diff options
author | ToineSiebelink <toine.siebelink@est.tech> | 2020-06-29 12:24:38 +0100 |
---|---|---|
committer | ToineSiebelink <toine.siebelink@est.tech> | 2020-06-29 14:46:39 +0100 |
commit | bf368d2a9cf764f22126fd59c9a3a10ab12fb4bb (patch) | |
tree | 484b85a7533fbe8986240b5ca9a30bf5d9a8bdd7 /model/utilities/src/main | |
parent | bea0762a2c28ee0330036843e17f5af38e06c807 (diff) |
Fix SonarQube vulnerabilities
Added logging to handle file io boolean returns
Added security related settings to xml factories and builders
Issue-ID: POLICY-2654
Change-Id: Ibc0a01f978bfc446e1dc1f8ad952d1305a7b7178
Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>
Diffstat (limited to 'model/utilities/src/main')
2 files changed, 19 insertions, 8 deletions
diff --git a/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryDeleteShutdownHook.java b/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryDeleteShutdownHook.java index f0fd8950f..2d96a5954 100644 --- a/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryDeleteShutdownHook.java +++ b/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryDeleteShutdownHook.java @@ -1,19 +1,20 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2018 Ericsson. All rights reserved. + * Modifications Copyright (C) 2020 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * + * * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ @@ -21,6 +22,8 @@ package org.onap.policy.apex.model.utilities; import java.io.File; +import org.slf4j.ext.XLogger; +import org.slf4j.ext.XLoggerFactory; /** * The Class DirectoryShutdownHook removes the contents of a directory and the directory itself at shutdown. @@ -28,6 +31,9 @@ import java.io.File; * @author Liam Fallon (liam.fallon@ericsson.com) */ final class DirectoryDeleteShutdownHook extends Thread { + + private static final XLogger LOGGER = XLoggerFactory.getXLogger(DirectoryUtils.class); + // The directory we are acting on private final File tempDir; @@ -48,7 +54,9 @@ final class DirectoryDeleteShutdownHook extends Thread { if (tempDir.exists()) { // Empty and delete the directory DirectoryUtils.emptyDirectory(tempDir); - tempDir.delete(); + if (!tempDir.delete()) { + LOGGER.warn("Failed to delete directory {}", tempDir); + } } } } diff --git a/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryUtils.java b/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryUtils.java index b129ce21c..011dbb1b2 100644 --- a/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryUtils.java +++ b/model/utilities/src/main/java/org/onap/policy/apex/model/utilities/DirectoryUtils.java @@ -1,19 +1,20 @@ /* * ============LICENSE_START======================================================= * Copyright (C) 2016-2018 Ericsson. All rights reserved. + * Modifications Copyright (C) 2020 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * + * * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ @@ -96,7 +97,9 @@ public abstract class DirectoryUtils { } // Delete the directory entry - directoryFile.delete(); + if (!directoryFile.delete()) { + LOGGER.warn("Failed to delete directory file {}", directoryFile); + } } } |