Fix(User): Fix XSS vulnerability for revoke token endpoint

Signed-off-by: hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
eclipse-sw360 · Nov 26, 2024 · 35c87f8 · 35c87f8
1 parent 41da935
commit 35c87f8
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/...ource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/user/UserController.java b/...ource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/user/UserController.java
@@ -23,7 +23,6 @@
 import lombok.extern.slf4j.Slf4j;
 
 import org.apache.commons.lang.RandomStringUtils;
-import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.thrift.TException;
 import org.eclipse.sw360.datahandler.common.CommonUtils;
 import org.eclipse.sw360.datahandler.common.SW360Constants;
@@ -368,7 +367,7 @@ public ResponseEntity<String> revokeUserRestApiToken(
         User sw360User = restControllerHelper.getSw360UserFromAuthentication();
 
         if (!userService.isTokenNameExisted(sw360User, tokenName)) {
-            return new ResponseEntity<>("Token not found: " + StringEscapeUtils.escapeHtml(tokenName), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>("Token not found", HttpStatus.NOT_FOUND);
         }
 
         sw360User.getRestApiTokens().removeIf(t -> t.getName().equals(tokenName));