From 19684879f5742847e2e903d6c039de7e13fab6e3 Mon Sep 17 00:00:00 2001 From: "priyanka.akhade" Date: Tue, 5 May 2020 08:47:19 +0000 Subject: sonar bug fix- Use the "equals" method if value comparison was intended Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I0c379ae2a6798303daf676c0e741aace48e673ca --- .../cli/fw/http/connect/OnapHttpConnection.java | 2 +- .../onap/cli/fw/http/OnapHttpConnectionTest.java | 59 ++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java index 182cd163..eae0113a 100644 --- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java +++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java @@ -363,7 +363,7 @@ public class OnapHttpConnection { return entityBuilder.build(); } else { - String fileTag = input.getMultipartEntityName() != "" ? input.getMultipartEntityName() : "file"; + String fileTag = (!input.getMultipartEntityName().isEmpty()) ? input.getMultipartEntityName() : "file"; File file = new File(input.getBody().trim()); HttpEntity multipartEntity = MultipartEntityBuilder .create() diff --git a/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java b/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java index f0115580..2860388b 100644 --- a/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java +++ b/profiles/http/src/test/java/org/onap/cli/fw/http/OnapHttpConnectionTest.java @@ -156,6 +156,65 @@ public class OnapHttpConnectionTest { con.request(inp); } + @Test(expected = OnapCommandHttpFailure.class) + public void testGetMultipartEntityWithoutMultipartEntityName() throws OnapCommandHttpFailure { + new MockUp() { + @Mock + public CloseableHttpResponse execute(HttpUriRequest request, HttpContext context) + throws IOException, ClientProtocolException { + + throw new IOException("IO Exception"); + } + }; + new MockUp() { + + @Mock + public boolean isBinaryData() { + return true; + } + }; + Map reqHeaders = new HashMap<>(); + reqHeaders.put("Content-Disposition","form-data"); + reqHeaders.put("name","upload"); + reqHeaders.put("filename","upload.txt"); + reqHeaders.put("Content-Type","application/octet-stream"); + reqHeaders.put("Content-Transfer-Encoding","binary"); + inp.setReqHeaders(reqHeaders); + inp.setMethod("post"); + con = new OnapHttpConnection(); + con.request(inp); + } + + @Test(expected = OnapCommandHttpFailure.class) + public void testGetMultipartEntityWithMultipartEntityName() throws OnapCommandHttpFailure { + new MockUp() { + @Mock + public CloseableHttpResponse execute(HttpUriRequest request, HttpContext context) + throws IOException, ClientProtocolException { + + throw new IOException("IO Exception"); + } + }; + new MockUp() { + + @Mock + public boolean isBinaryData() { + return true; + } + }; + Map reqHeaders = new HashMap<>(); + reqHeaders.put("Content-Disposition","form-data"); + reqHeaders.put("name","upload"); + reqHeaders.put("filename","upload.txt"); + reqHeaders.put("Content-Type","application/octet-stream"); + reqHeaders.put("Content-Transfer-Encoding","binary"); + inp.setReqHeaders(reqHeaders); + inp.setMethod("post"); + inp.setMultipartEntityName("test"); + con = new OnapHttpConnection(); + con.request(inp); + } + @Test() public void httpUnSecuredCloseExceptionTest() throws OnapCommandHttpFailure { inp.setMethod("other"); -- cgit 1.2.3-korg From 43daaf01499ac80d52187507e50f6ce7c5ce6026 Mon Sep 17 00:00:00 2001 From: "priyanka.akhade" Date: Tue, 5 May 2020 09:36:31 +0000 Subject: sonar bug fix- conditional operation returns the same value whether the condition is "true" or "false" Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I500b47559bba7b8cf366f70357041c4c516b8f90 --- .../src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java | 3 +-- .../test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java b/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java index 37c51401..bc8f456e 100644 --- a/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java +++ b/validate/sample-yaml-generator/src/main/java/org/onap/cli/sample/yaml/SampleYamlGenerator.java @@ -61,8 +61,7 @@ public class SampleYamlGenerator { writer.write(" |\n"); nTab++; String[] lines = value.split("\n"); - long skipLines = debug ? 0 : 0; - Arrays.stream(lines).skip(skipLines ).forEach(line -> writer.write(printTabs() + line + "\n")); // NOSONAR + Arrays.stream(lines).forEach(line -> writer.write(printTabs() + line + "\n")); // NOSONAR } private static String printTabs() { diff --git a/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java b/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java index cd395833..dc99df02 100644 --- a/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java +++ b/validate/sample-yaml-generator/src/test/java/org/onap/cli/sample/yaml/SampleYamlGeneratorTest.java @@ -28,5 +28,11 @@ public class SampleYamlGeneratorTest { SampleYamlGenerator.generateSampleYaml("testcmd", Arrays.asList("-a", "argument"), "+--------+\n+val +\n+argument+", "test-version-1.0", "target/test.yaml", false, "sample1"); } + @Test + public void testGenerateSampleYamlForWriteMultilineKeyValue() throws IOException { + SampleYamlGenerator.generateSampleYaml("testcmd-multiline", Arrays.asList("-a", "argument"), + "+--------+\n+testval1 +\n+argument1+\n+testval2 +\n+argument2+", "test-version-1.0", + "target/test-multiline.yaml", true, "sample1"); + } } -- cgit 1.2.3-korg From 410f81f2be31540ac3f66e31726e0e6ed7fc4144 Mon Sep 17 00:00:00 2001 From: "priyanka.akhade" Date: Wed, 6 May 2020 10:41:12 +0000 Subject: sonar vulnerability issue fix- Do something with the "boolean" value returned by "delete"; Enable server certificate validation on this SSL/TLS connection Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I1aa94f93bd71beeb0b6f6758be4b0687ea8536d2 --- .../java/org/onap/cli/fw/store/OnapCommandArtifactStore.java | 4 +++- .../java/org/onap/cli/fw/store/OnapCommandExecutionStore.java | 4 +++- .../java/org/onap/cli/fw/store/OnapCommandProfileStore.java | 4 +++- .../org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java | 11 +++++++++++ .../org/onap/cli/fw/store/OnapCommandProfileStoreTest.java | 8 +++++++- .../java/org/onap/cli/fw/http/connect/OnapHttpConnection.java | 4 ++-- 6 files changed, 29 insertions(+), 6 deletions(-) diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java index d43b51d8..7ffe05e1 100644 --- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java +++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java @@ -255,7 +255,9 @@ public class OnapCommandArtifactStore { if (!aFile.exists()) { throw new OnapCommandArtifactNotFound(name, category); } - aFile.delete(); + if(!aFile.delete()){ + log.error("Failed to delete the artifact " + aFile.getAbsolutePath()); + } } public Artifact updateArtifact(String name, String category, Artifact artifact) throws OnapCommandArtifactNotFound, OnapCommandArtifactContentNotExist, OnapCommandArtifactAlreadyExist { diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java index d09dfa50..a22eb084 100644 --- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java +++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java @@ -267,7 +267,9 @@ public class OnapCommandExecutionStore { else FileUtils.touch(new File(context.getStorePath() + File.separator + "failed")); - new File(context.getStorePath() + File.separator + "in-progress").delete(); + if(!new File(context.getStorePath() + File.separator + "in-progress").delete()){ + log.error("Failed to delete "+ context.getStorePath() + File.separator + "in-progress"); + } } catch (IOException e) { log.error("Failed to store the execution end details " + context.storePath); } diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java index 68d57c77..6455447e 100644 --- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java +++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java @@ -206,7 +206,9 @@ public class OnapCommandProfileStore { String dataDir = getDataStorePath(); File file = new File(dataDir + File.separator + profile + DATA_PATH_PROFILE_JSON); if (file.exists()) { - file.delete(); + if(!file.delete()){ + log.error("Failed to delete profile "+file.getAbsolutePath()); + } } } diff --git a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java index 639f6239..1907be20 100644 --- a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java +++ b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java @@ -27,6 +27,7 @@ import java.util.HashMap; import java.util.Map; import static org.junit.Assert.*; +import java.io.IOException; public class OnapCommandExecutionStoreTest { OnapCommandExecutionStore executionStore; @@ -60,6 +61,16 @@ public class OnapCommandExecutionStoreTest { executionStore.storeExectutionEnd(store, "abc", "abc", "abc", true); assertTrue(new File(System.getProperty("user.dir") + File.separator + "abc").exists()); } + @Test + public void storeExectutionEndDeleteTest() throws IOException { + new File("target/in-progress").createNewFile(); + OnapCommandExecutionStore.ExecutionStoreContext store = new OnapCommandExecutionStore.ExecutionStoreContext(); + store.setExecutionId("abc"); + store.setRequestId("abc"); + store.setStorePath("target/"); + executionStore.storeExectutionEnd(store, "abc", "abc", "abc", true); + assertFalse(new File("target" + File.separator + "in-progress").exists()); + } @Test public void storeExectutionProgressTest() { diff --git a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java index 3ffd45c0..1635b1b5 100644 --- a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java +++ b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java @@ -22,13 +22,13 @@ import org.onap.cli.fw.cmd.execution.OnapCommandExceutionListCommandTest; import org.onap.cli.fw.error.OnapCommandException; import org.onap.cli.fw.error.OnapCommandPersistProfileFailed; import org.onap.cli.fw.input.cache.OnapCommandParamEntity; -import org.onap.cli.fw.utils.FileUtil; import java.io.File; import java.util.ArrayList; import java.util.List; import static org.junit.Assert.*; +import java.io.IOException; public class OnapCommandProfileStoreTest { OnapCommandProfileStore onapCommandProfileStore; @@ -62,6 +62,12 @@ public class OnapCommandProfileStoreTest { onapCommandProfileStore.removeProfile("abc"); assertFalse(new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").exists()); } + @Test + public void removeProfileDeleteTest() throws IOException { + new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").createNewFile(); + onapCommandProfileStore.removeProfile("abc"); + assertFalse(new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").exists()); + } @Test public void addTest() { diff --git a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java index eae0113a..3533e92d 100644 --- a/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java +++ b/profiles/http/src/main/java/org/onap/cli/fw/http/connect/OnapHttpConnection.java @@ -91,12 +91,12 @@ public class OnapHttpConnection { } @Override - public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { //NOSONAR // No need to implement. } @Override - public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { //NOSONAR // No need to implement. } } -- cgit 1.2.3-korg From 0c892707576824931cfd0d4c4ba1334b9d8914ff Mon Sep 17 00:00:00 2001 From: "priyanka.akhade" Date: Thu, 7 May 2020 10:32:50 +0000 Subject: sonar security issue fix- Make sure that environment variables are used safely here Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I653a2ed571755796dd8df28e65f61bd221dc22ce --- .../src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java | 2 +- framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java | 2 +- framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java | 4 ++-- .../src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java index fdacbd1e..6771bfee 100644 --- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java +++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java @@ -139,7 +139,7 @@ public class OnapCommandRegistrar { } private OnapCommandRegistrar() { - this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); + this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR if (this.enabledProductVersion == null) { this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME); } diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java index 043ec8ed..7148aa10 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java @@ -262,7 +262,7 @@ public class OnapCommandUtils { if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) { //start to read after env:ENV_VAR_NAME String envVarName = splEntry.substring(4); - value = System.getenv(envVarName); + value = System.getenv(envVarName); //NOSONAR if (value == null) { //when env is not defined, assign the same env:ENV_VAR_NAME //so that it will given hit to user that ENV_VAR_NAME to be diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java index c0a910cf..69906aba 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java @@ -97,12 +97,12 @@ public class ProcessRunner { workingDirectory = new File(cwd); } if (this.cmd.length == 1) { - p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); + p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR } else { List list = new ArrayList(Arrays.asList(this.shell.split(" "))); list.addAll(Arrays.asList(this.cmd)); String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class); - p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); + p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR } boolean readOutput = false; diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java index 3d2d4e4f..0ed930d1 100644 --- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java +++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java @@ -169,7 +169,7 @@ public class OpenCommandShellCmd extends OnapCommand { List envs = new ArrayList<>(); //add current process environments to sub process - for (Map.Entry env: System.getenv().entrySet()) { + for (Map.Entry env: System.getenv().entrySet()) { //NOSONAR envs.add(env.getKey() + "=" + env.getValue()); } -- cgit 1.2.3-korg From 81c3cbfc6ff60fc705d142a88a64654a75c010e0 Mon Sep 17 00:00:00 2001 From: "priyanka.akhade" Date: Mon, 11 May 2020 04:24:13 +0000 Subject: sonar security issue fix- Make sure that using a regular expression is safe here Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I81537658a9bece901695bd5133e17efd7b3c3b92 --- framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java b/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java index 29994d09..3e46c1bb 100644 --- a/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java +++ b/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java @@ -276,7 +276,7 @@ public abstract class OnapCommand { if (!param.getParameterType().equals(OnapCommandParameterType.BINARY)) continue; - if (param.getValue().toString().matches("artifact://*:*")) { + if (param.getValue().toString().matches("artifact://*:*")) { //NOSONAR String categoryAndName = param.getValue().toString().replaceFirst("artifact://", ""); String[] categoryAndNameTokens = categoryAndName.split(":"); Artifact a = OnapCommandArtifactStore.getStore().getArtifact(categoryAndNameTokens[1], categoryAndNameTokens[0]); -- cgit 1.2.3-korg