summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsebdet <sebastien.determe@intl.att.com>2021-04-16 17:44:09 +0200
committerS�bastien Determe <sebastien.determe@intl.att.com>2021-04-16 16:41:23 +0000
commit048c655b281c0b65ecb710afb4024261d2114b9b (patch)
tree89d2fb98b4d7d4fe006b2c8ee96c1df7403e47c4
parent4b6371f7ed8e35fd157ea640d05b5898989f32ca (diff)
Fix Sonar security HotSpot
Fix sec issues reported by Sonar Issue-ID: POLICY-3200 Signed-off-by: sebdet <sebastien.determe@intl.att.com> Change-Id: I6cdd3ff24d150333ab69e959bae39e3f0c30263f
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java6
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java23
-rw-r--r--src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java3
-rw-r--r--src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java5
4 files changed, 22 insertions, 15 deletions
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
index 015868141..74aeccda5 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Modifications Copyright (c) 2019 Samsung
@@ -73,7 +73,7 @@ public class DefaultUserConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) {
try {
- http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
+ http.httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
.authenticated().anyRequest().permitAll().and().sessionManagement()
.maximumSessions(1);
diff --git a/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java b/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java
index 4ca6b1cf4..39e64e46b 100644
--- a/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java
+++ b/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2018-2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,9 +26,9 @@ package org.onap.policy.clamp.clds.sdc.controller;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import java.security.SecureRandom;
import java.util.Date;
import java.util.Map.Entry;
-import java.util.concurrent.ThreadLocalRandom;
import org.onap.policy.clamp.clds.config.ClampProperties;
import org.onap.policy.clamp.clds.config.sdc.SdcSingleControllerConfiguration;
import org.onap.policy.clamp.clds.exception.sdc.controller.BlueprintParserException;
@@ -261,7 +261,7 @@ public class SdcSingleController {
try {
// wait for a random time, so that 2 running Clamp will not treat
// the same Notification at the same time
- Thread.sleep(ThreadLocalRandom.current().nextInt(1, 10) * 1000L);
+ Thread.sleep((new SecureRandom().nextInt(10) + 1) * 1000L);
logger.info("Notification received for service UUID:" + notificationData.getServiceUUID());
this.changeControllerStatus(SdcSingleControllerStatus.BUSY);
csar = new CsarHandler(notificationData, this.sdcConfig.getSdcControllerName(),
@@ -383,23 +383,28 @@ public class SdcSingleController {
try {
IComponentDoneStatusMessage message = new IComponentDoneStatusMessage() {
- @Override public String getDistributionID() {
+ @Override
+ public String getDistributionID() {
return notificationData.getDistributionID();
}
- @Override public String getConsumerID() {
+ @Override
+ public String getConsumerID() {
return sdcConfig.getConsumerID();
}
- @Override public long getTimestamp() {
+ @Override
+ public long getTimestamp() {
return System.currentTimeMillis();
}
- @Override public DistributionStatusEnum getStatus() {
+ @Override
+ public DistributionStatusEnum getStatus() {
return status;
}
- @Override public String getComponentName() {
+ @Override
+ public String getComponentName() {
return sdcConfig.getUser();
}
};
diff --git a/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java b/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java
index 2e5db8e24..be5e7917c 100644
--- a/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java
+++ b/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java
@@ -26,6 +26,7 @@ package org.onap.policy.clamp.policy.microservice;
import com.google.gson.JsonObject;
import com.google.gson.annotations.Expose;
import java.io.Serializable;
+import java.security.SecureRandom;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.Column;
@@ -130,7 +131,7 @@ public class MicroServicePolicy extends Policy implements Serializable {
this(Policy.generatePolicyName("MICROSERVICE", service.getName(), service.getVersion(),
loopElementModel.getPolicyModels().first().getPolicyAcronym() + '_'
+ loopElementModel.getPolicyModels().first().getVersion(),
- RandomStringUtils.randomAlphanumeric(3)),
+ RandomStringUtils.random(3, 0, 0, true, true, null, new SecureRandom())),
loopElementModel.getPolicyModels().first(), false, new JsonObject(), loopElementModel, null, null);
this.updateJsonRepresentation(toscaConverter, service);
}
diff --git a/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java b/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java
index 5b29f319c..1646a7cc7 100644
--- a/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java
+++ b/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java
@@ -30,6 +30,7 @@ import com.google.gson.JsonObject;
import com.google.gson.annotations.Expose;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
+import java.security.SecureRandom;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
@@ -114,7 +115,7 @@ public class OperationalPolicy extends Policy implements Serializable {
this(Policy.generatePolicyName("OPERATIONAL", service.getName(), service.getVersion(),
loopElementModel.getPolicyModels().first().getPolicyAcronym() + '_'
+ loopElementModel.getPolicyModels().first().getVersion(),
- RandomStringUtils.randomAlphanumeric(3)), new JsonObject(),
+ RandomStringUtils.random(3, 0, 0, true, true, null, new SecureRandom())), new JsonObject(),
new JsonObject(), loopElementModel.getPolicyModels().first(), loopElementModel, null, null);
this.setLoop(loop);
this.updateJsonRepresentation(toscaConverter, service);
@@ -132,7 +133,7 @@ public class OperationalPolicy extends Policy implements Serializable {
ToscaConverterWithDictionarySupport toscaConverter) {
this(Policy.generatePolicyName("OPERATIONAL", service.getName(), service.getVersion(),
policyModel.getPolicyAcronym() + '_' + policyModel.getVersion(),
- RandomStringUtils.randomAlphanumeric(3)),
+ RandomStringUtils.random(3, 0, 0, true, true, null, new SecureRandom())),
new JsonObject(),
new JsonObject(), policyModel, null, null, null);
this.setLoop(loop);