From 0bf80c915d8c4e7b2dabee463459d8198fdeacc6 Mon Sep 17 00:00:00 2001
From: sharath reddy <bs.reddy@huawei.com>
Date: Tue, 24 May 2022 10:34:53 +0530
Subject: Changed the code to not log user-controlled data.

Issue-ID: VNFSDK-834

Signed-off-by: sharath reddy <bs.reddy@huawei.com>
Change-Id: Ic4c1f0795750e9321c89db5170d86fa4166f41df
---
 .../main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java   | 9 ++++++++-
 .../java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java | 4 +++-
 .../src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java | 8 ++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java
index 5ee7c30b..bc7f3452 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java
@@ -23,7 +23,9 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.text.DecimalFormat;
 import java.util.Collection;
+import java.util.Objects;
 import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import com.google.gson.Gson;
@@ -73,11 +75,16 @@ public class ToolUtil {
      * @return String
      * @throws IOException e
      */
+    private static  String loggerPatternBreaking(String loggerInput) {
+        return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
+    }
     public static String storeChunkFileInLocal(String dirName, String fileName, InputStream uploadedInputStream)
             throws IOException {
         File tmpDir = new File(dirName);
         dirName = File.separator + dirName;
-        LOG.info("tmpdir = {}" , dirName);
+        if(LOG.isInfoEnabled()) {
+            LOG.info("tmpdir = {}" , loggerPatternBreaking(dirName));
+        }
         if(!tmpDir.exists()) {
             tmpDir.mkdirs();
         }
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
index 8afc2593..e0cad370 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
@@ -314,7 +314,9 @@ public class PackageWrapper {
         }
 
         String fileLocation = ToolUtil.storeChunkFileInLocal(localDirName, fileName, uploadedInputStream);
-        LOG.info("the fileLocation when upload package is :{}" , fileLocation);
+        if(LOG.isInfoEnabled()) {
+            LOG.info("the fileLocation when upload package is :{}", loggerPatternBreaking(fileLocation));
+        }
 
         uploadedInputStream.close();
 
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
index b6b2dbc0..915cd144 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
@@ -27,6 +27,7 @@ import java.util.Arrays;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.regex.Matcher;
 
 import javax.ws.rs.Consumes;
@@ -42,6 +43,7 @@ import javax.ws.rs.core.Response;
 
 import com.google.common.collect.Maps;
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.common.util.CollectionUtils;
 import org.eclipse.jetty.http.HttpStatus;
 import org.glassfish.jersey.media.multipart.BodyPartEntity;
@@ -126,6 +128,9 @@ public class VTPScenarioResource extends VTPResource{
 
         return list;
     }
+    private String loggerPatternBreaking(String loggerInput) {
+        return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
+    }
 
     @Path("/scenarios")
     @GET
@@ -416,6 +421,9 @@ public class VTPScenarioResource extends VTPResource{
         File scenarioDir = new File(VTP_YAML_STORE, scenario);
         List<File> yamls =  FileUtil.searchFiles(scenarioDir, CommonConstant.YAML_SUFFIX);
         if (!CollectionUtils.isEmpty(yamls)) {
+        if (LOG.isInfoEnabled()) {
+            LOG.error("The scenario yaml {} has sub testcase yamls, delete failed", loggerPatternBreaking(scenarioName));
+        }
             LOG.error("The scenario yaml {} has sub testcase yamls, delete failed", scenarioName);
             throw new VTPException(
                     new VTPError().setMessage(MessageFormat.format("The scenario yaml {0} has sub testcase yamls, delete failed !!!", scenarioName))
-- 
cgit 1.2.3-korg