From 0945bc95ad1eb147c1ddf3d2069ad9a531838649 Mon Sep 17 00:00:00 2001 From: jhh Date: Mon, 14 Jun 2021 17:20:51 -0500 Subject: Use re2j pattern for sonar vulnerabilities Issue-ID: POLICY-3289 Signed-off-by: jhh Change-Id: Id6d58b5c8ac5f7715286f21274ccf5eea9155fd2 --- .../onap/policy/drools/lifecycle/LifecycleFsm.java | 4 +++- .../policy/drools/mdc/filters/MdcTopicFilter.java | 19 +++++++++++-------- .../controller/IndexedDroolsControllerFactory.java | 16 ++++++---------- .../system/internal/AggregatedPolicyController.java | 16 ++++++++-------- 4 files changed, 28 insertions(+), 27 deletions(-) diff --git a/feature-lifecycle/src/main/java/org/onap/policy/drools/lifecycle/LifecycleFsm.java b/feature-lifecycle/src/main/java/org/onap/policy/drools/lifecycle/LifecycleFsm.java index 5882025a..0e602ec5 100644 --- a/feature-lifecycle/src/main/java/org/onap/policy/drools/lifecycle/LifecycleFsm.java +++ b/feature-lifecycle/src/main/java/org/onap/policy/drools/lifecycle/LifecycleFsm.java @@ -21,6 +21,7 @@ package org.onap.policy.drools.lifecycle; +import com.google.re2j.Pattern; import java.lang.reflect.InvocationTargetException; import java.time.Instant; import java.util.ArrayList; @@ -82,6 +83,7 @@ public class LifecycleFsm implements Startable { public static final long DEFAULT_STATUS_TIMER_SECONDS = 120L; private static final Logger logger = LoggerFactory.getLogger(LifecycleFsm.class); + private static final Pattern COMMA_SPACE_PAT = Pattern.compile("\\s*,\\s*"); protected static final String CONFIGURATION_PROPERTIES_NAME = "feature-lifecycle"; protected static final String GROUP_NAME = "lifecycle.pdp.group"; @@ -171,7 +173,7 @@ public class LifecycleFsm implements Startable { String commaSeparatedPolicyTypes = properties.getProperty(MANDATORY_POLICY_TYPES); if (!StringUtils.isBlank(commaSeparatedPolicyTypes)) { - Collections.addAll(mandatoryPolicyTypes, commaSeparatedPolicyTypes.split("\\s*,\\s*")); + Collections.addAll(mandatoryPolicyTypes, COMMA_SPACE_PAT.split(commaSeparatedPolicyTypes)); } logger.info("The mandatory Policy Types are {}. Compliance is {}", diff --git a/feature-mdc-filters/src/main/java/org/onap/policy/drools/mdc/filters/MdcTopicFilter.java b/feature-mdc-filters/src/main/java/org/onap/policy/drools/mdc/filters/MdcTopicFilter.java index b66c254a..4ebe18e1 100755 --- a/feature-mdc-filters/src/main/java/org/onap/policy/drools/mdc/filters/MdcTopicFilter.java +++ b/feature-mdc-filters/src/main/java/org/onap/policy/drools/mdc/filters/MdcTopicFilter.java @@ -1,8 +1,8 @@ /* * ============LICENSE_START======================================================= - * feature-mdc-filters + * ONAP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +20,14 @@ package org.onap.policy.drools.mdc.filters; -import com.att.aft.dme2.internal.apache.commons.lang3.StringUtils; +import com.google.re2j.Pattern; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import lombok.Getter; +import org.apache.commons.lang3.StringUtils; import org.onap.policy.drools.protocol.coders.JsonProtocolFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -34,11 +35,13 @@ import org.slf4j.LoggerFactory; public class MdcTopicFilter { private static final Logger logger = LoggerFactory.getLogger(MdcTopicFilter.class); + private static final Pattern COMMA_SPACE_PAT = Pattern.compile("\\s*,\\s*"); + private static final Pattern EQUAL_PAT = Pattern.compile("\\s*=\\s*"); public static final String MDC_KEY_ERROR = "mdcKey must be provided"; public static final String JSON_PATH_ERROR = "json path(s) must be provided"; - private Map rules = new HashMap<>(); + private final Map rules = new HashMap<>(); @Getter public static class FilterRule { @@ -91,14 +94,14 @@ public class MdcTopicFilter { } protected MdcTopicFilter(String rawFilters) { - for (String filter : rawFilters.split("\\s*,\\s*")) { - FilterRule rule = createFilterRule(filter); + for (String filter : COMMA_SPACE_PAT.split(rawFilters)) { + var rule = createFilterRule(filter); rules.put(rule.mdcKey, rule); } } private FilterRule createFilterRule(String filter) { - String[] filterKeyPaths = filter.split("\\s*=\\s*"); + String[] filterKeyPaths = EQUAL_PAT.split(filter); if (filterKeyPaths.length != 2) { throw new IllegalArgumentException("could not parse filter rule"); } @@ -165,7 +168,7 @@ public class MdcTopicFilter { throw new IllegalArgumentException("a filter rule already exists for key: " + mdcKey); } - FilterRule rule = new FilterRule(mdcKey, paths); + var rule = new FilterRule(mdcKey, paths); rules.put(mdcKey, rule); return rule; } diff --git a/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java b/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java index d2196680..810cb65b 100644 --- a/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java +++ b/policy-management/src/main/java/org/onap/policy/drools/controller/IndexedDroolsControllerFactory.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,12 +20,13 @@ package org.onap.policy.drools.controller; +import com.google.re2j.Pattern; import java.util.ArrayList; -import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; +import lombok.NonNull; import org.onap.policy.common.endpoints.event.comm.Topic; import org.onap.policy.common.endpoints.event.comm.Topic.CommInfrastructure; import org.onap.policy.common.endpoints.event.comm.TopicSink; @@ -49,10 +50,8 @@ import org.slf4j.LoggerFactory; */ class IndexedDroolsControllerFactory implements DroolsControllerFactory { - /** - * logger. - */ private static final Logger logger = LoggerFactory.getLogger(IndexedDroolsControllerFactory.class); + private static final Pattern COMMA_SPACE_PAT = Pattern.compile("\\s*,\\s*"); /** * Policy Controller Name Index. @@ -299,13 +298,10 @@ class IndexedDroolsControllerFactory implements DroolsControllerFactory { } private List getFilterExpressions(Properties properties, String propertyPrefix, - String eventClasses) { + @NonNull String eventClasses) { List classes2Filters = new ArrayList<>(); - - List topicClasses = new ArrayList<>(Arrays.asList(eventClasses.split("\\s*,\\s*"))); - - for (String theClass : topicClasses) { + for (String theClass : COMMA_SPACE_PAT.split(eventClasses)) { // 4. for each coder class, get the filter expression diff --git a/policy-management/src/main/java/org/onap/policy/drools/system/internal/AggregatedPolicyController.java b/policy-management/src/main/java/org/onap/policy/drools/system/internal/AggregatedPolicyController.java index e14b1620..44b07a5c 100644 --- a/policy-management/src/main/java/org/onap/policy/drools/system/internal/AggregatedPolicyController.java +++ b/policy-management/src/main/java/org/onap/policy/drools/system/internal/AggregatedPolicyController.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2021 AT&T Intellectual Property. All rights reserved. * Modifications Copyright (C) 2021 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,8 +21,8 @@ package org.onap.policy.drools.system.internal; +import com.google.re2j.Pattern; import java.util.ArrayList; -import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Properties; @@ -64,6 +64,7 @@ public class AggregatedPolicyController implements PolicyController, TopicListen * Logger. */ private static final Logger logger = LoggerFactory.getLogger(AggregatedPolicyController.class); + private static final Pattern COMMA_SPACE_PAT = Pattern.compile("\\s*,\\s*"); /** * identifier for this policy controller. @@ -111,14 +112,14 @@ public class AggregatedPolicyController implements PolicyController, TopicListen /** * Policy Types. */ - private List policyTypes; + private final List policyTypes; /** * Constructor version mainly used for bootstrapping at initialization time a policy engine * controller. * * @param name controller name - * @param properties + * @param properties controller properties * * @throws IllegalArgumentException when invalid arguments are provided */ @@ -170,8 +171,7 @@ public class AggregatedPolicyController implements PolicyController, TopicListen return policyTypeIds; } - List ptiPropList = new ArrayList<>(Arrays.asList(ptiPropValue.split("\\s*,\\s*"))); - for (String pti : ptiPropList) { + for (String pti : COMMA_SPACE_PAT.split(ptiPropValue)) { String[] ptv = pti.split(":"); if (ptv.length == 1) { policyTypeIds.add(new ToscaConceptIdentifier(ptv[0], @@ -217,7 +217,7 @@ public class AggregatedPolicyController implements PolicyController, TopicListen @Override public boolean updateDrools(DroolsConfiguration newDroolsConfiguration) { DroolsController controller = this.droolsController.get(); - DroolsConfiguration oldDroolsConfiguration = new DroolsConfiguration(controller.getArtifactId(), + var oldDroolsConfiguration = new DroolsConfiguration(controller.getArtifactId(), controller.getGroupId(), controller.getVersion()); if (oldDroolsConfiguration.getGroupId().equalsIgnoreCase(newDroolsConfiguration.getGroupId()) @@ -242,7 +242,7 @@ public class AggregatedPolicyController implements PolicyController, TopicListen DroolsControllerConstants.getFactory().destroy(controller); } - boolean success = true; + var success = true; try { this.properties.setProperty(DroolsPropertyConstants.RULES_GROUPID, newDroolsConfiguration.getGroupId()); this.properties.setProperty(DroolsPropertyConstants.RULES_ARTIFACTID, -- cgit 1.2.3-korg