summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-09-01 15:40:35 -0400
committerJim Hahn <jrh3@att.com>2021-09-01 16:06:04 -0400
commiteeecf007158660b8e279467146fcee14e71dc804 (patch)
tree7206865c4033eb83f942418c4588b2b3bedea48d
parentd04af420514c9c852af77780f0bd5ee23ebb401a (diff)
Don't create world-writeable directory
Fix sonar: - world-writeable directory Issue-ID: POLICY-3289 Change-Id: I421dd9722d8642992ff8f5991f41a341c834ba1d Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r--feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java43
1 files changed, 11 insertions, 32 deletions
diff --git a/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java b/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java
index f5922588..6ff6a756 100644
--- a/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java
+++ b/feature-state-management/src/main/java/org/onap/policy/drools/statemanagement/RepositoryAudit.java
@@ -24,11 +24,8 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
-import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
-import java.nio.file.SimpleFileVisitor;
-import java.nio.file.attribute.BasicFileAttributes;
import java.util.LinkedList;
import java.util.List;
import java.util.Properties;
@@ -38,6 +35,7 @@ import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import lombok.AllArgsConstructor;
import lombok.Getter;
+import org.apache.commons.io.FileUtils;
import org.onap.policy.common.im.IntegrityMonitorException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -157,6 +155,15 @@ public class RepositoryAudit extends DroolsPdpIntegrityMonitor.AuditBase {
data.dir = Files.createTempDirectory("auditRepo");
logger.info("RepositoryAudit: temporary directory = {}", data.dir);
+ // set its permissions
+ var file = data.dir.toFile();
+ if (!file.setReadable(true, true) || !file.setWritable(true, true) || !file.setExecutable(true, true)) {
+ logger.warn("cannot set directory permissions for {}", file);
+ }
+
+ // ensure nothing has been written to it
+ FileUtils.cleanDirectory(file);
+
// nested 'pom.xml' file and 'repo' directory
final Path pom = data.dir.resolve("pom.xml");
final Path repo = data.dir.resolve("repo");
@@ -206,7 +213,7 @@ public class RepositoryAudit extends DroolsPdpIntegrityMonitor.AuditBase {
/*
* 7) Remove the temporary directory
*/
- Files.walkFileTree(data.dir, new RecursivelyDeleteDirectory());
+ FileUtils.forceDelete(file);
}
@@ -520,34 +527,6 @@ public class RepositoryAudit extends DroolsPdpIntegrityMonitor.AuditBase {
return -1;
}
- /**
- * This class is used to recursively delete a directory and all of its contents.
- */
- private final class RecursivelyDeleteDirectory extends SimpleFileVisitor<Path> {
- @Override
- public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
- return deletePath("file", file);
- }
-
- @Override
- public FileVisitResult postVisitDirectory(Path file, IOException ex) throws IOException {
- if (ex == null) {
- return deletePath("directory", file);
- } else {
- throw ex;
- }
- }
-
- private FileVisitResult deletePath(String type, Path file) {
- try {
- Files.delete(file);
- } catch (IOException e) {
- logger.warn("failed to delete {} {}", type, file, e);
- }
- return FileVisitResult.CONTINUE;
- }
- }
-
/* ============================================================ */
/**