From: SANDHYA.JS Date: Wed, 10 May 2023 17:28:14 +0000 (+0530) Subject: Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write) X-Git-Tag: v12.0.7~1 X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNG-UI.git;a=commitdiff_plain;h=1f334d139429b0071679ee7ea55f748ef607ffde Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write) - Coverity fix for localStorage write issue: For storing datas in browser localStorage so changed it to sessionStorage Change-Id: Icfd7a540723715d1daf544091e59fd2c151a225e Signed-off-by: SANDHYA.JS --- diff --git a/src/app/AppComponent.ts b/src/app/AppComponent.ts index 04ad8d8..5af5609 100644 --- a/src/app/AppComponent.ts +++ b/src/app/AppComponent.ts @@ -86,7 +86,7 @@ export class AppComponent { public idleTimeOut(): void { this.idle.onTimeout.subscribe(() => { this.idle.stop(); - if (localStorage.getItem('id_token') !== null) { + if (sessionStorage.getItem('id_token') !== null) { this.authService.logout(); } }); diff --git a/src/app/AppModule.ts b/src/app/AppModule.ts index 5244bb2..5f8e6a6 100644 --- a/src/app/AppModule.ts +++ b/src/app/AppModule.ts @@ -243,14 +243,14 @@ export function appInitializerFactory(translate: TranslateService, injector: Inj return async (): Promise => { await injector.get(LOCATION_INITIALIZED, Promise.resolve(null)); translate.setDefaultLang('en'); - const languageCode: string = localStorage.getItem('languageCode'); + const languageCode: string = sessionStorage.getItem('languageCode'); if (languageCode !== null && languageCode !== undefined && languageCode !== '') { await translate.use(languageCode).toPromise().catch((): void => { translate.setDefaultLang('en'); }); } else { await translate.use('en').toPromise(); - localStorage.setItem('languageCode', 'en'); + sessionStorage.setItem('languageCode', 'en'); } }; } diff --git a/src/app/dashboard/DashboardComponent.ts b/src/app/dashboard/DashboardComponent.ts index b3e48e4..3c856dd 100644 --- a/src/app/dashboard/DashboardComponent.ts +++ b/src/app/dashboard/DashboardComponent.ts @@ -198,7 +198,7 @@ export class DashboardComponent implements OnInit { */ public ngOnInit(): void { this.username$ = this.authService.username; - this.isAdmin = (localStorage.getItem('isAdmin') === 'true') ? true : false; + this.isAdmin = (sessionStorage.getItem('isAdmin') === 'true') ? true : false; this.selectedProject = this.authService.ProjectName; this.checkAdminPrivilege(); this.getUserAccessedProjects(); diff --git a/src/app/layouts/breadcrumb/BreadcrumbComponent.ts b/src/app/layouts/breadcrumb/BreadcrumbComponent.ts index e273cda..d8d38be 100644 --- a/src/app/layouts/breadcrumb/BreadcrumbComponent.ts +++ b/src/app/layouts/breadcrumb/BreadcrumbComponent.ts @@ -98,7 +98,7 @@ export class BreadcrumbComponent implements OnInit { if (!isNullOrUndefined(item.title)) { item.title = item.title.replace('{type}', this.checkTitle(item, child.snapshot.params.type)); item.title = item.title.replace('{id}', child.snapshot.params.id); - item.title = item.title.replace('{project}', localStorage.getItem('project')); + item.title = item.title.replace('{project}', sessionStorage.getItem('project')); } if (!isNullOrUndefined(item.url)) { item.url = item.url.replace('{type}', child.snapshot.params.type); diff --git a/src/app/layouts/header/HeaderComponent.ts b/src/app/layouts/header/HeaderComponent.ts index b496ff1..f90b5b6 100644 --- a/src/app/layouts/header/HeaderComponent.ts +++ b/src/app/layouts/header/HeaderComponent.ts @@ -85,7 +85,7 @@ export class HeaderComponent implements OnInit { /** Lifecyle Hooks the trigger before component is instantiate @public */ public ngOnInit(): void { - this.isAdmin = (localStorage.getItem('isAdmin') === 'true') ? true : false; + this.isAdmin = (sessionStorage.getItem('isAdmin') === 'true') ? true : false; this.selectedProject = this.authService.ProjectName; this.authService.ProjectName.subscribe((projectNameFinal: string): void => { this.getSelectedProject = projectNameFinal; @@ -94,7 +94,7 @@ export class HeaderComponent implements OnInit { this.projectService.setHeaderProjects(); this.projectList$ = this.projectService.projectList; this.PACKAGEVERSION = environment.packageVersion; - const getLocalStorageVersion: string = localStorage.getItem('osmVersion'); + const getLocalStorageVersion: string = sessionStorage.getItem('osmVersion'); if (getLocalStorageVersion === null) { this.showNewVersion(); } else if (getLocalStorageVersion !== this.sharedService.osmVersion) { @@ -115,7 +115,7 @@ export class HeaderComponent implements OnInit { /** Close Version and add in local storage @public */ public closeVersion(): void { this.toShowNewTag = false; - localStorage.setItem('osmVersion', this.sharedService.osmVersion); + sessionStorage.setItem('osmVersion', this.sharedService.osmVersion); } /** Implementation of model for UserSettings options.@public */ diff --git a/src/app/login/LoginComponent.ts b/src/app/login/LoginComponent.ts index 8c6f5a3..06d8688 100644 --- a/src/app/login/LoginComponent.ts +++ b/src/app/login/LoginComponent.ts @@ -125,7 +125,7 @@ export class LoginComponent implements OnInit { userName: ['', [Validators.required]], password: ['', [Validators.required]] }); - this.returnUrl = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl'); + this.returnUrl = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl'); } /** @@ -150,7 +150,7 @@ export class LoginComponent implements OnInit { // Catch Navigation Error }); } - localStorage.removeItem('returnUrl'); + sessionStorage.removeItem('returnUrl'); }, (err: HttpErrorResponse): void => { this.isLoadingResults = false; this.restService.handleError(err, 'post'); diff --git a/src/app/sdn-controller/SDNControllerModule.ts b/src/app/sdn-controller/SDNControllerModule.ts index 6da4a5c..b1fe4b5 100644 --- a/src/app/sdn-controller/SDNControllerModule.ts +++ b/src/app/sdn-controller/SDNControllerModule.ts @@ -37,7 +37,7 @@ import { SDNControllerDetailsComponent } from 'SDNControllerDetailsComponent'; import { SDNControllerInfoComponent } from 'SDNControllerInfoComponent'; /** To halndle project information */ -const projectInfo: {} = localStorage.getItem('project') !== null ? { title: localStorage.getItem('project'), url: '/' } : {}; +const projectInfo: {} = sessionStorage.getItem('project') !== null ? { title: sessionStorage.getItem('project'), url: '/' } : {}; /** * configures routers diff --git a/src/app/user-settings/UserSettingsComponent.ts b/src/app/user-settings/UserSettingsComponent.ts index 19b525f..df69f4f 100644 --- a/src/app/user-settings/UserSettingsComponent.ts +++ b/src/app/user-settings/UserSettingsComponent.ts @@ -81,7 +81,7 @@ export class UserSettingsComponent implements OnInit { this.usersettingsForm = this.formBuilder.group({ selectedLanguage: [null, [Validators.required]] }); - const setLanguage: string = localStorage.getItem('languageCode'); + const setLanguage: string = sessionStorage.getItem('languageCode'); if (setLanguage !== null && this.validateLanguageList(setLanguage)) { // tslint:disable-next-line:no-backbone-get-set-outside-model this.usersettingsForm.get('selectedLanguage').setValue(setLanguage); @@ -99,7 +99,7 @@ export class UserSettingsComponent implements OnInit { this.submitted = true; if (!this.usersettingsForm.invalid) { const selectedLanguage: string = this.usersettingsForm.value.selectedLanguage; - localStorage.setItem('languageCode', this.usersettingsForm.value.selectedLanguage); + sessionStorage.setItem('languageCode', this.usersettingsForm.value.selectedLanguage); this.translateService.use(selectedLanguage); location.reload(); } diff --git a/src/app/users/add-user/AddEditUserComponent.ts b/src/app/users/add-user/AddEditUserComponent.ts index 0e9456a..34678ed 100644 --- a/src/app/users/add-user/AddEditUserComponent.ts +++ b/src/app/users/add-user/AddEditUserComponent.ts @@ -79,7 +79,7 @@ export class AddEditUserComponent implements OnInit { public isPassword: boolean; /** Variable holds value for first login user @public */ - public isFirstLogin: boolean = Boolean(localStorage.getItem('firstLogin') === 'true'); + public isFirstLogin: boolean = Boolean(sessionStorage.getItem('firstLogin') === 'true'); /** Instance of the rest service @private */ private restService: RestService; @@ -270,10 +270,10 @@ export class AddEditUserComponent implements OnInit { /** Method to check loggedin username and update @private */ private checkUsername(payLoad: LOGINPARAMS): void { - const logUsername: string = localStorage.getItem('username'); + const logUsername: string = sessionStorage.getItem('username'); if (this.userType === 'editUserName' && logUsername === this.userName) { this.authService.userName.next(payLoad.username); - localStorage.setItem('username', payLoad.username); + sessionStorage.setItem('username', payLoad.username); } } } diff --git a/src/app/utilities/change-password/ChangePasswordComponent.ts b/src/app/utilities/change-password/ChangePasswordComponent.ts index a2036ff..54cf356 100644 --- a/src/app/utilities/change-password/ChangePasswordComponent.ts +++ b/src/app/utilities/change-password/ChangePasswordComponent.ts @@ -60,7 +60,7 @@ export class ChangePasswordComponent implements OnInit { /** Lifecyle Hooks the trigger before component is instantiate @public */ public ngOnInit(): void { const modalRef: NgbModalRef = this.modalService.open(AddEditUserComponent, { backdrop: 'static', keyboard: false }); - modalRef.componentInstance.userID = localStorage.getItem('user_id'); + modalRef.componentInstance.userID = sessionStorage.getItem('user_id'); if (this.editType === 'changePassword') { modalRef.componentInstance.userTitle = this.translateService.instant('PAGE.USERS.EDITCREDENTIALS'); } diff --git a/src/app/utilities/project-link/ProjectLinkComponent.ts b/src/app/utilities/project-link/ProjectLinkComponent.ts index 35c5b2c..1ee079c 100644 --- a/src/app/utilities/project-link/ProjectLinkComponent.ts +++ b/src/app/utilities/project-link/ProjectLinkComponent.ts @@ -62,13 +62,13 @@ export class ProjectLinkComponent implements OnInit { } public ngOnInit(): void { - this.selectedProject = localStorage.getItem('project'); + this.selectedProject = sessionStorage.getItem('project'); this.getAdminProjects(); } /** Get the admin projects to be selectable @public */ public getAdminProjects(): void { - const username: string = localStorage.getItem('username'); + const username: string = sessionStorage.getItem('username'); this.restService.getResource(environment.USERS_URL + '/' + username).subscribe((projects: UserDetail) => { this.projectList = projects.project_role_mappings; this.isPresent = this.projectList.some((item: ProjectData) => item.project === this.value.project); diff --git a/src/app/utilities/switch-project/SwitchProjectComponent.ts b/src/app/utilities/switch-project/SwitchProjectComponent.ts index dffb63a..8555146 100644 --- a/src/app/utilities/switch-project/SwitchProjectComponent.ts +++ b/src/app/utilities/switch-project/SwitchProjectComponent.ts @@ -124,12 +124,12 @@ export class SwitchProjectComponent implements OnInit { }; this.restService.postResource(apiURLHeader, payLoad).subscribe((data: LOCALSTORAGE) => { if (data) { - localStorage.setItem('id_token', data.id); - localStorage.setItem('project_id', this.params.projectID); - localStorage.setItem('expires', data.expires.toString()); - localStorage.setItem('username', data.username); - localStorage.setItem('project', data.project_name); - localStorage.setItem('token_state', data.id); + sessionStorage.setItem('id_token', data.id); + sessionStorage.setItem('project_id', this.params.projectID); + sessionStorage.setItem('expires', data.expires.toString()); + sessionStorage.setItem('username', data.username); + sessionStorage.setItem('project', data.project_name); + sessionStorage.setItem('token_state', data.id); this.activeModal.close(); if (this.router.url.includes('history-operations')) { this.router.navigate(['/instances/ns']).then((): void => { diff --git a/src/services/AcessGuardService.ts b/src/services/AcessGuardService.ts index 42d36a5..1ee7f64 100644 --- a/src/services/AcessGuardService.ts +++ b/src/services/AcessGuardService.ts @@ -34,7 +34,7 @@ export class AcessGuardService implements CanLoad { */ public canLoad(route: Route): Observable | Promise | boolean { // Need to get the Role and valid here for authorization - if (localStorage.getItem('role') === 'Admin') { + if (sessionStorage.getItem('role') === 'Admin') { return true; } else { return false; diff --git a/src/services/AuthInterceptorService.ts b/src/services/AuthInterceptorService.ts index 8c5a9d7..9c17b56 100644 --- a/src/services/AuthInterceptorService.ts +++ b/src/services/AuthInterceptorService.ts @@ -68,7 +68,7 @@ export class AuthInterceptorService implements HttpInterceptor { public intercept(req: HttpRequest<{}>, next: HttpHandler): Observable | HttpUserEvent | any> { - const idToken: string = localStorage.getItem('id_token'); + const idToken: string = sessionStorage.getItem('id_token'); const excludedUrl: string[] = ['osm/admin/v1/tokens', 'assets/i18n/', 'osm/version']; if (excludedUrl.some((x: string): boolean => { return req.url.includes(x); })) { return next.handle(req); } if (idToken.length > 0) { diff --git a/src/services/AuthenticationService.ts b/src/services/AuthenticationService.ts index 0399c59..1d49da3 100644 --- a/src/services/AuthenticationService.ts +++ b/src/services/AuthenticationService.ts @@ -83,16 +83,16 @@ export class AuthenticationService { this.restService = this.injector.get(RestService); this.modalService = this.injector.get(NgbModal); this.idle = this.injector.get(Idle); - if (localStorage.getItem('username') !== null) { + if (sessionStorage.getItem('username') !== null) { this.loggedIn.next(true); this.changePassword.next(false); - } else if (localStorage.getItem('firstLogin') !== null) { + } else if (sessionStorage.getItem('firstLogin') !== null) { this.changePassword.next(true); this.loggedIn.next(false); } else { this.loggedIn.next(false); } - this.userName.next(localStorage.getItem('username')); + this.userName.next(sessionStorage.getItem('username')); this.redirectToPage(); } @@ -136,9 +136,9 @@ export class AuthenticationService { return this.restService.postResource(apiURLHeader, this.payLoad) .pipe(map((data: ProjectModel): BehaviorSubject => { if (data.message === 'change_password') { - localStorage.setItem('firstLogin', 'true'); - localStorage.setItem('id_token', data.id); - localStorage.setItem('user_id', data.user_id); + sessionStorage.setItem('firstLogin', 'true'); + sessionStorage.setItem('id_token', data.id); + sessionStorage.setItem('user_id', data.user_id); this.idle.watch(true); this.changePassword.next(true); this.loggedIn.next(false); @@ -174,27 +174,27 @@ export class AuthenticationService { /** set local storage on auth process @public */ public setLocalStorage(data: ProjectModel): void { - localStorage.setItem('id_token', data.id); - localStorage.setItem('expires', data.expires.toString()); - localStorage.setItem('username', data.username); - localStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false'); - localStorage.setItem('project_id', data.project_id); - localStorage.setItem('project', data.project_name); - localStorage.setItem('token_state', data.id); + sessionStorage.setItem('id_token', data.id); + sessionStorage.setItem('expires', data.expires.toString()); + sessionStorage.setItem('username', data.username); + sessionStorage.setItem('isAdmin', (data.admin) ? 'true' : 'false'); + sessionStorage.setItem('project_id', data.project_id); + sessionStorage.setItem('project', data.project_name); + sessionStorage.setItem('token_state', data.id); this.projectName$.next(data.project_name); } /** Destory tokens API response handling @public */ public logoutResponse(): void { this.loggedIn.next(false); this.changePassword.next(false); - const langCode: string = localStorage.getItem('languageCode'); - const redirecturl: string = isNullOrUndefined(localStorage.getItem('returnUrl')) ? '/' : localStorage.getItem('returnUrl'); - const osmVersion: string = isNullOrUndefined(localStorage.getItem('osmVersion')) ? '' : localStorage.getItem('osmVersion'); - localStorage.clear(); - localStorage.setItem('languageCode', langCode); - localStorage.setItem('returnUrl', redirecturl); - localStorage.setItem('token_state', null); - localStorage.setItem('osmVersion', osmVersion); + const langCode: string = sessionStorage.getItem('languageCode'); + const redirecturl: string = isNullOrUndefined(sessionStorage.getItem('returnUrl')) ? '/' : sessionStorage.getItem('returnUrl'); + const osmVersion: string = isNullOrUndefined(sessionStorage.getItem('osmVersion')) ? '' : sessionStorage.getItem('osmVersion'); + sessionStorage.clear(); + sessionStorage.setItem('languageCode', langCode); + sessionStorage.setItem('returnUrl', redirecturl); + sessionStorage.setItem('token_state', null); + sessionStorage.setItem('osmVersion', osmVersion); this.idle.stop(); this.router.navigate(['login']).catch(); } @@ -203,13 +203,13 @@ export class AuthenticationService { */ public logout(): void { this.returnUrl = this.router.url; - localStorage.setItem('returnUrl', this.returnUrl); + sessionStorage.setItem('returnUrl', this.returnUrl); this.modalService.dismissAll(); this.destoryToken(); } /** Destory tokens on logout @public */ public destoryToken(): void { - const tokenID: string = localStorage.getItem('id_token'); + const tokenID: string = sessionStorage.getItem('id_token'); if (tokenID !== null) { const deletingURl: string = environment.GENERATETOKEN_URL + '/' + tokenID; this.restService.deleteResource(deletingURl).subscribe((res: {}): void => { @@ -222,9 +222,9 @@ export class AuthenticationService { /** Return to previous page deny access to changepassword */ public redirectToPage(): void { - if (window.location.pathname === '/changepassword' && localStorage.getItem('username') !== null) { + if (window.location.pathname === '/changepassword' && sessionStorage.getItem('username') !== null) { window.history.back(); - } else if (window.location.pathname === '/' && localStorage.getItem('firstLogin') === 'true') { + } else if (window.location.pathname === '/' && sessionStorage.getItem('firstLogin') === 'true') { this.router.navigate(['/login']).catch(); } } diff --git a/src/services/ProjectService.ts b/src/services/ProjectService.ts index c22f33a..0473e6b 100644 --- a/src/services/ProjectService.ts +++ b/src/services/ProjectService.ts @@ -77,13 +77,13 @@ export class ProjectService { /** Get current project details from local storage @public */ public getCurrentProjectDetails(): Observable<{}> { - const project: string = localStorage.getItem('project_id'); + const project: string = sessionStorage.getItem('project_id'); return this.restService.getResource(environment.PROJECTS_URL + '/' + project); } /** Returns all the projects for a particular users @public */ public getUserProjects(): Observable<{}> { - const username: string = localStorage.getItem('username'); + const username: string = sessionStorage.getItem('username'); return this.restService.getResource(environment.USERS_URL + '/' + username); } @@ -92,8 +92,8 @@ export class ProjectService { this.getUserProjects().subscribe((projects: UserDetail) => { const projectList: {}[] = projects.project_role_mappings; projectList.filter((list: ProjectModel) => { - if (list.project === localStorage.getItem('project_id')) { - localStorage.setItem('project', list.project_name); + if (list.project === sessionStorage.getItem('project_id')) { + sessionStorage.setItem('project', list.project_name); this.authService.projectName$.next(list.project_name); } }); @@ -107,7 +107,7 @@ export class ProjectService { /** Toggle projects on selection @public */ public switchProjectModal(list: ProjectData): void { - const username: string = localStorage.getItem('username'); + const username: string = sessionStorage.getItem('username'); this.modalService.open(SwitchProjectComponent, { backdrop: 'static' }) .componentInstance.params = { projectID: list.project, username }; }