From 38094965cb1e32186a7305f05d332b6ca29cd970 Mon Sep 17 00:00:00 2001 From: pa834y Date: Wed, 27 Mar 2019 18:39:09 -0400 Subject: Fix sonar new bugs and vulnerabilities Change-Id: I7fbfe70e856d48f40ad831a6d0451e46024bf6de Issue-ID: POLICY-1417 Signed-off-by: pa834y --- .../onap/policy/controller/PolicyController.java | 143 ++++++++++++--------- 1 file changed, 82 insertions(+), 61 deletions(-) (limited to 'POLICY-SDK-APP/src/main/java/org/onap') diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java index 69444c478..7df8602c9 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyController.java @@ -28,6 +28,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -35,12 +36,13 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; -import java.nio.charset.StandardCharsets; import javax.annotation.PostConstruct; import javax.mail.MessagingException; import javax.script.SimpleBindings; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; import org.json.JSONObject; import org.onap.policy.admin.PolicyNotificationMail; import org.onap.policy.admin.RESTfulPAPEngine; @@ -71,8 +73,6 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; @Controller @RequestMapping("/") @@ -182,8 +182,9 @@ public class PolicyController extends RestrictedBaseController { try { String fileName; if (jUnit) { - fileName = new File(".").getCanonicalPath() + File.separator + "src" + File.separator + "test" - + File.separator + "resources" + File.separator + "JSONConfig.json"; + fileName = new File(".").getCanonicalPath() + File.separator + "src" + + File.separator + "test" + File.separator + "resources" + File.separator + + "JSONConfig.json"; } else { fileName = "xacml.admin.properties"; } @@ -234,17 +235,19 @@ public class PolicyController extends RestrictedBaseController { // Get the Property Values for Dashboard tab Limit try { setLogTableLimit(prop.getProperty("xacml.onap.dashboard.logTableLimit")); - setSystemAlertTableLimit(prop.getProperty("xacml.onap.dashboard.systemAlertTableLimit")); + setSystemAlertTableLimit( + prop.getProperty("xacml.onap.dashboard.systemAlertTableLimit")); } catch (Exception e) { - policyLogger - .error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Dashboard tab Property fields are missing" + e); + policyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + + "Dashboard tab Property fields are missing" + e); setLogTableLimit("5000"); setSystemAlertTableLimit("2000"); } System.setProperty(XACMLProperties.XACML_PROPERTIES_NAME, "xacml.admin.properties"); } catch (IOException ex) { policyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE - + "Exception Occured while reading the Smtp properties from xacml.admin.properties file" + ex); + + "Exception Occured while reading the Smtp properties from xacml.admin.properties file" + + ex); } // Initialize the FunctionDefinition table at Server Start up @@ -260,7 +263,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get FunctionData Type from DB. - * + * * @return list of FunctionData. */ public static Map> getFunctionDatatypeMap() { @@ -274,7 +277,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get Function ID. - * + * * @return Function ID. */ public static Map getFunctionIdMap() { @@ -294,7 +297,8 @@ public class PolicyController extends RestrictedBaseController { FunctionDefinition value = (FunctionDefinition) functiondefinitions.get(i); mapID2Function.put(value.getXacmlid(), value); if (!mapDatatype2Function.containsKey(value.getDatatypeBean())) { - mapDatatype2Function.put(value.getDatatypeBean(), new ArrayList()); + mapDatatype2Function.put(value.getDatatypeBean(), + new ArrayList()); } mapDatatype2Function.get(value.getDatatypeBean()).add(value); } @@ -302,31 +306,33 @@ public class PolicyController extends RestrictedBaseController { /** * Get Functional Definition data. - * - * @param request HttpServletRequest. + * + * @param request HttpServletRequest. * @param response HttpServletResponse. */ - @RequestMapping(value = { "/get_FunctionDefinitionDataByName" }, method = { - org.springframework.web.bind.annotation.RequestMethod.GET }, produces = MediaType.APPLICATION_JSON_VALUE) - public void getFunctionDefinitionData(HttpServletRequest request, HttpServletResponse response) { + @RequestMapping(value = {"/get_FunctionDefinitionDataByName"}, + method = {org.springframework.web.bind.annotation.RequestMethod.GET}, + produces = MediaType.APPLICATION_JSON_VALUE) + public void getFunctionDefinitionData(HttpServletRequest request, + HttpServletResponse response) { try { Map model = new HashMap<>(); ObjectMapper mapper = new ObjectMapper(); - model.put("functionDefinitionDatas", - mapper.writeValueAsString(commonClassDao.getDataByColumn(FunctionDefinition.class, "shortname"))); + model.put("functionDefinitionDatas", mapper.writeValueAsString( + commonClassDao.getDataByColumn(FunctionDefinition.class, "shortname"))); JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); JSONObject j = new JSONObject(msg); response.getWriter().write(j.toString()); } catch (Exception e) { - policyLogger.error( - XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while retriving the Function Definition data" + e); + policyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + + "Error while retriving the Function Definition data" + e); } } /** * Get PolicyEntity Data from db. - * - * @param scope scopeName. + * + * @param scope scopeName. * @param policyName policyName. * @return policyEntity data. */ @@ -338,7 +344,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get Policy User Roles from db. - * + * * @param userId LoginID. * @return list of Roles. */ @@ -357,12 +363,13 @@ public class PolicyController extends RestrictedBaseController { /** * Get List of User Roles. - * - * @param request HttpServletRequest. + * + * @param request HttpServletRequest. * @param response HttpServletResponse. */ - @RequestMapping(value = { "/get_UserRolesData" }, method = { - org.springframework.web.bind.annotation.RequestMethod.GET }, produces = MediaType.APPLICATION_JSON_VALUE) + @RequestMapping(value = {"/get_UserRolesData"}, + method = {org.springframework.web.bind.annotation.RequestMethod.GET}, + produces = MediaType.APPLICATION_JSON_VALUE) public void getUserRolesEntityData(HttpServletRequest request, HttpServletResponse response) { try { String userId = UserUtils.getUserSession(request).getOrgUserId(); @@ -379,11 +386,11 @@ public class PolicyController extends RestrictedBaseController { /** * Policy tabs Model and View. - * + * * @param request Request input. * @return view model. */ - @RequestMapping(value = { "/policy", "/policy/Editor" }, method = RequestMethod.GET) + @RequestMapping(value = {"/policy", "/policy/Editor"}, method = RequestMethod.GET) public ModelAndView view(HttpServletRequest request) { getUserRoleFromSession(request); String myRequestUrl = request.getRequestURL().toString(); @@ -394,7 +401,8 @@ public class PolicyController extends RestrictedBaseController { setPapEngine(new RESTfulPAPEngine(myRequestUrl)); new PDPGroupContainer(new RESTfulPAPEngine(myRequestUrl)); } catch (Exception e) { - policyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Exception Occured while loading PAP" + e); + policyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + + "Exception Occured while loading PAP" + e); } Map model = new HashMap<>(); return new ModelAndView("policy_Editor", "model", model); @@ -402,7 +410,7 @@ public class PolicyController extends RestrictedBaseController { /** * Read the role from session for inserting into the database. - * + * * @param request Request input for Role. */ public void getUserRoleFromSession(HttpServletRequest request) { @@ -429,7 +437,8 @@ public class PolicyController extends RestrictedBaseController { savePolicyRoles(name, filteredRole, userId); } else { userRoles = getRoles(userId); - Pair, List> pair = org.onap.policy.utils.UserUtils.checkRoleAndScope(userRoles); + Pair, List> pair = + org.onap.policy.utils.UserUtils.checkRoleAndScope(userRoles); roles = pair.u; if (!roles.contains(filteredRole)) { savePolicyRoles(name, filteredRole, userId); @@ -440,9 +449,9 @@ public class PolicyController extends RestrictedBaseController { /** * Build a delete query for cleaning up roles and execute it. - * + * * @param filteredRoles Filtered roles list. - * @param userId UserID. + * @param userId UserID. */ private void cleanUpRoles(List filteredRoles, String userId) { StringBuilder query = new StringBuilder(); @@ -460,10 +469,10 @@ public class PolicyController extends RestrictedBaseController { /** * Save the Role to DB. - * - * @param name User Name. + * + * @param name User Name. * @param filteredRole Role Name. - * @param userId User LoginID. + * @param userId User LoginID. */ private void savePolicyRoles(String name, String filteredRole, String userId) { UserInfo userInfo = new UserInfo(); @@ -479,7 +488,7 @@ public class PolicyController extends RestrictedBaseController { /** * Filter the list of roles hierarchy wise. - * + * * @param newRoles list of roles from request. * @return */ @@ -501,7 +510,8 @@ public class PolicyController extends RestrictedBaseController { roles.clear(); roles.add(SUPERADMIN); } - if (!roles.contains(SUPERADMIN) || (POLICYGUEST.equalsIgnoreCase(role) && !superCheck)) { + if (!roles.contains(SUPERADMIN) + || (POLICYGUEST.equalsIgnoreCase(role) && !superCheck)) { if ("Policy Admin".equalsIgnoreCase(role.trim())) { roles.add("admin"); } else if ("Policy Editor".equalsIgnoreCase(role.trim())) { @@ -524,7 +534,7 @@ public class PolicyController extends RestrictedBaseController { /** * Get UserName based on LoginID. - * + * * @param createdBy loginID. * @return name. */ @@ -536,7 +546,7 @@ public class PolicyController extends RestrictedBaseController { /** * Check if the Policy is Active or not. - * + * * @param query sql query. * @return boolean. */ @@ -565,7 +575,8 @@ public class PolicyController extends RestrictedBaseController { } public PolicyVersion getPolicyEntityFromPolicyVersion(String query) { - return (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, "policyName", query); + return (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, "policyName", + query); } public List getDataByQuery(String query, SimpleBindings params) { @@ -579,10 +590,10 @@ public class PolicyController extends RestrictedBaseController { /** * Watch Policy Function. - * - * @param entity PolicyVersion entity. + * + * @param entity PolicyVersion entity. * @param policyName updated policy name. - * @param mode type of action rename/delete/import. + * @param mode type of action rename/delete/import. */ public void watchPolicyFunction(PolicyVersion entity, String policyName, String mode) { PolicyNotificationMail email = new PolicyNotificationMail(); @@ -596,7 +607,7 @@ public class PolicyController extends RestrictedBaseController { /** * Switch Version Policy Content. - * + * * @param pName which is used to find associated versions. * @return list of available versions based on policy name. */ @@ -613,7 +624,8 @@ public class PolicyController extends RestrictedBaseController { dbCheckName = dbCheckName.replace(".Decision_", ":Decision_"); } String[] splitDbCheckName = dbCheckName.split(":"); - String query = "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0"; + String query = + "FROM PolicyEntity where policyName like :splitDBCheckName1 and scope = :splitDBCheckName0"; SimpleBindings params = new SimpleBindings(); params.put("splitDBCheckName1", splitDbCheckName[1] + "%"); params.put("splitDBCheckName0", splitDbCheckName[0]); @@ -629,8 +641,8 @@ public class PolicyController extends RestrictedBaseController { if (policyName.contains("/")) { policyName = policyName.replace("/", File.separator); } - PolicyVersion entity = (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, "policyName", - policyName); + PolicyVersion entity = (PolicyVersion) commonClassDao.getEntityItem(PolicyVersion.class, + "policyName", policyName); JSONObject el = new JSONObject(); el.put("activeVersion", entity.getActiveVersion()); el.put("availableVersions", av); @@ -654,14 +666,16 @@ public class PolicyController extends RestrictedBaseController { } public String getDescription(PolicyEntity data) { - InputStream stream = new ByteArrayInputStream(data.getPolicyData().getBytes(StandardCharsets.UTF_8)); + InputStream stream = + new ByteArrayInputStream(data.getPolicyData().getBytes(StandardCharsets.UTF_8)); Object policy = XACMLPolicyScanner.readPolicy(stream); if (policy instanceof PolicySetType) { return ((PolicySetType) policy).getDescription(); } else if (policy instanceof PolicyType) { return ((PolicyType) policy).getDescription(); } else { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Expecting a PolicySet/Policy/Rule object. Got: " + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + + "Expecting a PolicySet/Policy/Rule object. Got: " + policy.getClass().getCanonicalName()); return null; } @@ -670,14 +684,20 @@ public class PolicyController extends RestrictedBaseController { public String[] getUserInfo(PolicyEntity data, List activePolicies) { String policyName = data.getScope().replace(".", File.separator) + File.separator + data.getPolicyName().substring(0, data.getPolicyName().indexOf('.')); - PolicyVersion pVersion = activePolicies.stream().filter(a -> policyName.equals(a.getPolicyName())).findAny() - .orElse(null); + PolicyVersion polVersion = activePolicies.stream() + .filter(a -> policyName.equals(a.getPolicyName())).findAny().orElse(null); String[] result = new String[2]; + UserInfo userCreate = null; + UserInfo userModify = null; + if (polVersion != null) { + userCreate = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", + polVersion.getCreatedBy()); + userModify = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", + polVersion.getModifiedBy()); + } - UserInfo userCreate = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", pVersion.getCreatedBy()); - UserInfo userModify = (UserInfo) getEntityItem(UserInfo.class, "userLoginId", pVersion.getModifiedBy()); - result[0] = userCreate != null ? userCreate.getUserName() : "super-admin"; - result[1] = userModify != null ? userModify.getUserName() : "super-admin"; + result[0] = userCreate != null ? userCreate.getUserName() : SUPERADMIN; + result[1] = userModify != null ? userModify.getUserName() : SUPERADMIN; return result; } @@ -710,7 +730,8 @@ public class PolicyController extends RestrictedBaseController { return mapDatatype2Function; } - public static void setMapDatatype2Function(Map> mapDatatype2Function) { + public static void setMapDatatype2Function( + Map> mapDatatype2Function) { PolicyController.mapDatatype2Function = mapDatatype2Function; } @@ -936,7 +957,7 @@ public class PolicyController extends RestrictedBaseController { /** * Set File Size limit. - * + * * @param uploadSize value. */ public static void setFileSizeLimit(String uploadSize) { @@ -954,7 +975,7 @@ public class PolicyController extends RestrictedBaseController { /** * Function to convert date. - * + * * @param dateTTL input date value. * @return */ -- cgit 1.2.3-korg