diff options
author | Liard Samuel <samuel.liard@orange.com> | 2021-10-08 09:21:18 +0200 |
---|---|---|
committer | highstreetherbert <herbert.eiselt@highstreet-technologies.com> | 2021-11-19 11:25:38 +0100 |
commit | 6945b75aac0e6bc2bad6f824769b32842f06bc46 (patch) | |
tree | fb99e802250d9efd8ac5c75df85a76431bff3ba4 /lib/doorman/src/main | |
parent | 71031b0b238ee51affd8135fdd648d9a70a6970b (diff) |
Fix sonar Security Hotspots
Issue-ID: CCSDK-3491
Signed-off-by: sliard <samuel.liard@gmail.com>
Change-Id: I33787ccca2a8acd8085db6b2a915e8f2ac2511ec
Signed-off-by: Dan Timoney <dtimoney@att.com>
Signed-off-by: highstreetherbert <herbert.eiselt@highstreet-technologies.com>
Diffstat (limited to 'lib/doorman/src/main')
2 files changed, 25 insertions, 8 deletions
diff --git a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java index f04ea6259..e9a9ed6d2 100644 --- a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java +++ b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/dao/MessageDaoImpl.java @@ -66,19 +66,33 @@ public class MessageDaoImpl implements MessageDao { @Override public void updateMessageStarted(long messageId, Date timestamp) { - updateMessageStatus("started_timestamp", messageId, null, timestamp); + // duplicate code with updateMessageCompleted to avoid SQL injection issue for sonar + try (Connection con = dataSource.getConnection()) { + try { + con.setAutoCommit(false); + String sql = "UPDATE message SET started_timestamp = ? WHERE message_id = ?"; + try (PreparedStatement ps = con.prepareStatement(sql)) { + ps.setTimestamp(1, new Timestamp(timestamp.getTime())); + ps.setLong(2, messageId); + ps.executeUpdate(); + } + con.commit(); + } catch (SQLException ex) { + con.rollback(); + throw ex; + } + } catch (SQLException e) { + throw new RuntimeException("Error updating message status in DB: " + e.getMessage(), e); + } } @Override public void updateMessageCompleted(long messageId, String resolution, Date timestamp) { - updateMessageStatus("completed_timestamp", messageId, resolution, timestamp); - } - - private void updateMessageStatus(String timestampColumn, long messageId, String resolution, Date timestamp) { + // duplicate code with updateMessageStarted to avoid SQL injection issue for sonar try (Connection con = dataSource.getConnection()) { try { con.setAutoCommit(false); - String sql = "UPDATE message SET " + timestampColumn + " = ? WHERE message_id = ?"; + String sql = "UPDATE message SET completed_timestamp = ? WHERE message_id = ?"; try (PreparedStatement ps = con.prepareStatement(sql)) { ps.setTimestamp(1, new Timestamp(timestamp.getTime())); ps.setLong(2, messageId); @@ -92,6 +106,7 @@ public class MessageDaoImpl implements MessageDao { } catch (SQLException e) { throw new RuntimeException("Error updating message status in DB: " + e.getMessage(), e); } + } @Override diff --git a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java index 89f29b327..a07b3c4e7 100644 --- a/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java +++ b/lib/doorman/src/main/java/org/onap/ccsdk/features/lib/doorman/impl/MessageInterceptorImpl.java @@ -180,10 +180,12 @@ public class MessageInterceptorImpl implements MessageInterceptor { private Event waitForNewAction(int holdTime) { long startTime = System.currentTimeMillis(); long currentTime = startTime; - while (currentTime - startTime <= (holdTime + 1) * 1000) { + while (currentTime - startTime <= (holdTime + 1) * 1000L) { try { Thread.sleep(5000); - } catch (Exception e) { + } catch (InterruptedException e) { + log.info("Break sleep : " + e.getMessage()); + Thread.currentThread().interrupt(); } MessageAction nextAction = messageDao.getNextAction(message.getMessageId()); |