.USERS_URL + '/' + username);
     }
 
@@ -92,8 +92,8 @@ export class ProjectService {
         this.getUserProjects().subscribe((projects: UserDetail) => {
             const projectList: {}[] = projects.project_role_mappings;
             projectList.filter((list: ProjectModel) => {
-                if (list.project === localStorage.getItem('project_id')) {
-                    localStorage.setItem('project', list.project_name);
+                if (list.project === sessionStorage.getItem('project_id')) {
+                    sessionStorage.setItem('project', list.project_name);
                     this.authService.projectName$.next(list.project_name);
                 }
             });
@@ -107,7 +107,7 @@ export class ProjectService {
 
     /** Toggle projects on selection @public */
     public switchProjectModal(list: ProjectData): void {
-        const username: string = localStorage.getItem('username');
+        const username: string = sessionStorage.getItem('username');
         this.modalService.open(SwitchProjectComponent, { backdrop: 'static' })
             .componentInstance.params = { projectID: list.project, username };
     }