diff options
author | Jim Hahn <jrh3@att.com> | 2021-05-27 17:48:22 -0400 |
---|---|---|
committer | Jim Hahn <jrh3@att.com> | 2021-05-27 17:59:50 -0400 |
commit | e6bc3b407aadcab3b54074e39afc4c4dfe142b06 (patch) | |
tree | 009e82aa15168a612a919c62820913d2bf026671 | |
parent | 3031446fc890ac27d837df7b9e6b3d385de0fd43 (diff) |
Fix more sonars in models
Fixed sonars:
- SQL injection
- use re2j instead of regex
Issue-ID: POLICY-3094
Change-Id: I553bd6aa5832d71a5ac33320e2d0d022f9a00e98
Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r-- | models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java | 5 | ||||
-rw-r--r-- | models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java | 6 |
2 files changed, 9 insertions, 2 deletions
diff --git a/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java b/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java index e4cfd74d3..4a3a4da66 100644 --- a/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java +++ b/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java @@ -1,6 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation. + * Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +21,7 @@ package org.onap.policy.models.dao.converters; +import com.google.re2j.Pattern; import javax.persistence.AttributeConverter; import javax.persistence.Converter; import javax.xml.bind.annotation.adapters.XmlAdapter; @@ -31,6 +33,7 @@ import javax.xml.bind.annotation.adapters.XmlAdapter; @Converter public class CDataConditioner extends XmlAdapter<String, String> implements AttributeConverter<String, String> { + private static final Pattern TRAILING_SPACE_PAT = Pattern.compile("\\s+$"); private static final String NL = "\n"; @Override @@ -63,7 +66,7 @@ public class CDataConditioner extends XmlAdapter<String, String> implements Attr if (in == null) { return null; } else { - return in.replaceAll("\\s+$", "").replaceAll("\\r?\\n", NL); + return TRAILING_SPACE_PAT.matcher(in).replaceAll("").replaceAll("\\r?\\n", NL); } } } diff --git a/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java b/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java index 42a06acc4..d1e32935c 100644 --- a/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java +++ b/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java @@ -626,8 +626,12 @@ public class DefaultPfDao implements PfDao { final var mg = getEntityManager(); long size = 0; try { + /* + * The invoking code only passes well-known classes into this method, thus + * disabling the sonar about SQL injection. + */ size = mg.createQuery("SELECT COUNT(c) FROM " + someClass.getSimpleName() + " c", Long.class) - .getSingleResult(); + .getSingleResult(); // NOSONAR } finally { mg.close(); } |