diff options
author | Kanagaraj Manickam <kanagaraj.manickam@huawei.com> | 2020-05-11 04:46:07 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-05-11 04:46:07 +0000 |
commit | 0fa052c994c900ff809d5ff32d93752190e3ff5a (patch) | |
tree | eb78c482d5846bb7a24f4f5ad1257514bb1f32d1 | |
parent | 7f3a150c231da1dcff306ec1e74517416ff3c972 (diff) | |
parent | 81c3cbfc6ff60fc705d142a88a64654a75c010e0 (diff) |
Merge changes I81537658,I653a2ed5,I1aa94f93,I500b4755,I0c379ae2
* changes:
sonar security issue fix- Make sure that using a regular expression is safe here
sonar security issue fix- Make sure that environment variables are used safely here
sonar vulnerability issue fix- Do something with the "boolean" value returned by "delete"; Enable server certificate validation on this SSL/TLS connection
sonar bug fix- conditional operation returns the same value whether the condition is "true" or "false"
sonar bug fix- Use the "equals" method if value comparison was intended
14 files changed, 102 insertions, 15 deletions
diff --git a/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java b/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java index 29994d09..3e46c1bb 100644 --- a/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java +++ b/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java @@ -276,7 +276,7 @@ public abstract class OnapCommand { if (!param.getParameterType().equals(OnapCommandParameterType.BINARY)) continue; - if (param.getValue().toString().matches("artifact://*:*")) { + if (param.getValue().toString().matches("artifact://*:*")) { //NOSONAR String categoryAndName = param.getValue().toString().replaceFirst("artifact://", ""); String[] categoryAndNameTokens = categoryAndName.split(":"); Artifact a = OnapCommandArtifactStore.getStore().getArtifact(categoryAndNameTokens[1], categoryAndNameTokens[0]); diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java index fdacbd1e..6771bfee 100644 --- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java +++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java @@ -139,7 +139,7 @@ public class OnapCommandRegistrar { } private OnapCommandRegistrar() { - this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); + this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR if (this.enabledProductVersion == null) { this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME); } diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java index d43b51d8..7ffe05e1 100644 --- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java +++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java @@ -255,7 +255,9 @@ public class OnapCommandArtifactStore { if (!aFile.exists()) { throw new OnapCommandArtifactNotFound(name, category); } - aFile.delete(); + if(!aFile.delete()){ + log.error("Failed to delete the artifact " + aFile.getAbsolutePath()); + } } public Artifact updateArtifact(String name, String category, Artifact artifact) throws OnapCommandArtifactNotFound, OnapCommandArtifactContentNotExist, OnapCommandArtifactAlreadyExist { diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java index d09dfa50..a22eb084 100644 --- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java +++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java @@ -267,7 +267,9 @@ public class OnapCommandExecutionStore { else FileUtils.touch(new File(context.getStorePath() + File.separator + "failed")); - new File(context.getStorePath() + File.separator + "in-progress").delete(); + if(!new File(context.getStorePath() + File.separator + "in-progress").delete()){ + log.error("Failed to delete "+ context.getStorePath() + File.separator + "in-progress"); + } } catch (IOException e) { log.error("Failed to store the execution end details " + context.storePath); } diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java index 68d57c77..6455447e 100644 --- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java +++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java @@ -206,7 +206,9 @@ public class OnapCommandProfileStore { String dataDir = getDataStorePath(); File file = new File(dataDir + File.separator + profile + DATA_PATH_PROFILE_JSON); if (file.exists()) { - file.delete(); + if(!file.delete()){ + log.error("Failed to delete profile "+file.getAbsolutePath()); + } } } diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java index 043ec8ed..7148aa10 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java @@ -262,7 +262,7 @@ public class OnapCommandUtils { if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) { //start to read after env:ENV_VAR_NAME String envVarName = splEntry.substring(4); - value = System.getenv(envVarName); + value = System.getenv(envVarName); //NOSONAR if (value == null) { //when env is not defined, assign the same env:ENV_VAR_NAME //so that it will given hit to user that ENV_VAR_NAME to be diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java index c0a910cf..69906aba 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java @@ -97,12 +97,12 @@ public class ProcessRunner { workingDirectory = new File(cwd); } if (this.cmd.length == 1) { - p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); + p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR } else { List list = new ArrayList(Arrays.asList(this.shell.split(" "))); list.addAll(Arrays.asList(this.cmd)); String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class); - p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); + p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR } boolean readOutput = false; diff --git a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java index 639f6239..1907be20 100644 --- a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java +++ b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java @@ -27,6 +27,7 @@ import java.util.HashMap; import java.util.Map; import static org.junit.Assert.*; +import java.io.IOException; public class OnapCommandExecutionStoreTest { OnapCommandExecutionStore executionStore; @@ -60,6 +61,16 @@ public class OnapCommandExecutionStoreTest { executionStore.storeExectutionEnd(store, "abc", "abc", "abc", true); assertTrue(new File(System.getProperty("user.dir") + File.separator + "abc").exists()); } + @Test + public void storeExectutionEndDeleteTest() throws IOException { + new File("target/in-progress").createNewFile(); + OnapCommandExecutionStore.ExecutionStoreContext store = new OnapCommandExecutionStore.ExecutionStoreContext(); + store.setExecutionId("abc"); + store.setRequestId("abc"); + store.setStorePath("target/"); + executionStore.storeExectutionEnd(store, "abc", "abc", "abc", true); + assertFalse(new File("target" + File.separator + "in-progress").exists()); + } @Test public void storeExectutionProgressTest() { diff --git a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java index 3ffd45c0..1635b1b5 100644 --- a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java +++ b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java @@ -22,13 +22,13 @@ import org.onap.cli.fw.cmd.execution.OnapCommandExceutionListCommandTest; import org.onap.cli.fw.error.OnapCommandException; import org.onap.cli.fw.error.OnapCommandPersistProfileFailed; import org.onap.cli.fw.input.cache.OnapCommandParamEntity; -import org.onap.cli.fw.utils.FileUtil; import java.io.File; import java.util.ArrayList; import java.util.List; import static org.junit.Assert.*; +import java.io.IOException; public class OnapCommandProfileStoreTest { OnapCommandProfileStore onapCommandProfileStore; @@ -62,6 +62,12 @@ public class OnapCommandProfileStoreTest { onapCommandProfileStore.removeProfile("abc"); assertFalse(new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").exists()); } + @Test + public void removeProfileDeleteTest() throws IOException { + new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").createNewFile(); + onapCommandProfileStore.removeProfile("abc"); + assertFalse(new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").exists()); + } @Test public void addTest() { diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java index 3d2d4e4f..0ed930d1 100644 --- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java +++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java @@ -169,7 +169,7 @@ public class OpenCommandShellCmd extends OnapCommand { List <String> envs = new ArrayList<>(); //add current process environments to sub process - for (Map.Entry<String, String> env: System.getenv().entrySet()) { + for (Map.Entry<String, String> env: System.getenv().entrySet()) { //NOSONAR envs.add(env.getKey() + "=" + env.getValue()); } diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java index 182cd163..3533e92d 100644 --- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java +++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java @@ -91,12 +91,12 @@ public class OnapHttpConnection { } @Override - public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { //NOSONAR // No need to implement. } @Override - public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { //NOSONAR // No need to implement. } } @@ -363,7 +363,7 @@ public class OnapHttpConnection { return entityBuilder.build(); } else { - String fileTag = input.getMultipartEntityName() != "" ? input.getMultipartEntityName() : "file"; + String fileTag = (!input.getMultipartEntityName().isEmpty()) ? input.getMultipartEntityName() : "file"; File file = new File(input.getBody().trim()); HttpEntity multipartEntity = MultipartEntityBuilder .create() diff --git a/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java b/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java index f0115580..2860388b 100644 --- a/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java +++ b/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java @@ -156,6 +156,65 @@ public class OnapHttpConnectionTest { con.request(inp); } + @Test(expected = OnapCommandHttpFailure.class) + public void testGetMultipartEntityWithoutMultipartEntityName() throws OnapCommandHttpFailure { + new MockUp<CloseableHttpClient>() { + @Mock + public CloseableHttpResponse execute(HttpUriRequest request, HttpContext context) + throws IOException, ClientProtocolException { + + throw new IOException("IO Exception"); + } + }; + new MockUp<HttpInput>() { + + @Mock + public boolean isBinaryData() { + return true; + } + }; + Map<String, String> reqHeaders = new HashMap<>(); + reqHeaders.put("Content-Disposition","form-data"); + reqHeaders.put("name","upload"); + reqHeaders.put("filename","upload.txt"); + reqHeaders.put("Content-Type","application/octet-stream"); + reqHeaders.put("Content-Transfer-Encoding","binary"); + inp.setReqHeaders(reqHeaders); + inp.setMethod("post"); + con = new OnapHttpConnection(); + con.request(inp); + } + + @Test(expected = OnapCommandHttpFailure.class) + public void testGetMultipartEntityWithMultipartEntityName() throws OnapCommandHttpFailure { + new MockUp<CloseableHttpClient>() { + @Mock + public CloseableHttpResponse execute(HttpUriRequest request, HttpContext context) + throws IOException, ClientProtocolException { + + throw new IOException("IO Exception"); + } + }; + new MockUp<HttpInput>() { + + @Mock + public boolean isBinaryData() { + return true; + } + }; + Map<String, String> reqHeaders = new HashMap<>(); + reqHeaders.put("Content-Disposition","form-data"); + reqHeaders.put("name","upload"); + reqHeaders.put("filename","upload.txt"); + reqHeaders.put("Content-Type","application/octet-stream"); + reqHeaders.put("Content-Transfer-Encoding","binary"); + inp.setReqHeaders(reqHeaders); + inp.setMethod("post"); + inp.setMultipartEntityName("test"); + con = new OnapHttpConnection(); + con.request(inp); + } + @Test() public void httpUnSecuredCloseExceptionTest() throws OnapCommandHttpFailure { inp.setMethod("other"); diff --git a/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java b/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java index 37c51401..bc8f456e 100644 --- a/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java +++ b/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java @@ -61,8 +61,7 @@ public class SampleYamlGenerator { writer.write(" |\n"); nTab++; String[] lines = value.split("\n"); - long skipLines = debug ? 0 : 0; - Arrays.stream(lines).skip(skipLines ).forEach(line -> writer.write(printTabs() + line + "\n")); // NOSONAR + Arrays.stream(lines).forEach(line -> writer.write(printTabs() + line + "\n")); // NOSONAR } private static String printTabs() { diff --git a/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java b/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java index cd395833..dc99df02 100644 --- a/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java +++ b/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java @@ -28,5 +28,11 @@ public class SampleYamlGeneratorTest { SampleYamlGenerator.generateSampleYaml("testcmd", Arrays.asList("-a", "argument"), "+--------+\n+val +\n+argument+", "test-version-1.0", "target/test.yaml", false, "sample1"); } + @Test + public void testGenerateSampleYamlForWriteMultilineKeyValue() throws IOException { + SampleYamlGenerator.generateSampleYaml("testcmd-multiline", Arrays.asList("-a", "argument"), + "+--------+\n+testval1 +\n+argument1+\n+testval2 +\n+argument2+", "test-version-1.0", + "target/test-multiline.yaml", true, "sample1"); + } } |