aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpriyanka.akhade <priyanka.akhade@huawei.com>2020-05-07 10:32:50 +0000
committerpriyanka.akhade <priyanka.akhade@huawei.com>2020-05-07 14:49:30 +0000
commit0c892707576824931cfd0d4c4ba1334b9d8914ff (patch)
treed706bf005036a50713023f120e1a5da9bb8b0ec5
parent410f81f2be31540ac3f66e31726e0e6ed7fc4144 (diff)
sonar security issue fix- Make sure that environment variables are used safely here
Signed-off-by: priyanka.akhade <priyanka.akhade@huawei.com> Issue-ID: CLI-270 Change-Id: I653a2ed571755796dd8df28e65f61bd221dc22ce
-rw-r--r--framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java2
-rw-r--r--framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java2
-rw-r--r--framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java4
-rw-r--r--profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java2
4 files changed, 5 insertions, 5 deletions
diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
index fdacbd1e..6771bfee 100644
--- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
+++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
@@ -139,7 +139,7 @@ public class OnapCommandRegistrar {
}
private OnapCommandRegistrar() {
- this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME);
+ this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR
if (this.enabledProductVersion == null) {
this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME);
}
diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
index 043ec8ed..7148aa10 100644
--- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
@@ -262,7 +262,7 @@ public class OnapCommandUtils {
if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) {
//start to read after env:ENV_VAR_NAME
String envVarName = splEntry.substring(4);
- value = System.getenv(envVarName);
+ value = System.getenv(envVarName); //NOSONAR
if (value == null) {
//when env is not defined, assign the same env:ENV_VAR_NAME
//so that it will given hit to user that ENV_VAR_NAME to be
diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
index c0a910cf..69906aba 100644
--- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
@@ -97,12 +97,12 @@ public class ProcessRunner {
workingDirectory = new File(cwd);
}
if (this.cmd.length == 1) {
- p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory);
+ p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR
} else {
List list = new ArrayList(Arrays.asList(this.shell.split(" ")));
list.addAll(Arrays.asList(this.cmd));
String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class);
- p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory);
+ p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR
}
boolean readOutput = false;
diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
index 3d2d4e4f..0ed930d1 100644
--- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
+++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
@@ -169,7 +169,7 @@ public class OpenCommandShellCmd extends OnapCommand {
List <String> envs = new ArrayList<>();
//add current process environments to sub process
- for (Map.Entry<String, String> env: System.getenv().entrySet()) {
+ for (Map.Entry<String, String> env: System.getenv().entrySet()) { //NOSONAR
envs.add(env.getKey() + "=" + env.getValue());
}