From 6104273a0412c73bdbf63f68d88760dada0153d6 Mon Sep 17 00:00:00 2001 From: eramkve Date: Wed, 21 Mar 2018 20:25:05 +0000 Subject: Fix vulnerabilities and bugs in policy/engine Code fixes for 1 bug and 17 vulnerabilities reported by Sonar in policy/engine Change-Id: I7b641795c790ec15418bd9ae3a414279e1b0f733 Issue-ID: POLICY-662 Signed-off-by: eramkve --- .../policy/pap/xacml/rest/XACMLPapServlet.java | 87 ++++++++++++---------- .../pap/xacml/rest/components/PolicyDBDao.java | 5 +- .../org/onap/policy/pdp/rest/XACMLPdpLoader.java | 18 ++--- .../policy/pdp/rest/api/services/PAPServices.java | 24 +++--- .../api/services/BRMSParamPolicyServiceTest.java | 4 +- .../services/ClosedLoopFaultPolicyServiceTest.java | 4 +- .../services/ClosedLoopPMPolicyServiceTest.java | 4 +- .../api/services/DecisionPolicyServiceTest.java | 4 +- .../api/services/FirewallPolicyServiceTest.java | 4 +- .../services/MicroServicesPolicyServiceTest.java | 4 +- .../pdp/rest/api/services/PAPServicesTest.java | 4 +- 11 files changed, 87 insertions(+), 75 deletions(-) diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java index 84cd72fe6..9564acc25 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java @@ -46,7 +46,7 @@ import java.util.Scanner; import java.util.Set; import java.util.UUID; import java.util.concurrent.CopyOnWriteArrayList; - +import javax.json.JsonException; import javax.persistence.EntityManagerFactory; import javax.persistence.Persistence; import javax.persistence.PersistenceException; @@ -1017,26 +1017,24 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList im.startTransaction(); loggingContext.metricEnded(); PolicyLogger.metrics("XACMLPapServlet doPut im startTransaction"); + } catch(AdministrativeStateException e) { + String message = "PUT interface called for PAP " + papResourceName + + " but it has an Administrative state of " + im.getStateManager().getAdminState() + + "\n Exception Message: " + e.getMessage(); + logMessage(e, message, loggingContext, response); + return; + } catch(StandbyStatusException e) { + String message = "PUT interface called for PAP " + papResourceName + + " but it has a Standby Status of " + im.getStateManager().getStandbyStatus() + + "\n Exception Message: " + e.getMessage(); + logMessage(e, message, loggingContext, response); + return; } catch (IntegrityMonitorException e) { - String message = "PUT interface called for PAP " + papResourceName; - if (e instanceof AdministrativeStateException) { - message += " but it has an Administrative state of " - + im.getStateManager().getAdminState(); - } else if (e instanceof StandbyStatusException) { - message += " but it has a Standby Status of " - + im.getStateManager().getStandbyStatus(); - } else { - message += " but an exception occurred"; - - } - message += "\n Exception Message: " + e.getMessage(); - - LOGGER.info(message, e); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - return; + String message = "PUT interface called for PAP " + papResourceName + + " but an exception occurred" + + "\n Exception Message: " + e.getMessage(); + logMessage(e, message, loggingContext, response); + return; } loggingContext.metricStarted(); @@ -2211,6 +2209,14 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); return; + } catch (IOException | JsonException e) { + LOGGER.debug(e); + acPutTransaction.rollbackTransaction(); + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " AC PUT exception"); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + return; } } @@ -2822,24 +2828,21 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.audit("Transaction Failed - See Error.log"); response.setStatus(HttpServletResponse.SC_OK); return; - }catch (ForwardProgressException | AdministrativeStateException | StandbyStatusException e){ - String submsg; - if (e instanceof ForwardProgressException) { - submsg = " is not making forward progress."; - } else if (e instanceof AdministrativeStateException) { - submsg = " Administrative State is LOCKED."; - } else { - submsg = " Standby Status is NOT PROVIDING SERVICE."; - } - - String message = "GET:/pap/test called and PAP " + papResourceName + submsg - + " Exception Message: " + e.getMessage(); - LOGGER.info(message, e); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); - loggingContext.transactionEnded(); - PolicyLogger.audit("Transaction Failed - See Error.log"); - setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); - return; + }catch (ForwardProgressException e){ + String message = "GET:/pap/test called and PAP " + papResourceName + " is not making forward progress." + + " Exception Message: " + e.getMessage(); + logMessage(e, message, loggingContext, response); + return; + }catch (AdministrativeStateException e){ + String message = "GET:/pap/test called and PAP " + papResourceName + " Administrative State is LOCKED." + + " Exception Message: " + e.getMessage(); + logMessage(e, message, loggingContext, response); + return; + }catch (StandbyStatusException e){ + String message = "GET:/pap/test called and PAP " + papResourceName + " Standby Status is NOT PROVIDING SERVICE." + + " Exception Message: " + e.getMessage(); + logMessage(e, message, loggingContext, response); + return; }catch (Exception e) { //A subsystem is not making progress, is locked, standby or is not responding String eMsg = e.getMessage(); @@ -3014,4 +3017,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList public static void setMsPolicyName(String msPolicyName) { XACMLPapServlet.msPolicyName = msPolicyName; } + + private void logMessage(Exception e, String message, ONAPLoggingContext loggingContext, HttpServletResponse response) { + LOGGER.info(message, e); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " " + message); + loggingContext.transactionEnded(); + PolicyLogger.audit("Transaction Failed - See Error.log"); + setResponseError(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); + } } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java index 9ac858277..8b4651fee 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDao.java @@ -127,7 +127,7 @@ public class PolicyDBDao { public static final String duplicatePolicyId = "Somehow, more than one policy with the id "; public static final String foundInDB = " were found in the database"; - public static boolean isJunit = false; + private static boolean isJunit = false; public static void setJunit(boolean isJunit) { PolicyDBDao.isJunit = isJunit; @@ -1250,6 +1250,9 @@ public class PolicyDBDao { for(PDPPolicy policy : policies){ try{ String[] stringArray = getNameScopeAndVersionFromPdpPolicy(policy.getId()); + if(stringArray == null) { + throw new IllegalArgumentException("Invalid input - policyID must contain name, scope and version"); + } List policyEntityList; Query getPolicyEntitiesQuery = em.createNamedQuery("PolicyEntity.findByNameAndScope"); getPolicyEntitiesQuery.setParameter("name", stringArray[0]); diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java index 5c9f8602f..102d43f0c 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/XACMLPdpLoader.java @@ -550,20 +550,14 @@ public class XACMLPdpLoader { // properties // changed = true; + } catch (MalformedURLException e) { + papUrls.failed(); + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Policy '" + policy + + "' had bad URL in new configuration, URL='" + propLocation + "'"); } catch (Exception e) { papUrls.failed(); - if (e instanceof MalformedURLException) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Policy '" - + policy - + "' had bad URL in new configuration, URL='" - + propLocation + "'"); - - } else { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error while retrieving policy " - + policy - + " from URL " - + url + ", e=" + e); - } + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Error while retrieving policy " + + policy + " from URL " + url + ", e=" + e); } papUrls.getNext(); } diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java index 59194841f..3c0ea3894 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java @@ -54,12 +54,16 @@ public class PAPServices { private int responseCode = 0; private static String environment = "DEVL"; - public static Boolean junit = false; + private static Boolean isJunit = false; private static List paps = null; private static final Object papResourceLock = new Object(); private String operation = null; private String requestMethod = null; - private String encoding = null; + private String encoding = null; + + public static void setJunit(boolean isJunit) { + PAPServices.isJunit = isJunit; + } public PAPServices() { environment = PDPApiAuth.getEnvironment(); @@ -164,7 +168,7 @@ public class PAPServices { } else if(content != null){ // the content is an object to be encoded in JSON ObjectMapper mapper = new ObjectMapper(); - if (!junit) { + if (!isJunit) { mapper.writeValue(connection.getOutputStream(), content); } @@ -174,7 +178,7 @@ public class PAPServices { responseCode = connection.getResponseCode(); // If Connected to PAP then break from the loop and continue // with the Request - if (connection.getResponseCode() > 0 || junit) { + if (connection.getResponseCode() > 0 || isJunit) { connected = true; break; } else { @@ -183,7 +187,7 @@ public class PAPServices { } } catch (Exception e) { // This means that the PAP is not working - if (junit) { + if (isJunit) { connected = true; break; } @@ -212,7 +216,7 @@ public class PAPServices { XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Decoding the result ", e); } - if (junit) { + if (isJunit) { response = SUCCESS; } }else{ @@ -326,10 +330,10 @@ public class PAPServices { private String checkResponse(HttpURLConnection connection, UUID requestID) throws IOException { String response = null; - if (responseCode == 200 || junit) { + if (responseCode == 200 || isJunit) { // Check for successful creation of policy String isSuccess = null; - if (!junit) { // is this a junit test? + if (!isJunit) { // is this a junit test? isSuccess = connection.getHeaderField("successMapKey"); operation = connection.getHeaderField("operation"); } else { @@ -603,7 +607,7 @@ public class PAPServices { responseCode = connection.getResponseCode(); // If Connected to PAP then break from the loop and continue // with the Request - if (connection.getResponseCode() > 0 || junit) { + if (connection.getResponseCode() > 0 || isJunit) { connected = true; break; } else { @@ -612,7 +616,7 @@ public class PAPServices { } } catch (Exception e) { // This means that the PAP is not working - if (junit) { + if (isJunit) { connected = true; break; } diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java index 8867a7828..23e47f418 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/BRMSParamPolicyServiceTest.java @@ -50,7 +50,7 @@ public class BRMSParamPolicyServiceTest { String succeeded = prop.getProperty("xacml.rest.pap.url"); List paps = Arrays.asList(succeeded.split(",")); PAPServices.setPaps(paps); - PAPServices.junit = true; + PAPServices.setJunit(true); PolicyParameters policyParameters = new PolicyParameters(); policyParameters.setPolicyConfigType(PolicyConfigType.BRMS_PARAM); @@ -80,7 +80,7 @@ public class BRMSParamPolicyServiceTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java index de884b349..c21bc9c77 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopFaultPolicyServiceTest.java @@ -47,7 +47,7 @@ public class ClosedLoopFaultPolicyServiceTest { String succeeded = prop.getProperty("xacml.rest.pap.url"); List paps = Arrays.asList(succeeded.split(",")); PAPServices.setPaps(paps); - PAPServices.junit = true; + PAPServices.setJunit(true); PolicyParameters policyParameters = new PolicyParameters(); policyParameters.setPolicyConfigType(PolicyConfigType.ClosedLoop_Fault); @@ -69,7 +69,7 @@ public class ClosedLoopFaultPolicyServiceTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java index 19bb279e6..99dc67742 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/ClosedLoopPMPolicyServiceTest.java @@ -47,7 +47,7 @@ public class ClosedLoopPMPolicyServiceTest { String succeeded = prop.getProperty("xacml.rest.pap.url"); List paps = Arrays.asList(succeeded.split(",")); PAPServices.setPaps(paps); - PAPServices.junit = true; + PAPServices.setJunit(true); PolicyParameters policyParameters = new PolicyParameters(); policyParameters.setPolicyConfigType(PolicyConfigType.ClosedLoop_PM); @@ -69,7 +69,7 @@ public class ClosedLoopPMPolicyServiceTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java index 0fcb0027c..fe0668115 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/DecisionPolicyServiceTest.java @@ -49,7 +49,7 @@ public class DecisionPolicyServiceTest { String succeeded = prop.getProperty("xacml.rest.pap.url"); List paps = Arrays.asList(succeeded.split(",")); PAPServices.setPaps(paps); - PAPServices.junit = true; + PAPServices.setJunit(true); PolicyParameters policyParameters = new PolicyParameters(); policyParameters.setPolicyClass(PolicyClass.Decision); @@ -94,7 +94,7 @@ public class DecisionPolicyServiceTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java index 4343a5060..ccedd7553 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/FirewallPolicyServiceTest.java @@ -46,7 +46,7 @@ public class FirewallPolicyServiceTest { String succeeded = prop.getProperty("xacml.rest.pap.url"); List paps = Arrays.asList(succeeded.split(",")); PAPServices.setPaps(paps); - PAPServices.junit = true; + PAPServices.setJunit(true); PolicyParameters policyParameters = new PolicyParameters(); policyParameters.setPolicyConfigType(PolicyConfigType.Firewall); //required @@ -67,7 +67,7 @@ public class FirewallPolicyServiceTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java index a9301e728..e460a853b 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/MicroServicesPolicyServiceTest.java @@ -47,7 +47,7 @@ public class MicroServicesPolicyServiceTest { String succeeded = prop.getProperty("xacml.rest.pap.url"); List paps = Arrays.asList(succeeded.split(",")); PAPServices.setPaps(paps); - PAPServices.junit = true; + PAPServices.setJunit(true); PolicyParameters policyParameters = new PolicyParameters(); policyParameters.setPolicyConfigType(PolicyConfigType.MicroService); @@ -69,7 +69,7 @@ public class MicroServicesPolicyServiceTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test diff --git a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java index 9d1d13910..93fde841d 100644 --- a/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java +++ b/ONAP-PDP-REST/src/test/java/org/onap/policy/pdp/rest/api/services/PAPServicesTest.java @@ -40,7 +40,7 @@ public class PAPServicesTest { @Before public void setUp() throws Exception { - PAPServices.junit = true; + PAPServices.setJunit(true); Properties prop = new Properties(); prop.load(new FileInputStream("src/test/resources/pass.xacml.pdp.properties")); String succeeded = prop.getProperty("xacml.rest.pap.url"); @@ -53,7 +53,7 @@ public class PAPServicesTest { @After public void tearDown() throws Exception { PAPServices.setPaps(null); - PAPServices.junit = false; + PAPServices.setJunit(false); } @Test -- cgit 1.2.3-korg