Age | Commit message (Collapse) | Author | Files | Lines |
|
- iq nexus vulnerabilities
- sonar security hotspots and code smell
Issue-ID: POLICY-4761
Issue-ID: POLICY-4833
Change-Id: Iab2e07d2ee7b90031bc5a30210ce7d3f5a47b3fd
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
Issue-ID: POLICY-4668
Change-Id: If4e79224de61d66d7514f3abbd7b8bee1c3d5681
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
Issue-ID: POLICY-4533
Change-Id: I9d2e4d90bf997935efad16e8ae4473d635ae9d65
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
- Upgrade Hibernate
- Upgrade Mockito
- Upgrade Mockserver
- Remove Powermock (no longer supported) and replace with spring-test ReflectionTestUtils
- Upgrade Spring Framework
- Add spring-security to allow authentication on unit tests using MockMVC
Minor clean-up
- Replace deprecated authorization configuraiton on spring boot applications with SecurityFilterChain bean
- Change @LocalPort include on tests to use test include rather than runtime include
- Remove unused imports
- Remove unused constants and variables
- Add deprecation annotations where required
Issue-ID: POLICY-4482
Change-Id: Iec5ba1283acd506c9f3c7fe7b5d7858db6abbaa7
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Issue-ID: POLICY-4393
Change-Id: I5b82f5e17ae8827486cc477d7ade4ed46e2e902b
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Issue-ID: POLICY-3206
Change-Id: I6d14a62e6619e2162e68846853feb36b95274866
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
The new version of checkstyle identified new issues. Fixed those.
Issue-ID: POLICY-3284
Change-Id: I2a8bf2b460fda7972ce573f14df5af52d46c9993
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-3394
Change-Id: I42a18c115c3ca7110f37fc0ae8aeea3f2bbffb37
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Also condensed some Map calls.
Issue-ID: POLICY-3394
Change-Id: I850fcad5a72d92271da76b0731195e8b93dd4089
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Sonar complains about java.util.regex. Thought I used re2j when
creating all of the patterns, but apparently not. Fixed that oversight.
Issue-ID: POLICY-3284
Change-Id: Idbec112ab0d4c3b477ce357f8a556d95e4dea083
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed sonars:
- use "var" instead of actual type name
- re-interrupt threads
- use rej2 split() instead of String split()
Issue-ID: POLICY-3285
Change-Id: I82261e0b8a53ee5c5264556fbf5cec37454f014e
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the issues:
- use of eq() in verify()
- remove @NamedQueries
- use computeIfAbsent()
Issue-ID: POLICY-2914
Change-Id: I265bc98f0f326e7b4ce86c25e68fc4859bd7fb02
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
When the commit for https://gerrit.onap.org/r/c/policy/parent/+/109705
was applied, it broke the changes to common to fix new sonar issues.
Backed out some of those changes.
Issue-ID: POLICY-2650
Change-Id: Id498392ff798e49c281296575223298c0b6e5143
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed the following issues:
- don't use annotation wrappers
- version overridden in pom
Issue-ID: POLICY-2650
Change-Id: Ia520037529861f8ace160c172ed70a5671b740d9
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-2188
Change-Id: I00843c61a6567001fc35c3ebb77b6843a1eb7da2
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Addressed the following issues:
- unused imports
- unused method parameters
- use assertEquals, assertSame instead of assertTrue
- provide the parametrized type for this generic
Also fixed some checkstyle issues:
- removed blank lines between "import" groups
Issue-ID: POLICY-2650
Change-Id: I004bb650ac10c49ccd0fc405f6959896fec39f9b
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Change-Id: Ia98493a3ec6ad91a46c88ab71998eb039da44842
Issue-ID: POLICY-2627
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
Forgot to update licenses on some of the files that were modified
as part of addressing sonar issues. Updated.
Issue-ID: POLICY-2305
Change-Id: I9858bfb54be5b8eb42406e944361ec100ae238ff
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed additional sonar issues:
- infinit loop; while the issue is bogus, it was easy enough to
modify the code to satisfy sonar
- doesn't like "volatile"; again, the issue is bogus, but easy enough
to modify the code
Disabled a couple of sonars in NetworkUtil, as they are not actually
an issue.
Issue-ID: POLICY-2305
Change-Id: I5500183e3fe4060696994cff55bdae4ba7e138c7
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the following sonar issues:
- missing assertion in junit test case
- disable sonars about setAccessible() as it's required for jackson
emulation
- sleep in junit
- don't use wild-cards (e.g., "*") with java.util Pattern
- use re2j instead of java.util Pattern
- use String methods (e.g., startsWith())
- duplicate method bodies
- duplicate code in Coder classes
- string concatenation in logger calls
- UTF-8 encoding
- return primitive instead of boxed primitive
- add assertion to tests
- renamed support methods from doTestXxx to verifyXxx
- cognitive complexity
- use AtomicRef instead of volatile
- use specific Functionals (e.g., IntConsumer)
- function always returns the same value
- serializable vs transient
Issue-ID: POLICY-2305
Change-Id: I08eb7aa495a80bdc1d26827ba17a7946c83b9828
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Either log or rethrow
Use boolean expression
Add at least one test
Remove commented out code
Issue-ID: POLICY-2204
Change-Id: I4fdf31aea75303e4f49d25198eb3b12341995bfe
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Removal of UTF-8 because its already set
capabilities doesn't generate any code, no need to include
override false positives for passwords etc.
override for logging and exception throw that we want
add synchronized to overrides that are synchronized
ignore checking of some conditions
adding synchronized to match set* methods
Issue-ID: POLICY-2321
Change-Id: I26d9ca22a0cdd67fdaae9c44b718b8dc103f190e
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Issue-ID: POLICY-1583
Change-Id: Ic46ffcb6eb5b0d18f9cb0a6a2ec46374e523f54a
Signed-off-by: HOCKLA <ah999m@att.com>
|
|
The laest Eclipse checkstyle version 8.26.0 does more thorough checking
and identified a number of small issues in the apex-pdp codebase. This
review fixes those issues.
logging pattern in logback.xml files amended to be less than 120
characters. Test case added for checking parameter is valid.
Issue-ID: POLICY-2204
Change-Id: Id7293e44b56c225afc6290e1c599603e9ebedb19
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Replaced AlertSeverity with severity in logback xml files, because
the MDC only has severity.
Change-Id: I118b195b65555c915c723faf117c4f4854e990f3
Issue-ID: POLICY-1989
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Renamed enums to upper case - this might disrupt other repos, though
it should be minimal.
Renamed constants in a junit test.
Change-Id: Ifd864bb61eec3d9b3c7a0321fe3841696046f6f6
Issue-ID: POLICY-1791
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
With the sonar fixes, IntegrityAudit is no longer allowing an empty
DB password. This breaks some junits in other policy repos.
Corrected the issue.
Change-Id: I291d1592ffd80ee76dd9758b3b7156436c579dab
Issue-ID: POLICY-1791
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Removed duplicate code in DbDao by refactoring common code
into a new updateIae() method.
Removed duplicate code in IntegrityMonitor by refactoring common code
into a new withinTransaction() method.
Removed duplicate code in StateManagementEntity, StateElement by
replacing with lombok Getter & Setter annotations.
Removed duplicate code in StateManagement by refactoring common code
into new setState() and getState() methods. Also removed
logger.isDebugEnabled() tests.
Added coverage for StateChangeNotifier.
Change-Id: I2e29b836dafc5de569a2267206a6a34105e44021
Issue-ID: POLICY-1791
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Mostly used Eclipse Refactor->Extract Method to reduce cyclomatic
complexity. Also combined a few "if" statements to reduce nesting
levels.
Also addressed some sonar issues in the tests (e.g., use "<>" where
appropriate).
Did not attempt to increase junit coverage.
Change-Id: I9d6c1305ce455f0d64249b548d123bb9bf37292a
Issue-ID: POLICY-1791
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Note: this does not increase code coverage, but should fix other
code issues.
Resolved cyclomatic complexity issue in ParameterValidationResult.
Refactored duplicate code in GroupValidationResult.
Removed IOException from NetworkUtil "throws".
Replaced null/empty string tests with StringUtils.isBlank().
Added @FunctionalInterface where needed.
Replaced anonymous classes with lambda expressions.
Replaced duplicate strings with a constant.
Added private constructors for utility classes.
Removed sleep() from tests.
Removed unused parameter from method call.
Made some protected methods private.
Compute integrity monitor's state-transition table once.
Use for-loop instead of iterator.
Moved constructors.
Fixed some checkstyle issues (tabs => spaces, trailing spaces).
Change-Id: I9a962ca45c4ff3f212c6014da799d06f07b232ef
Issue-ID: POLICY-1791
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Changed "DbDAO" to "DbDao".
Change-Id: I51a6706cceef6857404ae7c12ce43e553ea0da29
Issue-ID: POLICY-1133
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
These are mainly duplicate strings. But also combined
if statements and fixing some debug messages missing
arguments or format specifiers. Some duplicates I left
alone as it seemed unreadable to change them. Also
moving variables to their correct place (before constructors).
Issue-ID: POLICY-1130
Change-Id: I8018c676b22fe8fec635f129fa37921ad1004569
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Adding javadoc comments, renaming variables names,
fixed whitespace and 120 length. Also some variables
were made final since they were declared further from
usage. Splitting out Asserts.
Still remaining are the abbreviations.
Issue-ID: POLICY-881
Change-Id: I31ce5a9eea02578bce023c0c607a19108bb726fa
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
More fixes for spacing, adding comments, adding period at the
end, and move code closer to usage.
Issue-ID: POLICY-881
Change-Id: Ife99eaf627a221e87d65d24dfd145b0ee4e06d21
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Modified the code to use a CurrentTime object for its "time" operations
(e.g., sleep(), currentTimeInMillis()). Modified junit tests to replace
the CurrentTime object with TestTime objects so they don't actually
do any sleeping.
Reformat "commit" message.
Remove TODO from junit test.
Init testTime in junit setUp().
Add AuditorTime and test classes.
Change "latch" to "semaphore" in comments.
Change time units in junit test from SECONDS to MILLISECONDS.
Add sleep() method to auditor test class.
Reorder field qualifiers.
Change utils scope to "compile" in pom.
Change-Id: I8aa8b642b315156c00422192e4aa8e47b4503c2f
Issue-ID: POLICY-908
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Change-Id: I5d5cc7d581f78d5551e2fe7447720403bb63ada2
Issue-ID: POLICY-908
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Logback complains if %d{} values contain """, but it works fine
without them, thus they have been removed.
Update license header.
Change-Id: Ie72cc5ec922c161e1fd5058021a57282c4f0134b
Issue-ID: POLICY-785
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Update license date.
Change-Id: I912e1d8ab56b124178b4bfdd8646ee62b48b386c
Issue-ID: POLICY-759
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Removed checkstyle warnings in policy/common/ia
Issue-ID: POLICY-695
Change-Id: I25f589dff5ce1dba0681ba549a53087426593d71
Signed-off-by: mmis <michael.morris@ericsson.com>
|
|
Fixed a few more generic exceptions in integrity-audit and
integrity-monitor.
Fixed license dates.
Change-Id: Ibbc21ae5f853896e0d3e416e33b5ea2a13672f62
Issue-ID: POLICY-246
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Added additional DbDAO constructors to facilitate JUnit testing.
Added DbDAO destroy() method to close the EntityManagerFactory.
Pulled out common code into IntegrityAuditTestBase and subclassed
the tests from there.
Added hooks to IntegrityAudit so that the AuditThread timers could
be set to smaller values so that all of the junit tests could be
run in much less time.
Added similar hooks to DbAudit.
Modified integrity-audit tests to use new utility classes to auto-close
JPA managers.
Modified integrity-audit tests to use new utility class to scan logger
items without the need to scan the actual log file.
Added code to new test superclass to truncate the four ONAP logs.
Modified hooks in IntegrityAuditEntity to adjust serialization
so that dates are not serialized/de-serialized when used in junit
tests.
Deleted TestingUtils.
Added a test for invalid nodeType property.
Fixed issue wherein AuditThread doesn't stop when interrupted.
Change-Id: I5101995b6b68655b2810777bc4d2ec80c7cbc363
Issue-ID: POLICY-582
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Added utils-test project to policy/common.
Modified integrity-audit and integrity-monitor to use the new
utils-test project to test the Exception subclasses.
Change-Id: If4a27cdb2351b7c49b084dbf287950172fa059cf
Issue-ID: POLICY-582
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
* Useless assignments
* Commented out code
* Unused imports
* Add simple JUnit for exception classes
Issue-ID: POLICY-456
Change-Id: I012c2b6bdaf1b5803b2f1c37fd4d9514055e4ef0
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
IntegrityMonitor.java:
Renamed variables, Ex: dep_groups => depGroups.
Renamed enum constants, Ex: pdp_xacml => PDP_XACML.
Merged "if" tests.
Cast values to "long" before multiplying.
Re-throw interrupt().
Write exception via logger instead of e.printStackTrace().
Moved constructor to top of the file.
Removed most logger.isDebugEnabled() checks.
Returned generic List instead of ArrayList.
Used entrySet() instead of keySet().
Removed useless parentheses.
Removed superfluous exceptions from "throws" declaration.
DbAudit.java:
Modified DbAudit to throw DbAuditException.
Replaced references to HashSet and HashMap with generic Set and Map.
Modified DbAudit to iterate over entrySet() instead of keySet().
ComponentAdminException:
Created ComponentAdminException class.
Modified ComponentAdmin methods to throw new exception class.
Extracted "stateManager" String constant.
Eliminated logger.isDebugEnabled() calls.
Updated the license data.
Eliminated double-checked locking problem from PropertyUtil:
Modified code to use Initialization On Demand Holder idiom.
Change-Id: Ic01288542041da26df483ce85ecaf292ac138f85
Issue-ID: POLICY-246
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Address technical debt in policy/common integrity-audit submodule.
Implementation for empty constructors, remove useless assignment,
use <> on constructor, use @Override. Not all technical debt
addressed, only the ones specified by Pam in POLICY-336, except
the use Set instead of HashSet where a method signature would
change.
Issue-ID: POLICY-456
Change-Id: If8f9f4151503bdd22c8c405485538f8be779cabd
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Replaced the string parameter with a StringBuilder so that the modified
version can be accessed outside the method, since strings are immutable.
Added null check for properties. Removed trim on properties in case the
property is null. Added junit to test that the modified StringBuilder can
be read outside the paramsAreBad method.
Issue-ID: POLICY-492
Change-Id: I0550e9d639cbbcc876e6aafb84f6e9a363b653ff
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Remove the line where password get stored in variable
Issue-ID: POLICY-442
Change-Id: I5d474c7a27dfbdcf49b5f1578be75bd2cb627afe
Signed-off-by: Joseph Chou <jc2555@att.com>
|
|
Focused on hard coded passwords. I believe they are only
used for JUnit tests so I moved them into a file for use.
If they still show up on sonar then I will move into a properties
file and/or mark as not going to fix.
Issue-ID: POLICY-237
Change-Id: I6fa561714091043a2ea5e2edfb0441c2dfc8b044
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Just logging the exceptions anyway and remove e.printstack since
that goes to stdout/stderr.
Issue-ID: POLICY-195
Change-Id: I60616bd6ce633e2fcae266bb37eb735c6e6bb4c4
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Addressing the following sonar critical:
Use a logger to log this exception
Either log or rethrow this exception
It does not hurt to simply do these as well as clean out
lines of code that dump to Sys.out via e.printStackTrace.
Issue-ID: POLICY-195
Change-Id: Ibc328094a0653b7baa04778298e4a69955105ea3
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|