aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-05-27 17:48:22 -0400
committerJim Hahn <jrh3@att.com>2021-05-27 17:59:50 -0400
commite6bc3b407aadcab3b54074e39afc4c4dfe142b06 (patch)
tree009e82aa15168a612a919c62820913d2bf026671
parent3031446fc890ac27d837df7b9e6b3d385de0fd43 (diff)
Fix more sonars in models
Fixed sonars: - SQL injection - use re2j instead of regex Issue-ID: POLICY-3094 Change-Id: I553bd6aa5832d71a5ac33320e2d0d022f9a00e98 Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r--models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java5
-rw-r--r--models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java6
2 files changed, 9 insertions, 2 deletions
diff --git a/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java b/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java
index e4cfd74d3..4a3a4da66 100644
--- a/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java
+++ b/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java
@@ -1,6 +1,7 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2019 Nordix Foundation.
+ * Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +21,7 @@
package org.onap.policy.models.dao.converters;
+import com.google.re2j.Pattern;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import javax.xml.bind.annotation.adapters.XmlAdapter;
@@ -31,6 +33,7 @@ import javax.xml.bind.annotation.adapters.XmlAdapter;
@Converter
public class CDataConditioner extends XmlAdapter<String, String> implements AttributeConverter<String, String> {
+ private static final Pattern TRAILING_SPACE_PAT = Pattern.compile("\\s+$");
private static final String NL = "\n";
@Override
@@ -63,7 +66,7 @@ public class CDataConditioner extends XmlAdapter<String, String> implements Attr
if (in == null) {
return null;
} else {
- return in.replaceAll("\\s+$", "").replaceAll("\\r?\\n", NL);
+ return TRAILING_SPACE_PAT.matcher(in).replaceAll("").replaceAll("\\r?\\n", NL);
}
}
}
diff --git a/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java b/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java
index 42a06acc4..d1e32935c 100644
--- a/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java
+++ b/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java
@@ -626,8 +626,12 @@ public class DefaultPfDao implements PfDao {
final var mg = getEntityManager();
long size = 0;
try {
+ /*
+ * The invoking code only passes well-known classes into this method, thus
+ * disabling the sonar about SQL injection.
+ */
size = mg.createQuery("SELECT COUNT(c) FROM " + someClass.getSimpleName() + " c", Long.class)
- .getSingleResult();
+ .getSingleResult(); // NOSONAR
} finally {
mg.close();
}