aboutsummaryrefslogtreecommitdiffstats
path: root/ncomp-utils-java
diff options
context:
space:
mode:
authorCarsten Lund <lund@research.att.com>2017-06-09 16:28:10 +0000
committerCarsten Lund <lund@research.att.com>2017-06-09 16:28:10 +0000
commit56cb73914fd05db40417a6219b5968c8eea8a0b6 (patch)
treece0e9cfac07b1d51a493e305ab54bdecf5c65c42 /ncomp-utils-java
parent03f9567726dfa0c6af315d88c316be9cb380d8ae (diff)
[DCAE-15] Final update for rebased code.
Change-Id: I51a54dfc3bf645684dd94e8eea9bc55313bea176 Signed-off-by: Carsten Lund <lund@research.att.com>
Diffstat (limited to 'ncomp-utils-java')
-rw-r--r--ncomp-utils-java/pom.xml63
-rw-r--r--ncomp-utils-java/src/main/java/org/json/HTTP.java2
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtils.java19
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java46
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/DiffUtilTest.java4
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/PropertyUtil.java10
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/SecurityUtils.java71
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EReader.java118
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java11
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/InetPrefix.java88
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/PersistedHashMap.java3
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ByteBufferUtils.java2
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/FileUtils.java83
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/IpUtils.java217
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/JsonUtils.java8
15 files changed, 206 insertions, 539 deletions
diff --git a/ncomp-utils-java/pom.xml b/ncomp-utils-java/pom.xml
index 595d692..94f65d0 100644
--- a/ncomp-utils-java/pom.xml
+++ b/ncomp-utils-java/pom.xml
@@ -10,6 +10,10 @@
+
+
+
+
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.target>1.7</maven.compiler.target>
@@ -30,8 +34,7 @@
-
-<build>
+ <build>
<plugins>
<plugin>
<groupId>org.sonatype.plugins</groupId>
@@ -114,6 +117,16 @@
<artifactId>snakeyaml</artifactId>
<version>1.15</version>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.5</version>
+ </dependency>
+ <dependency>
+ <groupId>com.mikesamuel</groupId>
+ <artifactId>json-sanitizer</artifactId>
+ <version>[1.0,)</version>
+ </dependency>
</dependencies>
@@ -131,28 +144,28 @@
<site>
<id>ecomp-site</id>
<url>${site.url}</url>
- </site>
- </distributionManagement>
-
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <version>2.10.4</version>
- <configuration>
- <failOnError>false</failOnError>
- <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet>
- <docletArtifact>
- <groupId>org.umlgraph</groupId>
- <artifactId>umlgraph</artifactId>
- <version>5.6</version>
- </docletArtifact>
- <additionalparam>-views</additionalparam>
- <useStandardDocletOptions>true</useStandardDocletOptions>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
+ </site>
+ </distributionManagement>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.10.4</version>
+ <configuration>
+ <failOnError>false</failOnError>
+ <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet>
+ <docletArtifact>
+ <groupId>org.umlgraph</groupId>
+ <artifactId>umlgraph</artifactId>
+ <version>5.6</version>
+ </docletArtifact>
+ <additionalparam>-views</additionalparam>
+ <useStandardDocletOptions>true</useStandardDocletOptions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
</project>
diff --git a/ncomp-utils-java/src/main/java/org/json/HTTP.java b/ncomp-utils-java/src/main/java/org/json/HTTP.java
index ef37d2d..d3f03f7 100644
--- a/ncomp-utils-java/src/main/java/org/json/HTTP.java
+++ b/ncomp-utils-java/src/main/java/org/json/HTTP.java
@@ -95,7 +95,7 @@ public class HTTP {
String t;
t = x.nextToken();
- if (t.toUpperCase().startsWith("HTTP")) {
+ if (t.length() > 3 && t.substring(0,4).equalsIgnoreCase("HTTP")) {
// Response
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtils.java
index df35eb9..034bc03 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtils.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtils.java
@@ -91,7 +91,7 @@ public class CryptoUtils {
public static InputStream getInputStream(final InputStream in, final EncryptionType type, final String key) {
final Cipher aes;
- logger.debug("crypto in stream:" + PropertyUtil.replaceForLogForcingProtection(type) + " " + PropertyUtil.replaceForLogForcingProtection(key));
+ logger.debug("crypto in stream:" + p(type) + " " + p(key));
try {
aes = Cipher.getInstance("AES/ECB/PKCS5Padding");
switch (type) {
@@ -109,6 +109,11 @@ public class CryptoUtils {
throw new RuntimeException("encryption failed:" + e);
}
}
+
+ private static String p(Object v) {
+ return SecurityUtils.logForcingProtection(v);
+ }
+
public static OutputStream getOutputStream(final OutputStream out, final EncryptionType type, final String key) {
final Cipher aes;
@@ -141,7 +146,7 @@ public class CryptoUtils {
ByteArrayOutputStream o = new ByteArrayOutputStream();
InputStream in = null;
try {
- in = new FileInputStream(FileUtils.safeFileName(fileName));
+ in = new FileInputStream(SecurityUtils.safeFileName(fileName));
FileUtils.copyStream(in, o);
} catch (IOException e) {
throw new RuntimeException("getKey failed:" + e);
@@ -167,8 +172,8 @@ public class CryptoUtils {
}
if (command.equals("file")) {
EncryptionType t = EncryptionType.valueOf(args[1].toUpperCase());
- InputStream in = new FileInputStream(FileUtils.safeFileName(args[2]));
- OutputStream out = new FileOutputStream(FileUtils.safeFileName(args[3]));
+ InputStream in = new FileInputStream(SecurityUtils.safeFileName(args[2]));
+ OutputStream out = new FileOutputStream(SecurityUtils.safeFileName(args[3]));
try {
in = getInputStream(in, t, args[4]);
FileUtils.copyStream(in, out);
@@ -195,7 +200,7 @@ public class CryptoUtils {
PrivateKey privateKey = keyPair.getPrivate();
FileOutputStream out = null;
try {
- out = new FileOutputStream(FileUtils.safeFileName(key + ".private"));
+ out = new FileOutputStream(SecurityUtils.safeFileName(key + ".private"));
out.write(encode64(privateKey.getEncoded()).getBytes());
} catch (Exception e) {
e.printStackTrace();
@@ -205,7 +210,7 @@ public class CryptoUtils {
out.close();
}
try {
- out = new FileOutputStream(FileUtils.safeFileName(key + ".public"));
+ out = new FileOutputStream(SecurityUtils.safeFileName(key + ".public"));
out.write(encode64(publicKey.getEncoded()).getBytes());
} catch (Exception e) {
e.printStackTrace();
@@ -244,7 +249,7 @@ public class CryptoUtils {
InputStream fis = null;
MessageDigest complete = null;
try {
- fis = new FileInputStream(FileUtils.safeFileName(filename));
+ fis = new FileInputStream(SecurityUtils.safeFileName(filename));
byte[] buffer = new byte[1024];
complete = MessageDigest.getInstance("MD5");
int numRead;
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
index a8d2021..fd4671a 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
@@ -68,23 +68,27 @@ public class CryptoUtilsTest extends TestCase {
digest.update("foobar".getBytes());
SecretKeySpec key1 = new SecretKeySpec(digest.digest(), 0, 16, "AES");
aes.init(Cipher.ENCRYPT_MODE, key1);
- InputStream in = new FileInputStream("test/Test.txt");
- in = new CipherInputStream(in, aes);
- FileOutputStream out = new FileOutputStream("test/Encrypted.txt");
+ InputStream in = null;
+ FileOutputStream out = null;
try {
- FileUtils.copyStream(in, out);
+ in = new FileInputStream("test/Test.txt");
+ CipherInputStream in2 = new CipherInputStream(in, aes);
+ out = new FileOutputStream("test/Encrypted.txt");
+ FileUtils.copyStream(in2, out);
} finally {
if (in != null)
in.close();
if (out != null)
out.close();
}
+ in = null;
+ out = null;
aes.init(Cipher.DECRYPT_MODE, key1);
- in = new FileInputStream("test/Encrypted.txt");
- in = new CipherInputStream(in, aes);
- out = new FileOutputStream("test/Decrypted.txt");
try {
- FileUtils.copyStream(in, out);
+ in = new FileInputStream("test/Encrypted.txt");
+ CipherInputStream in2 = new CipherInputStream(in, aes);
+ out = new FileOutputStream("test/Decrypted.txt");
+ FileUtils.copyStream(in2, out);
} finally {
if (in != null)
in.close();
@@ -95,25 +99,35 @@ public class CryptoUtilsTest extends TestCase {
}
@SuppressWarnings("resource")
public void test_streams_2() throws Exception {
- InputStream in = new FileInputStream("test/Test.txt");
- in = getInputStream(in, EncryptionType.ENCRYPT, k);
- FileOutputStream out = new FileOutputStream("test/Encrypted.txt");
+ InputStream in = null;
+ InputStream in2 = null;
+ FileOutputStream out = null;
try {
- FileUtils.copyStream(in, out);
+ in = new FileInputStream("test/Test.txt");
+ in2 = getInputStream(in, EncryptionType.ENCRYPT, k);
+ out = new FileOutputStream("test/Encrypted.txt");
+ FileUtils.copyStream(in2, out);
} finally {
if (in != null)
in.close();
+ if (in2 != null)
+ in2.close();
if (out != null)
out.close();
}
- in = new FileInputStream("test/Encrypted.txt");
- in = getInputStream(in, EncryptionType.DECRYPT, k);
- out = new FileOutputStream("test/Decrypted.txt");
+ in = null;
+ in2 = null;
+ out = null;
try {
- FileUtils.copyStream(in, out);
+ in = new FileInputStream("test/Encrypted.txt");
+ in2 = getInputStream(in, EncryptionType.DECRYPT, k);
+ out = new FileOutputStream("test/Decrypted.txt");
+ FileUtils.copyStream(in2, out);
} finally {
if (in != null)
in.close();
+ if (in2 != null)
+ in2.close();
if (out != null)
out.close();
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/DiffUtilTest.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/DiffUtilTest.java
index 9369372..d7f8187 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/DiffUtilTest.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/DiffUtilTest.java
@@ -149,12 +149,12 @@ public class DiffUtilTest extends TestCase {
assertEquals("editDist random 1000 0.01", d1,d2);
d2 = DiffUtil.editDistSimple(alist, blist);
assertEquals("editDistSimple random 1000 0.01", d1,d2);
- d1 = gentest(120, alist, blist, 1000, 0.1, 0.1, 0.1);
+ d1 = gentest(SecurityUtils.inSecureSeed(120), alist, blist, 1000, 0.1, 0.1, 0.1);
d2 = DiffUtil.editDistStats(alist, blist);
assertEquals("editDist random 1000 0.1", 265,d2);
d2 = DiffUtil.editDistSimple(alist, blist);
assertEquals("editDistSimple random 1000 0.1", 265,d2);
- d1 = gentest(130, alist, blist, 10000, 0.01, 0.01, 0.01);
+ d1 = gentest(SecurityUtils.inSecureSeed(130), alist, blist, 10000, 0.01, 0.01, 0.01);
d2 = DiffUtil.editDistStats(alist, blist);
assertEquals("editDist random 10000 0.01", 296, d2);
// d2 = DiffUtil.editDistSimple(alist, blist);
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/PropertyUtil.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/PropertyUtil.java
index 56710a3..c5e0bdd 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/PropertyUtil.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/PropertyUtil.java
@@ -70,19 +70,19 @@ public class PropertyUtil {
}
for (Object k : System.getProperties().keySet()) {
- Object v = props.get(k);
+ Object v = props.get(p(k));
if (v != null) {
- logger.info("Overwriting property from system property: " + replaceForLogForcingProtection(k) + " = " + replaceForLogForcingProtection(v));
+ logger.info("Overwriting property from system property: " + p(k) + " = " + p(v));
}
props.put(k, System.getProperties().get(k));
}
- String hostname = InetAddress.getLocalHost().getHostName();
+ String hostname = SecurityUtils.getHostName();
props.put("user.hostname", hostname);
return props;
}
- public static String replaceForLogForcingProtection(Object v) {
- return v.toString().replace("\n", "NEWLINE");
+ private static String p(Object v) {
+ return SecurityUtils.logForcingProtection(v);
}
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/SecurityUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/SecurityUtils.java
new file mode 100644
index 0000000..73fa377
--- /dev/null
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/SecurityUtils.java
@@ -0,0 +1,71 @@
+package org.openecomp.ncomp.utils;
+
+import java.io.File;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+
+public class SecurityUtils {
+ public static String whiteList(String str, List<String> l, String reason) {
+ if (l.contains(str)) {
+ return str;
+ }
+ throw new RuntimeException("String not trusted: " + str + " " + reason);
+ }
+ public static double inSecureRandom() {
+ return (Math.random()*100.0)/100;
+ }
+ public static long inSecureSeed(long seed) {
+ return seed;
+ }
+ public static String logForcingProtection(Object v) {
+ return v.toString().replace("\n", "NEWLINE");
+ }
+
+ public static File createSafeFile(File dir, String fname) {
+ String fname2 = dir.getAbsolutePath() + "/" + fname;
+ return new File(safeFileName(fname2));
+ }
+
+ public static String safeFileName(String file) {
+ // creating file with safer creation.
+ if (file.contains("../"))
+ throw new RuntimeException("File name contain ..: " + file);
+ if (file.contains("\n"))
+ throw new RuntimeException("File name contain newline: " + file);
+ return file;
+ }
+
+ public static File safeFile(File file) {
+ // creating file with safer creation.
+ if (file.getAbsolutePath().contains(".."))
+ throw new RuntimeException("File name contain ..: " + file.getAbsolutePath());
+ return file;
+ }
+ public static String getHostName() {
+ try {
+ return InetAddress.getLocalHost().getHostName();
+ } catch (UnknownHostException e) {
+ e.printStackTrace();
+ throw new RuntimeException("HOSTNAME-UNKNOWN");
+ }
+ }
+ public static String getHostAddress() {
+ try {
+ return InetAddress.getLocalHost().getHostAddress();
+ } catch (UnknownHostException e) {
+ e.printStackTrace();
+ throw new RuntimeException("HOSTNAME-UNKNOWN");
+ }
+ }
+ public static String getCanonicalHostName() {
+ try {
+ return InetAddress.getLocalHost().getCanonicalHostName();
+ } catch (UnknownHostException e) {
+ e.printStackTrace();
+ throw new RuntimeException("HOSTNAME-UNKNOWN");
+ }
+ }
+
+
+}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EReader.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EReader.java
deleted file mode 100644
index fda7f13..0000000
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EReader.java
+++ /dev/null
@@ -1,118 +0,0 @@
-
-/*-
- * ============LICENSE_START==========================================
- * OPENECOMP - DCAE
- * ===================================================================
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- */
-
-package org.openecomp.ncomp.utils.emf;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.util.Iterator;
-
-import org.eclipse.emf.ecore.EObject;
-
-import org.openecomp.ncomp.webservice.utils.FileUtils;
-
-public class EReader<T extends EObject> implements Iterator<T>, Iterable<T> {
- private EStringUtil<T> util = null;
- private BufferedReader reader;
- private String fileName;
- private String line;
- private T e = null;
-
- public EReader(String fileName2, EStringUtil<T> u, boolean isFilename) {
- util = u;
- fileName = fileName2;
- if (isFilename)
- reader = FileUtils.filename2reader(fileName2, u.errors);
- else
- reader = FileUtils.cmd2reader(fileName2);
- }
- public EReader(String fileName2, EStringUtil<T> u) {
- util = u;
- fileName = fileName2;
- reader = FileUtils.filename2reader(fileName2, u.errors);
- }
-
- public EReader(File file, EStringUtil<T> u) {
- util = u;
- fileName = file.getName();
- reader = FileUtils.filename2reader(fileName, u.errors);
- }
-
- /**
- *
- * @return An T object for the next line (null if empty). Note the object is
- * not a new object. Uses EcoreUtils.copy if needed.
- */
- private T findNext() {
- line = null;
- try {
- if (reader == null)
- return null;
- line = reader.readLine();
- if (line == null) {
- reader.close();
- reader = null;
- }
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- if (line == null)
- return null;
- try {
- return util.str2ecore(line);
- } catch (Exception e) {
- throw new RuntimeException("Read error in " + fileName + " : " + e);
- }
- }
-
- public String getFileName() {
- return fileName;
- }
- @Override
- public boolean hasNext() {
- if (e != null) return true;
- e = findNext();
- // TODO Auto-generated method stub
- return e != null;
- }
- @Override
- public void remove() {
- throw new RuntimeException("Can not remove from a reader");
- }
- @Override
- public T next() {
- if (e != null) {
- T ee = e;
- e = null;
- return ee;
- }
- return findNext();
- }
- @Override
- public Iterator<T> iterator() {
- return this;
- }
- public String getLine() {
- return line;
- }
-}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
index e8e86da..3686621 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
@@ -23,6 +23,7 @@ package org.openecomp.ncomp.utils.emf;
import java.io.BufferedReader;
import java.io.IOException;
+import java.util.Arrays;
import java.util.List;
import org.eclipse.emf.common.util.BasicEList;
@@ -37,6 +38,7 @@ import org.eclipse.emf.ecore.resource.ResourceSet;
import org.eclipse.emf.ecore.resource.impl.ResourceSetImpl;
import org.eclipse.emf.ecore.util.EcoreUtil;
import org.eclipse.emf.ecore.xmi.impl.XMIResourceFactoryImpl;
+import org.openecomp.ncomp.utils.SecurityUtils;
import org.openecomp.ncomp.webservice.utils.ErrorMap;
import org.openecomp.ncomp.webservice.utils.FileUtils;
@@ -194,14 +196,9 @@ public class EStringUtil<T extends EObject> {
}
// ensure that not arbitary regexp is evaluated: Denial of Service: Regular Expression
+ private List<String> allowedDelimeter = Arrays.asList("\\|",",",":","\t");
private String checkRegexp(String regexp) {
- switch (regexp) {
- case "\\|":
- case ":":
- case "\t":
- case ",": return regexp;
- }
- throw new RuntimeException("Regexp not trusted: " + regexp);
+ return SecurityUtils.whiteList(regexp,allowedDelimeter,"Denial of Service: Regular Expression");
}
private String fixValue(EDataType t, String v) {
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/InetPrefix.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/InetPrefix.java
deleted file mode 100644
index ce1866f..0000000
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/InetPrefix.java
+++ /dev/null
@@ -1,88 +0,0 @@
-
-/*-
- * ============LICENSE_START==========================================
- * OPENECOMP - DCAE
- * ===================================================================
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- */
-
-package org.openecomp.ncomp.utils.maps;
-
-import java.net.InetAddress;
-
-import org.openecomp.ncomp.webservice.utils.IpUtils;
-
-public class InetPrefix {
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((ip == null) ? 0 : ip.hashCode());
- result = prime * result + maskLength;
- return result;
- }
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- InetPrefix other = (InetPrefix) obj;
- if (ip == null) {
- if (other.ip != null)
- return false;
- } else if (!ip.equals(other.ip))
- return false;
- if (maskLength != other.maskLength)
- return false;
- return true;
- }
- public InetPrefix(InetAddress ip, int maskLength) {
- this.ip = IpUtils.mask(ip, maskLength);
- this.maskLength = maskLength;
- }
- public InetPrefix(String s) {
- String a[] = s.split("/");
- if (a.length == 2 && IpUtils.isIp(a[0])) {
- this.maskLength = Integer.parseInt(a[1]);
- this.ip = IpUtils.mask(IpUtils.toInetAddress(a[0]), maskLength);
- return;
- }
- throw new RuntimeException("bad prefix" + s);
- }
- public InetAddress getIp() {
- return ip;
- }
- protected void setIp(InetAddress ip) {
- this.ip = ip;
- }
- public int getMaskLength() {
- return maskLength;
- }
- protected void setMaskLength(int maskLength) {
- this.maskLength = maskLength;
- }
- private InetAddress ip;
- private int maskLength;
- @Override
- public String toString() {
- return ip.getHostAddress() + "/" + maskLength;
- }
-
-
-}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/PersistedHashMap.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/PersistedHashMap.java
index 0ccf713..814c91e 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/PersistedHashMap.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/maps/PersistedHashMap.java
@@ -22,6 +22,7 @@
package org.openecomp.ncomp.utils.maps;
import java.io.Serializable;
+import java.util.Arrays;
import java.util.HashMap;
import org.openecomp.ncomp.webservice.utils.FileUtils;
@@ -36,7 +37,7 @@ public class PersistedHashMap<K extends Serializable, V extends Serializable> ex
this.file = file;
HashMap<K, V> m = null;
try {
- m = (HashMap<K, V>) FileUtils.file2object(file);
+ m = (HashMap<K, V>) FileUtils.file2object(file,Arrays.asList(PersistedDateHashMap.class.getName()));
} catch (Exception e) {
}
if (m != null)
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ByteBufferUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ByteBufferUtils.java
index fbb0550..366d210 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ByteBufferUtils.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ByteBufferUtils.java
@@ -71,7 +71,7 @@ public class ByteBufferUtils {
ip = 256 * ip + getInt(buf);
ip = 256 * ip + getInt(buf);
ip = 256 * ip + getInt(buf);
- if (debug ) System.out.println ( "getIpInt: " + IpUtils.toString(ip));
+// if (debug ) System.out.println ( "getIpInt: " + IpUtils.toString(ip));
return ip;
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/FileUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/FileUtils.java
index 7c2e16d..6bc90f6 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/FileUtils.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/FileUtils.java
@@ -60,6 +60,8 @@ import org.eclipse.emf.ecore.util.Diagnostician;
import org.eclipse.emf.ecore.xmi.XMLResource;
import org.eclipse.emf.ecore.xmi.impl.XMIResourceFactoryImpl;
import org.eclipse.emf.ecore.xmi.util.XMLProcessor;
+import org.openecomp.ncomp.utils.SecurityUtils;
+import org.apache.commons.io.serialization.ValidatingObjectInputStream;
public class FileUtils {
public static final Logger logger = Logger.getLogger("org.openecomp.ncomp.utils.io");
@@ -109,7 +111,7 @@ public class FileUtils {
resource.getContents().add(ecore);
// error = validate(req,0);
// if (error != null) throw new Exception("Bad request");
- FileOutputStream fos = new FileOutputStream(FileUtils.safeFileName(fileName));
+ FileOutputStream fos = new FileOutputStream(SecurityUtils.safeFileName(fileName));
Map<String, Object> options = new HashMap<String, Object>();
// gz is misleading, but supported for backwards compatibility
if (fileName.endsWith("zip") || fileName.endsWith("gz")) {
@@ -127,7 +129,7 @@ public class FileUtils {
init();
Resource resource = resourceSet.createResource(URI.createURI(fileName));
resource.getContents().addAll(ecores);
- FileOutputStream fos = new FileOutputStream(FileUtils.safeFileName(fileName));
+ FileOutputStream fos = new FileOutputStream(SecurityUtils.safeFileName(fileName));
Map<String, Object> options = new HashMap<String, Object>();
// gz is misleading, but supported for backwards compatibility
if (fileName.endsWith("zip") || fileName.endsWith("gz")) {
@@ -162,7 +164,7 @@ public class FileUtils {
}
static public EObject file2ecore_old(String fileName, boolean unload, boolean useCommonRS) {
- File file = new File(FileUtils.safeFileName(fileName));
+ File file = new File(SecurityUtils.safeFileName(fileName));
if (!file.exists()) {
throw new RuntimeException("File does not exists: " + fileName);
}
@@ -212,7 +214,7 @@ public class FileUtils {
}
static public EList<EObject> file2ecores(String fileName, boolean unload, boolean useCommonRS) {
- File file = new File(FileUtils.safeFileName(fileName));
+ File file = new File(SecurityUtils.safeFileName(fileName));
if (!file.exists()) {
throw new RuntimeException("File does not exists: " + fileName);
}
@@ -240,11 +242,11 @@ public class FileUtils {
try {
resource.load(options);
} catch (IOException e1) {
- logger.error("I/O error loading " + safeFileName(fileName) + " : " + e1.getMessage());
+ logger.error("I/O error loading " + SecurityUtils.safeFileName(fileName) + " : " + e1.getMessage());
e1.printStackTrace();
return res;
} catch (Exception e1) {
- logger.error("Content error loading " + safeFileName(fileName) + " : " + e1.getMessage());
+ logger.error("Content error loading " + SecurityUtils.safeFileName(fileName) + " : " + e1.getMessage());
e1.printStackTrace();
return res;
}
@@ -301,10 +303,10 @@ public class FileUtils {
public static InputStream filename2stream(String fileName, ErrorMap errors) {
InputStream res = null;
- File aFile = new File(FileUtils.safeFileName(fileName));
+ File aFile = new File(SecurityUtils.safeFileName(fileName));
if (!aFile.canRead()) {
// try to see if a file with .gz extention exists.
- aFile = new File(FileUtils.safeFileName(fileName + ".gz"));
+ aFile = new File(SecurityUtils.safeFileName(fileName + ".gz"));
if (aFile.canRead())
return filename2stream(fileName + ".gz", errors);
if (errors != null)
@@ -315,7 +317,7 @@ public class FileUtils {
logger.debug("Reading " + fileName);
if (fileName.endsWith(".gz")) {
try {
- res = new GZIPInputStream(new FileInputStream(FileUtils.safeFileName(fileName)), 524288);
+ res = new GZIPInputStream(new FileInputStream(SecurityUtils.safeFileName(fileName)), 524288);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -384,7 +386,7 @@ public class FileUtils {
public static OutputStreamWriter filename2writer(String filename, boolean gzip) {
try {
- File f = new File(FileUtils.safeFileName(filename));
+ File f = new File(SecurityUtils.safeFileName(filename));
if (f.exists()) f.delete();
String p = f.getParent();
if (p != null) {
@@ -392,10 +394,10 @@ public class FileUtils {
d.mkdirs();
}
if (gzip) {
- OutputStream s = new GZIPOutputStream(new FileOutputStream(FileUtils.safeFileName(filename)), 524288);
+ OutputStream s = new GZIPOutputStream(new FileOutputStream(SecurityUtils.safeFileName(filename)), 524288);
return new OutputStreamWriter(s);
} else
- return new FileWriter(FileUtils.safeFileName(filename));
+ return new FileWriter(SecurityUtils.safeFileName(filename));
} catch (IOException e) {
e.printStackTrace();
return null;
@@ -403,7 +405,7 @@ public class FileUtils {
}
private static void find(String dirName, String regex, List<String> res) {
- File dir = new File(FileUtils.safeFileName(dirName));
+ File dir = new File(SecurityUtils.safeFileName(dirName));
String[] children = dir.list();
if (children == null) {
// Either dir does not exist or is not a directory
@@ -411,7 +413,7 @@ public class FileUtils {
for (int i = 0; i < children.length; i++) {
// Get filename of file or directory
String ff = dirName + "/" + children[i];
- File f = new File(FileUtils.safeFileName(ff));
+ File f = new File(SecurityUtils.safeFileName(ff));
if (f.isDirectory()) {
find(ff, regex, res);
} else {
@@ -432,7 +434,7 @@ public class FileUtils {
public static void ecore2xmlfile(XMLProcessor x, EObject doc, String filename) {
FileOutputStream fos = null;
try {
- fos = new FileOutputStream(FileUtils.safeFileName(filename));
+ fos = new FileOutputStream(SecurityUtils.safeFileName(filename));
ResourceSet resourceSet = new ResourceSetImpl();
resourceSet.getResourceFactoryRegistry().getExtensionToFactoryMap()
@@ -456,12 +458,12 @@ public class FileUtils {
}
public static void mkdirForFile(String filename) {
- File f = new File(FileUtils.safeFileName(filename));
+ File f = new File(SecurityUtils.safeFileName(filename));
f.getParentFile().mkdirs();
}
public static boolean uptodate(String filename, String interval) {
- File file = new File(FileUtils.safeFileName(filename));
+ File file = new File(SecurityUtils.safeFileName(filename));
if (!file.exists())
return false;
Date now = new Date();
@@ -471,15 +473,15 @@ public class FileUtils {
}
public static void touch(String filename) throws IOException {
- File file = new File(FileUtils.safeFileName(filename));
+ File file = new File(SecurityUtils.safeFileName(filename));
file.createNewFile();
Date now = new Date();
file.setLastModified(now.getTime());
}
public static void copyFile(String sourceFile, String destFile) throws IOException {
- File from = new File(FileUtils.safeFileName(sourceFile));
- File to = new File(FileUtils.safeFileName(destFile));
+ File from = new File(SecurityUtils.safeFileName(sourceFile));
+ File to = new File(SecurityUtils.safeFileName(destFile));
copyFile(from, to);
}
@@ -491,8 +493,8 @@ public class FileUtils {
FileChannel source = null;
FileChannel destination = null;
try {
- source = new FileInputStream(FileUtils.safeFile(sourceFile)).getChannel();
- destination = new FileOutputStream(FileUtils.safeFile(destFile)).getChannel();
+ source = new FileInputStream(SecurityUtils.safeFile(sourceFile)).getChannel();
+ destination = new FileOutputStream(SecurityUtils.safeFile(destFile)).getChannel();
destination.transferFrom(source, 0, source.size());
} finally {
if (source != null) {
@@ -510,7 +512,7 @@ public class FileUtils {
destDir.mkdirs();
}
for (File f : sourceDir.listFiles()) {
- File dest = createSafeFile(destDir, f.getName());
+ File dest = SecurityUtils.createSafeFile(destDir, f.getName());
if (f.isDirectory()) {
copyDirectory(f, dest);
continue;
@@ -542,12 +544,17 @@ public class FileUtils {
dir.delete();
}
- public static Object file2object(String filename) {
+ public static Object file2object(String filename, List<String> whiteList) {
try {
InputStream in = filename2stream(filename, null);
if (in == null)
return null;
- ObjectInputStream r = new ObjectInputStream(in);
+ ValidatingObjectInputStream r = new ValidatingObjectInputStream(in);
+ whiteList.add("java.util.*");
+ whiteList.add("java.lang.*");
+ for (String s : whiteList) {
+ r.accept(s);
+ }
Object o;
try {
o = r.readObject();
@@ -565,10 +572,10 @@ public class FileUtils {
// TODO Auto-generated method stub
try {
String f = filename + ".tmp";
- File f1 = new File(safeFileName(f));
- File f2 = new File(safeFileName(filename));
+ File f1 = new File(SecurityUtils.safeFileName(f));
+ File f2 = new File(SecurityUtils.safeFileName(filename));
if (!f1.getParentFile().exists()) f1.getParentFile().mkdirs();
- ObjectOutputStream w = new ObjectOutputStream(new FileOutputStream(safeFileName(f)));
+ ObjectOutputStream w = new ObjectOutputStream(new FileOutputStream(SecurityUtils.safeFileName(f)));
try {
w.writeObject(o);
w.flush();
@@ -628,26 +635,6 @@ public class FileUtils {
}
}
- public static File createSafeFile(File dir, String fname) {
- String fname2 = dir.getAbsolutePath() + "/" + fname;
- return new File(safeFileName(fname2));
- }
-
- public static String safeFileName(String file) {
- // creating file with safer creation.
- if (file.contains("../"))
- throw new RuntimeException("File name contain ..: " + file);
- if (file.contains("\n"))
- throw new RuntimeException("File name contain newline: " + file);
- return file;
- }
-
- private static File safeFile(File file) {
- // creating file with safer creation.
- if (file.getAbsolutePath().contains(".."))
- throw new RuntimeException("File name contain ..: " + file.getAbsolutePath());
- return file;
- }
public static Thread copyStreamThread(final InputStream inputStream, final OutputStream outputStream) {
Thread t = new Thread() {
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/IpUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/IpUtils.java
deleted file mode 100644
index 62da451..0000000
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/IpUtils.java
+++ /dev/null
@@ -1,217 +0,0 @@
-
-/*-
- * ============LICENSE_START==========================================
- * OPENECOMP - DCAE
- * ===================================================================
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- */
-
-package org.openecomp.ncomp.webservice.utils;
-
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.Arrays;
-import java.util.StringTokenizer;
-import java.util.regex.Pattern;
-
-public class IpUtils {
- public static long toLong(String Ip) {
- long res = 0;
- try {
- StringTokenizer tokens = new StringTokenizer(Ip, ".");
- for (int i = 0; i < 4; i++) {
- int t = Integer.parseInt(tokens.nextToken());
- if (t < 0 || t > 255) {
- throw new RuntimeException("Bad IP: " + Ip);
- }
- res = 256 * res + t;
- }
- } catch (Exception e) {
- throw new RuntimeException("Bad IP: " + Ip);
- }
- return res;
- }
-
- public static int toInt(String Ip) {
- long x = toLong(Ip);
- // if (x<(1<<31)) return (int) x;
- // TODO: does this really work??
- // System.out.println(Ip + " " + x);
- return (int) x;
- }
-
- public static String toString(int i) {
- return ((i >> 24) & 0xFF) + "." + ((i >> 16) & 0xFF) + "." + ((i >> 8) & 0xFF) + "." + (i & 0xFF);
- }
-
- public static int mask2masklen(String string) {
- // 255.255.255.252 -> 30
- if (!isIp(string)) {
- return Integer.parseInt(string);
- }
- if (isIpv6(string)) {
- throw new RuntimeException("IPv6 is not supported, just use mask length");
- }
- StringTokenizer st = new StringTokenizer(string,".");
- int len = 0;
- for (int j = 0; j < 4; j++) {
- int i = Integer.parseInt(st.nextToken());
- for (int x = 0; x < 8; x++) {
- if ((i >> x) % 2 == 1) {
- len += 8 - x;
- break;
- }
-
- }
- }
- return len;
- }
-
- private static int[] maskvals = {0,32,31,6,30,9,5,-1,29,16,8,2,4,21,-1,19,28,
- 25,15,-1,7,10,1,17,3,22,20,26,-1,11,18,23,27,12,24,13,14};
-
- public static int mask2masklen (int ip) {
- // This works because 2 is a primitive root mod 37!
- // The negation is because % is remainder, not modulus
- int indx = -(ip % 37);
- if (indx < 0) return -1; // caution for non-masks
- return maskvals[indx];
- }
-
- public static String toPrefixString(int ip, int len) {
- ip = (ip >> (32-len)) << (32-len);
- return IpUtils.toString(ip) + "/" + len;
- }
-
- private static Pattern ipv4Pattern = Pattern.compile("\\d*\\.\\d*\\.\\d*\\.\\d*");
- public static boolean isIpv4(String to) {
- if (to.isEmpty()) return false;
- char c = to.charAt(0);
- if (c > '9' || c < '0') return false;
- return ipv4Pattern.matcher(to).matches();
- }
- private static Pattern ipv6Pattern = Pattern.compile("[0-9a-fA-F]*:[0-9a-fA-F]*:[0-9a-fA-F:]*");
- public static boolean isIpv6(String to) {
- // bad heuristic but likely works most of the time.
- return ipv6Pattern.matcher(to).matches();
- }
-
- public static boolean isIp(String to) {
- return isIpv6(to) || isIpv4(to);
- }
- static int numBad = 0;
- public static InetAddress toInetAddress(String string) {
- if (!isIp(string)) return null;
- try {
- return InetAddress.getByName(string);
- } catch (UnknownHostException e) {
- if (numBad > 1000) {
- e.printStackTrace();
- // We exit here since it is important not to do lots of DNS lookups
- // We should validate that the string is a valid IP somehow.
- System.exit(-3);
- }
- }
- return null;
- }
-
- public static String toPrefixString(InetAddress ip, int len) {
- return mask(ip, len).getHostAddress() + "/" + len;
- }
- public static String toString(InetAddress ip) {
- return ip.getHostAddress();
- }
- public static InetAddress mask(InetAddress ip, int prefixMask) {
- int oddBits = prefixMask % 8;
- int nMaskBytes = prefixMask/8 + (oddBits == 0 ? 0 : 1);
- byte[] mask = new byte[nMaskBytes];
-// byte[] addr = Arrays.copyOf(ip.getAddress(), ip.getAddress().length);
-// To make this Java 5 compactible.
- byte[] addr = new byte[ip.getAddress().length];
- for (int i =0 ; i < ip.getAddress().length ; i ++)
- addr[i]=ip.getAddress()[i];
- Arrays.fill(mask, 0, oddBits == 0 ? mask.length : mask.length - 1, (byte)0xFF);
- if (oddBits != 0) {
- int finalByte = (1 << oddBits) - 1;
- finalByte <<= 8-oddBits;
- mask[mask.length - 1] = (byte) finalByte;
- }
- for (int i=0; i < mask.length; i++) {
- addr[i] = (byte) (addr[i] & mask[i]);
- }
- for (int i=nMaskBytes; i < addr.length; i++) {
- addr[i] = 0;
- }
- try {
- return InetAddress.getByAddress(addr);
- } catch (UnknownHostException e) {
- e.printStackTrace();
- System.exit(2);
- }
- return null;
- }
-
- public static int mask (int ip, int masklen) {
- if (masklen == 0) return 0;
- return ip & -(1 << (32-masklen));
- }
-
- public static String defaultPrefix(String tmVersion) {
- if (tmVersion.equals("6")) {
- return "::/0";
- }
- return "0.0.0.0/0";
- }
-
- public static boolean containedIn(InetAddress ip, InetAddress ip2, int mask) {
- return (mask(ip, mask).equals(mask(ip2, mask)));
- }
-
- public static InetAddress anonymize(InetAddress ip) {
- byte[] a = ip.getAddress();
- byte[] a2 = Arrays.copyOf(a, a.length);
- a2[a.length-1] = (byte) (a2[a.length-1] ^ 17);
- try {
- return InetAddress.getByAddress(a2);
- } catch (UnknownHostException e) {
- e.printStackTrace();
- System.exit(3);
- }
- return null;
- }
-
- public static boolean isIpv4(InetAddress ip) {
- return ip.getAddress().length == 4;
- }
-
- public static String firstIp(String prefix) {
- String a[] = prefix.split("/");
- int ip = toInt(a[0]);
- int len = Integer.parseInt(a[1]);
- ip = mask(ip,len);
- return toString(ip);
- }
-
- public static String lastIp(String prefix) {
- String a[] = prefix.split("/");
- int ip = toInt(a[0]);
- int len = Integer.parseInt(a[1]);
- if (len == 0) return "255.255.255.255";
- ip = mask(ip,len) + (1 << (32-len)) - 1;
- return toString(ip);
- }
-
-}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/JsonUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/JsonUtils.java
index 0fbb1d9..0c2da49 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/JsonUtils.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/JsonUtils.java
@@ -47,6 +47,8 @@ import org.openecomp.ncomp.utils.PropertyUtil;
import org.openecomp.ncomp.utils.StringUtil;
import org.yaml.snakeyaml.Yaml;
+import com.google.json.JsonSanitizer;
+
public class JsonUtils {
public static final Logger logger = Logger.getLogger(JsonUtils.class);
HashMap<String, List<String>> features = new HashMap<String, List<String>>();
@@ -296,7 +298,7 @@ public class JsonUtils {
in.close();
buf.close();
}
- return new JSONObject(buf.toString());
+ return new JSONObject(JsonSanitizer.sanitize(buf.toString()));
}
public static JSONObject file2json(String file, Properties props, String prefix) throws IOException {
@@ -313,7 +315,7 @@ public class JsonUtils {
String s = buf.toString().replaceAll("##.*", "");
try {
s = StringUtil.expandUsingProperties(s, props, prefix);
- return new JSONObject(s);
+ return new JSONObject(JsonSanitizer.sanitize(s));
} catch (JSONException e) {
logger.debug("bad JSON String" + s + " " + e);
throw e;
@@ -345,7 +347,7 @@ public class JsonUtils {
if (out.toString().length() == 0) return null;
String s = out.toString().replaceAll("##.*", "");
try {
- return new JSONObject(s);
+ return new JSONObject(JsonSanitizer.sanitize(s));
} catch (JSONException e) {
logger.debug("bad JSON String" + s + " " + e);
throw e;