Add fix for SQL injection.

Add fix for SQL injection by passing parameters into getDataByQuery method and binding parameters. Add junit test file. Override equals and hashcode methods for more thorough testing on ActionBodyEntity, ConfigurationDataEntity, PolicyEntity, PolicyVersion, WatchPolicyNotificationTable classes. Issue-Id: [POLICY-158] Change-Id: Icebe1ca1ff01c8ea7435729967f4d349a1026054 Signed-off-by: ITSERVICES\cr056n <cr056n@att.com>
author: Rodriguez, Cuauhtemoctzin (cr056n) <cr056n@us.att.com> 2017-08-04 16:02:20 -0500
committer: Temoc Rodriguez <cr056n@att.com> 2017-08-14 18:26:18 +0000
commit: 59e3ddb0f0698965962a7d5879a6e39a80744648 (patch)
tree: a5315a4d0bb39574ecea01d376019073005b0809 /ONAP-REST
parent: 827a2016429bc377e28d2a414b6bcbdf8b6dc924 (diff)
6 files changed, 178 insertions, 11 deletions
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/dao/CommonClassDao.java b/ONAP-REST/src/main/java/org/onap/policy/rest/dao/CommonClassDao.java
index c486f53cb..4d0fd40d8 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/dao/CommonClassDao.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/dao/CommonClassDao.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -23,6 +23,7 @@ package org.onap.policy.rest.dao;
 import java.util.List;
 
 import org.onap.policy.rest.jpa.PolicyRoles;
+import javax.script.SimpleBindings;
 
 public interface CommonClassDao {
 
@@ -32,26 +33,26 @@ public interface CommonClassDao {
 	List<String> getDataByColumn(@SuppressWarnings("rawtypes") Class className, String columnName);
 	List<Object> checkDuplicateEntry(String value, String columnName,  @SuppressWarnings("rawtypes") Class className);
 	Object getEntityItem(@SuppressWarnings("rawtypes") Class className, String columnName, String key);
-	List<Object>  getDataByQuery(String query);
+	List<Object>  getDataByQuery(String query, SimpleBindings params);
 	List<Object>  getMultipleDataOnAddingConjunction(@SuppressWarnings("rawtypes") Class className, String columnName, List<String> data);
 	void save(Object entity);
 	void delete(Object entity);
 	void update(Object entity);
 	void updateQuery(String query);
-	
+
 	//Group Policy Scope
 	List<Object> checkExistingGroupListforUpdate(String groupListValue, String groupNameValue);
-	
-	
+
+
 	//Roles
 	List<PolicyRoles> getUserRoles();
-	
-	
+
+
 	//ClosedLoops
 	void updateClAlarms(String clName, String alarms);
 	void updateClYaml(String clName, String yaml);
 	void deleteAll();
-	 
-	
-	
+
+
+
 }
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ActionBodyEntity.java b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ActionBodyEntity.java
index e65b317d0..1c1c3f4fe 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ActionBodyEntity.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ActionBodyEntity.java
@@ -22,6 +22,7 @@ package org.onap.policy.rest.jpa;
  */
 import java.io.Serializable;
 import java.util.Date;
+import java.util.Objects;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -41,6 +42,7 @@ import javax.persistence.Version;
  * The Entity class to persist a policy object Action Body
  */
 
+
 import com.fasterxml.jackson.annotation.JsonBackReference;
 
 @Entity
@@ -192,4 +194,35 @@ public class ActionBodyEntity implements Serializable {
 	public void setDeleted(boolean deleted) {
 		this.deleted = deleted;
 	}
+	
+	@Override
+	public int hashCode() {
+	return Objects.hash(actionBodyId, actionBodyName, version, actionBody,
+			createdBy, createdDate, modifiedBy, modifiedDate, deleted);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if(obj == null){
+			return false;
+		}
+		if(obj == this){
+			return true;
+		}
+		if(!(obj instanceof ActionBodyEntity)){
+			return false;
+		}
+
+		return (
+				actionBodyId == ((ActionBodyEntity) obj).actionBodyId &&
+				actionBodyName.equals(((ActionBodyEntity) obj).actionBodyName) && 
+				version == ((ActionBodyEntity) obj).version && 
+				actionBody.equals(((ActionBodyEntity) obj).actionBody) && 
+				createdBy.equals(((ActionBodyEntity) obj).createdBy) && 
+				createdDate.equals(((ActionBodyEntity) obj).createdDate) && 
+				modifiedBy.equals(((ActionBodyEntity) obj).modifiedBy) &&
+				modifiedDate.equals(((ActionBodyEntity) obj).modifiedDate) &&
+				deleted == ((ActionBodyEntity) obj).deleted
+				);
+	}
 }
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ConfigurationDataEntity.java b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ConfigurationDataEntity.java
index e755d6fc5..3386e9a51 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ConfigurationDataEntity.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/ConfigurationDataEntity.java
@@ -23,6 +23,7 @@ package org.onap.policy.rest.jpa;
  */
 import java.io.Serializable;
 import java.util.Date;
+import java.util.Objects;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -42,6 +43,7 @@ import javax.persistence.Version;
  * The Entity class to persist a policy object configuration data
  */
 
+
 import com.fasterxml.jackson.annotation.JsonBackReference;
 
 @Entity
@@ -221,4 +223,37 @@ public class ConfigurationDataEntity implements Serializable {
 	public void setDeleted(boolean deleted) {
 		this.deleted = deleted;
 	}
+	
+	@Override
+	public int hashCode() {
+	return Objects.hash(configurationDataId, configurationName,	version, configType,
+			configBody, createdBy, createdDate, description, modifiedBy, modifiedDate, deleted);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if(obj == null){
+			return false;
+		}
+		if(obj == this){
+			return true;
+		}
+		if(!(obj instanceof ConfigurationDataEntity)){
+			return false;
+		}
+		
+		return (
+				configurationDataId == ((ConfigurationDataEntity) obj).configurationDataId &&	
+				configurationName.equals(((ConfigurationDataEntity) obj).configurationName) && 
+				version == ((ConfigurationDataEntity) obj).version &&
+				configType.equals(((ConfigurationDataEntity) obj).configType) &&
+				configBody.equals(((ConfigurationDataEntity) obj).configBody) &&
+				createdBy.equals(((ConfigurationDataEntity) obj).createdBy) &&
+				createdDate.equals(((ConfigurationDataEntity) obj).createdDate) &&
+				description.equals(((ConfigurationDataEntity) obj).description) &&
+				modifiedBy.equals(((ConfigurationDataEntity) obj).modifiedBy) &&
+				modifiedDate.equals(((ConfigurationDataEntity) obj).modifiedDate) &&
+				deleted == ((ConfigurationDataEntity) obj).deleted
+				);
+	}
 }
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyEntity.java b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyEntity.java
index 265d2f65b..57daf7ed8 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyEntity.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyEntity.java
@@ -23,6 +23,7 @@ package org.onap.policy.rest.jpa;
  */
 import java.io.Serializable;
 import java.util.Date;
+import java.util.Objects;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -288,6 +289,44 @@ public class PolicyEntity implements Serializable {
 	public void setDeleted(boolean deleted) {
 		this.deleted = deleted;
 	}
+	
+	@Override
+	public int hashCode() {
+	return Objects.hash(policyId, policyName, scope, version, policyVersion, policyData, configurationDataEntity, 
+			actionBodyEntity, createdBy, createdDate, description, modifiedBy, modifiedDate, deleted);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if(obj == null){
+			return false;
+		}
+		if(obj == this){
+			return true;
+		}
+		if(!(obj instanceof PolicyEntity)){
+			return false;
+		}
+
+		PolicyEntity p = (PolicyEntity) obj;
+		
+		return (
+				policyId == p.policyId &&
+				policyName.equals(p.policyName) &&
+				scope.equals(p.scope) &&
+				version == p.version &&
+				policyVersion == p.policyVersion &&
+				policyData.equals(p.policyData) &&
+				((configurationDataEntity == null && p.configurationDataEntity == null) || configurationDataEntity.equals(p.configurationDataEntity)) &&
+				((actionBodyEntity == null && p.actionBodyEntity == null) || actionBodyEntity.equals(p.actionBodyEntity)) &&
+				createdBy.equals(p.createdBy) &&
+				createdDate.equals(p.createdDate) &&
+				description.equals(p.description) &&
+				modifiedBy.equals(p.modifiedBy) &&
+				modifiedDate.equals(p.modifiedDate) &&
+				deleted == p.deleted
+				);
+	}
 
 
 }
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyVersion.java b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyVersion.java
index d098ee5a2..bc6ad99fd 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyVersion.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyVersion.java
@@ -24,6 +24,7 @@ import java.io.Serializable;
 //import java.sql.Clob;
 import java.sql.Timestamp;
 import java.util.Date;
+import java.util.Objects;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -178,6 +179,38 @@ public class PolicyVersion implements Serializable {
 	public void setModifiedBy(String modifiedBy) {
 		this.modifiedBy = modifiedBy;
 	}
+	
+	@Override
+	public int hashCode() {
+	return Objects.hash(id, policyName,	activeVersion, higherVersion, createdDate, 
+			createdBy, modifiedDate, modifiedBy);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if(obj == null){
+			return false;
+		}
+		if(obj == this){
+			return true;
+		}
+		if(!(obj instanceof PolicyVersion)){
+			return false;
+		}
+
+		PolicyVersion p = (PolicyVersion) obj;
+		
+		return (
+				id == p.id &&
+				policyName.equals(p.policyName) &&
+				activeVersion == p.activeVersion &&
+				higherVersion == p.higherVersion &&
+				createdDate.equals(p.createdDate) &&
+				createdBy.equals(p.createdBy) &&
+				modifiedDate.equals(p.modifiedDate) &&
+				modifiedBy.equals(p.modifiedBy)
+				);
+	}
 
 }
 	
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/WatchPolicyNotificationTable.java b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/WatchPolicyNotificationTable.java
index 297c1f6df..71b35269f 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/WatchPolicyNotificationTable.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/WatchPolicyNotificationTable.java
@@ -25,6 +25,7 @@ package org.onap.policy.rest.jpa;
  * */
 
 import java.io.Serializable;
+import java.util.Objects;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -77,4 +78,29 @@ public class WatchPolicyNotificationTable implements Serializable{
 	public void setLoginIds(String loginIds) {
 		this.loginIds = loginIds;
 	}
+
+	@Override
+	public int hashCode() {
+		return Objects.hash(id, policyName, loginIds);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if(obj == null){
+			return false;
+		}
+		if(obj == this){
+			return true;
+		}
+		if(!(obj instanceof WatchPolicyNotificationTable)){
+			return false;
+		}
+		
+		return(id == ((WatchPolicyNotificationTable)obj).id &&
+		policyName.equals(((WatchPolicyNotificationTable)obj).policyName) && 
+		loginIds.equals(((WatchPolicyNotificationTable)obj).loginIds)
+		);
+	}
+	
+	
 }
author	Rodriguez, Cuauhtemoctzin (cr056n) <cr056n@us.att.com>	2017-08-04 16:02:20 -0500
committer	Temoc Rodriguez <cr056n@att.com>	2017-08-14 18:26:18 +0000
commit	59e3ddb0f0698965962a7d5879a6e39a80744648 (patch)
tree	a5315a4d0bb39574ecea01d376019073005b0809 /ONAP-REST
parent	827a2016429bc377e28d2a414b6bcbdf8b6dc924 (diff)