From cf36274c5ae0bc569ec7ebe2cb4e8f579763cc14 Mon Sep 17 00:00:00 2001 From: "adheli.tavares" Date: Thu, 28 Sep 2023 14:25:43 +0100 Subject: Fix security vulnerabilities - iq nexus vulnerabilities - sonar security hotspots and code smell Issue-ID: POLICY-4761 Issue-ID: POLICY-4833 Change-Id: Iab2e07d2ee7b90031bc5a30210ce7d3f5a47b3fd Signed-off-by: adheli.tavares --- .../common/utils/logging/LoggerMarkerFilter.java | 5 +++-- .../common/utils/resources/ResourceUtils.java | 25 +++++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'utils') diff --git a/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java b/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java index 90a7c8a1..2c9830dc 100644 --- a/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java +++ b/utils/src/main/java/org/onap/policy/common/utils/logging/LoggerMarkerFilter.java @@ -3,6 +3,7 @@ * ONAP POLICY * ================================================================================ * Copyright (C) 2021 AT&T Intellectual Property. All right reserved. + * Modifications Copyright (C) 2023 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,11 +43,11 @@ public abstract class LoggerMarkerFilter extends AbstractMatcherFilter mk.equals(marker))) { return FilterReply.ACCEPT; } else { return FilterReply.DENY; diff --git a/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java b/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java index 001c9f06..3ee062f1 100644 --- a/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java +++ b/utils/src/main/java/org/onap/policy/common/utils/resources/ResourceUtils.java @@ -1,7 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2018 Ericsson. All rights reserved. - * Modifications Copyright (C) 2020 Nordix Foundation. + * Modifications Copyright (C) 2020, 2023 Nordix Foundation. * Modifications Copyright (C) 2020-2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,6 +30,7 @@ import java.net.URL; import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Enumeration; +import java.util.Objects; import java.util.Set; import java.util.TreeSet; import java.util.jar.JarEntry; @@ -83,13 +84,11 @@ public final class ResourceUtils { */ public static String getResourceAsString(final String resourceName) { // Get the resource as a stream, we'll convert it to a string then - final InputStream resourceStream = getResourceAsStream(resourceName); - if (resourceStream == null) { - return null; - } - // Read the stream contents, closing when done - try (var streamCloser = resourceStream) { + try (var resourceStream = getResourceAsStream(resourceName)) { + if (resourceStream == null) { + return null; + } return IOUtils.toString(resourceStream, StandardCharsets.UTF_8); } catch (final IOException e) { LOGGER.debug("error reading resource stream {}", resourceName, e); @@ -111,7 +110,7 @@ public final class ResourceUtils { // Check if the resource exists if (urlToResource == null) { // No resource found - LOGGER.debug("cound not find resource \"{}\" : ", resourceName); + LOGGER.debug("could not find resource \"{}\" : ", resourceName); return null; } @@ -217,7 +216,7 @@ public final class ResourceUtils { * Read the list of entries in a resource directory. * * @param resourceDirectoryName the name of the resource directory - * @return the list of entries + * @return a set of entries */ public static Set getDirectoryContents(final String resourceDirectoryName) { // Find the location of the resource, is it in a Jar or on the local file system? @@ -245,7 +244,7 @@ public final class ResourceUtils { * * @param localResourceDirectoryUrl the local resource file URL * @param resourceDirectoryName the name of the resource directory - * @return a list of the directory contents + * @return a set of the directory contents */ public static Set getDirectoryContentsLocal(final URL localResourceDirectoryUrl, final String resourceDirectoryName) { @@ -257,7 +256,7 @@ public final class ResourceUtils { } Set localDirectorySet = new TreeSet<>(); - for (File localDirectoryEntry : localDirectory.listFiles()) { + for (File localDirectoryEntry : Objects.requireNonNull(localDirectory.listFiles())) { if (localDirectoryEntry.isDirectory()) { localDirectorySet .add(resourceDirectoryName + File.separator + localDirectoryEntry.getName() + File.separator); @@ -274,7 +273,7 @@ public final class ResourceUtils { * * @param jarResourceDirectoryUrl the name of the resource directory in the jar * @param resourceDirectoryName the name of the resource directory - * @return a list of the directory contents + * @return a set of the directory contents */ public static Set getDirectoryContentsJar(final URL jarResourceDirectoryUrl, final String resourceDirectoryName) { @@ -286,7 +285,7 @@ public final class ResourceUtils { Set localDirectorySet = new TreeSet<>(); try (var jarFile = new JarFile(jarFileName)) { - Enumeration entries = jarFile.entries(); + Enumeration entries = jarFile.entries(); // NOSONAR while (entries.hasMoreElements()) { /* -- cgit 1.2.3-korg