diff options
author | liamfallon <liam.fallon@ericsson.com> | 2018-09-08 15:22:21 +0100 |
---|---|---|
committer | liamfallon <liam.fallon@ericsson.com> | 2018-09-08 15:30:42 +0100 |
commit | b766ce707a431c834518df91d3334475f90d0fdd (patch) | |
tree | 5c764397baca3239551d445eb9233bcae480499a /plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate | |
parent | 07922e8590597e7a74a2059a1b344c92f04771c5 (diff) |
Address level 4-6 security issues
Remove commons-compress and chage version of dom4j
Also fix checkstyle in affected modules
Issue-ID: POLICY-1065
Change-Id: Id37e54a54997656674af37dfd924aec5f69e410a
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
Diffstat (limited to 'plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate')
3 files changed, 67 insertions, 61 deletions
diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml index b1102ffe6..1c675dc54 100644 --- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml +++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml @@ -42,6 +42,11 @@ </exclusion> </exclusions> </dependency> + <dependency> + <groupId>dom4j</groupId> + <artifactId>dom4j</artifactId> + <version>1.6</version> + </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-c3p0</artifactId> diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java index 087535d6b..19ad01054 100644 --- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java +++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java @@ -57,15 +57,15 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.model.basicmodel.concepts.AxArtifactKey) */ @Override - public <T extends AxConcept> void delete(final Class<T> aClass, final AxArtifactKey key) { + public <T extends AxConcept> void delete(final Class<T> clazz, final AxArtifactKey key) { if (key == null) { return; } final EntityManager mg = getEntityManager(); try { mg.getTransaction().begin(); - mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION - + key.getVersion() + "'").executeUpdate(); + mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION + + key.getVersion() + "'").executeUpdate(); mg.getTransaction().commit(); } finally { mg.close(); @@ -79,16 +79,16 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.model.basicmodel.concepts.AxReferenceKey) */ @Override - public <T extends AxConcept> void delete(final Class<T> aClass, final AxReferenceKey key) { + public <T extends AxConcept> void delete(final Class<T> clazz, final AxReferenceKey key) { if (key == null) { return; } final EntityManager mg = getEntityManager(); try { mg.getTransaction().begin(); - mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() - + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + key.getLocalName() - + "'").executeUpdate(); + mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() + + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + + key.getLocalName() + "'").executeUpdate(); mg.getTransaction().commit(); } finally { mg.close(); @@ -102,7 +102,7 @@ public class HibernateApexDao extends DefaultApexDao { * java.util.Collection) */ @Override - public <T extends AxConcept> int deleteByArtifactKey(final Class<T> aClass, final Collection<AxArtifactKey> keys) { + public <T extends AxConcept> int deleteByArtifactKey(final Class<T> clazz, final Collection<AxArtifactKey> keys) { if (keys == null || keys.isEmpty()) { return 0; } @@ -111,8 +111,8 @@ public class HibernateApexDao extends DefaultApexDao { try { mg.getTransaction().begin(); for (final AxArtifactKey key : keys) { - deletedCount += mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_NAME + key.getName() - + AND_KEY_VERSION + key.getVersion() + "'").executeUpdate(); + deletedCount += mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_NAME + key.getName() + + AND_KEY_VERSION + key.getVersion() + "'").executeUpdate(); } mg.getTransaction().commit(); } finally { @@ -127,8 +127,7 @@ public class HibernateApexDao extends DefaultApexDao { * @see org.onap.policy.apex.core.model.dao.ApexDao#deleteByContextUsageKey(java.lang.Class, java.util.Collection) */ @Override - public <T extends AxConcept> int deleteByReferenceKey(final Class<T> aClass, - final Collection<AxReferenceKey> keys) { + public <T extends AxConcept> int deleteByReferenceKey(final Class<T> clazz, final Collection<AxReferenceKey> keys) { if (keys == null || keys.isEmpty()) { return 0; } @@ -137,9 +136,9 @@ public class HibernateApexDao extends DefaultApexDao { try { mg.getTransaction().begin(); for (final AxReferenceKey key : keys) { - deletedCount += mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME - + key.getParentKeyName() + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() - + AND_KEY_LOCAL_NAME + key.getLocalName() + "'").executeUpdate(); + deletedCount += mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + + key.getParentKeyName() + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + + AND_KEY_LOCAL_NAME + key.getLocalName() + "'").executeUpdate(); } mg.getTransaction().commit(); } finally { @@ -154,11 +153,11 @@ public class HibernateApexDao extends DefaultApexDao { * @see org.onap.policy.apex.core.model.dao.ApexDao#deleteAll(java.lang.Class) */ @Override - public <T extends AxConcept> void deleteAll(final Class<T> aClass) { + public <T extends AxConcept> void deleteAll(final Class<T> clazz) { final EntityManager mg = getEntityManager(); try { mg.getTransaction().begin(); - mg.createQuery(DELETE_FROM + aClass.getSimpleName()).executeUpdate(); + mg.createQuery(DELETE_FROM + clazz.getSimpleName()).executeUpdate(); mg.getTransaction().commit(); } finally { mg.close(); @@ -171,21 +170,21 @@ public class HibernateApexDao extends DefaultApexDao { * @see org.onap.policy.apex.core.model.dao.ApexDao#getAll(java.lang.Class) */ @Override - public <T extends AxConcept> List<T> getAll(final Class<T> aClass) { - if (aClass == null) { + public <T extends AxConcept> List<T> getAll(final Class<T> clazz) { + if (clazz == null) { return Collections.emptyList(); } final EntityManager mg = getEntityManager(); try { - final List<T> result = mg.createQuery(FROM + aClass.getSimpleName(), aClass).getResultList(); + final List<T> result = mg.createQuery(FROM + clazz.getSimpleName(), clazz).getResultList(); final List<T> cloneResult = new ArrayList<>(); for (final T t : result) { try { - final T clonedT = aClass.newInstance(); + final T clonedT = clazz.newInstance(); t.copyTo(clonedT); cloneResult.add(clonedT); } catch (final Exception e) { - LOGGER.warn("Could not clone object of class \"" + aClass.getCanonicalName() + "\"", e); + LOGGER.warn("Could not clone object of class \"" + clazz.getCanonicalName() + "\"", e); return cloneResult; } } @@ -202,14 +201,14 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.core.model.concepts.AxArtifactKey) */ @Override - public <T extends AxConcept> List<T> getAll(final Class<T> aClass, final AxArtifactKey parentKey) { - if (aClass == null) { + public <T extends AxConcept> List<T> getAll(final Class<T> clazz, final AxArtifactKey parentKey) { + if (clazz == null) { return Collections.emptyList(); } final EntityManager mg = getEntityManager(); try { - return mg.createQuery(FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + parentKey.getName() - + AND_KEY_PARENT_KEY_VERSION + parentKey.getVersion() + "'", aClass).getResultList(); + return mg.createQuery(FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + parentKey.getName() + + AND_KEY_PARENT_KEY_VERSION + parentKey.getVersion() + "'", clazz).getResultList(); } finally { mg.close(); } @@ -222,15 +221,15 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.core.model.concepts.AxArtifactKey) */ @Override - public <T extends AxConcept> T getArtifact(final Class<T> aClass, final AxArtifactKey key) { - if (aClass == null || key == null) { + public <T extends AxConcept> T getArtifact(final Class<T> clazz, final AxArtifactKey key) { + if (clazz == null || key == null) { return null; } final EntityManager mg = getEntityManager(); List<T> ret; try { - ret = mg.createQuery(FROM + aClass.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION - + key.getVersion() + "'", aClass).getResultList(); + ret = mg.createQuery(FROM + clazz.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION + + key.getVersion() + "'", clazz).getResultList(); } finally { mg.close(); } @@ -238,8 +237,8 @@ public class HibernateApexDao extends DefaultApexDao { return null; } if (ret.size() > 1) { - throw new IllegalArgumentException("More than one result was returned for search for " + aClass - + " with key " + key.getId() + ": " + ret); + throw new IllegalArgumentException("More than one result was returned for search for " + clazz + + " with key " + key.getId() + ": " + ret); } return ret.get(0); } @@ -251,16 +250,16 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.core.model.concepts.AxReferenceKey) */ @Override - public <T extends AxConcept> T getArtifact(final Class<T> aClass, final AxReferenceKey key) { - if (aClass == null || key == null) { + public <T extends AxConcept> T getArtifact(final Class<T> clazz, final AxReferenceKey key) { + if (clazz == null || key == null) { return null; } final EntityManager mg = getEntityManager(); List<T> ret; try { - ret = mg.createQuery(FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() - + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + key.getLocalName() - + "'", aClass).getResultList(); + ret = mg.createQuery(FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() + + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + + key.getLocalName() + "'", clazz).getResultList(); } finally { mg.close(); } @@ -268,8 +267,8 @@ public class HibernateApexDao extends DefaultApexDao { return null; } if (ret.size() > 1) { - throw new IllegalArgumentException("More than one result was returned for search for " + aClass - + " with key " + key.getId() + ": " + ret); + throw new IllegalArgumentException("More than one result was returned for search for " + clazz + + " with key " + key.getId() + ": " + ret); } return ret.get(0); } diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java index 1f100fde8..e96c8ea49 100644 --- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java +++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java @@ -40,31 +40,40 @@ import org.onap.policy.apex.model.basicmodel.concepts.AxReferenceKey; import org.onap.policy.apex.model.basicmodel.dao.DaoParameters; /** - * Junit test for class HibernateApexDao + * Junit test for class HibernateApexDao. * * @author Dinh Danh Le (dinh.danh.le@ericsson.com) * */ public class HibernateApexDaoTest { - private static final List<AxArtifactKey> TEST_ARTIKEYS = Arrays.asList(new AxArtifactKey[] { - new AxArtifactKey("ABC", "0.0.1"), new AxArtifactKey("DEF", "0.1.1"), new AxArtifactKey("XYZ", "1.1.1")}); + new AxArtifactKey("ABC", "0.0.1"), + new AxArtifactKey("DEF", "0.1.1"), new AxArtifactKey("XYZ", "1.1.1") + }); - private final DaoParameters DaoParameters = new DaoParameters(); + private final DaoParameters daoParameters = new DaoParameters(); private HibernateApexDao hibernateApexDao = null; + /** + * Set up tests. + * + * @throws ApexException on test setup errors + */ @Before - public void setupDAO() throws ApexException { - DaoParameters.setPluginClass(HibernateApexDao.class.getCanonicalName()); - DaoParameters.setPersistenceUnit("DAOTest"); + public void setupDao() throws ApexException { + daoParameters.setPluginClass(HibernateApexDao.class.getCanonicalName()); + daoParameters.setPersistenceUnit("DAOTest"); hibernateApexDao = new HibernateApexDao(); - hibernateApexDao.init(DaoParameters); + hibernateApexDao.init(daoParameters); } + /** + * Cleardown tests. + */ @After - public void teardownDAO() { + public void teardownDao() { hibernateApexDao.close(); } @@ -115,7 +124,6 @@ public class HibernateApexDaoTest { } } - @Test public void test_getArtifactByReferenceKey() { final AxArtifactKey artifactKey = new AxArtifactKey("XXX", "0.0.1"); @@ -133,12 +141,11 @@ public class HibernateApexDaoTest { assertNull(hibernateApexDao.getArtifact(ReferenceKeyTestEntity.class, anotherReferenceKey)); // assert return only one entity when finding an entity with correct key - final ReferenceKeyTestEntity retEntity = - hibernateApexDao.getArtifact(ReferenceKeyTestEntity.class, referenceKey); + final ReferenceKeyTestEntity retEntity = hibernateApexDao.getArtifact(ReferenceKeyTestEntity.class, + referenceKey); assertEquals(referenceKey, retEntity.getKey()); } - @Test public void test_getArtifactByArtifactKey() { final AxArtifactKey artifactKey = new AxArtifactKey("XXX", "0.0.1"); @@ -157,7 +164,6 @@ public class HibernateApexDaoTest { assertEquals(artifactKey, retEntity.getKey()); } - @Test public void test_deleteByArtifactKey() { // initialize a list of (3) entities corresponding to the list of testArtiKeys @@ -177,7 +183,6 @@ public class HibernateApexDaoTest { assertEquals(100.0, remainingEntities.get(0).getDoubleValue(), 0.0); } - @Test public void test_deleteByReferenceKey() { // prepare 2 AxArtifactKeys @@ -185,9 +190,10 @@ public class HibernateApexDaoTest { final AxArtifactKey owner1Key = new AxArtifactKey("Owner1", "0.0.1"); // prepare a list of (3) AxReferenceKeys corresponding to owner0Key - final List<AxReferenceKey> refKey0s = - Arrays.asList(new AxReferenceKey[] {new AxReferenceKey(owner0Key, "Entity01"), - new AxReferenceKey(owner0Key, "Entity02"), new AxReferenceKey(owner0Key, "Entity03")}); + final List<AxReferenceKey> refKey0s = Arrays.asList(new AxReferenceKey[] { + new AxReferenceKey(owner0Key, "Entity01"), new AxReferenceKey(owner0Key, "Entity02"), + new AxReferenceKey(owner0Key, "Entity03") + }); // prepare 2 more AxReferenceKeys corresponding to owner1Key final AxReferenceKey refKey11 = new AxReferenceKey(owner1Key, "Entity11"); final AxReferenceKey refKey12 = new AxReferenceKey(owner1Key, "Entity12"); @@ -218,7 +224,6 @@ public class HibernateApexDaoTest { assertEquals(0, hibernateApexDao.getAll(ReferenceKeyTestEntity.class).size()); } - @Test public void test_getAllByArtifactKey() { @@ -228,7 +233,6 @@ public class HibernateApexDaoTest { final AxReferenceKey refKey0 = new AxReferenceKey(artiKey0, "Entity0"); final AxReferenceKey refKey1 = new AxReferenceKey(artiKey1, "Entity1"); - // test with null class with known key --> return an empty list assertNotNull(hibernateApexDao.getAll(null, artiKey1)); assertTrue(hibernateApexDao.getAll(null, artiKey1).equals(Collections.emptyList())); @@ -246,6 +250,4 @@ public class HibernateApexDaoTest { assertEquals(200.0, retEntity.getDoubleValue(), 0); } - - } |