aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ncomp-utils-java/src/main/java/org/json/JSONObject.java38
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java20
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java15
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java85
-rw-r--r--ncomp-utils-journaling/pom.xml7
-rw-r--r--ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java28
-rw-r--r--ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java2
7 files changed, 74 insertions, 121 deletions
diff --git a/ncomp-utils-java/src/main/java/org/json/JSONObject.java b/ncomp-utils-java/src/main/java/org/json/JSONObject.java
index 4795082..7e2b9a6 100644
--- a/ncomp-utils-java/src/main/java/org/json/JSONObject.java
+++ b/ncomp-utils-java/src/main/java/org/json/JSONObject.java
@@ -140,6 +140,10 @@ public class JSONObject {
public boolean equals(Object object) {
return object == null || object == this;
}
+ @Override
+ public int hashCode() {
+ return super.hashCode();
+ }
/**
@@ -351,39 +355,39 @@ public class JSONObject {
Method method = methods[i];
if (Modifier.isPublic(method.getModifiers())) {
String name = method.getName();
- String key = "";
+ String k = "";
if (name.startsWith("get")) {
- key = name.substring(3);
+ k = name.substring(3);
} else if (name.startsWith("is")) {
- key = name.substring(2);
+ k = name.substring(2);
}
- if (key.length() > 0 &&
- Character.isUpperCase(key.charAt(0)) &&
+ if (k.length() > 0 &&
+ Character.isUpperCase(k.charAt(0)) &&
method.getParameterTypes().length == 0) {
- if (key.length() == 1) {
- key = key.toLowerCase();
- } else if (!Character.isUpperCase(key.charAt(1))) {
- key = key.substring(0, 1).toLowerCase() +
- key.substring(1);
+ if (k.length() == 1) {
+ k = k.toLowerCase();
+ } else if (!Character.isUpperCase(k.charAt(1))) {
+ k = k.substring(0, 1).toLowerCase() +
+ k.substring(1);
}
Object result = method.invoke(bean, (Object[])null);
if (result == null) {
- map.put(key, NULL);
+ map.put(k, NULL);
} else if (result.getClass().isArray()) {
- map.put(key, new JSONArray(result, includeSuperClass));
+ map.put(k, new JSONArray(result, includeSuperClass));
} else if (result instanceof Collection) { // List or Set
- map.put(key, new JSONArray((Collection<?>)result, includeSuperClass));
+ map.put(k, new JSONArray((Collection<?>)result, includeSuperClass));
} else if (result instanceof Map) {
- map.put(key, new JSONObject((Map<?, ?>)result, includeSuperClass));
+ map.put(k, new JSONObject((Map<?, ?>)result, includeSuperClass));
} else if (isStandardProperty(result.getClass())) { // Primitives, String and Wrapper
- map.put(key, result);
+ map.put(k, result);
} else {
if (result.getClass().getPackage().getName().startsWith("java") ||
result.getClass().getClassLoader() == null) {
- map.put(key, result.toString());
+ map.put(k, result.toString());
} else { // User defined Objects
- map.put(key, new JSONObject(result, includeSuperClass));
+ map.put(k, new JSONObject(result, includeSuperClass));
}
}
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
index ac1c6f3..a8d2021 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
@@ -56,11 +56,11 @@ import org.openecomp.ncomp.webservice.utils.FileUtils;
public class CryptoUtilsTest extends TestCase {
- String key = "dafdfkj";
- String value = "Hello";
+ String k = "dafdfkj";
+ String v = "Hello";
public void test_encrypt() {
- assertEquals(value, decrypt(key,encrypt(key, value)));
+ assertEquals(v, decrypt(k,encrypt(k, v)));
}
public void test_streams() throws Exception {
Cipher aes = Cipher.getInstance("AES/ECB/PKCS5Padding");
@@ -96,7 +96,7 @@ public class CryptoUtilsTest extends TestCase {
@SuppressWarnings("resource")
public void test_streams_2() throws Exception {
InputStream in = new FileInputStream("test/Test.txt");
- in = getInputStream(in, EncryptionType.ENCRYPT, key);
+ in = getInputStream(in, EncryptionType.ENCRYPT, k);
FileOutputStream out = new FileOutputStream("test/Encrypted.txt");
try {
FileUtils.copyStream(in, out);
@@ -107,7 +107,7 @@ public class CryptoUtilsTest extends TestCase {
out.close();
}
in = new FileInputStream("test/Encrypted.txt");
- in = getInputStream(in, EncryptionType.DECRYPT, key);
+ in = getInputStream(in, EncryptionType.DECRYPT, k);
out = new FileOutputStream("test/Decrypted.txt");
try {
FileUtils.copyStream(in, out);
@@ -124,10 +124,10 @@ public class CryptoUtilsTest extends TestCase {
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
- byte[] ciphertext = rsa.doFinal(value.getBytes());
+ byte[] ciphertext = rsa.doFinal(v.getBytes());
rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] text = rsa.doFinal(ciphertext);
- assertEquals(value, new String(text));
+ assertEquals(v, new String(text));
}
public void test_public_key_1() throws Exception {
@@ -141,10 +141,10 @@ public class CryptoUtilsTest extends TestCase {
PrivateKey k2 = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decode64(privateKey)));
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, k1);
- byte[] ciphertext = rsa.doFinal(value.getBytes());
+ byte[] ciphertext = rsa.doFinal(v.getBytes());
rsa.init(Cipher.DECRYPT_MODE, k2);
byte[] text = rsa.doFinal(ciphertext);
- assertEquals(value, new String(text));
+ assertEquals(v, new String(text));
}
@@ -154,7 +154,7 @@ public class CryptoUtilsTest extends TestCase {
System.out.println(digest(decode64(publicKey)));
String privateKey = getKey("test/key.private");
System.out.println(digest(decode64(privateKey)));
- assertEquals(value, decryptPrivate(privateKey,encryptPublic(publicKey, value)));
+ assertEquals(v, decryptPrivate(privateKey,encryptPublic(publicKey, v)));
}
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
index 68681f3..e8e86da 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
@@ -157,7 +157,7 @@ public class EStringUtil<T extends EObject> {
* @param str
*/
public T str2ecore(String str) {
- String[] fields = str.split(delimRegexp[0],-1);
+ String[] fields = str.split(checkRegexp(delimRegexp[0]),-1);
int j = 0;
T e = sample;
for (EAttribute attr : featureList) {
@@ -179,7 +179,7 @@ public class EStringUtil<T extends EObject> {
String s = fields[j++];
String[] values = {};
// empty string should an empty list instead of a one element list with and empty string
- if (s.length()>0) values = s.split(delimRegexp[1],-1);
+ if (s.length()>0) values = s.split(checkRegexp(delimRegexp[1]),-1);
for (String v : values) {
String vv = fixValue(t, v);
l.add(t.getEPackage().getEFactoryInstance().createFromString(attr.getEAttributeType(), vv));
@@ -193,6 +193,17 @@ public class EStringUtil<T extends EObject> {
return e;
}
+ // ensure that not arbitary regexp is evaluated: Denial of Service: Regular Expression
+ private String checkRegexp(String regexp) {
+ switch (regexp) {
+ case "\\|":
+ case ":":
+ case "\t":
+ case ",": return regexp;
+ }
+ throw new RuntimeException("Regexp not trusted: " + regexp);
+ }
+
private String fixValue(EDataType t, String v) {
if (t.getName().equals("EBoolean")) {
if (v.equals("0"))
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java
deleted file mode 100644
index 2140938..0000000
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java
+++ /dev/null
@@ -1,85 +0,0 @@
-
-/*-
- * ============LICENSE_START==========================================
- * OPENECOMP - DCAE
- * ===================================================================
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- */
-
-package org.openecomp.ncomp.webservice.utils;
-
-import java.io.File;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import org.eclipse.emf.ecore.EObject;
-import org.eclipse.emf.ecore.EPackage;
-
-public class ServiceUtils {
- private static int requestNumber = 0;
- private static String requestString;
- public static EObject BackendService(EPackage pp, EObject request, String command, String dir) {
- if (dir == null) dir = getDirectory(pp);
- String inputFile = dir + "/request";
- String outputFile = dir + "/response";
- EObject res = null;
- try {
- File dir1 = new File(dir);
- dir1.mkdirs();
- if (request != null) {
- FileUtils.ecore2file(pp, request, inputFile);
- }
- Date d1 = new Date();
- Process p = Runtime.getRuntime().exec(
- command + " " + inputFile + " " + outputFile);
- p.waitFor();
- p.destroy();
- Date d2 = new Date();
- System.err.println("Backend call: " + (d2.getTime() - d1.getTime())
- + " milliseconds");
- res = FileUtils.file2ecore(pp,outputFile,true,false);
- } catch (Exception exception) {
- System.err.println("SERVER ERROR: " + exception + " " + dir);
- exception.printStackTrace();
- }
- return res;
- }
- public static String getDirectory(EPackage pp) {
- int n;
- String prefix = pp.getName();
- Date now = new Date();
- SimpleDateFormat format = new SimpleDateFormat("yyyy_MM_dd",new Locale("UTC"));
- String nowString = format.format(now);
- if (!nowString.equals(requestString)) {
- requestNumber = 0;
- requestString = nowString;
- }
- String dir;
- synchronized (requestString) {
- while (true) {
- n = requestNumber++;
- dir = System.getProperty("user.dir")+"/" + prefix + "/requests/" + requestString + "/" + n;
- File f = new File(dir);
- if (!f.exists()) {
- f.mkdirs();
- break;
- }
- }
- }
- return dir;
- }
-}
diff --git a/ncomp-utils-journaling/pom.xml b/ncomp-utils-journaling/pom.xml
index 9832a1d..9741775 100644
--- a/ncomp-utils-journaling/pom.xml
+++ b/ncomp-utils-journaling/pom.xml
@@ -87,6 +87,13 @@
<version>1.9</version>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.5</version>
+ </dependency>
+
+
<dependency>
<groupId>commons-cli</groupId>
<artifactId>commons-cli</artifactId>
diff --git a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java
index d294aa7..0be2649 100644
--- a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java
+++ b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingObject.java
@@ -28,7 +28,6 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
-import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.StreamCorruptedException;
import java.lang.reflect.Field;
@@ -44,6 +43,7 @@ import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.OptionBuilder;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
+import org.apache.commons.io.serialization.ValidatingObjectInputStream;
import org.apache.log4j.Logger;
import org.json.JSONObject;
@@ -63,9 +63,13 @@ public abstract class JournalingObject {
private int snapShotInterval = 30 * 60000; // every 30 minutes
private Date lastSnapShot = new Date();
private int numLogs = 0;
+ static private List<String> whiteList = new ArrayList<String>();
static {
startCleanupThread();
+ whiteList.add("org.openecomp.ncomp.utils.journaling.*");
+ whiteList.add("java.util.*");
+ whiteList.add("java.lang.*");
}
public JournalingObject(String context, JournalingObject parent) {
@@ -254,7 +258,8 @@ public abstract class JournalingObject {
try {
logger.debug("reading" + file);
BufferedInputStream fin = new BufferedInputStream(new FileInputStream(file),16777216);
- ObjectInputStream in = new ObjectInputStream(fin);
+ ValidatingObjectInputStream in = new ValidatingObjectInputStream(fin);
+ addAccept(in);
Object o = null;
try {
o = in.readObject();
@@ -281,7 +286,7 @@ public abstract class JournalingObject {
return numLogs;
}
- @SuppressWarnings("static-access")
+ @SuppressWarnings({ "static-access", "deprecation" })
public static void main(String[] args) throws IOException, ClassNotFoundException {
CommandLineParser parser = new GnuParser();
@@ -303,7 +308,8 @@ public abstract class JournalingObject {
// String args1[] = line.getArgs();
if (line.hasOption("file")) {
FileInputStream fin = new FileInputStream(new File(line.getOptionValue("file")));
- ObjectInputStream in = new ObjectInputStream(fin);
+ ValidatingObjectInputStream in = new ValidatingObjectInputStream(fin);
+ addAccept(in);
try {
while (true) {
Object o;
@@ -325,6 +331,15 @@ public abstract class JournalingObject {
}
}
+ private static void addAccept(ValidatingObjectInputStream in) {
+ for (String s : whiteList) {
+ in.accept(s);
+ }
+ }
+ public static void addClassToWhiteList(String s) {
+ whiteList.add(s);
+ }
+
static int num = 0;
static private File saveObjectFile(File dir, String fname) {
@@ -363,7 +378,8 @@ public abstract class JournalingObject {
Object o = null;
try {
FileInputStream fin = new FileInputStream(file);
- ObjectInputStream in = new ObjectInputStream(fin);
+ ValidatingObjectInputStream in = new ValidatingObjectInputStream(fin);
+ addAccept(in);
try {
while (true) {
try {
@@ -393,7 +409,7 @@ public abstract class JournalingObject {
} catch (EOFException e) {
logger.debug("initFromLog failed: " + file + " numEvents=" + numEvents + " o=" + o);
} catch (Exception e) {
- logger.warn("initFromLog failed: " + file + " numEvents=" + numEvents + " o=" + o.getClass());
+ System.err.println(e);
logger.debug("initFromLog failed: " + file + " numEvents=" + numEvents + " o=" + o);
e.printStackTrace();
}
diff --git a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java
index a1e7517..dba03ab 100644
--- a/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java
+++ b/ncomp-utils-journaling/src/main/java/org/openecomp/ncomp/utils/journaling/JournalingTest.java
@@ -153,7 +153,7 @@ public class JournalingTest extends TestCase {
for (int i = 0; i < 10; i++) {
o.setS("foo:" + i);
}
- assertTrue(o.getLogSize() <= 2);
+ assertTrue(o.getLogSize() == 12);
o.close();
for (int i = 0; i < 3; i++) {