From eb5d536f169528a6e86c03feb4c2b21743936f34 Mon Sep 17 00:00:00 2001
From: Jim Hahn <jrh3@att.com>
Date: Mon, 18 Jun 2018 13:51:39 -0400
Subject: Fix fortify issue with pooling extractor class

The pooling extractor class was using reflection to extract
values from private fields.  It has been modified to only extract
from public fields or to use public getXxx() methods instead.

Change-Id: I3aafe9ebfcd41d0e71dc3529030597609b704f53
Issue-ID: POLICY-906
Signed-off-by: Jim Hahn <jrh3@att.com>
---
 .../drools/pooling/extractor/ClassExtractorsTest.java      | 14 +++++++-------
 .../pooling/extractor/ClassExtractorsTestSupport.java      |  2 +-
 .../pooling/extractor/ClassExtractorsTestSupport2.java     |  3 +--
 .../drools/pooling/extractor/FieldExtractorTest.java       |  4 ++--
 4 files changed, 11 insertions(+), 12 deletions(-)

(limited to 'feature-pooling-dmaap/src/test/java')

diff --git a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTest.java b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTest.java
index e9246430..e6269a9a 100644
--- a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTest.java
+++ b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTest.java
@@ -351,19 +351,19 @@ public class ClassExtractorsTest {
          * This will not be used because getIntValue() will override it.
          */
         @SuppressWarnings("unused")
-        private int intValue = INT_VALUE2;
+        public final int intValue = INT_VALUE2;
 
         /**
          * Used to verify retrieval via a field name.
          */
         @SuppressWarnings("unused")
-        private String strValue = VALUE;
+        public final String strValue = VALUE;
 
         /**
          * Used to verify retrieval within maps.
          */
         @SuppressWarnings("unused")
-        private Map<String, Object> mapValue = null;
+        public Map<String, Object> mapValue = null;
 
         /**
          * {@code True} if {@link #getVoidValue()} was invoked, {@code false}
@@ -394,7 +394,7 @@ public class ClassExtractorsTest {
      * Used to verify multi-component retrieval.
      */
     private static class Container {
-        private Simple simpleValue = new Simple();
+        public Simple simpleValue = new Simple();
 
         @SuppressWarnings("unused")
         public Simple getData() {
@@ -416,7 +416,7 @@ public class ClassExtractorsTest {
     private static class Super implements WithString {
 
         @SuppressWarnings("unused")
-        private int intValue = INT_VALUE;
+        public final int intValue = INT_VALUE;
 
         @Override
         public String getStrValue() {
@@ -430,11 +430,11 @@ public class ClassExtractorsTest {
     private static class Sub extends Super {
 
         @SuppressWarnings("unused")
-        private Simple simple = new Simple();
+        public final Simple simple = new Simple();
 
         /**
          * Used to verify multi-component retrieval.
          */
-        private Container cont = new Container();
+        public final Container cont = new Container();
     }
 }
diff --git a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport.java b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport.java
index be8d6c26..98b679d4 100644
--- a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport.java
+++ b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport.java
@@ -34,7 +34,7 @@ public class ClassExtractorsTestSupport {
         super();
     }
 
-    protected ClassExtractorsTestSupport2 getNested() {
+    public ClassExtractorsTestSupport2 getNested() {
         return nested;
     }
 }
diff --git a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport2.java b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport2.java
index 6941d033..dddd2510 100644
--- a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport2.java
+++ b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/ClassExtractorsTestSupport2.java
@@ -27,6 +27,5 @@ public class ClassExtractorsTestSupport2 {
 
     public static final int NESTED_VALUE = 30;
     
-    @SuppressWarnings("unused")
-    private int theValue = NESTED_VALUE;
+    public final int theValue = NESTED_VALUE;
 }
diff --git a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/FieldExtractorTest.java b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/FieldExtractorTest.java
index 6fc2e20e..9794bffa 100644
--- a/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/FieldExtractorTest.java
+++ b/feature-pooling-dmaap/src/test/java/org/onap/policy/drools/pooling/extractor/FieldExtractorTest.java
@@ -69,9 +69,9 @@ public class FieldExtractorTest {
 
     private static class MyClass {
         @SuppressWarnings("unused")
-        private String value = VALUE;
+        public String value = VALUE;
 
         @SuppressWarnings("unused")
-        private int value2 = INT_VALUE;
+        public int value2 = INT_VALUE;
     }
 }
-- 
cgit 1.2.3-korg