aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjhh <jorge.hernandez-herrero@att.com>2021-06-15 14:50:20 -0500
committerjhh <jorge.hernandez-herrero@att.com>2021-06-15 15:36:24 -0500
commitaf4398c19298f049079a178fe7f7db96da8cda8b (patch)
treec4b010f708da4c715db7a96ed28d094cf52b1a34
parent0945bc95ad1eb147c1ddf3d2069ad9a531838649 (diff)
filter logging input data per sonar security issue
Issue-ID: POLICY-3289 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Iad22a581a6bd98e7e210162d30ec7741972669d2
-rw-r--r--policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java17
-rw-r--r--policy-management/src/main/java/org/onap/policy/drools/server/restful/RestManager.java10
-rw-r--r--policy-utils/src/main/java/org/onap/policy/drools/utils/logging/LoggerUtil.java4
3 files changed, 19 insertions, 12 deletions
diff --git a/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java b/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java
index 810cb65b..3a50b9f7 100644
--- a/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java
+++ b/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java
@@ -232,7 +232,7 @@ class IndexedDroolsControllerFactory implements DroolsControllerFactory {
// 2. check if there is a custom decoder for this topic that the user prefers to use
// instead of the ones provided in the platform
- CustomGsonCoder customGsonCoder = getCustomCoder(properties, propertyTopicEntityPrefix);
+ var customGsonCoder = getCustomCoder(properties, propertyTopicEntityPrefix);
// 3. second the list of classes associated with each topic
@@ -247,9 +247,8 @@ class IndexedDroolsControllerFactory implements DroolsControllerFactory {
List<PotentialCoderFilter> classes2Filters =
getFilterExpressions(properties, propertyTopicEntityPrefix, eventClasses);
- TopicCoderFilterConfiguration topic2Classes2Filters =
- new TopicCoderFilterConfiguration(firstTopic, classes2Filters, customGsonCoder);
- topics2DecodedClasses2Filters.add(topic2Classes2Filters);
+ topics2DecodedClasses2Filters
+ .add(new TopicCoderFilterConfiguration(firstTopic, classes2Filters, customGsonCoder));
}
return topics2DecodedClasses2Filters;
@@ -257,7 +256,7 @@ class IndexedDroolsControllerFactory implements DroolsControllerFactory {
private String getPropertyTopicPrefix(Topic topic) {
boolean isSource = topic instanceof TopicSource;
- CommInfrastructure commInfra = topic.getTopicCommInfrastructure();
+ var commInfra = topic.getTopicCommInfrastructure();
if (commInfra == CommInfrastructure.UEB) {
if (isSource) {
return PolicyEndPointProperties.PROPERTY_UEB_SOURCE_TOPICS + ".";
@@ -310,8 +309,7 @@ class IndexedDroolsControllerFactory implements DroolsControllerFactory {
+ PolicyEndPointProperties.PROPERTY_TOPIC_EVENTS_SUFFIX
+ "." + theClass + PolicyEndPointProperties.PROPERTY_TOPIC_EVENTS_FILTER_SUFFIX);
- JsonProtocolFilter protocolFilter = new JsonProtocolFilter(filter);
- PotentialCoderFilter class2Filters = new PotentialCoderFilter(theClass, protocolFilter);
+ var class2Filters = new PotentialCoderFilter(theClass, new JsonProtocolFilter(filter));
classes2Filters.add(class2Filters);
}
@@ -404,10 +402,7 @@ class IndexedDroolsControllerFactory implements DroolsControllerFactory {
@Override
public String toString() {
- StringBuilder builder = new StringBuilder();
- builder.append("IndexedDroolsControllerFactory [#droolsControllers=").append(droolsControllers.size())
- .append("]");
- return builder.toString();
+ return "IndexedDroolsControllerFactory [#droolsControllers=" + droolsControllers.size() + "]";
}
}
diff --git a/policy-management/src/main/java/org/onap/policy/drools/server/restful/RestManager.java b/policy-management/src/main/java/org/onap/policy/drools/server/restful/RestManager.java
index 89a1c43c..5d08d386 100644
--- a/policy-management/src/main/java/org/onap/policy/drools/server/restful/RestManager.java
+++ b/policy-management/src/main/java/org/onap/policy/drools/server/restful/RestManager.java
@@ -2055,6 +2055,16 @@ public class RestManager {
String newLevel;
try {
+ if (!checkValidNameInput(loggerName)) {
+ return Response.status(Response.Status.NOT_ACCEPTABLE)
+ .entity(new Error("logger name: " + NOT_ACCEPTABLE_MSG))
+ .build();
+ }
+ if (!Pattern.matches("^[a-zA-Z]{3,5}$", loggerLevel)) {
+ return Response.status(Response.Status.NOT_ACCEPTABLE)
+ .entity(new Error("logger level: " + NOT_ACCEPTABLE_MSG))
+ .build();
+ }
newLevel = LoggerUtil.setLevel(loggerName, loggerLevel);
} catch (final IllegalArgumentException e) {
logger.warn("{}: invalid operation for logger {} and level {}", this, loggerName, loggerLevel, e);
diff --git a/policy-utils/src/main/java/org/onap/policy/drools/utils/logging/LoggerUtil.java b/policy-utils/src/main/java/org/onap/policy/drools/utils/logging/LoggerUtil.java
index 60867528..b5e60679 100644
--- a/policy-utils/src/main/java/org/onap/policy/drools/utils/logging/LoggerUtil.java
+++ b/policy-utils/src/main/java/org/onap/policy/drools/utils/logging/LoggerUtil.java
@@ -86,7 +86,9 @@ public class LoggerUtil {
throw new IllegalArgumentException("no logger " + loggerName);
}
- logger.setLevel(ch.qos.logback.classic.Level.toLevel(loggerLevel));
+ // use the current log level if the string provided cannot be converted to a valid Level.
+ logger.setLevel(ch.qos.logback.classic.Level.toLevel(loggerLevel, logger.getLevel()));
+
return logger.getLevel().toString();
}
}