From e6bc3b407aadcab3b54074e39afc4c4dfe142b06 Mon Sep 17 00:00:00 2001
From: Jim Hahn <jrh3@att.com>
Date: Thu, 27 May 2021 17:48:22 -0400
Subject: Fix more sonars in models

Fixed sonars:
- SQL injection
- use re2j instead of regex

Issue-ID: POLICY-3094
Change-Id: I553bd6aa5832d71a5ac33320e2d0d022f9a00e98
Signed-off-by: Jim Hahn <jrh3@att.com>
---
 .../org/onap/policy/models/dao/converters/CDataConditioner.java     | 5 ++++-
 .../src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'models-dao')

diff --git a/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java b/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java
index e4cfd74d3..4a3a4da66 100644
--- a/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java
+++ b/models-dao/src/main/java/org/onap/policy/models/dao/converters/CDataConditioner.java
@@ -1,6 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2019 Nordix Foundation.
+ *  Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +21,7 @@
 
 package org.onap.policy.models.dao.converters;
 
+import com.google.re2j.Pattern;
 import javax.persistence.AttributeConverter;
 import javax.persistence.Converter;
 import javax.xml.bind.annotation.adapters.XmlAdapter;
@@ -31,6 +33,7 @@ import javax.xml.bind.annotation.adapters.XmlAdapter;
 @Converter
 public class CDataConditioner extends XmlAdapter<String, String> implements AttributeConverter<String, String> {
 
+    private static final Pattern TRAILING_SPACE_PAT = Pattern.compile("\\s+$");
     private static final String NL = "\n";
 
     @Override
@@ -63,7 +66,7 @@ public class CDataConditioner extends XmlAdapter<String, String> implements Attr
         if (in == null) {
             return null;
         } else {
-            return in.replaceAll("\\s+$", "").replaceAll("\\r?\\n", NL);
+            return TRAILING_SPACE_PAT.matcher(in).replaceAll("").replaceAll("\\r?\\n", NL);
         }
     }
 }
diff --git a/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java b/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java
index 42a06acc4..d1e32935c 100644
--- a/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java
+++ b/models-dao/src/main/java/org/onap/policy/models/dao/impl/DefaultPfDao.java
@@ -626,8 +626,12 @@ public class DefaultPfDao implements PfDao {
         final var mg = getEntityManager();
         long size = 0;
         try {
+            /*
+             * The invoking code only passes well-known classes into this method, thus
+             * disabling the sonar about SQL injection.
+             */
             size = mg.createQuery("SELECT COUNT(c) FROM " + someClass.getSimpleName() + " c", Long.class)
-                    .getSingleResult();
+                    .getSingleResult();     // NOSONAR
         } finally {
             mg.close();
         }
-- 
cgit 1.2.3-korg