Age | Commit message (Collapse) | Author | Files | Lines |
|
- iq nexus vulnerabilities
- sonar security hotspots and code smell
Issue-ID: POLICY-4761
Issue-ID: POLICY-4833
Change-Id: Iab2e07d2ee7b90031bc5a30210ce7d3f5a47b3fd
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
Issue-ID: POLICY-4668
Change-Id: If4e79224de61d66d7514f3abbd7b8bee1c3d5681
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
Issue-ID: POLICY-4482
Change-Id: Ibc0833313bf8eb5330c414ff00a31313500959e6
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
The result returned by the new GSON version has a forward slash at the
end.
Issue-ID: POLICY-4070
Change-Id: I218be9a3d21a78071323ae2127efa74353022800
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Issue-ID: POLICY-3761
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: Ib4885e8f412c540796de37d18fc553da0a04f46c
|
|
Issue-ID: POLICY-3845
Signed-off-by: Rashmi Pujar <rashmi.pujar1@bell.ca>
Change-Id: Ib72691a80aa56249532058dac9c9e59936254fff
|
|
Issue-ID: POLICY-3761
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I3f11d2fdb49d5b38d51add86ab6989e5d93584e9
|
|
The "com/google" resource bundle now contains more than 189 files, so
this test is changed to insetead check for the existence of
"com/google/gson", otherwise this test could break every time we update
gson.
Issue-ID: POLICY-3849
Change-Id: Id979bb7a3d2453956701f64057accb08228a774d
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Created utility methods to create temp files and set default
permissions. These can be used in other repos to satisfy sonar.
Also added code to close streams and clean up temp files created
by some junit tests.
Modified to use IOUtils to read a stream.
Issue-ID: POLICY-3289
Change-Id: Ic83e4f4d7745be7b37ebb42bf1d81e303d8dadc9
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
|
|
Modified the ServiceManager code so that isAlive() can be invoked
without requiring synchronization, thus eliminating one potential area
of deadlock.
Issue-ID: POLICY-3531
Change-Id: I27d060c3a7cfad8dab20a197d1e42c4ee607a1e2
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-3284
Change-Id: I13fc28c6ae681871be8bb9cf3d222d7c65459a44
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
avoid EELF lib dependency, was suggested to move
to common util instead
Issue-ID: POLICY-3087
Change-Id: I79a2f5ba32fd3fc496ef3f72a02f4696b766f9c7
Signed-off-by: Taka Cho <takamune.cho@att.com>
|
|
Added a method that PAPs and PDPs can use to generate a unique name or
identifier to be used in PAP-PDP messages.
Issue-ID: POLICY-3410
Change-Id: I22b075b123f79ba05e0884f743296c4bc64842b9
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-3394
Change-Id: I42a18c115c3ca7110f37fc0ae8aeea3f2bbffb37
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed sonar issue:
- class should not be abstract
Issue-ID: POLICY-3284
Change-Id: I9c4aa149b7321cbcaff8dce5e2999315a06f19b0
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
The factory classes in policy-endpoints have toString() methods that
return "[]" for their list contents. Updated the code to provide a list
of the keys rather than just an empty list.
Also replaced some toString() methods with lombok.
Also replace StringBuilder with concatenation in some cases.
Issue-ID: POLICY-3298
Change-Id: I64fca21a4b009f7e09fcc482b5d156753fb7e680
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Sonar complains about java.util.regex. Thought I used re2j when
creating all of the patterns, but apparently not. Fixed that oversight.
Issue-ID: POLICY-3284
Change-Id: Idbec112ab0d4c3b477ce357f8a556d95e4dea083
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed sonars:
- use "var" instead of actual type name
- re-interrupt threads
- use rej2 split() instead of String split()
Issue-ID: POLICY-3285
Change-Id: I82261e0b8a53ee5c5264556fbf5cec37454f014e
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
|
|
This reverts commit 04623fef95f2b164d79ad48de2ef3708d02eda80.
Reason for revert: prefer consistency with gson
Issue-ID: POLICY-3172
Change-Id: Ic2501abcc68ec1186142a7e520e7985c43fd3315
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Added a Handler for command line classes to share common strucutures.
Issue-ID: POLICY-3128
Change-Id: I662911c467faf5c39b8db018bb1a564fba7587a6
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
Currently, if the source string or source file is empty, the
StandardCoder just returns null. Modified it to throw an exception in
those cases. However, if the string reference is null, it will still
return null.
Issue-ID: POLICY-3172
Change-Id: Ie7d5e1b0328a24d94a75af8d18a341faebbe5d5f
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
policy-clamp is now a valid component inthe policy framework and should
be added to the message constants in policy common.
Issue-ID: POLICY-2971
Change-Id: Iead3d4f854057c8e968d62928026b74c41bc1346
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
When a YAML number is decoded directly to type Object.class using the
decode() or fromJson() methods of the StandardYamlCoder, the number is
left as a Double. It should be converted to an Integer or Long, where
possible.
Issue-ID: POLICY-2900
Change-Id: I7707ac5c54167cbc3a4b23985c6e5fa1a507324e
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
When we upgrade to oparent, these will fail as oparent upgrades
to 8.37 of puppycrawl which fixes a few bugs that should have
flagged these previously.
Issue-ID: POLICY-2887
Change-Id: I5618ce67d84e94321f884ed6d929c05fc33a0b3d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Sonar reports that CryptoUtils is using AES with CBC, which is known
to be insecure. Switched to "AES/GCM/NoPadding".
Note: values in any property files using encryption or the "enc:"
prefix will have to be re-encrypted.
Issue-ID: POLICY-2801
Change-Id: I41f00d4f3ee67a00b92135150120d1faa621655a
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the following sonar issues:
- extract common test methods
Issue-ID: POLICY-2650
Change-Id: I0b27c83d7bbe3d5fe83859b189c37507aabe7489
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the following sonars:
- too many assertions in a test case
- use parameterized test method
Disabled production sonars for util-test, as the entire module is only
used for testing other modules.
Issue-ID: POLICY-2650-sonar
Change-Id: If49775a6c95855dcd9601ee0d833bb00741b1550
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Change-Id: Ic1b0a3b467fd9e4f65b2e12d9f6ed33e38e4f44d
Issue-ID: POLICY-2755
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
This trust manager is not secure and should be avoided. However,
it is only used when the configuration explicitly says to allow
self-signed certificates. Modified the code to use an apache trust
manager, thus avoid the sonar complaint.
Issue-ID: POLICY-2650
Change-Id: Iaf4c72689916ed5ed5e6864666f3f54b2c5e0f12
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed issues reported due to updates to the sonar rules:
- invoke only one method in a junit lambda
- complete the assertion
- add DOCTYPE to html
Issue-ID: POLICY-2650
Change-Id: Ib8b8a2e4736cc23849c0f7aef972ffa3365a3e00
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-2188
Change-Id: I00843c61a6567001fc35c3ebb77b6843a1eb7da2
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Addressed the following issues:
- unused imports
- unused method parameters
- use assertEquals, assertSame instead of assertTrue
- provide the parametrized type for this generic
Also fixed some checkstyle issues:
- removed blank lines between "import" groups
Issue-ID: POLICY-2650
Change-Id: I004bb650ac10c49ccd0fc405f6959896fec39f9b
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Forgot to update licenses on some of the files that were modified
as part of addressing sonar issues. Updated.
Issue-ID: POLICY-2305
Change-Id: I9858bfb54be5b8eb42406e944361ec100ae238ff
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed additional sonar issues:
- infinit loop; while the issue is bogus, it was easy enough to
modify the code to satisfy sonar
- doesn't like "volatile"; again, the issue is bogus, but easy enough
to modify the code
Disabled a couple of sonars in NetworkUtil, as they are not actually
an issue.
Issue-ID: POLICY-2305
Change-Id: I5500183e3fe4060696994cff55bdae4ba7e138c7
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the following sonar issues:
- missing assertion in junit test case
- disable sonars about setAccessible() as it's required for jackson
emulation
- sleep in junit
- don't use wild-cards (e.g., "*") with java.util Pattern
- use re2j instead of java.util Pattern
- use String methods (e.g., startsWith())
- duplicate method bodies
- duplicate code in Coder classes
- string concatenation in logger calls
- UTF-8 encoding
- return primitive instead of boxed primitive
- add assertion to tests
- renamed support methods from doTestXxx to verifyXxx
- cognitive complexity
- use AtomicRef instead of volatile
- use specific Functionals (e.g., IntConsumer)
- function always returns the same value
- serializable vs transient
Issue-ID: POLICY-2305
Change-Id: I08eb7aa495a80bdc1d26827ba17a7946c83b9828
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Unused imports
Not enough arguments
Issue-ID: POLICY-2204
Change-Id: I6405cb697ea976096b1276e2291b1c73617d33b5
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Extracted code from ControlLoopUtils to create a new class in
common, PropertyObjectUtils.
Fixed a deprecated method invocation in a junit.
Fixed an object casting (i.e., sonar) issue in SCO.
Issue-ID: POLICY-2305
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I331a47297f67097ea6986be125ef93cd1954b5ff
|
|
Added type adapters for Instant, LocalDateTime, and ZonedDateTime. UUID
seems to work already.
Added new Coder that offers an alternative encoding for Instant.
Issue-ID: POLICY-1625
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I5230fa7fe955d78c5f2da1316cb1504b5875ea84
|
|
Uped the time for Thread.sleep due to new http core dependency. It
seems to randomly timeout inconsistently due to that upgrade.
Google gson seems to have changed its layout. Did not see any
problems with the other repos.
Issue-ID: POLICY-2381
Change-Id: Id2a9bfffd42a2c713af042bd2a8cc4abafba2d9f
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
This addresses Liam's review comment about moving the "translate"
method from the actor Util class into policy-common.
Added a method to Coder to convert from one object type to
another (e.g., from a Map to a POJO, or vice versa).
Issue-ID: POLICY-2363
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I2a0b5ab4ce4b0eeda216a57cbe23a8bb64f64940
|
|
Added support for array indices in StandardCoderObject getString().
Also made it Serializable.
Issue-ID: POLICY-1625
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: Ia514aed96fdfe7f635c5a6dc3e1f90939654d383
|
|
|
|
"Pretty" JSON is often needed, so added Coder.pretty() to facilitate
that.
Incorporated review comment(s):
- changed pretty() to encode(object, pretty)
Issue-ID: POLICY-1625
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I180fa6de416836008bf1c410132ae30f4dde9271
|
|
The junit for ResourceUtilsTest fails when run on a non-linux box due
to the different path separator. Modified the test to normalize path
names before making comparisons.
Issue-ID: POLICY-1625
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I58db71155d30b379e20e7c46bedfc6d79e26b6cb
|
|
When decoding straight into a List or Map class, StandardCoder was not
applying the double-to-int conversion. Fixed it.
Issue-ID: POLICY-1625
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I939e3378645d45ac98d2bca6b2a4076870a05626
|
|
Issue-ID: POLICY-2331
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: Ic3e8d21715d17a61ea5d07740dd9f4dd0dbb8641
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
|
|
If you try and write to a file where part of the pat does not exist,
that path should be created.
Issue-ID: POLICY-1581
Change-Id: Ifb7a4ff4e1804814b6679956f0c58d5ac026c4a4
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Removal of UTF-8 because its already set
capabilities doesn't generate any code, no need to include
override false positives for passwords etc.
override for logging and exception throw that we want
add synchronized to overrides that are synchronized
ignore checking of some conditions
adding synchronized to match set* methods
Issue-ID: POLICY-2321
Change-Id: I26d9ca22a0cdd67fdaae9c44b718b8dc103f190e
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|