Fix static list constant vulnerability

logo-group · Dec 26, 2018 · d24906b · d24906b
1 parent eb2ac53
commit d24906b
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/src/main/java/com/lbs/tedam/data/service/impl/FormFieldServiceImpl.java b/src/main/java/com/lbs/tedam/data/service/impl/FormFieldServiceImpl.java
@@ -202,7 +202,7 @@ private void addFieldsToDefinition(NodeList nodes, FormDefinition formDefinition
 		for (int i = 0; i < nodes.getLength(); i++) {
 			String tempType = nodes.item(i).getAttributes().getNamedItem(Constants.SNAPSHOT_CONTROL_ATTRIBUTES_TYPE).getNodeValue();
 			// ms_UnpermittedComponentList array ignore type control in array.
-			if (Constants.unpermittedComponentList.contains(tempType)) {
+			if (Constants.getUnpermittedcomponentlist().contains(tempType)) {
 				continue;
 			}
 
@@ -252,7 +252,7 @@ private List<FormField> getIncomingControlFieldList(FormDefinition formDefinitio
 			String tempType = nodes.item(i).getAttributes().getNamedItem(Constants.SNAPSHOT_CONTROL_ATTRIBUTES_TYPE).getNodeValue();
 			// Fields written in the ms_UnpermittedComponentList array should be ignored.
 			// Do not care if it is not Leaf.
-			if (Constants.unpermittedComponentList.contains(tempType) || nodes.item(i).hasChildNodes()) {
+			if (Constants.getUnpermittedcomponentlist().contains(tempType) || nodes.item(i).hasChildNodes()) {
 				continue;
 			}
 			incomingFieldList.add(fillAndGetFormFieldsWithAttributes(formDefinition, nodes.item(i).getAttributes()));

diff --git a/src/main/java/com/lbs/tedam/util/Constants.java b/src/main/java/com/lbs/tedam/util/Constants.java
@@ -156,7 +156,7 @@ public final class Constants {
 	public static final String COMBO_CONTROLTYPE_TREEGRID = "7";
 	public static final String COMBO_CONTROLTYPE_FILTERGRID = "11";
 	public static final String COMBO_CONTROLTYPE_LABEL = "101";
-	public static final List<String> unpermittedComponentList = Arrays.asList(Constants.COMBO_CONTROLTYPE_LABEL);
+	private static final List<String> unpermittedComponentList = Arrays.asList(Constants.COMBO_CONTROLTYPE_LABEL);
 	public static final String COMBO_CONTROLTYPE_TEXTEDIT = "102";
 	public static final String COMBO_CONTROLTYPE_DATEEDIT = "104";
 	public static final String COMBO_CONTROLTYPE_COMBOBOX = "106";
@@ -577,4 +577,8 @@ public final class Constants {
 	private Constants() {
 	}
 
+	public static List<String> getUnpermittedcomponentlist() {
+		return unpermittedComponentList;
+	}
+
 }