summaryrefslogtreecommitdiffstats
path: root/model
diff options
context:
space:
mode:
authoraditya.puthuparambil <aditya.puthuparambil@est.tech>2020-03-10 14:12:55 +0000
committeraditya.puthuparambil <aditya.puthuparambil@est.tech>2020-03-11 13:20:49 +0000
commit601eb7fa55e373563ba396f491cec88732cd6e4e (patch)
treea8b22f54ce2b35594e520e5fc7c48b5dc216a5d2 /model
parent4eb64b73443620c8588ee48b54d225326ff4550e (diff)
Sonar Security vulnerabilities fix
Issue-ID: POLICY-1913 Signed-off-by: aditya.puthuparambil <aditya.puthuparambil@est.tech> Change-Id: Ic86e04776c9300e37134210cd9db5b6d7e6a5a9e
Diffstat (limited to 'model')
-rw-r--r--model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java31
1 files changed, 14 insertions, 17 deletions
diff --git a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
index 35c458eaa..8d6c01e4e 100644
--- a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
+++ b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2016-2018 Ericsson. All rights reserved.
- * Modifications Copyright (C) 2019 Nordix Foundation.
+ * Modifications Copyright (C) 2019-2020 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@ import java.io.Writer;
import java.util.Set;
import java.util.TreeSet;
+import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
@@ -53,10 +54,11 @@ import org.w3c.dom.Document;
/**
* This class writes an Apex concept to an XML file or JSON file from a Java Apex Concept.
*
- * @author John Keeney (john.keeney@ericsson.com)
* @param <C> the type of Apex concept to write, must be a sub class of {@link AxConcept}
+ * @author John Keeney (john.keeney@ericsson.com)
*/
public class ApexModelWriter<C extends AxConcept> {
+
private static final String CONCEPT_MAY_NOT_BE_NULL = "concept may not be null";
private static final String CONCEPT_WRITER_MAY_NOT_BE_NULL = "concept writer may not be null";
private static final String CONCEPT_STREAM_MAY_NOT_BE_NULL = "concept stream may not be null";
@@ -87,15 +89,13 @@ public class ApexModelWriter<C extends AxConcept> {
System.setProperty("javax.xml.bind.context.factory", "org.eclipse.persistence.jaxb.JAXBContextFactory");
try {
- final JAXBContext jaxbContext = JAXBContextFactory.createContext(new Class[]
- { rootConceptClass }, null);
+ final JAXBContext jaxbContext = JAXBContextFactory.createContext(new Class[]{rootConceptClass}, null);
// Set up the unmarshaller to carry out validation
marshaller = jaxbContext.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
marshaller.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler());
} catch (final JAXBException e) {
- LOGGER.error("JAXB marshaller creation exception", e);
throw new ApexModelException("JAXB marshaller creation exception", e);
}
}
@@ -133,14 +133,12 @@ public class ApexModelWriter<C extends AxConcept> {
marshaller.setProperty(MarshallerProperties.MEDIA_TYPE, MediaType.APPLICATION_JSON);
marshaller.setProperty(MarshallerProperties.JSON_INCLUDE_ROOT, true);
} catch (final Exception e) {
- LOGGER.warn("JAXB error setting marshaller for JSON output", e);
throw new ApexModelException("JAXB error setting marshaller for JSON output", e);
}
} else {
try {
marshaller.setProperty(MarshallerProperties.MEDIA_TYPE, MediaType.APPLICATION_XML);
} catch (final Exception e) {
- LOGGER.warn("JAXB error setting marshaller for XML output", e);
throw new ApexModelException("JAXB error setting marshaller for XML output", e);
}
}
@@ -149,7 +147,7 @@ public class ApexModelWriter<C extends AxConcept> {
/**
* This method validates the Apex concept then writes it into a stream.
*
- * @param concept the concept to write
+ * @param concept the concept to write
* @param apexConceptStream the stream to write to
* @throws ApexModelException on validation or writing exceptions
*/
@@ -163,7 +161,7 @@ public class ApexModelWriter<C extends AxConcept> {
/**
* This method validates the Apex concept then writes it into a writer.
*
- * @param concept the concept to write
+ * @param concept the concept to write
* @param apexConceptWriter the writer to write to
* @throws ApexModelException on validation or writing exceptions
*/
@@ -176,9 +174,9 @@ public class ApexModelWriter<C extends AxConcept> {
// Validate the concept first
final AxValidationResult validationResult = concept.validate(new AxValidationResult());
if (!validationResult.isValid()) {
- String message = "Apex concept xml (" + concept.getKey().getId() + ") validation failed: "
- + validationResult.toString();
- LOGGER.warn(message);
+ String message =
+ "Apex concept xml (" + concept.getKey().getId() + ") validation failed: " + validationResult
+ .toString();
throw new ApexModelException(message);
}
}
@@ -193,7 +191,7 @@ public class ApexModelWriter<C extends AxConcept> {
/**
* This method writes the Apex concept into a writer in XML format.
*
- * @param concept the concept to write
+ * @param concept the concept to write
* @param apexConceptWriter the writer to write to
* @throws ApexModelException on validation or writing exceptions
*/
@@ -206,6 +204,7 @@ public class ApexModelWriter<C extends AxConcept> {
// Write the concept into a DOM document, then transform to add CDATA fields and pretty
// print, then write out the result
final DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+ docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final Document document = docBuilderFactory.newDocumentBuilder().newDocument();
// Marshal the concept into the empty document.
@@ -215,10 +214,9 @@ public class ApexModelWriter<C extends AxConcept> {
// Convert the cDataFieldSet into a space delimited string
domTransformer.setOutputProperty(OutputKeys.CDATA_SECTION_ELEMENTS,
- cdataFieldSet.toString().replaceAll("[\\[\\]\\,]", " "));
+ cdataFieldSet.toString().replaceAll("[\\[\\]\\,]", " "));
domTransformer.transform(new DOMSource(document), new StreamResult(apexConceptWriter));
} catch (JAXBException | TransformerException | ParserConfigurationException e) {
- LOGGER.warn("Unable to marshal Apex concept to XML", e);
throw new ApexModelException("Unable to marshal Apex concept to XML", e);
}
LOGGER.debug("wrote Apex concept XML");
@@ -243,7 +241,7 @@ public class ApexModelWriter<C extends AxConcept> {
/**
* This method writes the Apex concept into a writer in JSON format.
*
- * @param concept the concept to write
+ * @param concept the concept to write
* @param apexConceptWriter the writer to write to
* @throws ApexModelException on validation or writing exceptions
*/
@@ -255,7 +253,6 @@ public class ApexModelWriter<C extends AxConcept> {
try {
marshaller.marshal(concept, apexConceptWriter);
} catch (final JAXBException e) {
- LOGGER.warn("Unable to marshal Apex concept to JSON", e);
throw new ApexModelException("Unable to marshal Apex concept to JSON", e);
}
LOGGER.debug("wrote Apex concept JSON");