From 0c8425b25c093f638351a14f84a7b1df731cd0de Mon Sep 17 00:00:00 2001 From: rb7147 Date: Thu, 1 Feb 2018 16:29:04 -0500 Subject: Resolved Fortify System Information Leak issues Issue-ID: POLICY-550 Change-Id: I2145ecb6de43b69d6faf44c6395b119134a9904f Signed-off-by: rb7147 --- .../ActionPolicyDictionaryController.java | 3 +- .../controller/ClosedLoopDictionaryController.java | 25 +- .../DecisionPolicyDictionaryController.java | 11 +- .../DescriptiveDictionaryController.java | 5 +- .../controller/DictionaryImportController.java | 949 ++++++++++++--------- .../controller/EnforcerDictionaryController.java | 5 +- .../controller/FirewallDictionaryController.java | 208 ++--- .../MicroServiceDictionaryController.java | 21 +- .../PolicyScopeDictionaryController.java | 21 +- .../rest/controller/PushPolicyController.java | 9 +- .../rest/controller/SafePolicyController.java | 9 +- .../rest/policycontroller/PolicyCreation.java | 53 +- 12 files changed, 761 insertions(+), 558 deletions(-) (limited to 'ONAP-PAP-REST/src/main/java') diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java index b5a3b45e8..5c9b2b883 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java @@ -38,6 +38,7 @@ import org.onap.policy.pap.xacml.rest.util.JsonMessage; import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.ActionPolicyDict; import org.onap.policy.rest.jpa.UserInfo; +import org.onap.policy.utils.PolicyUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; @@ -215,7 +216,7 @@ public class ActionPolicyDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java index 675c82549..f359ca2cb 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java @@ -45,6 +45,7 @@ import org.onap.policy.rest.jpa.UserInfo; import org.onap.policy.rest.jpa.VNFType; import org.onap.policy.rest.jpa.VSCLAction; import org.onap.policy.rest.jpa.VarbindDictionary; +import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; @@ -392,7 +393,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -422,7 +423,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -513,7 +514,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -543,7 +544,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -653,7 +654,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -683,7 +684,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -771,7 +772,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -801,7 +802,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -890,7 +891,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -920,7 +921,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -1009,7 +1010,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -1039,7 +1040,7 @@ public class ClosedLoopDictionaryController{ response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java index f4e32ebea..5792cba81 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java @@ -23,6 +23,7 @@ package org.onap.policy.pap.xacml.rest.controller; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; + import org.json.JSONObject; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; @@ -32,6 +33,7 @@ import org.onap.policy.rest.jpa.Datatype; import org.onap.policy.rest.jpa.DecisionSettings; import org.onap.policy.rest.jpa.RainyDayTreatments; import org.onap.policy.rest.jpa.UserInfo; +import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; @@ -41,6 +43,7 @@ import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import java.io.IOException; import java.io.PrintWriter; import java.io.UnsupportedEncodingException; @@ -208,7 +211,7 @@ public class DecisionPolicyDictionaryController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -238,7 +241,7 @@ public class DecisionPolicyDictionaryController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -376,7 +379,7 @@ public class DecisionPolicyDictionaryController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -406,7 +409,7 @@ public class DecisionPolicyDictionaryController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java index 40b0b5d62..a12f17b50 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java @@ -40,6 +40,7 @@ import org.onap.policy.pap.xacml.rest.util.JsonMessage; import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.DescriptiveScope; import org.onap.policy.rest.jpa.UserInfo; +import org.onap.policy.utils.PolicyUtils; import org.onap.policy.xacml.api.XACMLErrorConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; @@ -210,7 +211,7 @@ public class DescriptiveDictionaryController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -240,7 +241,7 @@ public class DescriptiveDictionaryController { response.setCharacterEncoding("UTF-8"); request.setCharacterEncoding("UTF-8"); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DictionaryImportController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DictionaryImportController.java index aee05da45..0b487010c 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DictionaryImportController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/DictionaryImportController.java @@ -31,19 +31,27 @@ import java.io.OutputStream; import java.util.List; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.apache.commons.compress.utils.IOUtils; +import org.onap.policy.common.logging.flexlogger.FlexLogger; +import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.ActionList; import org.onap.policy.rest.jpa.ActionPolicyDict; import org.onap.policy.rest.jpa.AddressGroup; import org.onap.policy.rest.jpa.Attribute; +import org.onap.policy.rest.jpa.BRMSController; +import org.onap.policy.rest.jpa.BRMSDependency; import org.onap.policy.rest.jpa.BRMSParamTemplate; import org.onap.policy.rest.jpa.Category; +import org.onap.policy.rest.jpa.ClosedLoopD2Services; +import org.onap.policy.rest.jpa.ClosedLoopSite; import org.onap.policy.rest.jpa.Datatype; import org.onap.policy.rest.jpa.DecisionSettings; import org.onap.policy.rest.jpa.DescriptiveScope; import org.onap.policy.rest.jpa.GroupServiceList; +import org.onap.policy.rest.jpa.MicroServiceModels; import org.onap.policy.rest.jpa.OnapName; import org.onap.policy.rest.jpa.PEPOptions; import org.onap.policy.rest.jpa.PrefixList; @@ -68,9 +76,12 @@ import au.com.bytecode.opencsv.CSVReader; @Controller public class DictionaryImportController { + private static final Logger LOGGER = FlexLogger.getLogger(DictionaryImportController.class); + private String newFile; private static CommonClassDao commonClassDao; + private static final String DESCRIPTION= "description"; @Autowired public DictionaryImportController(CommonClassDao commonClassDao){ @@ -81,458 +92,622 @@ public class DictionaryImportController { @RequestMapping(value={"/dictionary/import_dictionary"}, method={org.springframework.web.bind.annotation.RequestMethod.POST}) - public void ImportDictionaryData(HttpServletRequest request) throws IOException{ + public void ImportDictionaryData(HttpServletRequest request, HttpServletResponse response) throws IOException{ ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); String userId = request.getParameter("userId"); String dictionaryName = request.getParameter("dictionaryName"); - - File file = new File(dictionaryName); - OutputStream outputStream = new FileOutputStream(file); - IOUtils.copy(request.getInputStream(), outputStream); - outputStream.close(); - this.newFile = file.toString(); - CSVReader csvReader = new CSVReader(new FileReader(this.newFile)); - List dictSheet = csvReader.readAll(); - if(dictionaryName.startsWith("Attribute")){ - for(int i = 1; i< dictSheet.size(); i++){ - Attribute attribute = new Attribute(""); - UserInfo userinfo = new UserInfo(); - userinfo.setUserLoginId(userId); - attribute.setUserCreatedBy(userinfo); - attribute.setUserModifiedBy(userinfo); - String[] rows = dictSheet.get(i); - for (int j=0 ; j dictSheet = csvReader.readAll(); + if(dictionaryName.startsWith("Attribute")){ + dictionaryImportExists = true; + for(int i = 1; i< dictSheet.size(); i++){ + Attribute attribute = new Attribute(""); + UserInfo userinfo = new UserInfo(); + userinfo.setUserLoginId(userId); + attribute.setUserCreatedBy(userinfo); + attribute.setUserModifiedBy(userinfo); + String[] rows = dictSheet.get(i); + for (int j=0 ; j duplicateData = commonClassDao.checkDuplicateEntry(fwTagPicker.getTagPickerName(), tagPickerName, FWTagPicker.class); + if (("update").equals(request.getParameter("operation"))) { + List duplicateData = commonClassDao.checkDuplicateEntry(fwTagPicker.getTagPickerName(), "tagPickerName", FWTagPicker.class); + int id = 0; FWTagPicker dbdata = (FWTagPicker) duplicateData.get(0); - int id = dbdata.getId(); + id = dbdata.getId(); fwTagPicker.setId(id); fwTagPicker.setUserCreatedBy(this.getUserInfo(userId)); } } else { - - fwTagPicker = (FWTagPicker)mapper.readValue(root.get(fwTagPickerDictionaryData).toString(), FWTagPicker.class); - data = (TagGridValues)mapper.readValue(root.get(fwTagPickerDictionaryData).toString(), TagGridValues.class); - userId = root.get(userid).textValue(); - } - - String header = ""; - int counter = 0; - if(!data.getTags().isEmpty()){ - for(Object attribute : data.getTags()){ - if(attribute instanceof LinkedHashMap){ - String key = ((LinkedHashMap) attribute).get(option).toString(); - String value = ((LinkedHashMap) attribute).get("number").toString(); - if(counter>0){ - header = header + "#"; + TagGridValues data; + fwTagPicker = (FWTagPicker)mapper.readValue(root.get("fwTagPickerDictionaryData").toString(), FWTagPicker.class); + data = (TagGridValues)mapper.readValue(root.get("fwTagPickerDictionaryData").toString(), TagGridValues.class); + userId = root.get("userid").textValue(); + + StringBuilder header = new StringBuilder(); + int counter = 0; + if(!data.getTags().isEmpty()){ + for(Object attribute : data.getTags()){ + if(attribute instanceof LinkedHashMap){ + String key = ((LinkedHashMap) attribute).get("option").toString(); + String value = ((LinkedHashMap) attribute).get("number").toString(); + if(counter>0){ + header.append("#"); + } + header.append(key+":"+value); + counter ++; } - header = header + key + ":"; - header = header + value; - counter ++; } } + fwTagPicker.setTagValues(header.toString()); } - fwTagPicker.setTagValues(header); + if(fwTagPicker.getId() == 0){ - List duplicateData = commonClassDao.checkDuplicateEntry(fwTagPicker.getTagPickerName(), tagPickerName, FWTagPicker.class); + List duplicateData = commonClassDao.checkDuplicateEntry(fwTagPicker.getTagPickerName(), "tagPickerName", FWTagPicker.class); if(!duplicateData.isEmpty()){ duplicateflag = true; }else{ @@ -1997,7 +1999,6 @@ public class FirewallDictionaryController { fwTagPicker.setModifiedDate(new Date()); commonClassDao.update(fwTagPicker); } - String responseString = ""; if(duplicateflag){ responseString = duplicateResponseString; @@ -2028,7 +2029,7 @@ public class FirewallDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -2056,33 +2057,34 @@ public class FirewallDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } - - @RequestMapping(value={"/get_TagNameByName"}, method={org.springframework.web.bind.annotation.RequestMethod.GET} , produces=MediaType.APPLICATION_JSON_VALUE) - public void getTagNameEntityDataByName(HttpServletResponse response){ + @RequestMapping(value={"/get_TagListData"}, method={org.springframework.web.bind.annotation.RequestMethod.GET} , produces=MediaType.APPLICATION_JSON_VALUE) + public void getTagDictionaryEntityData(HttpServletResponse response){ try{ Map model = new HashMap<>(); ObjectMapper mapper = new ObjectMapper(); - model.put(fwTagDictionaryDatas, mapper.writeValueAsString(commonClassDao.getDataByColumn(FWTag.class, "fwTagName"))); + model.put(fwTagDictionaryDatas, mapper.writeValueAsString(commonClassDao.getData(FWTag.class))); JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); JSONObject j = new JSONObject(msg); + response.addHeader(successMapKey, successMessage); + response.addHeader(operation, getDictionary); response.getWriter().write(j.toString()); } catch (Exception e){ LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); } } - - @RequestMapping(value={"/get_TagListData"}, method={org.springframework.web.bind.annotation.RequestMethod.GET} , produces=MediaType.APPLICATION_JSON_VALUE) - public void getTagDictionaryEntityData(HttpServletResponse response){ + + @RequestMapping(value={"/get_TagNameByName"}, method={org.springframework.web.bind.annotation.RequestMethod.GET} , produces=MediaType.APPLICATION_JSON_VALUE) + public void getTagNameEntityDataByName(HttpServletRequest request, HttpServletResponse response){ try{ Map model = new HashMap<>(); ObjectMapper mapper = new ObjectMapper(); - model.put(fwTagDictionaryDatas, mapper.writeValueAsString(commonClassDao.getData(FWTag.class))); + model.put("fwTagDictionaryDatas", mapper.writeValueAsString(commonClassDao.getDataByColumn(FWTag.class, "fwTagName"))); JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); JSONObject j = new JSONObject(msg); response.getWriter().write(j.toString()); @@ -2092,6 +2094,7 @@ public class FirewallDictionaryController { } } + @RequestMapping(value={"/fw_dictionary/save_fwTag"}, method={org.springframework.web.bind.annotation.RequestMethod.POST}) public ModelAndView saveFirewallTagDictionary(HttpServletRequest request, HttpServletResponse response) throws IOException{ try { @@ -2100,50 +2103,47 @@ public class FirewallDictionaryController { if (request.getParameter(apiflag)!=null && ("api").equalsIgnoreCase(request.getParameter(apiflag))) { fromAPI = true; } - ObjectMapper mapper = new ObjectMapper(); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); JsonNode root = mapper.readTree(request.getReader()); - - FWTag fwTag; - TagGridValues tagGridValues; - String userId = null; + + String userId=""; if (fromAPI) { - fwTag = (FWTag)mapper.readValue(root.get(fwTagDictionaryDatas).toString(), FWTag.class); - tagGridValues = (TagGridValues)mapper.readValue(root.get(fwTagDictionaryDatas).toString(), TagGridValues.class); + fwTag = mapper.readValue(root.get("dictionaryFields").toString(), FWTag.class); userId = "API"; - //check if update operation or create, get id for data to be updated and update attributeData - if ((update).equals(request.getParameter(operation))) { - List duplicateData = commonClassDao.checkDuplicateEntry(fwTag.getFwTagName(), "tagName", FWTag.class); + if ("update".equals(request.getParameter("operation"))) { + List duplicateData = commonClassDao.checkDuplicateEntry(fwTag.getFwTagName(), "fwTagName", FWTag.class); + int id = 0; FWTag data = (FWTag) duplicateData.get(0); - int id = data.getId(); + id = data.getId(); fwTag.setId(id); fwTag.setUserCreatedBy(this.getUserInfo(userId)); - } } else { - fwTag = (FWTag)mapper.readValue(root.get("fwTagDictionaryData").toString(), FWTag.class); - tagGridValues = (TagGridValues)mapper.readValue(root.get("fwTagDictionaryData").toString(), TagGridValues.class); - userId = root.get(userid).textValue(); - } - - String userValue = ""; - int counter = 0; - if(!tagGridValues.getTags().isEmpty()){ - for(Object attribute : tagGridValues.getTags()){ - if(attribute instanceof LinkedHashMap){ - String key = ((LinkedHashMap) attribute).get("tags").toString(); - if(counter>0){ - userValue = userValue + ","; + TagGridValues tagGridValues; + fwTag = mapper.readValue(root.get("fwTagDictionaryData").toString(), FWTag.class); + tagGridValues = mapper.readValue(root.get("fwTagDictionaryData").toString(), TagGridValues.class); + userId = root.get("userid").textValue(); + + StringBuilder userValue = new StringBuilder(); + int counter = 0; + if(!tagGridValues.getTags().isEmpty()){ + for(Object attribute : tagGridValues.getTags()){ + if(attribute instanceof LinkedHashMap){ + String key = ((LinkedHashMap) attribute).get("tags").toString(); + if(counter>0){ + userValue.append(","); + } + userValue.append(key); + counter ++; } - userValue = userValue + key ; - counter ++; } } + fwTag.setTagValues(userValue.toString()); } - fwTag.setTagValues(userValue); + if(fwTag.getId() == 0){ List duplicateData = commonClassDao.checkDuplicateEntry(fwTag.getFwTagName(), "fwTagName", FWTag.class); if(!duplicateData.isEmpty()){ @@ -2151,20 +2151,22 @@ public class FirewallDictionaryController { }else{ fwTag.setUserCreatedBy(this.getUserInfo(userId)); fwTag.setUserModifiedBy(this.getUserInfo(userId)); + commonClassDao.save(fwTag); - } + } }else{ - fwTag.setUserModifiedBy(this.getUserInfo(userId)); - fwTag.setModifiedDate(new Date()); - commonClassDao.update(fwTag); + + fwTag.setUserModifiedBy(this.getUserInfo(userId)); + commonClassDao.update(fwTag); + } - String responseString = ""; if(duplicateflag){ - responseString = duplicateResponseString; + responseString = "Duplicate"; }else{ - responseString = mapper.writeValueAsString(commonClassDao.getData(FWTag.class)); + responseString = mapper.writeValueAsString(commonClassDao.getData(FWTag.class)); } + if (fromAPI) { if (responseString!=null && !(duplicateResponseString).equals(responseString)) { responseString = successMsg; @@ -2189,7 +2191,7 @@ public class FirewallDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -2219,7 +2221,7 @@ public class FirewallDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java index 0170a71e0..2eca73ea5 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java @@ -47,6 +47,7 @@ import org.onap.policy.rest.jpa.MicroServiceModels; import org.onap.policy.rest.jpa.UserInfo; import org.onap.policy.rest.util.MSAttributeObject; import org.onap.policy.rest.util.MSModelUtils; +import org.onap.policy.utils.PolicyUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; @@ -216,7 +217,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -247,7 +248,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -365,7 +366,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -396,7 +397,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -511,7 +512,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -542,7 +543,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -657,7 +658,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -688,7 +689,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -965,7 +966,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -996,7 +997,7 @@ public class MicroServiceDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PolicyScopeDictionaryController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PolicyScopeDictionaryController.java index 2715d581b..4b2f299a5 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PolicyScopeDictionaryController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PolicyScopeDictionaryController.java @@ -42,6 +42,7 @@ import org.onap.policy.rest.jpa.PolicyScopeResource; import org.onap.policy.rest.jpa.PolicyScopeService; import org.onap.policy.rest.jpa.PolicyScopeType; import org.onap.policy.rest.jpa.UserInfo; +import org.onap.policy.utils.PolicyUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; @@ -268,7 +269,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -298,7 +299,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -420,7 +421,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -451,7 +452,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -570,7 +571,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -601,7 +602,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -726,7 +727,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); LOGGER.error(e); } return null; @@ -757,7 +758,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -880,7 +881,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -910,7 +911,7 @@ public class PolicyScopeDictionaryController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java index 885a6117f..a695ec389 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java @@ -86,7 +86,7 @@ public class PushPolicyController { requestID = UUID.randomUUID().toString(); LOGGER.info("No request ID provided, sending generated ID: " + requestID); } - LOGGER.info("Push policy Request : " + root.asText()); + LOGGER.info("Push policy Request to get the selectedPolicy : " + root.asText()); String policyVersionName = policyScope.replace(".", File.separator) + File.separator + filePrefix + policyName; List policyVersionObject = commonClassDao.getDataById(PolicyVersion.class, policyNames, policyVersionName); @@ -116,7 +116,7 @@ public class PushPolicyController { private void addPolicyToGroup(String policyScope, String policyID, String policyName, String pdpGroup, HttpServletResponse response) { StdPDPGroup selectedPDPGroup = null; StdPDPPolicy selectedPolicy = null; - //Get the current policies from the Group and Add the new one + //Get the selected PDP Group to push the policy try { selectedPDPGroup = (StdPDPGroup) XACMLPapServlet.getPAPEngine().getGroup(pdpGroup); } catch (PAPException e1) { @@ -127,6 +127,9 @@ public class PushPolicyController { PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message); response.addHeader(errorMsg, "unknownGroupId"); response.addHeader(operation, "push"); + //for fixing Header Manipulation of Fortify issue + message = message.replace("\n", ""); + message = message.replace("\r", ""); response.addHeader(messageContent, message); response.setStatus(HttpServletResponse.SC_NOT_FOUND); return; @@ -159,7 +162,7 @@ public class PushPolicyController { // Create the policy Object selectedPolicy = new StdPDPPolicy(policyName, true, policyID, selectedURI); } catch (IOException e) { - LOGGER.error("Unable to create policy '" + policyName + "': "+ e.getMessage(),e); + LOGGER.error("Unable to get policy '" + policyName + "': "+ e.getMessage(),e); } try { new ObjectOutputStream(response.getOutputStream()).writeObject(selectedPolicy); diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/SafePolicyController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/SafePolicyController.java index 1ad304cc7..02d53c6b4 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/SafePolicyController.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/SafePolicyController.java @@ -38,6 +38,7 @@ import org.onap.policy.rest.dao.CommonClassDao; import org.onap.policy.rest.jpa.RiskType; import org.onap.policy.rest.jpa.SafePolicyWarning; import org.onap.policy.rest.jpa.UserInfo; +import org.onap.policy.utils.PolicyUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; @@ -195,7 +196,7 @@ public class SafePolicyController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -226,7 +227,7 @@ public class SafePolicyController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -349,7 +350,7 @@ public class SafePolicyController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } @@ -381,7 +382,7 @@ public class SafePolicyController { response.setCharacterEncoding(utf8); request.setCharacterEncoding(utf8); PrintWriter out = response.getWriter(); - out.write(e.getMessage()); + out.write(PolicyUtils.CATCH_EXCEPTION); } return null; } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java index 76fe4ae5d..415c7792d 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java @@ -20,6 +20,7 @@ package org.onap.policy.pap.xacml.rest.policycontroller; import java.io.File; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.LinkedList; @@ -184,6 +185,7 @@ public class PolicyCreation extends AbstractPolicyCreation{ policyVersionDao.setActiveVersion(version); policyVersionDao.setHigherVersion(version); policyVersionDao.setModifiedBy(modifiedBy); + policyVersionDao.setModifiedDate(new Date()); }else{ body = "policyExists"; status = HttpStatus.CONFLICT; @@ -229,14 +231,12 @@ public class PolicyCreation extends AbstractPolicyCreation{ policyData.setRuleCombiningAlgId("urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"); if(policyData.getApiflag() == null){ //set the Rule Combining Algorithm Id to be sent to PAP-REST via JSON - if(policyData.getAttributes() != null){ - if(policyData.getAttributes().size() > 0){ - for(Object attribute : policyData.getAttributes()){ - if(attribute instanceof LinkedHashMap){ - String key = ((LinkedHashMap) attribute).get("key").toString(); - String value = ((LinkedHashMap) attribute).get("value").toString(); - attributeMap.put(key, value); - } + if(policyData.getAttributes() != null && !policyData.getAttributes().isEmpty()){ + for(Object attribute : policyData.getAttributes()){ + if(attribute instanceof LinkedHashMap){ + String key = ((LinkedHashMap) attribute).get("key").toString(); + String value = ((LinkedHashMap) attribute).get("value").toString(); + attributeMap.put(key, value); } } } @@ -312,7 +312,7 @@ public class PolicyCreation extends AbstractPolicyCreation{ List dynamicRuleAlgorithmField2 = new LinkedList<>(); - if(policyData.getRuleAlgorithmschoices().size() > 0){ + if(!policyData.getRuleAlgorithmschoices().isEmpty()){ for(Object attribute : policyData.getRuleAlgorithmschoices()){ if(attribute instanceof LinkedHashMap){ String label = ((LinkedHashMap) attribute).get("id").toString(); @@ -329,22 +329,35 @@ public class PolicyCreation extends AbstractPolicyCreation{ String actionDictValue = policyData.getActionAttributeValue(); ActionPolicyDict jsonData = ((ActionPolicyDict) commonClassDao.getEntityItem(ActionPolicyDict.class, "attributeName", actionDictValue)); - String actionBodyString = jsonData.getBody(); - String actionDictHeader = jsonData.getHeader(); - String actionDictType = jsonData.getType(); - String actionDictUrl = jsonData.getUrl(); - String actionDictMethod = jsonData.getMethod(); - policyData.setActionDictHeader(actionDictHeader); - policyData.setActionDictType(actionDictType); - policyData.setActionDictUrl(actionDictUrl); - policyData.setActionDictMethod(actionDictMethod); + if(jsonData!=null){ + String actionBodyString = jsonData.getBody(); + String actionDictHeader = jsonData.getHeader(); + String actionDictType = jsonData.getType(); + String actionDictUrl = jsonData.getUrl(); + String actionDictMethod = jsonData.getMethod(); + policyData.setActionDictHeader(actionDictHeader); + policyData.setActionDictType(actionDictType); + policyData.setActionDictUrl(actionDictUrl); + policyData.setActionDictMethod(actionDictMethod); + if (actionBodyString != null) { + policyData.setActionBody(actionBodyString); + } + } policyData.setActionAttribute(actionDictValue); policyData.setDynamicRuleAlgorithmLabels(dynamicRuleAlgorithmLabels); policyData.setDynamicRuleAlgorithmCombo(dynamicRuleAlgorithmCombo); policyData.setDynamicRuleAlgorithmField1(dynamicRuleAlgorithmField1); policyData.setDynamicRuleAlgorithmField2(dynamicRuleAlgorithmField2); - if (actionBodyString != null) { - policyData.setActionBody(actionBodyString); + }else{ + // API request. + String comboDictValue = policyData.getActionAttribute(); + ActionPolicyDict jsonData = ((ActionPolicyDict) commonClassDao.getEntityItem(ActionPolicyDict.class, "attributeName", comboDictValue)); + if(jsonData!=null){ + policyData.setActionBody(jsonData.getBody()); + policyData.setActionDictHeader(jsonData.getHeader()); + policyData.setActionDictType(jsonData.getType()); + policyData.setActionDictUrl(jsonData.getUrl()); + policyData.setActionDictMethod(jsonData.getMethod()); } } newPolicy = new ActionPolicy(policyData); -- cgit 1.2.3-korg