Resolve several critical vulnerabilities.
This commit is contained in:
Paulo Gustavo Veiga
@@ -24,8 +24,10 @@ import com.wisemapping.model.User;
|
||||
import com.wisemapping.security.Utils;
|
||||
import com.wisemapping.service.LockManager;
|
||||
import com.wisemapping.service.MindmapService;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.context.support.WebApplicationContextUtils;
|
||||
|
||||
@@ -34,7 +36,7 @@ import javax.servlet.http.HttpSessionEvent;
|
||||
import javax.servlet.http.HttpSessionListener;
|
||||
|
||||
public class UnlockOnExpireListener implements HttpSessionListener {
|
||||
private static final Logger logger = Logger.getLogger(UnlockOnExpireListener.class);
|
||||
private static final Logger logger = LogManager.getLogger();
|
||||
|
||||
@Override
|
||||
public void sessionCreated(@NotNull HttpSessionEvent event) {
|
||||
|
||||
@@ -24,7 +24,8 @@ import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.model.User;
|
||||
import com.wisemapping.rest.model.RestLogItem;
|
||||
import org.apache.commons.lang.StringEscapeUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -42,7 +43,7 @@ import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
final public class NotificationService {
|
||||
final private static Logger logger = Logger.getLogger(Mailer.class);
|
||||
final private static Logger logger = LogManager.getLogger();
|
||||
private ResourceBundleMessageSource messageSource;
|
||||
|
||||
@Autowired
|
||||
|
||||
@@ -24,14 +24,11 @@ import com.wisemapping.model.Collaboration;
|
||||
import com.wisemapping.model.Label;
|
||||
import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.model.User;
|
||||
import com.wisemapping.rest.model.RestLogItem;
|
||||
import com.wisemapping.rest.model.RestUser;
|
||||
import com.wisemapping.security.Utils;
|
||||
import com.wisemapping.service.LabelService;
|
||||
import com.wisemapping.service.MindmapService;
|
||||
import com.wisemapping.service.UserService;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@@ -41,7 +38,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.List;
|
||||
|
||||
@Controller
|
||||
|
||||
@@ -24,7 +24,8 @@ import com.wisemapping.model.User;
|
||||
import com.wisemapping.rest.model.RestErrors;
|
||||
import com.wisemapping.security.Utils;
|
||||
import com.wisemapping.service.RegistrationException;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
@@ -42,7 +43,7 @@ import java.util.Locale;
|
||||
|
||||
public class BaseController {
|
||||
|
||||
final private Logger logger = Logger.getLogger(BaseController.class);
|
||||
final private Logger logger = LogManager.getLogger();
|
||||
|
||||
@Qualifier("messageSource")
|
||||
@Autowired
|
||||
|
||||
@@ -25,7 +25,8 @@ import com.wisemapping.security.Utils;
|
||||
import com.wisemapping.service.*;
|
||||
import com.wisemapping.validator.MapInfoValidator;
|
||||
import org.apache.commons.validator.routines.EmailValidator;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
@@ -46,7 +47,7 @@ import java.util.stream.Collectors;
|
||||
|
||||
@Controller
|
||||
public class MindmapController extends BaseController {
|
||||
final Logger logger = Logger.getLogger(MindmapController.class);
|
||||
final Logger logger = LogManager.getLogger();
|
||||
|
||||
private static final String LATEST_HISTORY_REVISION = "latest";
|
||||
|
||||
|
||||
@@ -26,7 +26,8 @@ import com.wisemapping.rest.model.RestUserRegistration;
|
||||
import com.wisemapping.service.*;
|
||||
import com.wisemapping.validator.Messages;
|
||||
import com.wisemapping.validator.UserValidator;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
@@ -57,7 +58,7 @@ public class UserController extends BaseController {
|
||||
@Value("${accounts.exclusion.domain:''}")
|
||||
private String domainBanExclusion;
|
||||
|
||||
private static final Logger logger = Logger.getLogger(UserController.class);
|
||||
private static final Logger logger = LogManager.getLogger();
|
||||
private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP";
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, value = "/users", produces = {"application/json"})
|
||||
|
||||
@@ -18,7 +18,9 @@
|
||||
|
||||
package com.wisemapping.security;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
||||
import org.springframework.security.crypto.codec.Base64;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.security.crypto.codec.Utf8;
|
||||
@@ -29,7 +31,7 @@ import java.security.NoSuchAlgorithmException;
|
||||
|
||||
|
||||
public class LegacyPasswordEncoder implements PasswordEncoder {
|
||||
final private static Logger logger = Logger.getLogger(LegacyPasswordEncoder.class);
|
||||
final private static Logger logger = LogManager.getLogger();
|
||||
|
||||
public static final String ENC_PREFIX = "ENC:";
|
||||
private final ShaPasswordEncoder sha1Encoder = new ShaPasswordEncoder();
|
||||
|
||||
@@ -23,18 +23,21 @@ import com.wisemapping.exceptions.LockException;
|
||||
import com.wisemapping.model.CollaborationRole;
|
||||
import com.wisemapping.model.Mindmap;
|
||||
import com.wisemapping.model.User;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.Timer;
|
||||
import java.util.TimerTask;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
class LockManagerImpl implements LockManager {
|
||||
private static final int ONE_MINUTE_MILLISECONDS = 1000 * 60;
|
||||
private final Map<Integer, LockInfo> lockInfoByMapId;
|
||||
private final static Timer expirationTimer = new Timer();
|
||||
final private static Logger logger = Logger.getLogger(LockManagerImpl.class);
|
||||
final private static Logger logger = LogManager.getLogger();
|
||||
|
||||
@Override
|
||||
public boolean isLocked(@NotNull Mindmap mindmap) {
|
||||
|
||||
@@ -17,13 +17,15 @@
|
||||
*/
|
||||
package com.wisemapping.service;
|
||||
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.wisemapping.validator.Messages;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.http.NameValuePair;
|
||||
import org.apache.http.client.fluent.Form;
|
||||
import org.apache.http.client.fluent.Request;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
@@ -35,7 +37,7 @@ import java.util.Map;
|
||||
|
||||
public class RecaptchaService {
|
||||
|
||||
final private static Logger logger = Logger.getLogger(RecaptchaService.class);
|
||||
final private static Logger logger = LogManager.getLogger();
|
||||
final private static String GOOGLE_RECAPTCHA_VERIFY_URL =
|
||||
"https://www.google.com/recaptcha/api/siteverify";
|
||||
|
||||
|
||||
Reference in New Issue
Block a user