diff options
7 files changed, 74 insertions, 121 deletions
diff --git a/ncomp-utils-java/src/main/java/org/json/JSONObject.java b/ncomp-utils-java/src/main/java/org/json/JSONObject.java index 4795082..7e2b9a6 100644 --- a/ncomp-utils-java/src/main/java/org/json/JSONObject.java +++ b/ncomp-utils-java/src/main/java/org/json/JSONObject.java @@ -140,6 +140,10 @@ public class JSONObject { public boolean equals(Object object) { return object == null || object == this; } + @Override + public int hashCode() { + return super.hashCode(); + } /** @@ -351,39 +355,39 @@ public class JSONObject { Method method = methods[i]; if (Modifier.isPublic(method.getModifiers())) { String name = method.getName(); - String key = ""; + String k = ""; if (name.startsWith("get")) { - key = name.substring(3); + k = name.substring(3); } else if (name.startsWith("is")) { - key = name.substring(2); + k = name.substring(2); } - if (key.length() > 0 && - Character.isUpperCase(key.charAt(0)) && + if (k.length() > 0 && + Character.isUpperCase(k.charAt(0)) && method.getParameterTypes().length == 0) { - if (key.length() == 1) { - key = key.toLowerCase(); - } else if (!Character.isUpperCase(key.charAt(1))) { - key = key.substring(0, 1).toLowerCase() + - key.substring(1); + if (k.length() == 1) { + k = k.toLowerCase(); + } else if (!Character.isUpperCase(k.charAt(1))) { + k = k.substring(0, 1).toLowerCase() + + k.substring(1); } Object result = method.invoke(bean, (Object[])null); if (result == null) { - map.put(key, NULL); + map.put(k, NULL); } else if (result.getClass().isArray()) { - map.put(key, new JSONArray(result, includeSuperClass)); + map.put(k, new JSONArray(result, includeSuperClass)); } else if (result instanceof Collection) { // List or Set - map.put(key, new JSONArray((Collection<?>)result, includeSuperClass)); + map.put(k, new JSONArray((Collection<?>)result, includeSuperClass)); } else if (result instanceof Map) { - map.put(key, new JSONObject((Map<?, ?>)result, includeSuperClass)); + map.put(k, new JSONObject((Map<?, ?>)result, includeSuperClass)); } else if (isStandardProperty(result.getClass())) { // Primitives, String and Wrapper - map.put(key, result); + map.put(k, result); } else { if (result.getClass().getPackage().getName().startsWith("java") || result.getClass().getClassLoader() == null) { - map.put(key, result.toString()); + map.put(k, result.toString()); } else { // User defined Objects - map.put(key, new JSONObject(result, includeSuperClass)); + map.put(k, new JSONObject(result, includeSuperClass)); } } } diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java index ac1c6f3..a8d2021 100644 --- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java +++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java @@ -56,11 +56,11 @@ import org.openecomp.ncomp.webservice.utils.FileUtils; public class CryptoUtilsTest extends TestCase { - String key = "dafdfkj"; - String value = "Hello"; + String k = "dafdfkj"; + String v = "Hello"; public void test_encrypt() { - assertEquals(value, decrypt(key,encrypt(key, value))); + assertEquals(v, decrypt(k,encrypt(k, v))); } public void test_streams() throws Exception { Cipher aes = Cipher.getInstance("AES/ECB/PKCS5Padding"); @@ -96,7 +96,7 @@ public class CryptoUtilsTest extends TestCase { @SuppressWarnings("resource") public void test_streams_2() throws Exception { InputStream in = new FileInputStream("test/Test.txt"); - in = getInputStream(in, EncryptionType.ENCRYPT, key); + in = getInputStream(in, EncryptionType.ENCRYPT, k); FileOutputStream out = new FileOutputStream("test/Encrypted.txt"); try { FileUtils.copyStream(in, out); @@ -107,7 +107,7 @@ public class CryptoUtilsTest extends TestCase { out.close(); } in = new FileInputStream("test/Encrypted.txt"); - in = getInputStream(in, EncryptionType.DECRYPT, key); + in = getInputStream(in, EncryptionType.DECRYPT, k); out = new FileOutputStream("test/Decrypted.txt"); try { FileUtils.copyStream(in, out); @@ -124,10 +124,10 @@ public class CryptoUtilsTest extends TestCase { KeyPair keyPair = keyPairGenerator.generateKeyPair(); Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); - byte[] ciphertext = rsa.doFinal(value.getBytes()); + byte[] ciphertext = rsa.doFinal(v.getBytes()); rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); byte[] text = rsa.doFinal(ciphertext); - assertEquals(value, new String(text)); + assertEquals(v, new String(text)); } public void test_public_key_1() throws Exception { @@ -141,10 +141,10 @@ public class CryptoUtilsTest extends TestCase { PrivateKey k2 = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decode64(privateKey))); Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, k1); - byte[] ciphertext = rsa.doFinal(value.getBytes()); + byte[] ciphertext = rsa.doFinal(v.getBytes()); rsa.init(Cipher.DECRYPT_MODE, k2); byte[] text = rsa.doFinal(ciphertext); - assertEquals(value, new String(text)); + assertEquals(v, new String(text)); } @@ -154,7 +154,7 @@ public class CryptoUtilsTest extends TestCase { System.out.println(digest(decode64(publicKey))); String privateKey = getKey("test/key.private"); System.out.println(digest(decode64(privateKey))); - assertEquals(value, decryptPrivate(privateKey,encryptPublic(publicKey, value))); + assertEquals(v, decryptPrivate(privateKey,encryptPublic(publicKey, v))); } } diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java index 68681f3..e8e86da 100644 --- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java +++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java @@ -157,7 +157,7 @@ public class EStringUtil<T extends EObject> { * @param str */ public T str2ecore(String str) { - String[] fields = str.split(delimRegexp[0],-1); + String[] fields = str.split(checkRegexp(delimRegexp[0]),-1); int j = 0; T e = sample; for (EAttribute attr : featureList) { @@ -179,7 +179,7 @@ public class EStringUtil<T extends EObject> { String s = fields[j++]; String[] values = {}; // empty string should an empty list instead of a one element list with and empty string - if (s.length()>0) values = s.split(delimRegexp[1],-1); + if (s.length()>0) values = s.split(checkRegexp(delimRegexp[1]),-1); for (String v : values) { String vv = fixValue(t, v); l.add(t.getEPackage().getEFactoryInstance().createFromString(attr.getEAttributeType(), vv)); @@ -193,6 +193,17 @@ public class EStringUtil<T extends EObject> { return e; } + // ensure that not arbitary regexp is evaluated: Denial of Service: Regular Expression + private String checkRegexp(String regexp) { + switch (regexp) { + case "\\|": + case ":": + case "\t": + case ",": return regexp; + } + throw new RuntimeException("Regexp not trusted: " + regexp); + } + private String fixValue(EDataType t, String v) { if (t.getName().equals("EBoolean")) { if (v.equals("0")) diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java deleted file mode 100644 index 2140938..0000000 --- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java +++ /dev/null @@ -1,85 +0,0 @@ - -/*- - * ============LICENSE_START========================================== - * OPENECOMP - DCAE - * =================================================================== - * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - */ - -package org.openecomp.ncomp.webservice.utils; - -import java.io.File; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import org.eclipse.emf.ecore.EObject; -import org.eclipse.emf.ecore.EPackage; - -public class ServiceUtils { - private static int requestNumber = 0; - private static String requestString; - public static EObject BackendService(EPackage pp, EObject request, String command, String dir) { - if (dir == null) dir = getDirectory(pp); - String inputFile = dir + "/request"; - String outputFile = dir + "/response"; - EObject res = null; - try { - File dir1 = new File(dir); - dir1.mkdirs(); - if (request != null) { - FileUtils.ecore2file(pp, request, inputFile); - } - Date d1 = new Date(); - Process p = Runtime.getRuntime().exec( - command + " " + inputFile + " " + outputFile); - p.waitFor(); - p.destroy(); - Date d2 = new Date(); - System.err.println("Backend call: " + (d2.getTime() - d1.getTime()) - + " milliseconds"); - res = FileUtils.file2ecore(pp,outputFile,true,false); - } catch (Exception exception) { - System.err.println("SERVER ERROR: " + exception + " " + dir); - exception.printStackTrace(); - } - return res; - } - public static String getDirectory(EPackage pp) { - int n; - String prefix = pp.getName(); - Date now = new Date(); - SimpleDateFormat format = new SimpleDateFormat("yyyy_MM_dd",new Locale("UTC")); - String nowString = format.format(now); - if (!nowString.equals(requestString)) { - requestNumber = 0; - requestString = nowString; - } - String dir; - synchronized (requestString) { - while (true) { - n = requestNumber++; - dir = System.getProperty("user.dir")+"/" + prefix + "/requests/" + requestString + "/" + n; - File f = new File(dir); - if (!f.exists()) { - f.mkdirs(); - break; - } - } - } - return dir; - } -} diff --git a/ncomp-utils-journaling/pom.xml b/ncomp-utils-journaling/pom.xml index 9832a1d..9741775 100644 --- a/ncomp-utils-journaling/pom.xml +++ b/ncomp-utils-journaling/pom.xml @@ -87,6 +87,13 @@ <version>1.9</version> </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.5</version> + </dependency> + + <dependency> <groupId>commons-cli</groupId> <artifactId>commons-cli</artifactId> diff --git a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java index d294aa7..0be2649 100644 --- a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java +++ b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java @@ -28,7 +28,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; -import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.StreamCorruptedException; import java.lang.reflect.Field; @@ -44,6 +43,7 @@ import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.OptionBuilder; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; +import org.apache.commons.io.serialization.ValidatingObjectInputStream; import org.apache.log4j.Logger; import org.json.JSONObject; @@ -63,9 +63,13 @@ public abstract class JournalingObject { private int snapShotInterval = 30 * 60000; // every 30 minutes private Date lastSnapShot = new Date(); private int numLogs = 0; + static private List<String> whiteList = new ArrayList<String>(); static { startCleanupThread(); + whiteList.add("org.openecomp.ncomp.utils.journaling.*"); + whiteList.add("java.util.*"); + whiteList.add("java.lang.*"); } public JournalingObject(String context, JournalingObject parent) { @@ -254,7 +258,8 @@ public abstract class JournalingObject { try { logger.debug("reading" + file); BufferedInputStream fin = new BufferedInputStream(new FileInputStream(file),16777216); - ObjectInputStream in = new ObjectInputStream(fin); + ValidatingObjectInputStream in = new ValidatingObjectInputStream(fin); + addAccept(in); Object o = null; try { o = in.readObject(); @@ -281,7 +286,7 @@ public abstract class JournalingObject { return numLogs; } - @SuppressWarnings("static-access") + @SuppressWarnings({ "static-access", "deprecation" }) public static void main(String[] args) throws IOException, ClassNotFoundException { CommandLineParser parser = new GnuParser(); @@ -303,7 +308,8 @@ public abstract class JournalingObject { // String args1[] = line.getArgs(); if (line.hasOption("file")) { FileInputStream fin = new FileInputStream(new File(line.getOptionValue("file"))); - ObjectInputStream in = new ObjectInputStream(fin); + ValidatingObjectInputStream in = new ValidatingObjectInputStream(fin); + addAccept(in); try { while (true) { Object o; @@ -325,6 +331,15 @@ public abstract class JournalingObject { } } + private static void addAccept(ValidatingObjectInputStream in) { + for (String s : whiteList) { + in.accept(s); + } + } + public static void addClassToWhiteList(String s) { + whiteList.add(s); + } + static int num = 0; static private File saveObjectFile(File dir, String fname) { @@ -363,7 +378,8 @@ public abstract class JournalingObject { Object o = null; try { FileInputStream fin = new FileInputStream(file); - ObjectInputStream in = new ObjectInputStream(fin); + ValidatingObjectInputStream in = new ValidatingObjectInputStream(fin); + addAccept(in); try { while (true) { try { @@ -393,7 +409,7 @@ public abstract class JournalingObject { } catch (EOFException e) { logger.debug("initFromLog failed: " + file + " numEvents=" + numEvents + " o=" + o); } catch (Exception e) { - logger.warn("initFromLog failed: " + file + " numEvents=" + numEvents + " o=" + o.getClass()); + System.err.println(e); logger.debug("initFromLog failed: " + file + " numEvents=" + numEvents + " o=" + o); e.printStackTrace(); } diff --git a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java index a1e7517..dba03ab 100644 --- a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java +++ b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java @@ -153,7 +153,7 @@ public class JournalingTest extends TestCase { for (int i = 0; i < 10; i++) { o.setS("foo:" + i); } - assertTrue(o.getLogSize() <= 2); + assertTrue(o.getLogSize() == 12); o.close(); for (int i = 0; i < 3; i++) { |