aboutsummaryrefslogtreecommitdiffstats
path: root/ONAP-PAP-REST
diff options
context:
space:
mode:
authoreramkve <ram.krishna.verma@ericsson.com>2018-03-21 20:25:05 +0000
committereramkve <ram.krishna.verma@ericsson.com>2018-03-21 20:40:21 +0000
commit6104273a0412c73bdbf63f68d88760dada0153d6 (patch)
tree26a933bf82850dcd88e31a014f55c9828ea51bbd /ONAP-PAP-REST
parent4938fc8ff0a231e26d63c06016365bea5c021c3f (diff)
Fix vulnerabilities and bugs in policy/engine
Code fixes for 1 bug and 17 vulnerabilities reported by Sonar in policy/engine Change-Id: I7b641795c790ec15418bd9ae3a414279e1b0f733 Issue-ID: POLICY-662 Signed-off-by: eramkve <ram.krishna.verma@ericsson.com>
Diffstat (limited to 'ONAP-PAP-REST')
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java87
-rw-r--r--ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java5
2 files changed, 53 insertions, 39 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
index 84cd72fe6..9564acc25 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java
@@ -46,7 +46,7 @@ import java.util.Scanner;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;
-
+import javax.json.JsonException;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.persistence.PersistenceException;
@@ -1017,26 +1017,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
im.startTransaction();
loggingContext.metricEnded();
PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction");
+ } catch(AdministrativeStateException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but it has an Administrative state of " + im.getStateManager().getAdminState() +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ } catch(StandbyStatusException e) {
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but it has a Standby Status of " + im.getStateManager().getStandbyStatus() +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
} catch (IntegrityMonitorException e) {
- String message = "PUT interface called for PAP " + papResourceName;
- if (e instanceof AdministrativeStateException) {
- message += " but it has an Administrative state of "
- + im.getStateManager().getAdminState();
- } else if (e instanceof StandbyStatusException) {
- message += " but it has a Standby Status of "
- + im.getStateManager().getStandbyStatus();
- } else {
- message += " but an exception occurred";
-
- }
- message += "\n Exception Message: " + e.getMessage();
-
- LOGGER.info(message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
+ String message = "PUT interface called for PAP " + papResourceName +
+ " but an exception occurred" +
+ "\n Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
}
loggingContext.metricStarted();
@@ -2211,6 +2209,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
PolicyLogger.audit("Transaction Failed - See Error.log");
setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
+ } catch (IOException | JsonException e) {
+ LOGGER.debug(e);
+ acPutTransaction.rollbackTransaction();
+ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception");
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ return;
}
}
@@ -2822,24 +2828,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
PolicyLogger.audit("Transaction Failed - See Error.log");
response.setStatus(HttpServletResponse.SC_OK);
return;
- }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){
- String submsg;
- if (e instanceof ForwardProgressException) {
- submsg = " is not making forward progress.";
- } else if (e instanceof AdministrativeStateException) {
- submsg = " Administrative State is LOCKED.";
- } else {
- submsg = " Standby Status is NOT PROVIDING SERVICE.";
- }
-
- String message = "GET:/pap/test called and PAP " + papResourceName + submsg
- + " Exception Message: " + e.getMessage();
- LOGGER.info(message, e);
- PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
- loggingContext.transactionEnded();
- PolicyLogger.audit("Transaction Failed - See Error.log");
- setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
- return;
+ }catch (ForwardProgressException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ }catch (AdministrativeStateException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
+ }catch (StandbyStatusException e){
+ String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE."
+ + " Exception Message: " + e.getMessage();
+ logMessage(e, message, loggingContext, response);
+ return;
}catch (Exception e) {
//A subsystem is not making progress, is locked, standby or is not responding
String eMsg = e.getMessage();
@@ -3014,4 +3017,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList
public static void setMsPolicyName(String msPolicyName) {
XACMLPapServlet.msPolicyName = msPolicyName;
}
+
+ private void logMessage(Exception e, String message, ONAPLoggingContext loggingContext, HttpServletResponse response) {
+ LOGGER.info(message, e);
+ PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message);
+ loggingContext.transactionEnded();
+ PolicyLogger.audit("Transaction Failed - See Error.log");
+ setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message);
+ }
}
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
index 9ac858277..8b4651fee 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java
@@ -127,7 +127,7 @@ public class PolicyDBDao {
public static final String duplicatePolicyId = "Somehow, more than one policy with the id ";
public static final String foundInDB = " were found in the database";
- public static boolean isJunit = false;
+ private static boolean isJunit = false;
public static void setJunit(boolean isJunit) {
PolicyDBDao.isJunit = isJunit;
@@ -1250,6 +1250,9 @@ public class PolicyDBDao {
for(PDPPolicy policy : policies){
try{
String[] stringArray = getNameScopeAndVersionFromPdpPolicy(policy.getId());
+ if(stringArray == null) {
+ throw new IllegalArgumentException("Invalid input - policyID must contain name, scope and version");
+ }
List<PolicyEntity> policyEntityList;
Query getPolicyEntitiesQuery = em.createNamedQuery("PolicyEntity.findByNameAndScope");
getPolicyEntitiesQuery.setParameter("name", stringArray[0]);