dataset status needs to be updated to better handle potential security vulnerability

[jordanpadams]

🐛 Describe the bug

Per discussions on Slack #pdsen channel on 12/19, ds-status may not be sufficiently handling SQL Injection attempts.

📜 To Reproduce

See Slack discussion.

🕵️ Expected behavior

Cleans SQL injection attempt

[jordanpadams]

Status: Working through code

[c-suh]

Have implemented the changes but something broke the application and I'm trying to identify what exactly.

[c-suh]

Have the statement changes implemented and tested, and am verifying encoding.

[jimmie]

PR imminent

[c-suh]

PR created in internal JPL github and requested @jordanpadams as reviewer.

[jordanpadams]

added @nutjob4life @tloubrieu-jpl @anilnatha to the PR for review

[nutjob4life]

Approved over on enterprise

[c-suh]

Deployed to production! @jordanpadams and @tloubrieu-jpl, a note that the setup on one of the machines seemed to differ (newdsstatus versus dsstatus) and the application was 404, so I copied a conf file to connect the endpoint (I can provide details elsewhere). So, https://pds.nasa.gov/datasearch/ds-status/ is online! However, I thought Thomas had somehow disabled this. Is it still supposed to be disabled?

[jordanpadams]

@c-suh nope. I believe he just moved the WAR file from tomcat. Great stuff! And thanks to @nutjob4life for the PR review.

[nutjob4life]

Thanks! It's probably still a good idea to ask for an appscan of this. I left a link on enterprise github.

[c-suh]

SA ticket has been created to track appscan requests. Link is on enterprise github.