diff --git a/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigHelper.java b/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigHelper.java index 92636ba629..19ea365425 100644 --- a/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigHelper.java +++ b/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigHelper.java @@ -18,7 +18,6 @@ package com.publicissapient.kpidashboard.apis.userboardconfig.service; import java.util.Collection; -import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Map; @@ -29,6 +28,7 @@ import java.util.stream.Stream; import org.apache.commons.collections4.CollectionUtils; +import org.owasp.encoder.Encode; import com.publicissapient.kpidashboard.apis.enums.UserBoardConfigEnum; import com.publicissapient.kpidashboard.common.model.application.KpiCategory; @@ -172,10 +172,11 @@ public static void applyProjectConfigToUserBoard(UserBoardConfigDTO userBoardCon .flatMap(config -> Stream.of(config.getScrum(), config.getKanban(), config.getOthers()) .flatMap(Collection::stream).flatMap(board -> board.getKpis().stream())) .filter(kpi -> !kpi.isShown()) - .collect(Collectors.toMap(BoardKpis::getKpiId, kpi -> false, (a, b) -> b)); + .collect(Collectors.toMap(BoardKpis::getKpiId, kpi -> false, (a, b) -> a && b)); - log.info("Disabled KPIs {} for user {} wrt selected projectIds {}", kpiWiseIsShownFlag, - userBoardConfig.getUsername(), sanitizeProjectIds(listOfRequestedProj.getBasicProjectConfigIds())); + log.debug("Applying project configuration: Disabled KPIs {} for user {} with selected project IDs {}", + kpiWiseIsShownFlag, userBoardConfig.getUsername(), + listOfRequestedProj.getBasicProjectConfigIds().stream().map(Encode::forJava).toList()); Stream.of(userBoardConfig.getScrum(), userBoardConfig.getKanban(), userBoardConfig.getOthers()) .flatMap(Collection::stream).forEach(boardDTO -> boardDTO.getKpis().forEach(boardKpis -> { @@ -184,17 +185,4 @@ public static void applyProjectConfigToUserBoard(UserBoardConfigDTO userBoardCon })); } - /** - * Sanitizes the Projects IDs for log injection prevention. - * - * @param projectIds - * the list of project IDs to sanitize - * @return a sanitized list of project IDs with newline and carriage return - * characters removed - */ - public static List sanitizeProjectIds(List projectIds) { - return projectIds == null ? Collections.emptyList() - : projectIds.stream().filter(Objects::nonNull).map(id -> id.replaceAll("[\\r\\n]", "")) - .collect(Collectors.toList()); - } } diff --git a/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigServiceImpl.java b/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigServiceImpl.java index 89ba97e237..6852f88ae1 100644 --- a/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigServiceImpl.java +++ b/customapi/src/main/java/com/publicissapient/kpidashboard/apis/userboardconfig/service/UserBoardConfigServiceImpl.java @@ -19,10 +19,8 @@ import static com.publicissapient.kpidashboard.apis.userboardconfig.service.UserBoardConfigHelper.checkCategories; import static com.publicissapient.kpidashboard.apis.userboardconfig.service.UserBoardConfigHelper.checkKPIAddOrRemoveForExistingUser; import static com.publicissapient.kpidashboard.apis.userboardconfig.service.UserBoardConfigHelper.checkKPISubCategory; -import static com.publicissapient.kpidashboard.apis.userboardconfig.service.UserBoardConfigHelper.sanitizeProjectIds; import java.util.ArrayList; -import java.util.Collections; import java.util.Comparator; import java.util.HashMap; import java.util.List; @@ -37,6 +35,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.tuple.Pair; +import org.owasp.encoder.Encode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -616,8 +615,7 @@ public ServiceResponse saveBoardConfig(UserBoardConfigDTO userBoardConfigDTO, Co boardConfig = userBoardConfigRepository.save(boardConfig); cacheService.clearCache(CommonConstant.CACHE_USER_BOARD_CONFIG); log.info("Successfully saved {} BoardConfig: {}", configLevel, - configLevel == ConfigLevel.PROJECT ? sanitizeProjectIds(Collections.singletonList(basicProjectConfigId)) - : loggedInUser); + configLevel == ConfigLevel.PROJECT ? Encode.forJava(basicProjectConfigId) : loggedInUser); return new ServiceResponse(true, "Successfully Saved board Configuration", userBoardConfigMapper.toDto(boardConfig)); } @@ -633,7 +631,7 @@ public void deleteUser(String userName) { log.info("UserBoardConfigServiceImpl::deleteUser start"); userBoardConfigRepository.deleteByUsername(userName); cacheService.clearCache(CommonConstant.CACHE_USER_BOARD_CONFIG); - log.info("{} deleted Successfully from user_board_config", userName.replaceAll("[^a-zA-Z0-9_-]", "")); + log.info("{} deleted Successfully from user_board_config", Encode.forJava(userName)); } /** @@ -646,7 +644,7 @@ public void deleteUser(String userName) { public void deleteProjectBoardConfig(String basicProjectConfigId) { userBoardConfigRepository.deleteByBasicProjectConfigId(basicProjectConfigId); cacheService.clearCache(CommonConstant.CACHE_USER_BOARD_CONFIG); - log.info("Successfully deleted project board config: {}", basicProjectConfigId); + log.info("Successfully deleted project board config: {}", Encode.forJava(basicProjectConfigId)); } /**