aboutsummaryrefslogtreecommitdiffstats
path: root/ncomp-utils-java/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'ncomp-utils-java/src/main')
-rw-r--r--ncomp-utils-java/src/main/java/org/json/JSONObject.java38
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java20
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java15
-rw-r--r--ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java85
4 files changed, 44 insertions, 114 deletions
diff --git a/ncomp-utils-java/src/main/java/org/json/JSONObject.java b/ncomp-utils-java/src/main/java/org/json/JSONObject.java
index 4795082..7e2b9a6 100644
--- a/ncomp-utils-java/src/main/java/org/json/JSONObject.java
+++ b/ncomp-utils-java/src/main/java/org/json/JSONObject.java
@@ -140,6 +140,10 @@ public class JSONObject {
public boolean equals(Object object) {
return object == null || object == this;
}
+ @Override
+ public int hashCode() {
+ return super.hashCode();
+ }
/**
@@ -351,39 +355,39 @@ public class JSONObject {
Method method = methods[i];
if (Modifier.isPublic(method.getModifiers())) {
String name = method.getName();
- String key = "";
+ String k = "";
if (name.startsWith("get")) {
- key = name.substring(3);
+ k = name.substring(3);
} else if (name.startsWith("is")) {
- key = name.substring(2);
+ k = name.substring(2);
}
- if (key.length() > 0 &&
- Character.isUpperCase(key.charAt(0)) &&
+ if (k.length() > 0 &&
+ Character.isUpperCase(k.charAt(0)) &&
method.getParameterTypes().length == 0) {
- if (key.length() == 1) {
- key = key.toLowerCase();
- } else if (!Character.isUpperCase(key.charAt(1))) {
- key = key.substring(0, 1).toLowerCase() +
- key.substring(1);
+ if (k.length() == 1) {
+ k = k.toLowerCase();
+ } else if (!Character.isUpperCase(k.charAt(1))) {
+ k = k.substring(0, 1).toLowerCase() +
+ k.substring(1);
}
Object result = method.invoke(bean, (Object[])null);
if (result == null) {
- map.put(key, NULL);
+ map.put(k, NULL);
} else if (result.getClass().isArray()) {
- map.put(key, new JSONArray(result, includeSuperClass));
+ map.put(k, new JSONArray(result, includeSuperClass));
} else if (result instanceof Collection) { // List or Set
- map.put(key, new JSONArray((Collection<?>)result, includeSuperClass));
+ map.put(k, new JSONArray((Collection<?>)result, includeSuperClass));
} else if (result instanceof Map) {
- map.put(key, new JSONObject((Map<?, ?>)result, includeSuperClass));
+ map.put(k, new JSONObject((Map<?, ?>)result, includeSuperClass));
} else if (isStandardProperty(result.getClass())) { // Primitives, String and Wrapper
- map.put(key, result);
+ map.put(k, result);
} else {
if (result.getClass().getPackage().getName().startsWith("java") ||
result.getClass().getClassLoader() == null) {
- map.put(key, result.toString());
+ map.put(k, result.toString());
} else { // User defined Objects
- map.put(key, new JSONObject(result, includeSuperClass));
+ map.put(k, new JSONObject(result, includeSuperClass));
}
}
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
index ac1c6f3..a8d2021 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java
@@ -56,11 +56,11 @@ import org.openecomp.ncomp.webservice.utils.FileUtils;
public class CryptoUtilsTest extends TestCase {
- String key = "dafdfkj";
- String value = "Hello";
+ String k = "dafdfkj";
+ String v = "Hello";
public void test_encrypt() {
- assertEquals(value, decrypt(key,encrypt(key, value)));
+ assertEquals(v, decrypt(k,encrypt(k, v)));
}
public void test_streams() throws Exception {
Cipher aes = Cipher.getInstance("AES/ECB/PKCS5Padding");
@@ -96,7 +96,7 @@ public class CryptoUtilsTest extends TestCase {
@SuppressWarnings("resource")
public void test_streams_2() throws Exception {
InputStream in = new FileInputStream("test/Test.txt");
- in = getInputStream(in, EncryptionType.ENCRYPT, key);
+ in = getInputStream(in, EncryptionType.ENCRYPT, k);
FileOutputStream out = new FileOutputStream("test/Encrypted.txt");
try {
FileUtils.copyStream(in, out);
@@ -107,7 +107,7 @@ public class CryptoUtilsTest extends TestCase {
out.close();
}
in = new FileInputStream("test/Encrypted.txt");
- in = getInputStream(in, EncryptionType.DECRYPT, key);
+ in = getInputStream(in, EncryptionType.DECRYPT, k);
out = new FileOutputStream("test/Decrypted.txt");
try {
FileUtils.copyStream(in, out);
@@ -124,10 +124,10 @@ public class CryptoUtilsTest extends TestCase {
KeyPair keyPair = keyPairGenerator.generateKeyPair();
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
- byte[] ciphertext = rsa.doFinal(value.getBytes());
+ byte[] ciphertext = rsa.doFinal(v.getBytes());
rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] text = rsa.doFinal(ciphertext);
- assertEquals(value, new String(text));
+ assertEquals(v, new String(text));
}
public void test_public_key_1() throws Exception {
@@ -141,10 +141,10 @@ public class CryptoUtilsTest extends TestCase {
PrivateKey k2 = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decode64(privateKey)));
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, k1);
- byte[] ciphertext = rsa.doFinal(value.getBytes());
+ byte[] ciphertext = rsa.doFinal(v.getBytes());
rsa.init(Cipher.DECRYPT_MODE, k2);
byte[] text = rsa.doFinal(ciphertext);
- assertEquals(value, new String(text));
+ assertEquals(v, new String(text));
}
@@ -154,7 +154,7 @@ public class CryptoUtilsTest extends TestCase {
System.out.println(digest(decode64(publicKey)));
String privateKey = getKey("test/key.private");
System.out.println(digest(decode64(privateKey)));
- assertEquals(value, decryptPrivate(privateKey,encryptPublic(publicKey, value)));
+ assertEquals(v, decryptPrivate(privateKey,encryptPublic(publicKey, v)));
}
}
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
index 68681f3..e8e86da 100644
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
+++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java
@@ -157,7 +157,7 @@ public class EStringUtil<T extends EObject> {
* @param str
*/
public T str2ecore(String str) {
- String[] fields = str.split(delimRegexp[0],-1);
+ String[] fields = str.split(checkRegexp(delimRegexp[0]),-1);
int j = 0;
T e = sample;
for (EAttribute attr : featureList) {
@@ -179,7 +179,7 @@ public class EStringUtil<T extends EObject> {
String s = fields[j++];
String[] values = {};
// empty string should an empty list instead of a one element list with and empty string
- if (s.length()>0) values = s.split(delimRegexp[1],-1);
+ if (s.length()>0) values = s.split(checkRegexp(delimRegexp[1]),-1);
for (String v : values) {
String vv = fixValue(t, v);
l.add(t.getEPackage().getEFactoryInstance().createFromString(attr.getEAttributeType(), vv));
@@ -193,6 +193,17 @@ public class EStringUtil<T extends EObject> {
return e;
}
+ // ensure that not arbitary regexp is evaluated: Denial of Service: Regular Expression
+ private String checkRegexp(String regexp) {
+ switch (regexp) {
+ case "\\|":
+ case ":":
+ case "\t":
+ case ",": return regexp;
+ }
+ throw new RuntimeException("Regexp not trusted: " + regexp);
+ }
+
private String fixValue(EDataType t, String v) {
if (t.getName().equals("EBoolean")) {
if (v.equals("0"))
diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java
deleted file mode 100644
index 2140938..0000000
--- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java
+++ /dev/null
@@ -1,85 +0,0 @@
-
-/*-
- * ============LICENSE_START==========================================
- * OPENECOMP - DCAE
- * ===================================================================
- * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- */
-
-package org.openecomp.ncomp.webservice.utils;
-
-import java.io.File;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import org.eclipse.emf.ecore.EObject;
-import org.eclipse.emf.ecore.EPackage;
-
-public class ServiceUtils {
- private static int requestNumber = 0;
- private static String requestString;
- public static EObject BackendService(EPackage pp, EObject request, String command, String dir) {
- if (dir == null) dir = getDirectory(pp);
- String inputFile = dir + "/request";
- String outputFile = dir + "/response";
- EObject res = null;
- try {
- File dir1 = new File(dir);
- dir1.mkdirs();
- if (request != null) {
- FileUtils.ecore2file(pp, request, inputFile);
- }
- Date d1 = new Date();
- Process p = Runtime.getRuntime().exec(
- command + " " + inputFile + " " + outputFile);
- p.waitFor();
- p.destroy();
- Date d2 = new Date();
- System.err.println("Backend call: " + (d2.getTime() - d1.getTime())
- + " milliseconds");
- res = FileUtils.file2ecore(pp,outputFile,true,false);
- } catch (Exception exception) {
- System.err.println("SERVER ERROR: " + exception + " " + dir);
- exception.printStackTrace();
- }
- return res;
- }
- public static String getDirectory(EPackage pp) {
- int n;
- String prefix = pp.getName();
- Date now = new Date();
- SimpleDateFormat format = new SimpleDateFormat("yyyy_MM_dd",new Locale("UTC"));
- String nowString = format.format(now);
- if (!nowString.equals(requestString)) {
- requestNumber = 0;
- requestString = nowString;
- }
- String dir;
- synchronized (requestString) {
- while (true) {
- n = requestNumber++;
- dir = System.getProperty("user.dir")+"/" + prefix + "/requests/" + requestString + "/" + n;
- File f = new File(dir);
- if (!f.exists()) {
- f.mkdirs();
- break;
- }
- }
- }
- return dir;
- }
-}