From 9056ae7b51532ef185164aefe2fccaeabed6946c Mon Sep 17 00:00:00 2001 From: "andre.schmid" Date: Mon, 4 Nov 2019 13:59:28 +0000 Subject: Fix sonarqube issues introduced by ZipSlip change Fix major and critical sonarqube issues introduced by ZipSlip change id I721f3d44b34fe6d242c9537f5a515ce1bb534c9a Change-Id: I3aa2cd4116936d715baba99a38d43aa40fd62a29 Issue-ID: SDC-1401 Signed-off-by: andre.schmid --- .../be/servlets/AbstractValidationsServlet.java | 24 ++++++++++------------ .../sdc/be/servlets/ResourcesServlet.java | 11 +++++----- 2 files changed, 17 insertions(+), 18 deletions(-) (limited to 'catalog-be/src') diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java index 514576fcd8..3606b010ce 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/AbstractValidationsServlet.java @@ -28,7 +28,6 @@ import com.google.gson.JsonSyntaxException; import fj.data.Either; import java.io.File; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Type; @@ -232,15 +231,11 @@ public abstract class AbstractValidationsServlet extends BeGenericServlet { fillToscaTemplateFromZip(yamlStringWrapper, ymlName, file); } - private static void fillToscaTemplateFromZip(Wrapper yamlStringWrapper, String payloadName, File file) { - Map unzippedFolder = null; - try { - unzippedFolder = ZipUtils.readZip(file, false); - } catch (final ZipException e) { - log.info("Failed to unzip file", e); - } - byte[] yamlFileInBytes = unzippedFolder.get(payloadName); - String yamlAsString = new String(yamlFileInBytes, StandardCharsets.UTF_8); + private static void fillToscaTemplateFromZip(final Wrapper yamlStringWrapper, final String payloadName, + final File file) throws ZipException { + final Map unzippedFolder = ZipUtils.readZip(file, false); + final byte[] yamlFileInBytes = unzippedFolder.get(payloadName); + final String yamlAsString = new String(yamlFileInBytes, StandardCharsets.UTF_8); log.debug("received yaml: {}", yamlAsString); yamlStringWrapper.setInnerElement(yamlAsString); } @@ -521,7 +516,7 @@ public abstract class AbstractValidationsServlet extends BeGenericServlet { } protected void fillPayload(Wrapper responseWrapper, Wrapper uploadResourceInfoWrapper, Wrapper yamlStringWrapper, User user, String resourceInfoJsonString, ResourceAuthorityTypeEnum resourceAuthorityEnum, - File file) throws FileNotFoundException { + File file) throws ZipException { if (responseWrapper.isEmpty()) { if (resourceAuthorityEnum.isBackEndImport()) { @@ -562,8 +557,11 @@ public abstract class AbstractValidationsServlet extends BeGenericServlet { } - protected void specificResourceAuthorityValidations(Wrapper responseWrapper, Wrapper uploadResourceInfoWrapper, Wrapper yamlStringWrapper, User user, HttpServletRequest request, String resourceInfoJsonString, - ResourceAuthorityTypeEnum resourceAuthorityEnum) throws FileNotFoundException { + protected void specificResourceAuthorityValidations(final Wrapper responseWrapper, + final Wrapper uploadResourceInfoWrapper, + final Wrapper yamlStringWrapper, final User user, + final HttpServletRequest request, final String resourceInfoJsonString, + final ResourceAuthorityTypeEnum resourceAuthorityEnum) { if (responseWrapper.isEmpty()) { // UI Only Validation diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java index 03bed4762f..fd1fe221ac 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java @@ -47,6 +47,7 @@ import org.openecomp.sdc.be.user.UserBusinessLogic; import org.openecomp.sdc.common.api.Constants; import org.openecomp.sdc.common.datastructure.Wrapper; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.zip.exception.ZipException; import org.openecomp.sdc.exception.ResponseFormat; import io.swagger.v3.oas.annotations.OpenAPIDefinition; import io.swagger.v3.oas.annotations.Operation; @@ -64,7 +65,6 @@ import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import java.io.FileNotFoundException; import java.io.IOException; import java.util.List; import java.util.Map; @@ -138,7 +138,7 @@ public class ResourcesServlet extends AbstractValidationsServlet { responseWrapper.setInnerElement(response); } return responseWrapper.getInnerElement(); - } catch (IOException e) { + } catch (final IOException | ZipException e) { BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Create Resource"); log.debug("create resource failed with exception", e); response = buildErrorResponse(getComponentsUtils().getResponseFormat(ActionStatus.GENERAL_ERROR)); @@ -159,8 +159,9 @@ public class ResourcesServlet extends AbstractValidationsServlet { return isUIImport; } - private void performUIImport(Wrapper responseWrapper, String data, final HttpServletRequest request, String userId, String resourceUniqueId) throws FileNotFoundException { - + private void performUIImport(final Wrapper responseWrapper, final String data, + final HttpServletRequest request, final String userId, + final String resourceUniqueId) throws ZipException { Wrapper userWrapper = new Wrapper<>(); Wrapper uploadResourceInfoWrapper = new Wrapper<>(); Wrapper yamlStringWrapper = new Wrapper<>(); @@ -509,7 +510,7 @@ public class ResourcesServlet extends AbstractValidationsServlet { responseWrapper.setInnerElement(response); } return responseWrapper.getInnerElement(); - } catch (IOException e) { + } catch (final IOException | ZipException e) { BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Update Resource"); log.debug("update resource failed with exception", e); response = buildErrorResponse(getComponentsUtils().getResponseFormat(ActionStatus.GENERAL_ERROR)); -- cgit 1.2.3-korg