From 06e8b70cb9cdbcc131a183f3a85a95b513d2b2f1 Mon Sep 17 00:00:00 2001 From: Tomasz Golabek Date: Tue, 26 Mar 2019 16:36:22 +0100 Subject: Yaml parser exposed via SDC endpoint GAB parser exposed as POST /v1/catalog/gab/searchFor endpoint. Introduced OWASP ESAPI initial configuration Change-Id: I2ee575b6092a97bc6acb1a5378bc66321e9fb182 Issue-ID: SDC-2209 Signed-off-by: Tomasz Golabek --- .../impl/GenericArtifactBrowserBusinessLogic.java | 80 +++++++++++++++++++ .../sdc/be/info/GenericArtifactQueryInfo.java | 63 +++++++++++++++ .../sdc/be/servlets/BeGenericServlet.java | 4 + .../be/servlets/GenericArtifactBrowserServlet.java | 93 ++++++++++++++++++++++ 4 files changed, 240 insertions(+) create mode 100644 catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GenericArtifactBrowserBusinessLogic.java create mode 100644 catalog-be/src/main/java/org/openecomp/sdc/be/info/GenericArtifactQueryInfo.java create mode 100644 catalog-be/src/main/java/org/openecomp/sdc/be/servlets/GenericArtifactBrowserServlet.java (limited to 'catalog-be/src/main/java/org') diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GenericArtifactBrowserBusinessLogic.java b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GenericArtifactBrowserBusinessLogic.java new file mode 100644 index 0000000000..fed1eb7fe9 --- /dev/null +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/components/impl/GenericArtifactBrowserBusinessLogic.java @@ -0,0 +1,80 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.be.components.impl; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonSerializationContext; +import com.google.gson.JsonSerializer; +import java.io.IOException; +import java.lang.reflect.Type; +import org.onap.sdc.gab.GABService; +import org.onap.sdc.gab.GABServiceImpl; +import org.onap.sdc.gab.model.GABQuery; +import org.onap.sdc.gab.model.GABResult; +import org.onap.sdc.gab.model.GABResults; + +@org.springframework.stereotype.Component +public class GenericArtifactBrowserBusinessLogic extends BaseBusinessLogic { + + private GABService gabService; + + public GenericArtifactBrowserBusinessLogic() { + gabService = new GABServiceImpl(); + } + + public String searchFor(GABQuery gabQuery) throws IOException { + GABResults gabResults = gabService.searchFor(gabQuery); + return createGsonForGABResult().toJson(gabResults); + } + + private Gson createGsonForGABResult(){ + return new GsonBuilder().setPrettyPrinting() + .registerTypeAdapter(GABResult.class, new GABResultSerializer()) + .registerTypeAdapter(GABResults.class, new GABResultsSerializer()) + .create(); + } + + private class GABResultsSerializer implements JsonSerializer { + @Override + public JsonElement serialize(GABResults gabResults, Type type, + JsonSerializationContext jsonSerializationContext) { + JsonObject result = new JsonObject(); + JsonArray jsonArray = new JsonArray(); + gabResults.getRows().stream().map(jsonSerializationContext::serialize).forEach(jsonArray::add); + result.add("data", jsonArray); + return result; + } + } + + private class GABResultSerializer implements JsonSerializer { + @Override + public JsonElement serialize(GABResult gabResult, Type type, JsonSerializationContext jsonSerializationContext) { + JsonObject result = new JsonObject(); + gabResult.getEntries().forEach(entry -> result.addProperty(entry.getPath(), String.valueOf(entry.getData()))); + return result; + } + } + +} diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/info/GenericArtifactQueryInfo.java b/catalog-be/src/main/java/org/openecomp/sdc/be/info/GenericArtifactQueryInfo.java new file mode 100644 index 0000000000..66a85d7ccd --- /dev/null +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/info/GenericArtifactQueryInfo.java @@ -0,0 +1,63 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.be.info; + +import java.util.Set; + +public class GenericArtifactQueryInfo { + + private Set fields; + private String parentId; + private String artifactUniqueId; + + public GenericArtifactQueryInfo() { + } + + public GenericArtifactQueryInfo(Set fields, String parentId, String artifactUniqueId) { + this.fields = fields; + this.parentId = parentId; + this.artifactUniqueId = artifactUniqueId; + } + + public void setFields(Set fields) { + this.fields = fields; + } + + public void setParentId(String parentId) { + this.parentId = parentId; + } + + public void setArtifactUniqueId(String artifactUniqueId) { + this.artifactUniqueId = artifactUniqueId; + } + + public Set getFields() { + return fields; + } + + public String getParentId() { + return parentId; + } + + public String getArtifactUniqueId() { + return artifactUniqueId; + } +} diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/BeGenericServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/BeGenericServlet.java index d27db55158..94431f6b48 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/BeGenericServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/BeGenericServlet.java @@ -140,6 +140,10 @@ public class BeGenericServlet extends BasicServlet { return getClassFromWebAppContext(context, () -> UserBusinessLogic.class); } + protected GenericArtifactBrowserBusinessLogic getGenericArtifactBrowserBL(ServletContext context) { + return getClassFromWebAppContext(context, () -> GenericArtifactBrowserBusinessLogic.class); + } + protected ResourceBusinessLogic getResourceBL(ServletContext context) { return getClassFromWebAppContext(context, () -> ResourceBusinessLogic.class); } diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/GenericArtifactBrowserServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/GenericArtifactBrowserServlet.java new file mode 100644 index 0000000000..ea00a86ad9 --- /dev/null +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/GenericArtifactBrowserServlet.java @@ -0,0 +1,93 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.be.servlets; + +import com.jcabi.aspects.Loggable; +import fj.data.Either; +import io.swagger.annotations.Api; +import io.swagger.annotations.ApiOperation; +import io.swagger.annotations.ApiParam; +import io.swagger.annotations.ApiResponse; +import io.swagger.annotations.ApiResponses; +import java.io.IOException; +import java.util.Set; +import java.util.stream.Collectors; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import org.apache.commons.lang3.tuple.ImmutablePair; +import org.onap.sdc.gab.model.GABQuery; +import org.onap.sdc.gab.model.GABQuery.GABQueryType; +import org.openecomp.sdc.be.info.GenericArtifactQueryInfo; +import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.exception.ResponseFormat; +import org.owasp.esapi.ESAPI; +import org.springframework.stereotype.Controller; + +@Loggable(prepend = true, value = Loggable.DEBUG, trim = false) +@Path("/v1/catalog/gab") +@Consumes(MediaType.APPLICATION_JSON) +@Produces(MediaType.APPLICATION_JSON) +@Api(value = "Generic Artifact Browser") +@Controller +public class GenericArtifactBrowserServlet extends BeGenericServlet { + + private static final Logger LOGGER = Logger.getLogger(GenericArtifactBrowserServlet.class); + + @POST + @Path("/searchFor") + @ApiOperation(value = "Search json paths inside the yaml", httpMethod = "POST", notes = "Returns found entries of json paths", response = Response.class) + @ApiResponses(value = { + @ApiResponse(code = 200, message = "Returned yaml entries"), + @ApiResponse(code = 400, message = "Invalid content / Missing content")}) + public Response searchFor( + @ApiParam(value = "Generic Artifact search model", required = true) GenericArtifactQueryInfo query, + @Context final HttpServletRequest request) { + try { + ServletContext context = request.getSession().getServletContext(); + Either, ResponseFormat> immutablePairResponseFormatEither = getArtifactBL(context) + .downloadArtifact(ESAPI.encoder().canonicalize(query.getParentId()), ESAPI.encoder().canonicalize(query.getArtifactUniqueId())); + if (immutablePairResponseFormatEither.isLeft()){ + GABQuery gabQuery = prepareGabQuery(query, immutablePairResponseFormatEither); + return buildOkResponse(getGenericArtifactBrowserBL(context).searchFor(gabQuery)); + }else{ + throw new IOException(immutablePairResponseFormatEither.right().value().getFormattedMessage()); + } + } catch (IOException e) { + LOGGER.error("Cannot search for a given queries in the yaml file", e); + return buildGeneralErrorResponse(); + } + } + + private GABQuery prepareGabQuery(GenericArtifactQueryInfo query, + Either, ResponseFormat> immutablePairResponseFormatEither) { + byte[] content = immutablePairResponseFormatEither.left().value().getRight(); + Set queryFields = query.getFields().stream().map(ESAPI.encoder()::canonicalize).collect(Collectors.toSet()); + return new GABQuery(queryFields, new String(content), GABQueryType.CONTENT); + } + +} -- cgit 1.2.3-korg