Fix sonarqube issues introduced by ZipSlip change

Fix major and critical sonarqube issues introduced by ZipSlip change
id I721f3d44b34fe6d242c9537f5a515ce1bb534c9a

Change-Id: I3aa2cd4116936d715baba99a38d43aa40fd62a29
Issue-ID: SDC-1401
Signed-off-by: andre.schmid <andre.schmid@est.tech>

4 files changed, 44 insertions, 42 deletions

diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java
index 514576fcd8..3606b010ce 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java
@@ -28,7 +28,6 @@ import com.google.gson.JsonSyntaxException;
 import fj.data.Either;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Type;
@@ -232,15 +231,11 @@ public abstract class AbstractValidationsServlet extends BeGenericServlet {
         fillToscaTemplateFromZip(yamlStringWrapper, ymlName, file);
     }
 
-    private static void fillToscaTemplateFromZip(Wrapper<String> yamlStringWrapper, String payloadName, File file) {
-        Map<String, byte[]> unzippedFolder = null;
-        try {
-            unzippedFolder = ZipUtils.readZip(file, false);
-        } catch (final ZipException e) {
-            log.info("Failed to unzip file", e);
-        }
-        byte[] yamlFileInBytes = unzippedFolder.get(payloadName);
-        String yamlAsString = new String(yamlFileInBytes, StandardCharsets.UTF_8);
+    private static void fillToscaTemplateFromZip(final Wrapper<String> yamlStringWrapper, final String payloadName,
+                                                 final File file) throws ZipException {
+        final Map<String, byte[]> unzippedFolder = ZipUtils.readZip(file, false);
+        final byte[] yamlFileInBytes = unzippedFolder.get(payloadName);
+        final String yamlAsString = new String(yamlFileInBytes, StandardCharsets.UTF_8);
         log.debug("received yaml: {}", yamlAsString);
         yamlStringWrapper.setInnerElement(yamlAsString);
     }
@@ -521,7 +516,7 @@ public abstract class AbstractValidationsServlet extends BeGenericServlet {
     }
 
     protected void fillPayload(Wrapper<Response> responseWrapper, Wrapper<UploadResourceInfo> uploadResourceInfoWrapper, Wrapper<String> yamlStringWrapper, User user, String resourceInfoJsonString, ResourceAuthorityTypeEnum resourceAuthorityEnum,
-            File file) throws FileNotFoundException {
+            File file) throws ZipException {
 
         if (responseWrapper.isEmpty()) {
             if (resourceAuthorityEnum.isBackEndImport()) {
@@ -562,8 +557,11 @@ public abstract class AbstractValidationsServlet extends BeGenericServlet {
 
     }
 
-    protected void specificResourceAuthorityValidations(Wrapper<Response> responseWrapper, Wrapper<UploadResourceInfo> uploadResourceInfoWrapper, Wrapper<String> yamlStringWrapper, User user, HttpServletRequest request, String resourceInfoJsonString,
-            ResourceAuthorityTypeEnum resourceAuthorityEnum) throws FileNotFoundException {
+    protected void specificResourceAuthorityValidations(final Wrapper<Response> responseWrapper,
+                                                        final Wrapper<UploadResourceInfo> uploadResourceInfoWrapper,
+                                                        final Wrapper<String> yamlStringWrapper, final User user,
+                                                        final HttpServletRequest request, final String resourceInfoJsonString,
+                                                        final ResourceAuthorityTypeEnum resourceAuthorityEnum) {
 
         if (responseWrapper.isEmpty()) {
             // UI Only Validation
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java
index 03bed4762f..fd1fe221ac 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java
@@ -47,6 +47,7 @@ import org.openecomp.sdc.be.user.UserBusinessLogic;
 import org.openecomp.sdc.common.api.Constants;
 import org.openecomp.sdc.common.datastructure.Wrapper;
 import org.openecomp.sdc.common.log.wrappers.Logger;
+import org.openecomp.sdc.common.zip.exception.ZipException;
 import org.openecomp.sdc.exception.ResponseFormat;
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.Operation;
@@ -64,7 +65,6 @@ import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
@@ -138,7 +138,7 @@ public class ResourcesServlet extends AbstractValidationsServlet {
                 responseWrapper.setInnerElement(response);
             }
             return responseWrapper.getInnerElement();
-        } catch (IOException e) {
+        } catch (final IOException | ZipException e) {
             BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Create Resource");
             log.debug("create resource failed with exception", e);
             response = buildErrorResponse(getComponentsUtils().getResponseFormat(ActionStatus.GENERAL_ERROR));
@@ -159,8 +159,9 @@ public class ResourcesServlet extends AbstractValidationsServlet {
         return isUIImport;
     }
 
-    private void performUIImport(Wrapper<Response> responseWrapper, String data, final HttpServletRequest request, String userId, String resourceUniqueId) throws FileNotFoundException {
-
+    private void performUIImport(final Wrapper<Response> responseWrapper, final String data,
+                                 final HttpServletRequest request, final String userId,
+                                 final String resourceUniqueId) throws ZipException {
         Wrapper<User> userWrapper = new Wrapper<>();
         Wrapper<UploadResourceInfo> uploadResourceInfoWrapper = new Wrapper<>();
         Wrapper<String> yamlStringWrapper = new Wrapper<>();
@@ -509,7 +510,7 @@ public class ResourcesServlet extends AbstractValidationsServlet {
                 responseWrapper.setInnerElement(response);
             }
             return responseWrapper.getInnerElement();
-        } catch (IOException e) {
+        } catch (final IOException | ZipException e) {
             BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Update Resource");
             log.debug("update resource failed with exception", e);
             response = buildErrorResponse(getComponentsUtils().getResponseFormat(ActionStatus.GENERAL_ERROR));
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java b/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java
index d90377fc88..25f85badef 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java
@@ -75,8 +75,8 @@ public class ZipUtils {
         String canonicalPath = null;
         try {
             canonicalPath = file.getCanonicalPath();
-        } catch (final IOException ignored) {
-            //ignored
+        } catch (final IOException ex) {
+            LOGGER.debug("Could not get canonical path of file '{}'", file.getPath(), ex);
         }
         if (canonicalPath != null && !canonicalPath.equals(file.getAbsolutePath())) {
             throw new ZipSlipException(filePath.toString());
@@ -170,26 +170,10 @@ public class ZipUtils {
         final Map<String, byte[]> filePathAndByteMap = new HashMap<>();
 
         try (final ZipInputStream inputZipStream = ZipUtils.getInputStreamFromBytes(zipFileBytes)) {
-            byte[] fileByteContent;
-            String currentEntryName;
             ZipEntry zipEntry;
             while ((zipEntry = inputZipStream.getNextEntry()) != null) {
-                checkForZipSlipInRead(zipEntry);
-                currentEntryName = zipEntry.getName();
-                fileByteContent = getBytes(inputZipStream);
-                if (zipEntry.isDirectory()) {
-                    if (hasToIncludeDirectories) {
-                        filePathAndByteMap.put(normalizeFolder(currentEntryName), null);
-                    }
-                } else {
-                    if (hasToIncludeDirectories) {
-                        final Path parentFolderPath = Paths.get(zipEntry.getName()).getParent();
-                        if (parentFolderPath != null) {
-                            filePathAndByteMap.putIfAbsent(normalizeFolder(parentFolderPath.toString()), null);
-                        }
-                    }
-                    filePathAndByteMap.put(currentEntryName, fileByteContent);
-                }
+                filePathAndByteMap
+                    .putAll(processZipEntryInRead(zipEntry, getBytes(inputZipStream), hasToIncludeDirectories));
             }
         } catch (final IOException e) {
             LOGGER.warn("Could not close the zip input stream", e);
@@ -198,6 +182,29 @@ public class ZipUtils {
         return filePathAndByteMap;
     }
 
+    private static Map<String, byte[]> processZipEntryInRead(final ZipEntry zipEntry,
+                                                             final byte[] inputStreamBytes,
+                                                             final boolean hasToIncludeDirectories) throws ZipException {
+        final Map<String, byte[]> filePathAndByteMap = new HashMap<>();
+        checkForZipSlipInRead(zipEntry);
+        if (zipEntry.isDirectory()) {
+            if (hasToIncludeDirectories) {
+                filePathAndByteMap.put(normalizeFolder(zipEntry.getName()), null);
+            }
+            return filePathAndByteMap;
+        }
+
+        if (hasToIncludeDirectories) {
+            final Path parentFolderPath = Paths.get(zipEntry.getName()).getParent();
+            if (parentFolderPath != null) {
+                filePathAndByteMap.putIfAbsent(normalizeFolder(parentFolderPath.toString()), null);
+            }
+        }
+        filePathAndByteMap.put(zipEntry.getName(), inputStreamBytes);
+
+        return filePathAndByteMap;
+    }
+
     /**
      * Adds a {@link File#separator} at the end of the folder path if not present.
      *
diff --git a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.java b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.java
index f286dc1e76..a564928820 100644
--- a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.java
+++ b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/utils/CommonUtil.java
@@ -20,7 +20,6 @@
 package org.openecomp.sdc.common.utils;
 
 import com.google.common.collect.Multimap;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -30,14 +29,11 @@ import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
-import java.util.zip.ZipEntry;
-import java.util.zip.ZipInputStream;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.tuple.ImmutablePair;
 import org.apache.commons.lang3.tuple.Pair;
 import org.openecomp.core.utilities.file.FileContentHandler;
-import org.openecomp.core.utilities.file.FileUtils;
 import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum;
 import org.openecomp.sdc.common.errors.CoreException;
 import org.openecomp.sdc.common.errors.ErrorCategory;