aboutsummaryrefslogtreecommitdiffstats
path: root/utils/src
diff options
context:
space:
mode:
authoradheli.tavares <adheli.tavares@est.tech>2023-09-28 14:25:43 +0100
committeradheli.tavares <adheli.tavares@est.tech>2023-09-29 10:30:58 +0100
commitcf36274c5ae0bc569ec7ebe2cb4e8f579763cc14 (patch)
treec9a9403714185944ca9ad0f93cd1478072b748b2 /utils/src
parent349b4ae7179173f9261d9a432094cb55dc433820 (diff)
Fix security vulnerabilities
- iq nexus vulnerabilities - sonar security hotspots and code smell Issue-ID: POLICY-4761 Issue-ID: POLICY-4833 Change-Id: Iab2e07d2ee7b90031bc5a30210ce7d3f5a47b3fd Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
Diffstat (limited to 'utils/src')
-rw-r--r--utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java5
-rw-r--r--utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java25
2 files changed, 15 insertions, 15 deletions
diff --git a/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java b/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java
index 90a7c8a1..2c9830dc 100644
--- a/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java
+++ b/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java
@@ -3,6 +3,7 @@
* ONAP POLICY
* ================================================================================
* Copyright (C) 2021 AT&T Intellectual Property. All right reserved.
+ * Modifications Copyright (C) 2023 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -42,11 +43,11 @@ public abstract class LoggerMarkerFilter extends AbstractMatcherFilter<ILoggingE
return FilterReply.DENY;
}
- if (event == null || event.getMarker() == null) {
+ if (event == null || event.getMarkerList() == null) {
return FilterReply.DENY;
}
- if (event.getMarker().equals(marker)) {
+ if (event.getMarkerList().stream().anyMatch(mk -> mk.equals(marker))) {
return FilterReply.ACCEPT;
} else {
return FilterReply.DENY;
diff --git a/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java b/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java
index 001c9f06..3ee062f1 100644
--- a/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java
+++ b/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2018 Ericsson. All rights reserved.
- * Modifications Copyright (C) 2020 Nordix Foundation.
+ * Modifications Copyright (C) 2020, 2023 Nordix Foundation.
* Modifications Copyright (C) 2020-2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -30,6 +30,7 @@ import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Enumeration;
+import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import java.util.jar.JarEntry;
@@ -83,13 +84,11 @@ public final class ResourceUtils {
*/
public static String getResourceAsString(final String resourceName) {
// Get the resource as a stream, we'll convert it to a string then
- final InputStream resourceStream = getResourceAsStream(resourceName);
- if (resourceStream == null) {
- return null;
- }
-
// Read the stream contents, closing when done
- try (var streamCloser = resourceStream) {
+ try (var resourceStream = getResourceAsStream(resourceName)) {
+ if (resourceStream == null) {
+ return null;
+ }
return IOUtils.toString(resourceStream, StandardCharsets.UTF_8);
} catch (final IOException e) {
LOGGER.debug("error reading resource stream {}", resourceName, e);
@@ -111,7 +110,7 @@ public final class ResourceUtils {
// Check if the resource exists
if (urlToResource == null) {
// No resource found
- LOGGER.debug("cound not find resource \"{}\" : ", resourceName);
+ LOGGER.debug("could not find resource \"{}\" : ", resourceName);
return null;
}
@@ -217,7 +216,7 @@ public final class ResourceUtils {
* Read the list of entries in a resource directory.
*
* @param resourceDirectoryName the name of the resource directory
- * @return the list of entries
+ * @return a set of entries
*/
public static Set<String> getDirectoryContents(final String resourceDirectoryName) {
// Find the location of the resource, is it in a Jar or on the local file system?
@@ -245,7 +244,7 @@ public final class ResourceUtils {
*
* @param localResourceDirectoryUrl the local resource file URL
* @param resourceDirectoryName the name of the resource directory
- * @return a list of the directory contents
+ * @return a set of the directory contents
*/
public static Set<String> getDirectoryContentsLocal(final URL localResourceDirectoryUrl,
final String resourceDirectoryName) {
@@ -257,7 +256,7 @@ public final class ResourceUtils {
}
Set<String> localDirectorySet = new TreeSet<>();
- for (File localDirectoryEntry : localDirectory.listFiles()) {
+ for (File localDirectoryEntry : Objects.requireNonNull(localDirectory.listFiles())) {
if (localDirectoryEntry.isDirectory()) {
localDirectorySet
.add(resourceDirectoryName + File.separator + localDirectoryEntry.getName() + File.separator);
@@ -274,7 +273,7 @@ public final class ResourceUtils {
*
* @param jarResourceDirectoryUrl the name of the resource directory in the jar
* @param resourceDirectoryName the name of the resource directory
- * @return a list of the directory contents
+ * @return a set of the directory contents
*/
public static Set<String> getDirectoryContentsJar(final URL jarResourceDirectoryUrl,
final String resourceDirectoryName) {
@@ -286,7 +285,7 @@ public final class ResourceUtils {
Set<String> localDirectorySet = new TreeSet<>();
try (var jarFile = new JarFile(jarFileName)) {
- Enumeration<JarEntry> entries = jarFile.entries();
+ Enumeration<JarEntry> entries = jarFile.entries(); // NOSONAR
while (entries.hasMoreElements()) {
/*