diff options
author | adheli.tavares <adheli.tavares@est.tech> | 2023-09-28 14:25:43 +0100 |
---|---|---|
committer | adheli.tavares <adheli.tavares@est.tech> | 2023-09-29 10:30:58 +0100 |
commit | cf36274c5ae0bc569ec7ebe2cb4e8f579763cc14 (patch) | |
tree | c9a9403714185944ca9ad0f93cd1478072b748b2 /utils | |
parent | 349b4ae7179173f9261d9a432094cb55dc433820 (diff) |
Fix security vulnerabilities
- iq nexus vulnerabilities
- sonar security hotspots and code smell
Issue-ID: POLICY-4761
Issue-ID: POLICY-4833
Change-Id: Iab2e07d2ee7b90031bc5a30210ce7d3f5a47b3fd
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
Diffstat (limited to 'utils')
-rw-r--r-- | utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java | 5 | ||||
-rw-r--r-- | utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java | 25 |
2 files changed, 15 insertions, 15 deletions
diff --git a/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java b/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java index 90a7c8a1..2c9830dc 100644 --- a/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java +++ b/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java @@ -3,6 +3,7 @@ * ONAP POLICY * ================================================================================ * Copyright (C) 2021 AT&T Intellectual Property. All right reserved. + * Modifications Copyright (C) 2023 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,11 +43,11 @@ public abstract class LoggerMarkerFilter extends AbstractMatcherFilter<ILoggingE return FilterReply.DENY; } - if (event == null || event.getMarker() == null) { + if (event == null || event.getMarkerList() == null) { return FilterReply.DENY; } - if (event.getMarker().equals(marker)) { + if (event.getMarkerList().stream().anyMatch(mk -> mk.equals(marker))) { return FilterReply.ACCEPT; } else { return FilterReply.DENY; diff --git a/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java b/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java index 001c9f06..3ee062f1 100644 --- a/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java +++ b/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java @@ -1,7 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2018 Ericsson. All rights reserved. - * Modifications Copyright (C) 2020 Nordix Foundation. + * Modifications Copyright (C) 2020, 2023 Nordix Foundation. * Modifications Copyright (C) 2020-2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,6 +30,7 @@ import java.net.URL; import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Enumeration; +import java.util.Objects; import java.util.Set; import java.util.TreeSet; import java.util.jar.JarEntry; @@ -83,13 +84,11 @@ public final class ResourceUtils { */ public static String getResourceAsString(final String resourceName) { // Get the resource as a stream, we'll convert it to a string then - final InputStream resourceStream = getResourceAsStream(resourceName); - if (resourceStream == null) { - return null; - } - // Read the stream contents, closing when done - try (var streamCloser = resourceStream) { + try (var resourceStream = getResourceAsStream(resourceName)) { + if (resourceStream == null) { + return null; + } return IOUtils.toString(resourceStream, StandardCharsets.UTF_8); } catch (final IOException e) { LOGGER.debug("error reading resource stream {}", resourceName, e); @@ -111,7 +110,7 @@ public final class ResourceUtils { // Check if the resource exists if (urlToResource == null) { // No resource found - LOGGER.debug("cound not find resource \"{}\" : ", resourceName); + LOGGER.debug("could not find resource \"{}\" : ", resourceName); return null; } @@ -217,7 +216,7 @@ public final class ResourceUtils { * Read the list of entries in a resource directory. * * @param resourceDirectoryName the name of the resource directory - * @return the list of entries + * @return a set of entries */ public static Set<String> getDirectoryContents(final String resourceDirectoryName) { // Find the location of the resource, is it in a Jar or on the local file system? @@ -245,7 +244,7 @@ public final class ResourceUtils { * * @param localResourceDirectoryUrl the local resource file URL * @param resourceDirectoryName the name of the resource directory - * @return a list of the directory contents + * @return a set of the directory contents */ public static Set<String> getDirectoryContentsLocal(final URL localResourceDirectoryUrl, final String resourceDirectoryName) { @@ -257,7 +256,7 @@ public final class ResourceUtils { } Set<String> localDirectorySet = new TreeSet<>(); - for (File localDirectoryEntry : localDirectory.listFiles()) { + for (File localDirectoryEntry : Objects.requireNonNull(localDirectory.listFiles())) { if (localDirectoryEntry.isDirectory()) { localDirectorySet .add(resourceDirectoryName + File.separator + localDirectoryEntry.getName() + File.separator); @@ -274,7 +273,7 @@ public final class ResourceUtils { * * @param jarResourceDirectoryUrl the name of the resource directory in the jar * @param resourceDirectoryName the name of the resource directory - * @return a list of the directory contents + * @return a set of the directory contents */ public static Set<String> getDirectoryContentsJar(final URL jarResourceDirectoryUrl, final String resourceDirectoryName) { @@ -286,7 +285,7 @@ public final class ResourceUtils { Set<String> localDirectorySet = new TreeSet<>(); try (var jarFile = new JarFile(jarFileName)) { - Enumeration<JarEntry> entries = jarFile.entries(); + Enumeration<JarEntry> entries = jarFile.entries(); // NOSONAR while (entries.hasMoreElements()) { /* |