Fix sonar Security Hotspots

Issue-ID: CCSDK-3491 Signed-off-by: sliard <samuel.liard@gmail.com> Change-Id: I33787ccca2a8acd8085db6b2a915e8f2ac2511ec Signed-off-by: Dan Timoney <dtimoney@att.com> Signed-off-by: highstreetherbert <herbert.eiselt@highstreet-technologies.com>
author: Liard Samuel <samuel.liard@orange.com> 2021-10-08 09:21:18 +0200
committer: highstreetherbert <herbert.eiselt@highstreet-technologies.com> 2021-11-19 11:25:38 +0100
commit: 6945b75aac0e6bc2bad6f824769b32842f06bc46 (patch)
tree: fb99e802250d9efd8ac5c75df85a76431bff3ba4
parent: 71031b0b238ee51affd8135fdd648d9a70a6970b (diff)
10 files changed, 46 insertions, 25 deletions
diff --git a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java
index f04ea6259..e9a9ed6d2 100644
--- a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java
+++ b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java
@@ -66,19 +66,33 @@ public class MessageDaoImpl implements MessageDao {
 
     @Override
     public void updateMessageStarted(long messageId, Date timestamp) {
-        updateMessageStatus("started_timestamp", messageId, null, timestamp);
+        // duplicate code with updateMessageCompleted to avoid SQL injection issue for sonar
+        try (Connection con = dataSource.getConnection()) {
+            try {
+                con.setAutoCommit(false);
+                String sql = "UPDATE message SET started_timestamp = ? WHERE message_id = ?";
+                try (PreparedStatement ps = con.prepareStatement(sql)) {
+                    ps.setTimestamp(1, new Timestamp(timestamp.getTime()));
+                    ps.setLong(2, messageId);
+                    ps.executeUpdate();
+                }
+                con.commit();
+            } catch (SQLException ex) {
+                con.rollback();
+                throw ex;
+            }
+        } catch (SQLException e) {
+            throw new RuntimeException("Error updating message status in DB: " + e.getMessage(), e);
+        }
     }
 
     @Override
     public void updateMessageCompleted(long messageId, String resolution, Date timestamp) {
-        updateMessageStatus("completed_timestamp", messageId, resolution, timestamp);
-    }
-
-    private void updateMessageStatus(String timestampColumn, long messageId, String resolution, Date timestamp) {
+        // duplicate code with updateMessageStarted to avoid SQL injection issue for sonar
         try (Connection con = dataSource.getConnection()) {
             try {
                 con.setAutoCommit(false);
-                String sql = "UPDATE message SET " + timestampColumn + " = ? WHERE message_id = ?";
+                String sql = "UPDATE message SET completed_timestamp = ? WHERE message_id = ?";
                 try (PreparedStatement ps = con.prepareStatement(sql)) {
                     ps.setTimestamp(1, new Timestamp(timestamp.getTime()));
                     ps.setLong(2, messageId);
@@ -92,6 +106,7 @@ public class MessageDaoImpl implements MessageDao {
         } catch (SQLException e) {
             throw new RuntimeException("Error updating message status in DB: " + e.getMessage(), e);
         }
+
     }
 
     @Override
diff --git a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java
index 89f29b327..a07b3c4e7 100644
--- a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java
+++ b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java
@@ -180,10 +180,12 @@ public class MessageInterceptorImpl implements MessageInterceptor {
     private Event waitForNewAction(int holdTime) {
         long startTime = System.currentTimeMillis();
         long currentTime = startTime;
-        while (currentTime - startTime <= (holdTime + 1) * 1000) {
+        while (currentTime - startTime <= (holdTime + 1) * 1000L) {
             try {
                 Thread.sleep(5000);
-            } catch (Exception e) {
+            } catch (InterruptedException e) {
+                log.info("Break sleep : " + e.getMessage());
+                Thread.currentThread().interrupt();
             }
 
             MessageAction nextAction = messageDao.getNextAction(message.getMessageId());
diff --git a/lib/doorman/src/test/java/org/onap/ccsdk/features/lib/doorman/it/MessageQueueTest.java b/lib/doorman/src/test/java/org/onap/ccsdk/features/lib/doorman/it/MessageQueueTest.java
index b2f69dbcf..5fc06cb3c 100644
--- a/lib/doorman/src/test/java/org/onap/ccsdk/features/lib/doorman/it/MessageQueueTest.java
+++ b/lib/doorman/src/test/java/org/onap/ccsdk/features/lib/doorman/it/MessageQueueTest.java
@@ -104,6 +104,7 @@ public class MessageQueueTest {
                 try {
                     Thread.sleep(startTime);
                 } catch (InterruptedException e) {
+                    Thread.currentThread().interrupt();
                 }
 
                 MessageData r = interceptor.processRequest(request);
@@ -112,6 +113,7 @@ public class MessageQueueTest {
                     try {
                         Thread.sleep(processTime);
                     } catch (InterruptedException e) {
+                        Thread.currentThread().interrupt();
                     }
 
                     interceptor.processResponse(response);
@@ -158,6 +160,7 @@ public class MessageQueueTest {
             try {
                 Thread.sleep(processTime);
             } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
             }
         }
     }
diff --git a/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/api/NpmServiceManagerImpl.java b/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/api/NpmServiceManagerImpl.java
index 2cdef3537..9016579bc 100644
--- a/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/api/NpmServiceManagerImpl.java
+++ b/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/api/NpmServiceManagerImpl.java
@@ -415,7 +415,9 @@ public class NpmServiceManagerImpl implements NpmServiceManager {
         try {
             logger.trace("Initializing NPM Configurations from:({})", configFilePath);
             if (new File(configFilePath).exists()) {
-                npmConfigurations.load(new FileInputStream(configFilePath));
+                try (FileInputStream configInputStream = new FileInputStream(configFilePath)) {
+                    npmConfigurations.load(configInputStream);
+                }
             } else {
                 logger.warn("Config File:({}) not found, Initializing NPM with default configurations.", configFilePath);
                 configFilePath = "properties" + File.separator + NpmConstants.NPM_CONFIG_PROPERTIES_FILE_NAME;
diff --git a/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/utils/NpmUtils.java b/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/utils/NpmUtils.java
index 735d6d91f..8b74e318b 100644
--- a/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/utils/NpmUtils.java
+++ b/lib/network-prioritization/src/main/java/org/onap/ccsdk/features/lib/npm/utils/NpmUtils.java
@@ -61,7 +61,7 @@ public class NpmUtils {
             mapper.enable(SerializationFeature.INDENT_OUTPUT);
             return mapper.writerWithDefaultPrettyPrinter().writeValueAsString(instance);
         } catch (JsonProcessingException e) {
-            e.printStackTrace();
+            logger.warn(e.getMessage(), e);
         }
         return null;
     }
diff --git a/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/LockHelperImpl.java b/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/LockHelperImpl.java
index 63fe111df..a63b7d481 100644
--- a/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/LockHelperImpl.java
+++ b/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/LockHelperImpl.java
@@ -84,6 +84,7 @@ public class LockHelperImpl implements LockHelper {
                 try {
                     Thread.sleep(lockWait * 1000L);
                 } catch (InterruptedException ex) {
+                    Thread.currentThread().interrupt();
                 }
             }
         }
diff --git a/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/SynchronizedFunction.java b/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/SynchronizedFunction.java
index e92700055..419977890 100644
--- a/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/SynchronizedFunction.java
+++ b/lib/rlock/src/main/java/org/onap/ccsdk/features/lib/rlock/SynchronizedFunction.java
@@ -1,5 +1,6 @@
 package org.onap.ccsdk.features.lib.rlock;
 
+import java.security.SecureRandom;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
@@ -99,6 +100,7 @@ public abstract class SynchronizedFunction {
     }
 
     private static String generateLockRequester() {
-        return "SynchronizedFunction-" + (int) (Math.random() * 1000000);
+        SecureRandom random = new SecureRandom();
+        return "SynchronizedFunction-" + (random.nextInt() % 1000000);
     }
 }
diff --git a/lib/rlock/src/test/java/org/onap/ccsdk/features/lib/rlock/TestLockHelper.java b/lib/rlock/src/test/java/org/onap/ccsdk/features/lib/rlock/TestLockHelper.java
index cce377e2c..4f205d16d 100644
--- a/lib/rlock/src/test/java/org/onap/ccsdk/features/lib/rlock/TestLockHelper.java
+++ b/lib/rlock/src/test/java/org/onap/ccsdk/features/lib/rlock/TestLockHelper.java
@@ -42,6 +42,7 @@ public class TestLockHelper {
             try {
                 Thread.sleep(500);
             } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
                 log.warn("Thread interrupted: " + e.getMessage(), e);
             }
 
diff --git a/sdnr/northbound/addCMHandle/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/addCMHandle/AddCMHandleProvider.java b/sdnr/northbound/addCMHandle/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/addCMHandle/AddCMHandleProvider.java
index 1756615cb..0d9cc8f3f 100644
--- a/sdnr/northbound/addCMHandle/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/addCMHandle/AddCMHandleProvider.java
+++ b/sdnr/northbound/addCMHandle/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/addCMHandle/AddCMHandleProvider.java
@@ -146,20 +146,16 @@ public class AddCMHandleProvider implements CMHandleAPIService, NetconfNodeState
         // GET configuration from properties file
         config = new HashMap<String, String>();
 
-        try {
-            FileInputStream fileInput = new FileInputStream(propDir + PROPERTIES_FILE_NAME);
+        try (FileInputStream fileInput = new FileInputStream(propDir + PROPERTIES_FILE_NAME)) {
             Properties properties = new Properties();
             properties.load(fileInput);
-            fileInput.close();
 
             for (String param : new String[] {"url", "user", "password",
                     "authentication, dmi-service-name"}) {
                 config.put(param, properties.getProperty(param));
             }
-        } catch (FileNotFoundException e) {
-            e.printStackTrace();
         } catch (IOException e) {
-            e.printStackTrace();
+            LOG.error("Error while reading properties file: ", e);
         }
 
         LOG.info("addCMHandle Session Initiated");
@@ -167,7 +163,7 @@ public class AddCMHandleProvider implements CMHandleAPIService, NetconfNodeState
 
     @Override
     public void onCreated(NodeId nNodeId, NetconfNode netconfNode) {
-        LOG.info("NetConf device connected ", nNodeId.getValue());
+        LOG.info("NetConf device connected {}", nNodeId.getValue());
         JSONObject obj = new JSONObject();
         obj.put("cm-handle-id", nNodeId.getValue());
         obj.put("dmi-service-name", config.get("dmi-service-name"));
@@ -178,7 +174,7 @@ public class AddCMHandleProvider implements CMHandleAPIService, NetconfNodeState
         String authenticationMethod = config.get("authentication");
         ClientResponse response = null;
         try {
-            if (authenticationMethod.equals("basic")) {
+            if ("basic".equals(authenticationMethod)) {
                 LOG.debug("Sending message to dmaap-message-router: {}", obj.toString());
                 dmaapClient.addFilter(new HTTPBasicAuthFilter(config.get("user"), config.get("password")));
 
@@ -188,11 +184,11 @@ public class AddCMHandleProvider implements CMHandleAPIService, NetconfNodeState
                 response = dmaapClient.resource(config.get("url")).type(MediaType.APPLICATION_JSON)
                         .accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, obj);
             }
+            LOG.info("Received response from dmaap-message-router: \n {}", response.toString());
         } catch (Exception e) {
-            LOG.error("Error while posting message to CM_HANDLE topic: {}", e);
+            LOG.error("Error while posting message to CM_HANDLE topic: ", e);
         }
 
-        LOG.info("Received response from dmaap-message-router: \n {}", response.toString());
     }
 
     @Override
diff --git a/sdnr/northbound/energysavings/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/energysavings/EnergysavingsProvider.java b/sdnr/northbound/energysavings/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/energysavings/EnergysavingsProvider.java
index b580b53cf..afc22c9fb 100644
--- a/sdnr/northbound/energysavings/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/energysavings/EnergysavingsProvider.java
+++ b/sdnr/northbound/energysavings/provider/src/main/java/org/onap/ccsdk/features/sdnr/northbound/energysavings/EnergysavingsProvider.java
@@ -112,8 +112,7 @@ public class EnergysavingsProvider implements EnergysavingsService {
         HashMap<String, String> dmaapPolicyHttpParams = new HashMap<String, String>();
         HashMap<String, String> energySavingsServerHttpParams = new HashMap<String, String>();
 
-        try {
-            FileInputStream fileInput = new FileInputStream(propDir + PROPERTIES_FILE_NAME);
+        try (FileInputStream fileInput = new FileInputStream(propDir + PROPERTIES_FILE_NAME)) {
             Properties properties = new Properties();
             properties.load(fileInput);
             fileInput.close();
@@ -123,9 +122,9 @@ public class EnergysavingsProvider implements EnergysavingsService {
                 energySavingsServerHttpParams.put(param, properties.getProperty("energySavingsServer." + param));
             }
         } catch (FileNotFoundException e) {
-            e.printStackTrace();
+            LOG.error("Unexpected value for energy savings server authentication: ");
         } catch (IOException e) {
-            e.printStackTrace();
+            LOG.error("Unexpected value for energy savings server authentication: ");
         }
 
         // Create a web resource for the Energy Savings server
author	Liard Samuel <samuel.liard@orange.com>	2021-10-08 09:21:18 +0200
committer	highstreetherbert <herbert.eiselt@highstreet-technologies.com>	2021-11-19 11:25:38 +0100
commit	6945b75aac0e6bc2bad6f824769b32842f06bc46 (patch)
tree	fb99e802250d9efd8ac5c75df85a76431bff3ba4
parent	71031b0b238ee51affd8135fdd648d9a70a6970b (diff)