Skip to content

Commit bd5fa84

Browse files
anujdevopslearnanujdevopslearn
committed
Fixed vulnerbility
1 parent ead3379 commit bd5fa84

3 files changed

Lines changed: 9 additions & 13 deletions

File tree

src/main/java/de/martinspielmann/wicket/pwnedpasswordsvalidator/PwnedPasswordsValidator.java

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,8 @@
22

33
import java.io.IOException;
44
import java.net.HttpURLConnection;
5-
import java.net.MalformedURLException;
65
import java.net.Proxy;
7-
import java.net.URL;
6+
import java.net.URI;
87
import java.nio.charset.StandardCharsets;
98
import java.security.MessageDigest;
109
import java.security.NoSuchAlgorithmException;
@@ -163,7 +162,7 @@ protected Status getResponseStatus(String pw) {
163162
}
164163
// if there were results, check if your pw hash was pwned
165164
String result = IOUtils.toString(c.getInputStream(), StandardCharsets.UTF_8);
166-
String lines[] = result.split("\\r?\\n");
165+
String[] lines = result.split("\\r?\\n");
167166
String hashSuffix = getHashSuffix(pw);
168167
for(String line : lines) {
169168
if(line.split(":")[0].equals(hashSuffix)) {
@@ -197,8 +196,8 @@ protected String getHashSuffix(String pw) throws NoSuchAlgorithmException {
197196
return sha1(pw).substring(5);
198197
}
199198

200-
protected URL getApiUrl(String pw) throws MalformedURLException, NoSuchAlgorithmException {
201-
return new URL(String.format(API_URL, getHashPrefix(pw)));
199+
protected URI getApiUrl(String pw) throws NoSuchAlgorithmException {
200+
return URI.create(String.format(API_URL, getHashPrefix(pw)));
202201
}
203202

204203
/**

src/test/java/de/martinspielmann/wicket/pwnedpasswordsvalidator/HomePage.java

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
package de.martinspielmann.wicket.pwnedpasswordsvalidator;
22

3+
import org.apache.wicket.markup.html.WebPage;
4+
import org.apache.wicket.markup.html.basic.Label;
35
import org.apache.wicket.markup.html.form.Form;
46
import org.apache.wicket.markup.html.form.PasswordTextField;
57
import org.apache.wicket.markup.html.panel.FeedbackPanel;
68
import org.apache.wicket.model.Model;
79
import org.apache.wicket.request.mapper.parameter.PageParameters;
8-
import org.apache.wicket.markup.html.basic.Label;
9-
import org.apache.wicket.markup.html.WebPage;
1010

1111
public class HomePage extends WebPage {
1212
private static final long serialVersionUID = 1L;
@@ -16,8 +16,6 @@ public HomePage(final PageParameters parameters) {
1616

1717
add(new Label("version", getApplication().getFrameworkSettings().getVersion()));
1818

19-
// TODO Add your page's components here
20-
2119
Form f = new Form("form");
2220
add(f);
2321
f.add(new FeedbackPanel("feedback"));

src/test/java/de/martinspielmann/wicket/pwnedpasswordsvalidator/PwnedPasswordsValidatorTest.java

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,9 @@
11
package de.martinspielmann.wicket.pwnedpasswordsvalidator;
22

33
import java.net.InetSocketAddress;
4-
import java.net.MalformedURLException;
54
import java.net.Proxy;
65
import java.net.SocketAddress;
7-
import java.net.URL;
6+
import java.net.URI;
87
import java.security.NoSuchAlgorithmException;
98
import java.util.UUID;
109
import java.util.concurrent.atomic.AtomicInteger;
@@ -191,9 +190,9 @@ public void getRateLimitExceededBehavior() {
191190
}
192191

193192
@Test
194-
public void getApiUrl() throws MalformedURLException, NoSuchAlgorithmException {
193+
public void getApiUrl() throws NoSuchAlgorithmException {
195194
PwnedPasswordsValidator v = new PwnedPasswordsValidator();
196-
URL u = new URL("https://api.pwnedpasswords.com/range/34873");
195+
URI u = URI.create("https://api.pwnedpasswords.com/range/34873");
197196
Assert.assertEquals(u, v.getApiUrl("secret123"));
198197
}
199198

0 commit comments

Comments
 (0)