summaryrefslogtreecommitdiffstats
path: root/POLICY-SDK-APP/src
diff options
context:
space:
mode:
authorpa834y <pa834y@att.com>2019-03-27 18:39:09 -0400
committerpa834y <pa834y@att.com>2019-03-27 18:39:09 -0400
commit38094965cb1e32186a7305f05d332b6ca29cd970 (patch)
tree35c95d441f273e09e0cae0b9d1c7cd93aded85ef /POLICY-SDK-APP/src
parent0e45b29c2356e74f5185744f661082e6cf00b72e (diff)
Fix sonar new bugs and vulnerabilities
Change-Id: I7fbfe70e856d48f40ad831a6d0451e46024bf6de Issue-ID: POLICY-1417 Signed-off-by: pa834y <pa834y@att.com>
Diffstat (limited to 'POLICY-SDK-APP/src')
-rw-r--r--POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java143
1 files changed, 82 insertions, 61 deletions
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
index 69444c478..7df8602c9 100644
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java
@@ -28,6 +28,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -35,12 +36,13 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
-import java.nio.charset.StandardCharsets;
import javax.annotation.PostConstruct;
import javax.mail.MessagingException;
import javax.script.SimpleBindings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
import org.json.JSONObject;
import org.onap.policy.admin.PolicyNotificationMail;
import org.onap.policy.admin.RESTfulPAPEngine;
@@ -71,8 +73,6 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
@Controller
@RequestMapping("/")
@@ -182,8 +182,9 @@ public class PolicyController extends RestrictedBaseController {
try {
String fileName;
if (jUnit) {
- fileName = new File(".").getCanonicalPath() + File.separator + "src" + File.separator + "test"
- + File.separator + "resources" + File.separator + "JSONConfig.json";
+ fileName = new File(".").getCanonicalPath() + File.separator + "src"
+ + File.separator + "test" + File.separator + "resources" + File.separator
+ + "JSONConfig.json";
} else {
fileName = "xacml.admin.properties";
}
@@ -234,17 +235,19 @@ public class PolicyController extends RestrictedBaseController {
// Get the Property Values for Dashboard tab Limit
try {
setLogTableLimit(prop.getProperty("xacml.onap.dashboard.logTableLimit"));
- setSystemAlertTableLimit(prop.getProperty("xacml.onap.dashboard.systemAlertTableLimit"));
+ setSystemAlertTableLimit(
+ prop.getProperty("xacml.onap.dashboard.systemAlertTableLimit"));
} catch (Exception e) {
- policyLogger
- .error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Dashboard tab Property fields are missing" + e);
+ policyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE
+ + "Dashboard tab Property fields are missing" + e);
setLogTableLimit("5000");
setSystemAlertTableLimit("2000");
}
System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "xacml.admin.properties");
} catch (IOException ex) {
policyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE
- + "Exception Occured while reading the Smtp properties from xacml.admin.properties file" + ex);
+ + "Exception Occured while reading the Smtp properties from xacml.admin.properties file"
+ + ex);
}
// Initialize the FunctionDefinition table at Server Start up
@@ -260,7 +263,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Get FunctionData Type from DB.
- *
+ *
* @return list of FunctionData.
*/
public static Map<Datatype, List<FunctionDefinition>> getFunctionDatatypeMap() {
@@ -274,7 +277,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Get Function ID.
- *
+ *
* @return Function ID.
*/
public static Map<String, FunctionDefinition> getFunctionIdMap() {
@@ -294,7 +297,8 @@ public class PolicyController extends RestrictedBaseController {
FunctionDefinition value = (FunctionDefinition) functiondefinitions.get(i);
mapID2Function.put(value.getXacmlid(), value);
if (!mapDatatype2Function.containsKey(value.getDatatypeBean())) {
- mapDatatype2Function.put(value.getDatatypeBean(), new ArrayList<FunctionDefinition>());
+ mapDatatype2Function.put(value.getDatatypeBean(),
+ new ArrayList<FunctionDefinition>());
}
mapDatatype2Function.get(value.getDatatypeBean()).add(value);
}
@@ -302,31 +306,33 @@ public class PolicyController extends RestrictedBaseController {
/**
* Get Functional Definition data.
- *
- * @param request HttpServletRequest.
+ *
+ * @param request HttpServletRequest.
* @param response HttpServletResponse.
*/
- @RequestMapping(value = { "/get_FunctionDefinitionDataByName" }, method = {
- org.springframework.web.bind.annotation.RequestMethod.GET }, produces = MediaType.APPLICATION_JSON_VALUE)
- public void getFunctionDefinitionData(HttpServletRequest request, HttpServletResponse response) {
+ @RequestMapping(value = {"/get_FunctionDefinitionDataByName"},
+ method = {org.springframework.web.bind.annotation.RequestMethod.GET},
+ produces = MediaType.APPLICATION_JSON_VALUE)
+ public void getFunctionDefinitionData(HttpServletRequest request,
+ HttpServletResponse response) {
try {
Map<String, Object> model = new HashMap<>();
ObjectMapper mapper = new ObjectMapper();
- model.put("functionDefinitionDatas",
- mapper.writeValueAsString(commonClassDao.getDataByColumn(FunctionDefinition.class, "shortname")));
+ model.put("functionDefinitionDatas", mapper.writeValueAsString(
+ commonClassDao.getDataByColumn(FunctionDefinition.class, "shortname")));
JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model));
JSONObject j = new JSONObject(msg);
response.getWriter().write(j.toString());
} catch (Exception e) {
- policyLogger.error(
- XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while retriving the Function Definition data" + e);
+ policyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE
+ + "Error while retriving the Function Definition data" + e);
}
}
/**
* Get PolicyEntity Data from db.
- *
- * @param scope scopeName.
+ *
+ * @param scope scopeName.
* @param policyName policyName.
* @return policyEntity data.
*/
@@ -338,7 +344,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Get Policy User Roles from db.
- *
+ *
* @param userId LoginID.
* @return list of Roles.
*/
@@ -357,12 +363,13 @@ public class PolicyController extends RestrictedBaseController {
/**
* Get List of User Roles.
- *
- * @param request HttpServletRequest.
+ *
+ * @param request HttpServletRequest.
* @param response HttpServletResponse.
*/
- @RequestMapping(value = { "/get_UserRolesData" }, method = {
- org.springframework.web.bind.annotation.RequestMethod.GET }, produces = MediaType.APPLICATION_JSON_VALUE)
+ @RequestMapping(value = {"/get_UserRolesData"},
+ method = {org.springframework.web.bind.annotation.RequestMethod.GET},
+ produces = MediaType.APPLICATION_JSON_VALUE)
public void getUserRolesEntityData(HttpServletRequest request, HttpServletResponse response) {
try {
String userId = UserUtils.getUserSession(request).getOrgUserId();
@@ -379,11 +386,11 @@ public class PolicyController extends RestrictedBaseController {
/**
* Policy tabs Model and View.
- *
+ *
* @param request Request input.
* @return view model.
*/
- @RequestMapping(value = { "/policy", "/policy/Editor" }, method = RequestMethod.GET)
+ @RequestMapping(value = {"/policy", "/policy/Editor"}, method = RequestMethod.GET)
public ModelAndView view(HttpServletRequest request) {
getUserRoleFromSession(request);
String myRequestUrl = request.getRequestURL().toString();
@@ -394,7 +401,8 @@ public class PolicyController extends RestrictedBaseController {
setPapEngine(new RESTfulPAPEngine(myRequestUrl));
new PDPGroupContainer(new RESTfulPAPEngine(myRequestUrl));
} catch (Exception e) {
- policyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Exception Occured while loading PAP" + e);
+ policyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR
+ + "Exception Occured while loading PAP" + e);
}
Map<String, Object> model = new HashMap<>();
return new ModelAndView("policy_Editor", "model", model);
@@ -402,7 +410,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Read the role from session for inserting into the database.
- *
+ *
* @param request Request input for Role.
*/
public void getUserRoleFromSession(HttpServletRequest request) {
@@ -429,7 +437,8 @@ public class PolicyController extends RestrictedBaseController {
savePolicyRoles(name, filteredRole, userId);
} else {
userRoles = getRoles(userId);
- Pair<Set<String>, List<String>> pair = org.onap.policy.utils.UserUtils.checkRoleAndScope(userRoles);
+ Pair<Set<String>, List<String>> pair =
+ org.onap.policy.utils.UserUtils.checkRoleAndScope(userRoles);
roles = pair.u;
if (!roles.contains(filteredRole)) {
savePolicyRoles(name, filteredRole, userId);
@@ -440,9 +449,9 @@ public class PolicyController extends RestrictedBaseController {
/**
* Build a delete query for cleaning up roles and execute it.
- *
+ *
* @param filteredRoles Filtered roles list.
- * @param userId UserID.
+ * @param userId UserID.
*/
private void cleanUpRoles(List<String> filteredRoles, String userId) {
StringBuilder query = new StringBuilder();
@@ -460,10 +469,10 @@ public class PolicyController extends RestrictedBaseController {
/**
* Save the Role to DB.
- *
- * @param name User Name.
+ *
+ * @param name User Name.
* @param filteredRole Role Name.
- * @param userId User LoginID.
+ * @param userId User LoginID.
*/
private void savePolicyRoles(String name, String filteredRole, String userId) {
UserInfo userInfo = new UserInfo();
@@ -479,7 +488,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Filter the list of roles hierarchy wise.
- *
+ *
* @param newRoles list of roles from request.
* @return
*/
@@ -501,7 +510,8 @@ public class PolicyController extends RestrictedBaseController {
roles.clear();
roles.add(SUPERADMIN);
}
- if (!roles.contains(SUPERADMIN) || (POLICYGUEST.equalsIgnoreCase(role) && !superCheck)) {
+ if (!roles.contains(SUPERADMIN)
+ || (POLICYGUEST.equalsIgnoreCase(role) && !superCheck)) {
if ("Policy Admin".equalsIgnoreCase(role.trim())) {
roles.add("admin");
} else if ("Policy Editor".equalsIgnoreCase(role.trim())) {
@@ -524,7 +534,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Get UserName based on LoginID.
- *
+ *
* @param createdBy loginID.
* @return name.
*/
@@ -536,7 +546,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Check if the Policy is Active or not.
- *
+ *
* @param query sql query.
* @return boolean.
*/
@@ -565,7 +575,8 @@ public class PolicyController extends RestrictedBaseController {
}
public PolicyVersion getPolicyEntityFromPolicyVersion(String query) {
- return (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, "policyName", query);
+ return (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, "policyName",
+ query);
}
public List<Object> getDataByQuery(String query, SimpleBindings params) {
@@ -579,10 +590,10 @@ public class PolicyController extends RestrictedBaseController {
/**
* Watch Policy Function.
- *
- * @param entity PolicyVersion entity.
+ *
+ * @param entity PolicyVersion entity.
* @param policyName updated policy name.
- * @param mode type of action rename/delete/import.
+ * @param mode type of action rename/delete/import.
*/
public void watchPolicyFunction(PolicyVersion entity, String policyName, String mode) {
PolicyNotificationMail email = new PolicyNotificationMail();
@@ -596,7 +607,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Switch Version Policy Content.
- *
+ *
* @param pName which is used to find associated versions.
* @return list of available versions based on policy name.
*/
@@ -613,7 +624,8 @@ public class PolicyController extends RestrictedBaseController {
dbCheckName = dbCheckName.replace(".Decision_", ":Decision_");
}
String[] splitDbCheckName = dbCheckName.split(":");
- String query = "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
+ String query =
+ "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0";
SimpleBindings params = new SimpleBindings();
params.put("splitDBCheckName1", splitDbCheckName[1] + "%");
params.put("splitDBCheckName0", splitDbCheckName[0]);
@@ -629,8 +641,8 @@ public class PolicyController extends RestrictedBaseController {
if (policyName.contains("/")) {
policyName = policyName.replace("/", File.separator);
}
- PolicyVersion entity = (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, "policyName",
- policyName);
+ PolicyVersion entity = (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class,
+ "policyName", policyName);
JSONObject el = new JSONObject();
el.put("activeVersion", entity.getActiveVersion());
el.put("availableVersions", av);
@@ -654,14 +666,16 @@ public class PolicyController extends RestrictedBaseController {
}
public String getDescription(PolicyEntity data) {
- InputStream stream = new ByteArrayInputStream(data.getPolicyData().getBytes(StandardCharsets.UTF_8));
+ InputStream stream =
+ new ByteArrayInputStream(data.getPolicyData().getBytes(StandardCharsets.UTF_8));
Object policy = XACMLPolicyScanner.readPolicy(stream);
if (policy instanceof PolicySetType) {
return ((PolicySetType) policy).getDescription();
} else if (policy instanceof PolicyType) {
return ((PolicyType) policy).getDescription();
} else {
- PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Expecting a PolicySet/Policy/Rule object. Got: "
+ PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE
+ + "Expecting a PolicySet/Policy/Rule object. Got: "
+ policy.getClass().getCanonicalName());
return null;
}
@@ -670,14 +684,20 @@ public class PolicyController extends RestrictedBaseController {
public String[] getUserInfo(PolicyEntity data, List<PolicyVersion> activePolicies) {
String policyName = data.getScope().replace(".", File.separator) + File.separator
+ data.getPolicyName().substring(0, data.getPolicyName().indexOf('.'));
- PolicyVersion pVersion = activePolicies.stream().filter(a -> policyName.equals(a.getPolicyName())).findAny()
- .orElse(null);
+ PolicyVersion polVersion = activePolicies.stream()
+ .filter(a -> policyName.equals(a.getPolicyName())).findAny().orElse(null);
String[] result = new String[2];
+ UserInfo userCreate = null;
+ UserInfo userModify = null;
+ if (polVersion != null) {
+ userCreate = (UserInfo) getEntityItem(UserInfo.class, "userLoginId",
+ polVersion.getCreatedBy());
+ userModify = (UserInfo) getEntityItem(UserInfo.class, "userLoginId",
+ polVersion.getModifiedBy());
+ }
- UserInfo userCreate = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", pVersion.getCreatedBy());
- UserInfo userModify = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", pVersion.getModifiedBy());
- result[0] = userCreate != null ? userCreate.getUserName() : "super-admin";
- result[1] = userModify != null ? userModify.getUserName() : "super-admin";
+ result[0] = userCreate != null ? userCreate.getUserName() : SUPERADMIN;
+ result[1] = userModify != null ? userModify.getUserName() : SUPERADMIN;
return result;
}
@@ -710,7 +730,8 @@ public class PolicyController extends RestrictedBaseController {
return mapDatatype2Function;
}
- public static void setMapDatatype2Function(Map<Datatype, List<FunctionDefinition>> mapDatatype2Function) {
+ public static void setMapDatatype2Function(
+ Map<Datatype, List<FunctionDefinition>> mapDatatype2Function) {
PolicyController.mapDatatype2Function = mapDatatype2Function;
}
@@ -936,7 +957,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Set File Size limit.
- *
+ *
* @param uploadSize value.
*/
public static void setFileSizeLimit(String uploadSize) {
@@ -954,7 +975,7 @@ public class PolicyController extends RestrictedBaseController {
/**
* Function to convert date.
- *
+ *
* @param dateTTL input date value.
* @return
*/