Merge pull request #14394 from dashevchenko/aiModelXss

Fixed XSS vulnarability for some entities
6 months ago · 5865e68bac
2 changed files with 4 additions and 0 deletions
--- a/common/data/src/main/java/org/thingsboard/server/common/data/ai/AiModel.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/ai/AiModel.java
@ -32,6 +32,7 @@ import org.thingsboard.server.common.data.id.AiModelId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.validation.Length;
 import org.thingsboard.server.common.data.validation.NoNullChar;
+import org.thingsboard.server.common.data.validation.NoXss;

 import java.io.Serial;

@ -64,6 +65,7 @@ public final class AiModel extends BaseData<AiModelId> implements HasTenantId, H
    @NotBlank
    @NoNullChar
    @Length(min = 1, max = 255)
+    @NoXss
    @Schema(
            requiredMode = Schema.RequiredMode.REQUIRED,
            accessMode = Schema.AccessMode.READ_WRITE,
--- a/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Client.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Client.java
@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.HasTenantId;
 import org.thingsboard.server.common.data.id.OAuth2ClientId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.validation.Length;
+import org.thingsboard.server.common.data.validation.NoXss;

 import java.util.List;

@ -42,6 +43,7 @@ public class OAuth2Client extends BaseDataWithAdditionalInfo<OAuth2ClientId> imp
    private TenantId tenantId;
    @Schema(description = "Oauth2 client title")
    @NotBlank
+    @NoXss
    @Length(fieldName = "title", max = 100, message = "cannot be longer than 100 chars")
    private String title;
    @Schema(description = "Config for mapping OAuth2 log in response to platform entities", requiredMode = Schema.RequiredMode.REQUIRED)