diff options
Diffstat (limited to 'ncomp-utils-java/src/main')
4 files changed, 44 insertions, 114 deletions
diff --git a/ncomp-utils-java/src/main/java/org/json/JSONObject.java b/ncomp-utils-java/src/main/java/org/json/JSONObject.java index 4795082..7e2b9a6 100644 --- a/ncomp-utils-java/src/main/java/org/json/JSONObject.java +++ b/ncomp-utils-java/src/main/java/org/json/JSONObject.java @@ -140,6 +140,10 @@ public class JSONObject { public boolean equals(Object object) { return object == null || object == this; } + @Override + public int hashCode() { + return super.hashCode(); + } /** @@ -351,39 +355,39 @@ public class JSONObject { Method method = methods[i]; if (Modifier.isPublic(method.getModifiers())) { String name = method.getName(); - String key = ""; + String k = ""; if (name.startsWith("get")) { - key = name.substring(3); + k = name.substring(3); } else if (name.startsWith("is")) { - key = name.substring(2); + k = name.substring(2); } - if (key.length() > 0 && - Character.isUpperCase(key.charAt(0)) && + if (k.length() > 0 && + Character.isUpperCase(k.charAt(0)) && method.getParameterTypes().length == 0) { - if (key.length() == 1) { - key = key.toLowerCase(); - } else if (!Character.isUpperCase(key.charAt(1))) { - key = key.substring(0, 1).toLowerCase() + - key.substring(1); + if (k.length() == 1) { + k = k.toLowerCase(); + } else if (!Character.isUpperCase(k.charAt(1))) { + k = k.substring(0, 1).toLowerCase() + + k.substring(1); } Object result = method.invoke(bean, (Object[])null); if (result == null) { - map.put(key, NULL); + map.put(k, NULL); } else if (result.getClass().isArray()) { - map.put(key, new JSONArray(result, includeSuperClass)); + map.put(k, new JSONArray(result, includeSuperClass)); } else if (result instanceof Collection) { // List or Set - map.put(key, new JSONArray((Collection<?>)result, includeSuperClass)); + map.put(k, new JSONArray((Collection<?>)result, includeSuperClass)); } else if (result instanceof Map) { - map.put(key, new JSONObject((Map<?, ?>)result, includeSuperClass)); + map.put(k, new JSONObject((Map<?, ?>)result, includeSuperClass)); } else if (isStandardProperty(result.getClass())) { // Primitives, String and Wrapper - map.put(key, result); + map.put(k, result); } else { if (result.getClass().getPackage().getName().startsWith("java") || result.getClass().getClassLoader() == null) { - map.put(key, result.toString()); + map.put(k, result.toString()); } else { // User defined Objects - map.put(key, new JSONObject(result, includeSuperClass)); + map.put(k, new JSONObject(result, includeSuperClass)); } } } diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java index ac1c6f3..a8d2021 100644 --- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java +++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/CryptoUtilsTest.java @@ -56,11 +56,11 @@ import org.openecomp.ncomp.webservice.utils.FileUtils; public class CryptoUtilsTest extends TestCase { - String key = "dafdfkj"; - String value = "Hello"; + String k = "dafdfkj"; + String v = "Hello"; public void test_encrypt() { - assertEquals(value, decrypt(key,encrypt(key, value))); + assertEquals(v, decrypt(k,encrypt(k, v))); } public void test_streams() throws Exception { Cipher aes = Cipher.getInstance("AES/ECB/PKCS5Padding"); @@ -96,7 +96,7 @@ public class CryptoUtilsTest extends TestCase { @SuppressWarnings("resource") public void test_streams_2() throws Exception { InputStream in = new FileInputStream("test/Test.txt"); - in = getInputStream(in, EncryptionType.ENCRYPT, key); + in = getInputStream(in, EncryptionType.ENCRYPT, k); FileOutputStream out = new FileOutputStream("test/Encrypted.txt"); try { FileUtils.copyStream(in, out); @@ -107,7 +107,7 @@ public class CryptoUtilsTest extends TestCase { out.close(); } in = new FileInputStream("test/Encrypted.txt"); - in = getInputStream(in, EncryptionType.DECRYPT, key); + in = getInputStream(in, EncryptionType.DECRYPT, k); out = new FileOutputStream("test/Decrypted.txt"); try { FileUtils.copyStream(in, out); @@ -124,10 +124,10 @@ public class CryptoUtilsTest extends TestCase { KeyPair keyPair = keyPairGenerator.generateKeyPair(); Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); - byte[] ciphertext = rsa.doFinal(value.getBytes()); + byte[] ciphertext = rsa.doFinal(v.getBytes()); rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); byte[] text = rsa.doFinal(ciphertext); - assertEquals(value, new String(text)); + assertEquals(v, new String(text)); } public void test_public_key_1() throws Exception { @@ -141,10 +141,10 @@ public class CryptoUtilsTest extends TestCase { PrivateKey k2 = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decode64(privateKey))); Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, k1); - byte[] ciphertext = rsa.doFinal(value.getBytes()); + byte[] ciphertext = rsa.doFinal(v.getBytes()); rsa.init(Cipher.DECRYPT_MODE, k2); byte[] text = rsa.doFinal(ciphertext); - assertEquals(value, new String(text)); + assertEquals(v, new String(text)); } @@ -154,7 +154,7 @@ public class CryptoUtilsTest extends TestCase { System.out.println(digest(decode64(publicKey))); String privateKey = getKey("test/key.private"); System.out.println(digest(decode64(privateKey))); - assertEquals(value, decryptPrivate(privateKey,encryptPublic(publicKey, value))); + assertEquals(v, decryptPrivate(privateKey,encryptPublic(publicKey, v))); } } diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java index 68681f3..e8e86da 100644 --- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java +++ b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/utils/emf/EStringUtil.java @@ -157,7 +157,7 @@ public class EStringUtil<T extends EObject> { * @param str */ public T str2ecore(String str) { - String[] fields = str.split(delimRegexp[0],-1); + String[] fields = str.split(checkRegexp(delimRegexp[0]),-1); int j = 0; T e = sample; for (EAttribute attr : featureList) { @@ -179,7 +179,7 @@ public class EStringUtil<T extends EObject> { String s = fields[j++]; String[] values = {}; // empty string should an empty list instead of a one element list with and empty string - if (s.length()>0) values = s.split(delimRegexp[1],-1); + if (s.length()>0) values = s.split(checkRegexp(delimRegexp[1]),-1); for (String v : values) { String vv = fixValue(t, v); l.add(t.getEPackage().getEFactoryInstance().createFromString(attr.getEAttributeType(), vv)); @@ -193,6 +193,17 @@ public class EStringUtil<T extends EObject> { return e; } + // ensure that not arbitary regexp is evaluated: Denial of Service: Regular Expression + private String checkRegexp(String regexp) { + switch (regexp) { + case "\\|": + case ":": + case "\t": + case ",": return regexp; + } + throw new RuntimeException("Regexp not trusted: " + regexp); + } + private String fixValue(EDataType t, String v) { if (t.getName().equals("EBoolean")) { if (v.equals("0")) diff --git a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java b/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java deleted file mode 100644 index 2140938..0000000 --- a/ncomp-utils-java/src/main/java/org/openecomp/ncomp/webservice/utils/ServiceUtils.java +++ /dev/null @@ -1,85 +0,0 @@ - -/*- - * ============LICENSE_START========================================== - * OPENECOMP - DCAE - * =================================================================== - * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - */ - -package org.openecomp.ncomp.webservice.utils; - -import java.io.File; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Locale; - -import org.eclipse.emf.ecore.EObject; -import org.eclipse.emf.ecore.EPackage; - -public class ServiceUtils { - private static int requestNumber = 0; - private static String requestString; - public static EObject BackendService(EPackage pp, EObject request, String command, String dir) { - if (dir == null) dir = getDirectory(pp); - String inputFile = dir + "/request"; - String outputFile = dir + "/response"; - EObject res = null; - try { - File dir1 = new File(dir); - dir1.mkdirs(); - if (request != null) { - FileUtils.ecore2file(pp, request, inputFile); - } - Date d1 = new Date(); - Process p = Runtime.getRuntime().exec( - command + " " + inputFile + " " + outputFile); - p.waitFor(); - p.destroy(); - Date d2 = new Date(); - System.err.println("Backend call: " + (d2.getTime() - d1.getTime()) - + " milliseconds"); - res = FileUtils.file2ecore(pp,outputFile,true,false); - } catch (Exception exception) { - System.err.println("SERVER ERROR: " + exception + " " + dir); - exception.printStackTrace(); - } - return res; - } - public static String getDirectory(EPackage pp) { - int n; - String prefix = pp.getName(); - Date now = new Date(); - SimpleDateFormat format = new SimpleDateFormat("yyyy_MM_dd",new Locale("UTC")); - String nowString = format.format(now); - if (!nowString.equals(requestString)) { - requestNumber = 0; - requestString = nowString; - } - String dir; - synchronized (requestString) { - while (true) { - n = requestNumber++; - dir = System.getProperty("user.dir")+"/" + prefix + "/requests/" + requestString + "/" + n; - File f = new File(dir); - if (!f.exists()) { - f.mkdirs(); - break; - } - } - } - return dir; - } -} |