aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-03-22 18:53:05 +0000
committerGerrit Code Review <gerrit@onap.org>2018-03-22 18:53:05 +0000
commitcfb9038e5bca8e3840ebb25d75144abba8343ea6 (patch)
tree3ba9301c53b413d98c5678218cb986c7df671c21
parent22421c172f11ac8f15bd96d759903c396ed18847 (diff)
parent6104273a0412c73bdbf63f68d88760dada0153d6 (diff)
Merge "Fix vulnerabilities and bugs in policy/engine"
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java87
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java5
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java18
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java24
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java4
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java4
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java4
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java4
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java4
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java4
-rw-r--r--ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java4
11 files changed, 87 insertions, 75 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
index 84cd72fe6..9564acc25 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
@@ -46,7 +46,7 @@ import java.util.Scanner;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;
-
+import javax.json.JsonException;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.persistence.PersistenceException;
@@ -1017,26 +1017,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
im.startTransaction();
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
+ } catch(AdministrativeStateException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but it has an Administrative state of " + im.getStateManager().getAdminState() +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ } catch(StandbyStatusException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but it has a Standby Status of " + im.getStateManager().getStandbyStatus() +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
} catch (IntegrityMonitorException e) {
- String message = "PUT interface called for PAP " + papResourceName;
- if (e instanceof AdministrativeStateException) {
- message += " but it has an Administrative state of "
- + im.getStateManager().getAdminState();
- } else if (e instanceof StandbyStatusException) {
- message += " but it has a Standby Status of "
- + im.getStateManager().getStandbyStatus();
- } else {
- message += " but an exception occurred";
-
- }
- message += "\n Exception Message: " + e.getMessage();
-
- LOGGER.info(message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but an exception occurred" +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
}
loggingContext.metricStarted();
@@ -2211,6 +2209,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
+ } catch (IOException | JsonException e) {
+ LOGGER.debug(e);
+ acPutTransaction.rollbackTransaction();
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ return;
}
}
@@ -2822,24 +2828,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
PolicyLogger.audit("Transaction Failed - See Error.log");
response.setStatus(HttpServletResponse.SC_OK);
return;
- }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
- String submsg;
- if (e instanceof ForwardProgressException) {
- submsg = " is not making forward progress.";
- } else if (e instanceof AdministrativeStateException) {
- submsg = " Administrative State is LOCKED.";
- } else {
- submsg = " Standby Status is NOT PROVIDING SERVICE.";
- }
-
- String message = "GET:/pap/test called and PAP " + papResourceName + submsg
- + " Exception Message: " + e.getMessage();
- LOGGER.info(message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
+ }catch (ForwardProgressException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ }catch (AdministrativeStateException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ }catch (StandbyStatusException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
}catch (Exception e) {
//A subsystem is not making progress, is locked, standby or is not responding
String eMsg = e.getMessage();
@@ -3014,4 +3017,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
public static void setMsPolicyName(String msPolicyName) {
XACMLPapServlet.msPolicyName = msPolicyName;
}
+
+ private void logMessage(Exception e, String message, ONAPLoggingContext loggingContext, HttpServletResponse response) {
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ }
}
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
index 9ac858277..8b4651fee 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
@@ -127,7 +127,7 @@ public class PolicyDBDao {
public static final String duplicatePolicyId = "Somehow, more than one policy with the id ";
public static final String foundInDB = " were found in the database";
- public static boolean isJunit = false;
+ private static boolean isJunit = false;
public static void setJunit(boolean isJunit) {
PolicyDBDao.isJunit = isJunit;
@@ -1250,6 +1250,9 @@ public class PolicyDBDao {
for(PDPPolicy policy : policies){
try{
String[] stringArray = getNameScopeAndVersionFromPdpPolicy(policy.getId());
+ if(stringArray == null) {
+ throw new IllegalArgumentException("Invalid input - policyID must contain name, scope and version");
+ }
List<PolicyEntity> policyEntityList;
Query getPolicyEntitiesQuery = em.createNamedQuery("PolicyEntity.findByNameAndScope");
getPolicyEntitiesQuery.setParameter("name", stringArray[0]);
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java
index 5c9f8602f..102d43f0c 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java
@@ -550,20 +550,14 @@ public class XACMLPdpLoader {
// properties
//
changed = true;
+ } catch (MalformedURLException e) {
+ papUrls.failed();
+ LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Policy '" + policy
+ + "' had bad URL in new configuration, URL='" + propLocation + "'");
} catch (Exception e) {
papUrls.failed();
- if (e instanceof MalformedURLException) {
- LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Policy '"
- + policy
- + "' had bad URL in new configuration, URL='"
- + propLocation + "'");
-
- } else {
- LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error while retrieving policy "
- + policy
- + " from URL "
- + url + ", e=" + e);
- }
+ LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error while retrieving policy "
+ + policy + " from URL " + url + ", e=" + e);
}
papUrls.getNext();
}
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
index 59194841f..3c0ea3894 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
@@ -54,12 +54,16 @@ public class PAPServices {
private int responseCode = 0;
private static String environment = "DEVL";
- public static Boolean junit = false;
+ private static Boolean isJunit = false;
private static List<String> paps = null;
private static final Object papResourceLock = new Object();
private String operation = null;
private String requestMethod = null;
- private String encoding = null;
+ private String encoding = null;
+
+ public static void setJunit(boolean isJunit) {
+ PAPServices.isJunit = isJunit;
+ }
public PAPServices() {
environment = PDPApiAuth.getEnvironment();
@@ -164,7 +168,7 @@ public class PAPServices {
} else if(content != null){
// the content is an object to be encoded in JSON
ObjectMapper mapper = new ObjectMapper();
- if (!junit) {
+ if (!isJunit) {
mapper.writeValue(connection.getOutputStream(),
content);
}
@@ -174,7 +178,7 @@ public class PAPServices {
responseCode = connection.getResponseCode();
// If Connected to PAP then break from the loop and continue
// with the Request
- if (connection.getResponseCode() > 0 || junit) {
+ if (connection.getResponseCode() > 0 || isJunit) {
connected = true;
break;
} else {
@@ -183,7 +187,7 @@ public class PAPServices {
}
} catch (Exception e) {
// This means that the PAP is not working
- if (junit) {
+ if (isJunit) {
connected = true;
break;
}
@@ -212,7 +216,7 @@ public class PAPServices {
XACMLErrorConstants.ERROR_SYSTEM_ERROR
+ "Decoding the result ", e);
}
- if (junit) {
+ if (isJunit) {
response = SUCCESS;
}
}else{
@@ -326,10 +330,10 @@ public class PAPServices {
private String checkResponse(HttpURLConnection connection, UUID requestID) throws IOException {
String response = null;
- if (responseCode == 200 || junit) {
+ if (responseCode == 200 || isJunit) {
// Check for successful creation of policy
String isSuccess = null;
- if (!junit) { // is this a junit test?
+ if (!isJunit) { // is this a junit test?
isSuccess = connection.getHeaderField("successMapKey");
operation = connection.getHeaderField("operation");
} else {
@@ -603,7 +607,7 @@ public class PAPServices {
responseCode = connection.getResponseCode();
// If Connected to PAP then break from the loop and continue
// with the Request
- if (connection.getResponseCode() > 0 || junit) {
+ if (connection.getResponseCode() > 0 || isJunit) {
connected = true;
break;
} else {
@@ -612,7 +616,7 @@ public class PAPServices {
}
} catch (Exception e) {
// This means that the PAP is not working
- if (junit) {
+ if (isJunit) {
connected = true;
break;
}
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java
index 8867a7828..23e47f418 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java
@@ -50,7 +50,7 @@ public class BRMSParamPolicyServiceTest {
String succeeded = prop.getProperty("xacml.rest.pap.url");
List<String> paps = Arrays.asList(succeeded.split(","));
PAPServices.setPaps(paps);
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
PolicyParameters policyParameters = new PolicyParameters();
policyParameters.setPolicyConfigType(PolicyConfigType.BRMS_PARAM);
@@ -80,7 +80,7 @@ public class BRMSParamPolicyServiceTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java
index de884b349..c21bc9c77 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java
@@ -47,7 +47,7 @@ public class ClosedLoopFaultPolicyServiceTest {
String succeeded = prop.getProperty("xacml.rest.pap.url");
List<String> paps = Arrays.asList(succeeded.split(","));
PAPServices.setPaps(paps);
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
PolicyParameters policyParameters = new PolicyParameters();
policyParameters.setPolicyConfigType(PolicyConfigType.ClosedLoop_Fault);
@@ -69,7 +69,7 @@ public class ClosedLoopFaultPolicyServiceTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java
index 19bb279e6..99dc67742 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java
@@ -47,7 +47,7 @@ public class ClosedLoopPMPolicyServiceTest {
String succeeded = prop.getProperty("xacml.rest.pap.url");
List<String> paps = Arrays.asList(succeeded.split(","));
PAPServices.setPaps(paps);
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
PolicyParameters policyParameters = new PolicyParameters();
policyParameters.setPolicyConfigType(PolicyConfigType.ClosedLoop_PM);
@@ -69,7 +69,7 @@ public class ClosedLoopPMPolicyServiceTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java
index 0fcb0027c..fe0668115 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java
@@ -49,7 +49,7 @@ public class DecisionPolicyServiceTest {
String succeeded = prop.getProperty("xacml.rest.pap.url");
List<String> paps = Arrays.asList(succeeded.split(","));
PAPServices.setPaps(paps);
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
PolicyParameters policyParameters = new PolicyParameters();
policyParameters.setPolicyClass(PolicyClass.Decision);
@@ -94,7 +94,7 @@ public class DecisionPolicyServiceTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java
index 4343a5060..ccedd7553 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java
@@ -46,7 +46,7 @@ public class FirewallPolicyServiceTest {
String succeeded = prop.getProperty("xacml.rest.pap.url");
List<String> paps = Arrays.asList(succeeded.split(","));
PAPServices.setPaps(paps);
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
PolicyParameters policyParameters = new PolicyParameters();
policyParameters.setPolicyConfigType(PolicyConfigType.Firewall); //required
@@ -67,7 +67,7 @@ public class FirewallPolicyServiceTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java
index a9301e728..e460a853b 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java
@@ -47,7 +47,7 @@ public class MicroServicesPolicyServiceTest {
String succeeded = prop.getProperty("xacml.rest.pap.url");
List<String> paps = Arrays.asList(succeeded.split(","));
PAPServices.setPaps(paps);
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
PolicyParameters policyParameters = new PolicyParameters();
policyParameters.setPolicyConfigType(PolicyConfigType.MicroService);
@@ -69,7 +69,7 @@ public class MicroServicesPolicyServiceTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test
diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java
index 9d1d13910..93fde841d 100644
--- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java
+++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java
@@ -40,7 +40,7 @@ public class PAPServicesTest {
@Before
public void setUp() throws Exception {
- PAPServices.junit = true;
+ PAPServices.setJunit(true);
Properties prop = new Properties();
prop.load(new FileInputStream("src/test/resources/pass.xacml.pdp.properties"));
String succeeded = prop.getProperty("xacml.rest.pap.url");
@@ -53,7 +53,7 @@ public class PAPServicesTest {
@After
public void tearDown() throws Exception {
PAPServices.setPaps(null);
- PAPServices.junit = false;
+ PAPServices.setJunit(false);
}
@Test