From 601eb7fa55e373563ba396f491cec88732cd6e4e Mon Sep 17 00:00:00 2001 From: "aditya.puthuparambil" Date: Tue, 10 Mar 2020 14:12:55 +0000 Subject: Sonar Security vulnerabilities fix Issue-ID: POLICY-1913 Signed-off-by: aditya.puthuparambil Change-Id: Ic86e04776c9300e37134210cd9db5b6d7e6a5a9e --- .../model/basicmodel/handling/ApexModelWriter.java | 31 ++++++++++------------ 1 file changed, 14 insertions(+), 17 deletions(-) (limited to 'model') diff --git a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java index 35c458eaa..8d6c01e4e 100644 --- a/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java +++ b/model/basic-model/src/main/java/org/onap/policy/apex/model/basicmodel/handling/ApexModelWriter.java @@ -1,7 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2016-2018 Ericsson. All rights reserved. - * Modifications Copyright (C) 2019 Nordix Foundation. + * Modifications Copyright (C) 2019-2020 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,6 +27,7 @@ import java.io.Writer; import java.util.Set; import java.util.TreeSet; +import javax.xml.XMLConstants; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; @@ -53,10 +54,11 @@ import org.w3c.dom.Document; /** * This class writes an Apex concept to an XML file or JSON file from a Java Apex Concept. * - * @author John Keeney (john.keeney@ericsson.com) * @param the type of Apex concept to write, must be a sub class of {@link AxConcept} + * @author John Keeney (john.keeney@ericsson.com) */ public class ApexModelWriter { + private static final String CONCEPT_MAY_NOT_BE_NULL = "concept may not be null"; private static final String CONCEPT_WRITER_MAY_NOT_BE_NULL = "concept writer may not be null"; private static final String CONCEPT_STREAM_MAY_NOT_BE_NULL = "concept stream may not be null"; @@ -87,15 +89,13 @@ public class ApexModelWriter { System.setProperty("javax.xml.bind.context.factory", "org.eclipse.persistence.jaxb.JAXBContextFactory"); try { - final JAXBContext jaxbContext = JAXBContextFactory.createContext(new Class[] - { rootConceptClass }, null); + final JAXBContext jaxbContext = JAXBContextFactory.createContext(new Class[]{rootConceptClass}, null); // Set up the unmarshaller to carry out validation marshaller = jaxbContext.createMarshaller(); marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); marshaller.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); } catch (final JAXBException e) { - LOGGER.error("JAXB marshaller creation exception", e); throw new ApexModelException("JAXB marshaller creation exception", e); } } @@ -133,14 +133,12 @@ public class ApexModelWriter { marshaller.setProperty(MarshallerProperties.MEDIA_TYPE, MediaType.APPLICATION_JSON); marshaller.setProperty(MarshallerProperties.JSON_INCLUDE_ROOT, true); } catch (final Exception e) { - LOGGER.warn("JAXB error setting marshaller for JSON output", e); throw new ApexModelException("JAXB error setting marshaller for JSON output", e); } } else { try { marshaller.setProperty(MarshallerProperties.MEDIA_TYPE, MediaType.APPLICATION_XML); } catch (final Exception e) { - LOGGER.warn("JAXB error setting marshaller for XML output", e); throw new ApexModelException("JAXB error setting marshaller for XML output", e); } } @@ -149,7 +147,7 @@ public class ApexModelWriter { /** * This method validates the Apex concept then writes it into a stream. * - * @param concept the concept to write + * @param concept the concept to write * @param apexConceptStream the stream to write to * @throws ApexModelException on validation or writing exceptions */ @@ -163,7 +161,7 @@ public class ApexModelWriter { /** * This method validates the Apex concept then writes it into a writer. * - * @param concept the concept to write + * @param concept the concept to write * @param apexConceptWriter the writer to write to * @throws ApexModelException on validation or writing exceptions */ @@ -176,9 +174,9 @@ public class ApexModelWriter { // Validate the concept first final AxValidationResult validationResult = concept.validate(new AxValidationResult()); if (!validationResult.isValid()) { - String message = "Apex concept xml (" + concept.getKey().getId() + ") validation failed: " - + validationResult.toString(); - LOGGER.warn(message); + String message = + "Apex concept xml (" + concept.getKey().getId() + ") validation failed: " + validationResult + .toString(); throw new ApexModelException(message); } } @@ -193,7 +191,7 @@ public class ApexModelWriter { /** * This method writes the Apex concept into a writer in XML format. * - * @param concept the concept to write + * @param concept the concept to write * @param apexConceptWriter the writer to write to * @throws ApexModelException on validation or writing exceptions */ @@ -206,6 +204,7 @@ public class ApexModelWriter { // Write the concept into a DOM document, then transform to add CDATA fields and pretty // print, then write out the result final DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); + docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); final Document document = docBuilderFactory.newDocumentBuilder().newDocument(); // Marshal the concept into the empty document. @@ -215,10 +214,9 @@ public class ApexModelWriter { // Convert the cDataFieldSet into a space delimited string domTransformer.setOutputProperty(OutputKeys.CDATA_SECTION_ELEMENTS, - cdataFieldSet.toString().replaceAll("[\\[\\]\\,]", " ")); + cdataFieldSet.toString().replaceAll("[\\[\\]\\,]", " ")); domTransformer.transform(new DOMSource(document), new StreamResult(apexConceptWriter)); } catch (JAXBException | TransformerException | ParserConfigurationException e) { - LOGGER.warn("Unable to marshal Apex concept to XML", e); throw new ApexModelException("Unable to marshal Apex concept to XML", e); } LOGGER.debug("wrote Apex concept XML"); @@ -243,7 +241,7 @@ public class ApexModelWriter { /** * This method writes the Apex concept into a writer in JSON format. * - * @param concept the concept to write + * @param concept the concept to write * @param apexConceptWriter the writer to write to * @throws ApexModelException on validation or writing exceptions */ @@ -255,7 +253,6 @@ public class ApexModelWriter { try { marshaller.marshal(concept, apexConceptWriter); } catch (final JAXBException e) { - LOGGER.warn("Unable to marshal Apex concept to JSON", e); throw new ApexModelException("Unable to marshal Apex concept to JSON", e); } LOGGER.debug("wrote Apex concept JSON"); -- cgit 1.2.3-korg