diff options
author | Jim Hahn <jrh3@att.com> | 2021-09-01 15:40:35 -0400 |
---|---|---|
committer | Jim Hahn <jrh3@att.com> | 2021-09-01 16:06:04 -0400 |
commit | eeecf007158660b8e279467146fcee14e71dc804 (patch) | |
tree | 7206865c4033eb83f942418c4588b2b3bedea48d | |
parent | d04af420514c9c852af77780f0bd5ee23ebb401a (diff) |
Don't create world-writeable directory
Fix sonar:
- world-writeable directory
Issue-ID: POLICY-3289
Change-Id: I421dd9722d8642992ff8f5991f41a341c834ba1d
Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r-- | feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java | 43 |
1 files changed, 11 insertions, 32 deletions
diff --git a/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java b/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java index f5922588..6ff6a756 100644 --- a/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java +++ b/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java @@ -24,11 +24,8 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; -import java.nio.file.FileVisitResult; import java.nio.file.Files; import java.nio.file.Path; -import java.nio.file.SimpleFileVisitor; -import java.nio.file.attribute.BasicFileAttributes; import java.util.LinkedList; import java.util.List; import java.util.Properties; @@ -38,6 +35,7 @@ import java.util.concurrent.TimeUnit; import java.util.regex.Pattern; import lombok.AllArgsConstructor; import lombok.Getter; +import org.apache.commons.io.FileUtils; import org.onap.policy.common.im.IntegrityMonitorException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -157,6 +155,15 @@ public class RepositoryAudit extends DroolsPdpIntegrityMonitor.AuditBase { data.dir = Files.createTempDirectory("auditRepo"); logger.info("RepositoryAudit: temporary directory = {}", data.dir); + // set its permissions + var file = data.dir.toFile(); + if (!file.setReadable(true, true) || !file.setWritable(true, true) || !file.setExecutable(true, true)) { + logger.warn("cannot set directory permissions for {}", file); + } + + // ensure nothing has been written to it + FileUtils.cleanDirectory(file); + // nested 'pom.xml' file and 'repo' directory final Path pom = data.dir.resolve("pom.xml"); final Path repo = data.dir.resolve("repo"); @@ -206,7 +213,7 @@ public class RepositoryAudit extends DroolsPdpIntegrityMonitor.AuditBase { /* * 7) Remove the temporary directory */ - Files.walkFileTree(data.dir, new RecursivelyDeleteDirectory()); + FileUtils.forceDelete(file); } @@ -520,34 +527,6 @@ public class RepositoryAudit extends DroolsPdpIntegrityMonitor.AuditBase { return -1; } - /** - * This class is used to recursively delete a directory and all of its contents. - */ - private final class RecursivelyDeleteDirectory extends SimpleFileVisitor<Path> { - @Override - public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) { - return deletePath("file", file); - } - - @Override - public FileVisitResult postVisitDirectory(Path file, IOException ex) throws IOException { - if (ex == null) { - return deletePath("directory", file); - } else { - throw ex; - } - } - - private FileVisitResult deletePath(String type, Path file) { - try { - Files.delete(file); - } catch (IOException e) { - logger.warn("failed to delete {} {}", type, file, e); - } - return FileVisitResult.CONTINUE; - } - } - /* ============================================================ */ /** |