From e5231e1f3585144e1f8bfab9d62733b8a43c3f9d Mon Sep 17 00:00:00 2001 From: Conor Ward Date: Fri, 14 Sep 2018 06:55:06 +0000 Subject: Fix new sonar vulnerabilities Change-Id: I56258ef54bbe44ff1c172ab51d19f251adb7aaf4 Signed-off-by: Conor Ward Issue-ID: DMAAP-771 --- .../dmaap/datarouter/provisioning/InternalServlet.java | 18 +++++++++++++----- .../dmaap/datarouter/provisioning/ProxyServlet.java | 3 +-- .../onap/dmaap/datarouter/provisioning/beans/Feed.java | 5 +++-- .../dmaap/datarouter/provisioning/beans/Group.java | 9 +++++---- .../datarouter/provisioning/beans/Parameters.java | 6 +++--- 5 files changed, 25 insertions(+), 16 deletions(-) (limited to 'datarouter-prov') diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java index 61845cef..10aea782 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java @@ -245,8 +245,12 @@ public class InternalServlet extends ProxyServlet { } if (path.equals("/prov")) { if (isProxyOK(req) && isProxyServer()) { - if (super.doGetWithFallback(req, resp)) { - return; + try { + if (super.doGetWithFallback(req, resp)) { + return; + } + } catch (IOException ioe) { + intlogger.error("Error: " + ioe.getMessage()); } // fall back to returning the local data if the remote is unreachable intlogger.info("Active server unavailable; falling back to local copy."); @@ -469,9 +473,13 @@ public class InternalServlet extends ProxyServlet { } InputStream is = req.getInputStream(); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - int ch = 0; - while ((ch = is.read()) >= 0) { - bos.write(ch); + int ch; + try { + while ((ch = is.read()) >= 0) { + bos.write(ch); + } + } catch (IOException ioe) { + intlogger.error("Error: " + ioe.getMessage()); } RLEBitSet bs = new RLEBitSet(bos.toString()); // The set of records to retrieve elr.setResult(HttpServletResponse.SC_OK); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java index 8d6bfcf0..66a9d42b 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java @@ -109,8 +109,7 @@ public class ProxyServlet extends BaseServlet { try (FileInputStream instream = new FileInputStream(new File(store))) { ks.load(instream, pass.toCharArray()); } catch (FileNotFoundException fileNotFoundException) { - System.err.println("ProxyServlet: " + fileNotFoundException); - fileNotFoundException.printStackTrace(); + intlogger.error("ProxyServlet: " + fileNotFoundException.getMessage()); } catch (Exception x) { System.err.println("READING TRUSTSTORE: " + x); } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java index c08bce57..9c060d5e 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java @@ -72,8 +72,9 @@ public class Feed extends Syncable { try { DB db = new DB(); Connection conn = db.getConnection(); - try(Statement stmt = conn.createStatement()) { - try(ResultSet rs = stmt.executeQuery("select COUNT(*) from FEEDS where FEEDID = " + id)) { + try(PreparedStatement stmt = conn.prepareStatement("select COUNT(*) from FEEDS where FEEDID = ?")) { + stmt.setInt(1, id); + try(ResultSet rs = stmt.executeQuery()) { if (rs.next()) { count = rs.getInt(1); } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java index a460d647..91d6c1b4 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java @@ -133,14 +133,15 @@ public class Group extends Syncable { } public static Collection getGroupsByClassfication(String classfication) { - List list = new ArrayList(); - String sql = "select * from GROUPS where classification = '" + classfication + "'"; + List list = new ArrayList<>(); + String sql = "select * from GROUPS where classification = ?"; try { DB db = new DB(); @SuppressWarnings("resource") Connection conn = db.getConnection(); - try(Statement stmt = conn.createStatement()) { - try(ResultSet rs = stmt.executeQuery(sql)) { + try(PreparedStatement stmt = conn.prepareStatement(sql)) { + stmt.setString(1, classfication); + try(ResultSet rs = stmt.executeQuery()) { while (rs.next()) { int groupid = rs.getInt("groupid"); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java index 3e8c90b4..b2378218 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java @@ -118,9 +118,9 @@ public class Parameters extends Syncable { DB db = new DB(); @SuppressWarnings("resource") Connection conn = db.getConnection(); - try(Statement stmt = conn.createStatement()) { - String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'"; - try(ResultSet rs = stmt.executeQuery(sql)) { + try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) { + stmt.setString(1, k); + try(ResultSet rs = stmt.executeQuery()) { if (rs.next()) { v = new Parameters(rs); } -- cgit 1.2.3-korg