From 410f81f2be31540ac3f66e31726e0e6ed7fc4144 Mon Sep 17 00:00:00 2001
From: "priyanka.akhade" <priyanka.akhade@huawei.com>
Date: Wed, 6 May 2020 10:41:12 +0000
Subject: sonar vulnerability issue fix- Do something with the "boolean" value
 returned by "delete"; Enable server certificate validation on this SSL/TLS
 connection

Signed-off-by: priyanka.akhade <priyanka.akhade@huawei.com>
Issue-ID: CLI-270
Change-Id: I1aa94f93bd71beeb0b6f6758be4b0687ea8536d2
---
 .../java/org/onap/cli/fw/store/OnapCommandArtifactStore.java  |  4 +++-
 .../java/org/onap/cli/fw/store/OnapCommandExecutionStore.java |  4 +++-
 .../java/org/onap/cli/fw/store/OnapCommandProfileStore.java   |  4 +++-
 .../org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java  | 11 +++++++++++
 .../org/onap/cli/fw/store/OnapCommandProfileStoreTest.java    |  8 +++++++-
 5 files changed, 27 insertions(+), 4 deletions(-)

(limited to 'framework/src')

diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java
index d43b51d8..7ffe05e1 100644
--- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java
+++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java
@@ -255,7 +255,9 @@ public class OnapCommandArtifactStore {
         if (!aFile.exists()) {
             throw new OnapCommandArtifactNotFound(name, category);
         }
-        aFile.delete();
+        if(!aFile.delete()){
+            log.error("Failed to delete the artifact " + aFile.getAbsolutePath());
+        }
     }
 
     public Artifact updateArtifact(String name, String category, Artifact artifact) throws OnapCommandArtifactNotFound, OnapCommandArtifactContentNotExist, OnapCommandArtifactAlreadyExist {
diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java
index d09dfa50..a22eb084 100644
--- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java
+++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java
@@ -267,7 +267,9 @@ public class OnapCommandExecutionStore {
             else
                 FileUtils.touch(new File(context.getStorePath() + File.separator + "failed"));
 
-            new File(context.getStorePath() + File.separator + "in-progress").delete();
+            if(!new File(context.getStorePath() + File.separator + "in-progress").delete()){
+                log.error("Failed to delete "+ context.getStorePath() + File.separator + "in-progress");
+            }
         } catch (IOException e) {
             log.error("Failed to store the execution end details " + context.storePath);
         }
diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java
index 68d57c77..6455447e 100644
--- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java
+++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandProfileStore.java
@@ -206,7 +206,9 @@ public class OnapCommandProfileStore {
          String dataDir = getDataStorePath();
          File file = new File(dataDir + File.separator + profile + DATA_PATH_PROFILE_JSON);
          if (file.exists()) {
-            file.delete();
+            if(!file.delete()){
+                log.error("Failed to delete profile "+file.getAbsolutePath());
+            }
          }
     }
 
diff --git a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java
index 639f6239..1907be20 100644
--- a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java
+++ b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandExecutionStoreTest.java
@@ -27,6 +27,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import static org.junit.Assert.*;
+import java.io.IOException;
 
 public class OnapCommandExecutionStoreTest {
     OnapCommandExecutionStore executionStore;
@@ -60,6 +61,16 @@ public class OnapCommandExecutionStoreTest {
         executionStore.storeExectutionEnd(store, "abc", "abc", "abc", true);
         assertTrue(new File(System.getProperty("user.dir") + File.separator + "abc").exists());
     }
+    @Test
+    public void storeExectutionEndDeleteTest() throws IOException {
+        new File("target/in-progress").createNewFile();
+        OnapCommandExecutionStore.ExecutionStoreContext store = new OnapCommandExecutionStore.ExecutionStoreContext();
+        store.setExecutionId("abc");
+        store.setRequestId("abc");
+        store.setStorePath("target/");
+        executionStore.storeExectutionEnd(store, "abc", "abc", "abc", true);
+        assertFalse(new File("target" + File.separator + "in-progress").exists());
+    }
 
     @Test
     public void storeExectutionProgressTest() {
diff --git a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java
index 3ffd45c0..1635b1b5 100644
--- a/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java
+++ b/framework/src/test/java/org/onap/cli/fw/store/OnapCommandProfileStoreTest.java
@@ -22,13 +22,13 @@ import org.onap.cli.fw.cmd.execution.OnapCommandExceutionListCommandTest;
 import org.onap.cli.fw.error.OnapCommandException;
 import org.onap.cli.fw.error.OnapCommandPersistProfileFailed;
 import org.onap.cli.fw.input.cache.OnapCommandParamEntity;
-import org.onap.cli.fw.utils.FileUtil;
 
 import java.io.File;
 import java.util.ArrayList;
 import java.util.List;
 
 import static org.junit.Assert.*;
+import java.io.IOException;
 
 public class OnapCommandProfileStoreTest {
     OnapCommandProfileStore onapCommandProfileStore;
@@ -62,6 +62,12 @@ public class OnapCommandProfileStoreTest {
         onapCommandProfileStore.removeProfile("abc");
         assertFalse(new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").exists());
     }
+    @Test
+    public void removeProfileDeleteTest() throws IOException {
+        new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").createNewFile();
+        onapCommandProfileStore.removeProfile("abc");
+        assertFalse(new File(System.getProperty("user.dir") + File.separator + "data/profiles/abc-profile.json").exists());
+    }
 
     @Test
     public void addTest() {
-- 
cgit 


From 0c892707576824931cfd0d4c4ba1334b9d8914ff Mon Sep 17 00:00:00 2001
From: "priyanka.akhade" <priyanka.akhade@huawei.com>
Date: Thu, 7 May 2020 10:32:50 +0000
Subject: sonar security issue fix- Make sure that environment variables are
 used safely here

Signed-off-by: priyanka.akhade <priyanka.akhade@huawei.com>
Issue-ID: CLI-270
Change-Id: I653a2ed571755796dd8df28e65f61bd221dc22ce
---
 .../src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java | 2 +-
 framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java   | 2 +-
 framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java      | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'framework/src')

diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
index fdacbd1e..6771bfee 100644
--- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
+++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
@@ -139,7 +139,7 @@ public class OnapCommandRegistrar {
     }
 
     private OnapCommandRegistrar() {
-        this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME);
+        this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR
         if (this.enabledProductVersion == null) {
             this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME);
         }
diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
index 043ec8ed..7148aa10 100644
--- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
@@ -262,7 +262,7 @@ public class OnapCommandUtils {
                     if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) {
                         //start to read after env:ENV_VAR_NAME
                         String envVarName = splEntry.substring(4);
-                        value = System.getenv(envVarName);
+                        value = System.getenv(envVarName); //NOSONAR
                         if (value == null) {
                             //when env is not defined, assign the same env:ENV_VAR_NAME
                             //so that it will given hit to user that ENV_VAR_NAME to be
diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
index c0a910cf..69906aba 100644
--- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
@@ -97,12 +97,12 @@ public class ProcessRunner {
            workingDirectory = new File(cwd);
         }
         if (this.cmd.length == 1) {
-            p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory);
+            p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR
         } else {
             List list = new ArrayList(Arrays.asList(this.shell.split(" ")));
             list.addAll(Arrays.asList(this.cmd));
             String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class);
-            p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory);
+            p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR
         }
 
         boolean readOutput = false;
-- 
cgit 


From 81c3cbfc6ff60fc705d142a88a64654a75c010e0 Mon Sep 17 00:00:00 2001
From: "priyanka.akhade" <priyanka.akhade@huawei.com>
Date: Mon, 11 May 2020 04:24:13 +0000
Subject: sonar security issue fix- Make sure that using a regular expression
 is safe here

Signed-off-by: priyanka.akhade <priyanka.akhade@huawei.com>
Issue-ID: CLI-270
Change-Id: I81537658a9bece901695bd5133e17efd7b3c3b92
---
 framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'framework/src')

diff --git a/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java b/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java
index 29994d09..3e46c1bb 100644
--- a/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java
+++ b/framework/src/main/java/org/onap/cli/fw/cmd/OnapCommand.java
@@ -276,7 +276,7 @@ public abstract class OnapCommand {
             if (!param.getParameterType().equals(OnapCommandParameterType.BINARY))
                 continue;
 
-            if (param.getValue().toString().matches("artifact://*:*")) {
+            if (param.getValue().toString().matches("artifact://*:*")) { //NOSONAR
                 String categoryAndName = param.getValue().toString().replaceFirst("artifact://", "");
                 String[] categoryAndNameTokens = categoryAndName.split(":");
                 Artifact a = OnapCommandArtifactStore.getStore().getArtifact(categoryAndNameTokens[1], categoryAndNameTokens[0]);
-- 
cgit