summaryrefslogtreecommitdiffstats
path: root/feature-pooling-dmaap/src/main/java/org/onap
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2018-06-18 13:51:39 -0400
committerJim Hahn <jrh3@att.com>2018-06-18 13:51:39 -0400
commiteb5d536f169528a6e86c03feb4c2b21743936f34 (patch)
tree18aee39402c1f989eea05cbb77eef866fc4c2649 /feature-pooling-dmaap/src/main/java/org/onap
parentb706707b5f209f0b7332ecec3a949ac03e7016b9 (diff)
Fix fortify issue with pooling extractor class
The pooling extractor class was using reflection to extract values from private fields. It has been modified to only extract from public fields or to use public getXxx() methods instead. Change-Id: I3aafe9ebfcd41d0e71dc3529030597609b704f53 Issue-ID: POLICY-906 Signed-off-by: Jim Hahn <jrh3@att.com>
Diffstat (limited to 'feature-pooling-dmaap/src/main/java/org/onap')
-rw-r--r--feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/ClassExtractors.java21
-rw-r--r--feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/FieldExtractor.java2
2 files changed, 6 insertions, 17 deletions
diff --git a/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/ClassExtractors.java b/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/ClassExtractors.java
index 782511f5..97e96337 100644
--- a/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/ClassExtractors.java
+++ b/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/ClassExtractors.java
@@ -39,8 +39,10 @@ import org.slf4j.LoggerFactory;
* <code>&lt;a.prefix>.&lt;class.name> = ${event.reqid}</code>
* </pre>
*
- * If it doesn't find a property for the class, then it looks for a property for
- * that class' super class or interfaces. Extractors are compiled and cached.
+ * <p>For any given field name (e.g., "reqid"), it first looks for a public "getXxx()"
+ * method to extract the specified field. If that fails, then it looks for a public field
+ * by the given name. If that also fails, and the object is a <i>Map</i> subclass, then it
+ * simply uses the "get(field-name)" method to extract the data from the map.
*/
public class ClassExtractors {
@@ -441,27 +443,16 @@ public class ClassExtractors {
}
try {
- return clazz.getDeclaredField(name);
+ return clazz.getField(name);
} catch (NoSuchFieldException expected) {
// no field by this name - try super class & interfaces
logger.debug("no field {} in {}", name, clazz.getName(), expected);
+ return null;
} catch (SecurityException e) {
throw new ExtractorException("inaccessible field " + clazz + "." + name, e);
}
-
-
- Field field;
-
- // see if the superclass has an extractor
- if ((field = getClassField(clazz.getSuperclass(), name)) != null) {
- return field;
- }
-
- // not necessary to check the interfaces
-
- return field;
}
}
}
diff --git a/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/FieldExtractor.java b/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/FieldExtractor.java
index 132b8ed0..d394795d 100644
--- a/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/FieldExtractor.java
+++ b/feature-pooling-dmaap/src/main/java/org/onap/policy/drools/pooling/extractor/FieldExtractor.java
@@ -42,8 +42,6 @@ public class FieldExtractor implements Extractor {
*/
public FieldExtractor(Field field) {
this.field = field;
-
- field.setAccessible(true);
}
@Override