From b766ce707a431c834518df91d3334475f90d0fdd Mon Sep 17 00:00:00 2001 From: liamfallon Date: Sat, 8 Sep 2018 15:22:21 +0100 Subject: Address level 4-6 security issues Remove commons-compress and chage version of dom4j Also fix checkstyle in affected modules Issue-ID: POLICY-1065 Change-Id: Id37e54a54997656674af37dfd924aec5f69e410a Signed-off-by: liamfallon --- .../plugins-persistence-jpa-hibernate/pom.xml | 5 ++ .../jpa/hibernate/HibernateApexDao.java | 77 +++++++++++----------- .../jpa/hibernate/HibernateApexDaoTest.java | 46 ++++++------- 3 files changed, 67 insertions(+), 61 deletions(-) (limited to 'plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate') diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml index b1102ffe6..1c675dc54 100644 --- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml +++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml @@ -42,6 +42,11 @@ + + dom4j + dom4j + 1.6 + org.hibernate hibernate-c3p0 diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java index 087535d6b..19ad01054 100644 --- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java +++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/main/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDao.java @@ -57,15 +57,15 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.model.basicmodel.concepts.AxArtifactKey) */ @Override - public void delete(final Class aClass, final AxArtifactKey key) { + public void delete(final Class clazz, final AxArtifactKey key) { if (key == null) { return; } final EntityManager mg = getEntityManager(); try { mg.getTransaction().begin(); - mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION - + key.getVersion() + "'").executeUpdate(); + mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION + + key.getVersion() + "'").executeUpdate(); mg.getTransaction().commit(); } finally { mg.close(); @@ -79,16 +79,16 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.model.basicmodel.concepts.AxReferenceKey) */ @Override - public void delete(final Class aClass, final AxReferenceKey key) { + public void delete(final Class clazz, final AxReferenceKey key) { if (key == null) { return; } final EntityManager mg = getEntityManager(); try { mg.getTransaction().begin(); - mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() - + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + key.getLocalName() - + "'").executeUpdate(); + mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() + + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + + key.getLocalName() + "'").executeUpdate(); mg.getTransaction().commit(); } finally { mg.close(); @@ -102,7 +102,7 @@ public class HibernateApexDao extends DefaultApexDao { * java.util.Collection) */ @Override - public int deleteByArtifactKey(final Class aClass, final Collection keys) { + public int deleteByArtifactKey(final Class clazz, final Collection keys) { if (keys == null || keys.isEmpty()) { return 0; } @@ -111,8 +111,8 @@ public class HibernateApexDao extends DefaultApexDao { try { mg.getTransaction().begin(); for (final AxArtifactKey key : keys) { - deletedCount += mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_NAME + key.getName() - + AND_KEY_VERSION + key.getVersion() + "'").executeUpdate(); + deletedCount += mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_NAME + key.getName() + + AND_KEY_VERSION + key.getVersion() + "'").executeUpdate(); } mg.getTransaction().commit(); } finally { @@ -127,8 +127,7 @@ public class HibernateApexDao extends DefaultApexDao { * @see org.onap.policy.apex.core.model.dao.ApexDao#deleteByContextUsageKey(java.lang.Class, java.util.Collection) */ @Override - public int deleteByReferenceKey(final Class aClass, - final Collection keys) { + public int deleteByReferenceKey(final Class clazz, final Collection keys) { if (keys == null || keys.isEmpty()) { return 0; } @@ -137,9 +136,9 @@ public class HibernateApexDao extends DefaultApexDao { try { mg.getTransaction().begin(); for (final AxReferenceKey key : keys) { - deletedCount += mg.createQuery(DELETE_FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME - + key.getParentKeyName() + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() - + AND_KEY_LOCAL_NAME + key.getLocalName() + "'").executeUpdate(); + deletedCount += mg.createQuery(DELETE_FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + + key.getParentKeyName() + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + + AND_KEY_LOCAL_NAME + key.getLocalName() + "'").executeUpdate(); } mg.getTransaction().commit(); } finally { @@ -154,11 +153,11 @@ public class HibernateApexDao extends DefaultApexDao { * @see org.onap.policy.apex.core.model.dao.ApexDao#deleteAll(java.lang.Class) */ @Override - public void deleteAll(final Class aClass) { + public void deleteAll(final Class clazz) { final EntityManager mg = getEntityManager(); try { mg.getTransaction().begin(); - mg.createQuery(DELETE_FROM + aClass.getSimpleName()).executeUpdate(); + mg.createQuery(DELETE_FROM + clazz.getSimpleName()).executeUpdate(); mg.getTransaction().commit(); } finally { mg.close(); @@ -171,21 +170,21 @@ public class HibernateApexDao extends DefaultApexDao { * @see org.onap.policy.apex.core.model.dao.ApexDao#getAll(java.lang.Class) */ @Override - public List getAll(final Class aClass) { - if (aClass == null) { + public List getAll(final Class clazz) { + if (clazz == null) { return Collections.emptyList(); } final EntityManager mg = getEntityManager(); try { - final List result = mg.createQuery(FROM + aClass.getSimpleName(), aClass).getResultList(); + final List result = mg.createQuery(FROM + clazz.getSimpleName(), clazz).getResultList(); final List cloneResult = new ArrayList<>(); for (final T t : result) { try { - final T clonedT = aClass.newInstance(); + final T clonedT = clazz.newInstance(); t.copyTo(clonedT); cloneResult.add(clonedT); } catch (final Exception e) { - LOGGER.warn("Could not clone object of class \"" + aClass.getCanonicalName() + "\"", e); + LOGGER.warn("Could not clone object of class \"" + clazz.getCanonicalName() + "\"", e); return cloneResult; } } @@ -202,14 +201,14 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.core.model.concepts.AxArtifactKey) */ @Override - public List getAll(final Class aClass, final AxArtifactKey parentKey) { - if (aClass == null) { + public List getAll(final Class clazz, final AxArtifactKey parentKey) { + if (clazz == null) { return Collections.emptyList(); } final EntityManager mg = getEntityManager(); try { - return mg.createQuery(FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + parentKey.getName() - + AND_KEY_PARENT_KEY_VERSION + parentKey.getVersion() + "'", aClass).getResultList(); + return mg.createQuery(FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + parentKey.getName() + + AND_KEY_PARENT_KEY_VERSION + parentKey.getVersion() + "'", clazz).getResultList(); } finally { mg.close(); } @@ -222,15 +221,15 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.core.model.concepts.AxArtifactKey) */ @Override - public T getArtifact(final Class aClass, final AxArtifactKey key) { - if (aClass == null || key == null) { + public T getArtifact(final Class clazz, final AxArtifactKey key) { + if (clazz == null || key == null) { return null; } final EntityManager mg = getEntityManager(); List ret; try { - ret = mg.createQuery(FROM + aClass.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION - + key.getVersion() + "'", aClass).getResultList(); + ret = mg.createQuery(FROM + clazz.getSimpleName() + WHERE_KEY_NAME + key.getName() + AND_KEY_VERSION + + key.getVersion() + "'", clazz).getResultList(); } finally { mg.close(); } @@ -238,8 +237,8 @@ public class HibernateApexDao extends DefaultApexDao { return null; } if (ret.size() > 1) { - throw new IllegalArgumentException("More than one result was returned for search for " + aClass - + " with key " + key.getId() + ": " + ret); + throw new IllegalArgumentException("More than one result was returned for search for " + clazz + + " with key " + key.getId() + ": " + ret); } return ret.get(0); } @@ -251,16 +250,16 @@ public class HibernateApexDao extends DefaultApexDao { * org.onap.policy.apex.core.model.concepts.AxReferenceKey) */ @Override - public T getArtifact(final Class aClass, final AxReferenceKey key) { - if (aClass == null || key == null) { + public T getArtifact(final Class clazz, final AxReferenceKey key) { + if (clazz == null || key == null) { return null; } final EntityManager mg = getEntityManager(); List ret; try { - ret = mg.createQuery(FROM + aClass.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() - + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + key.getLocalName() - + "'", aClass).getResultList(); + ret = mg.createQuery(FROM + clazz.getSimpleName() + WHERE_KEY_PARENT_KEY_NAME + key.getParentKeyName() + + AND_KEY_PARENT_KEY_VERSION + key.getParentKeyVersion() + AND_KEY_LOCAL_NAME + + key.getLocalName() + "'", clazz).getResultList(); } finally { mg.close(); } @@ -268,8 +267,8 @@ public class HibernateApexDao extends DefaultApexDao { return null; } if (ret.size() > 1) { - throw new IllegalArgumentException("More than one result was returned for search for " + aClass - + " with key " + key.getId() + ": " + ret); + throw new IllegalArgumentException("More than one result was returned for search for " + clazz + + " with key " + key.getId() + ": " + ret); } return ret.get(0); } diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java index 1f100fde8..e96c8ea49 100644 --- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java +++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/src/test/java/org/onap/policy/apex/plugins/persistence/jpa/hibernate/HibernateApexDaoTest.java @@ -40,31 +40,40 @@ import org.onap.policy.apex.model.basicmodel.concepts.AxReferenceKey; import org.onap.policy.apex.model.basicmodel.dao.DaoParameters; /** - * Junit test for class HibernateApexDao + * Junit test for class HibernateApexDao. * * @author Dinh Danh Le (dinh.danh.le@ericsson.com) * */ public class HibernateApexDaoTest { - private static final List TEST_ARTIKEYS = Arrays.asList(new AxArtifactKey[] { - new AxArtifactKey("ABC", "0.0.1"), new AxArtifactKey("DEF", "0.1.1"), new AxArtifactKey("XYZ", "1.1.1")}); + new AxArtifactKey("ABC", "0.0.1"), + new AxArtifactKey("DEF", "0.1.1"), new AxArtifactKey("XYZ", "1.1.1") + }); - private final DaoParameters DaoParameters = new DaoParameters(); + private final DaoParameters daoParameters = new DaoParameters(); private HibernateApexDao hibernateApexDao = null; + /** + * Set up tests. + * + * @throws ApexException on test setup errors + */ @Before - public void setupDAO() throws ApexException { - DaoParameters.setPluginClass(HibernateApexDao.class.getCanonicalName()); - DaoParameters.setPersistenceUnit("DAOTest"); + public void setupDao() throws ApexException { + daoParameters.setPluginClass(HibernateApexDao.class.getCanonicalName()); + daoParameters.setPersistenceUnit("DAOTest"); hibernateApexDao = new HibernateApexDao(); - hibernateApexDao.init(DaoParameters); + hibernateApexDao.init(daoParameters); } + /** + * Cleardown tests. + */ @After - public void teardownDAO() { + public void teardownDao() { hibernateApexDao.close(); } @@ -115,7 +124,6 @@ public class HibernateApexDaoTest { } } - @Test public void test_getArtifactByReferenceKey() { final AxArtifactKey artifactKey = new AxArtifactKey("XXX", "0.0.1"); @@ -133,12 +141,11 @@ public class HibernateApexDaoTest { assertNull(hibernateApexDao.getArtifact(ReferenceKeyTestEntity.class, anotherReferenceKey)); // assert return only one entity when finding an entity with correct key - final ReferenceKeyTestEntity retEntity = - hibernateApexDao.getArtifact(ReferenceKeyTestEntity.class, referenceKey); + final ReferenceKeyTestEntity retEntity = hibernateApexDao.getArtifact(ReferenceKeyTestEntity.class, + referenceKey); assertEquals(referenceKey, retEntity.getKey()); } - @Test public void test_getArtifactByArtifactKey() { final AxArtifactKey artifactKey = new AxArtifactKey("XXX", "0.0.1"); @@ -157,7 +164,6 @@ public class HibernateApexDaoTest { assertEquals(artifactKey, retEntity.getKey()); } - @Test public void test_deleteByArtifactKey() { // initialize a list of (3) entities corresponding to the list of testArtiKeys @@ -177,7 +183,6 @@ public class HibernateApexDaoTest { assertEquals(100.0, remainingEntities.get(0).getDoubleValue(), 0.0); } - @Test public void test_deleteByReferenceKey() { // prepare 2 AxArtifactKeys @@ -185,9 +190,10 @@ public class HibernateApexDaoTest { final AxArtifactKey owner1Key = new AxArtifactKey("Owner1", "0.0.1"); // prepare a list of (3) AxReferenceKeys corresponding to owner0Key - final List refKey0s = - Arrays.asList(new AxReferenceKey[] {new AxReferenceKey(owner0Key, "Entity01"), - new AxReferenceKey(owner0Key, "Entity02"), new AxReferenceKey(owner0Key, "Entity03")}); + final List refKey0s = Arrays.asList(new AxReferenceKey[] { + new AxReferenceKey(owner0Key, "Entity01"), new AxReferenceKey(owner0Key, "Entity02"), + new AxReferenceKey(owner0Key, "Entity03") + }); // prepare 2 more AxReferenceKeys corresponding to owner1Key final AxReferenceKey refKey11 = new AxReferenceKey(owner1Key, "Entity11"); final AxReferenceKey refKey12 = new AxReferenceKey(owner1Key, "Entity12"); @@ -218,7 +224,6 @@ public class HibernateApexDaoTest { assertEquals(0, hibernateApexDao.getAll(ReferenceKeyTestEntity.class).size()); } - @Test public void test_getAllByArtifactKey() { @@ -228,7 +233,6 @@ public class HibernateApexDaoTest { final AxReferenceKey refKey0 = new AxReferenceKey(artiKey0, "Entity0"); final AxReferenceKey refKey1 = new AxReferenceKey(artiKey1, "Entity1"); - // test with null class with known key --> return an empty list assertNotNull(hibernateApexDao.getAll(null, artiKey1)); assertTrue(hibernateApexDao.getAll(null, artiKey1).equals(Collections.emptyList())); @@ -246,6 +250,4 @@ public class HibernateApexDaoTest { assertEquals(200.0, retEntity.getDoubleValue(), 0); } - - } -- cgit 1.2.3-korg