diff options
| author |   shrek2000 <oren.kleks@amdocs.com> | 2019-11-28 11:23:57 +0200 |
|---|---|---|
| committer | shrek2000 <oren.kleks@amdocs.com> | 2019-11-28 11:23:57 +0200 |
| commit | dc4cd20c5c493ef070c569d48e9e0500d529be23 (patch) | |
| tree | a17bcefa909f050013704b3ffc26e4d97d16260a /security-util-lib/src | |
| parent | c49ad1c995d0cf58ce4a1a99ad635ecc29f8b2a9 (diff) | |
Fix Sonar issues
There is no requirement that class names be unique, only that they be unique within a package. Therefore trying to determine an object's type based on its class name is an exercise fraught with danger. One of those dangers is that a malicious user will send objects of the same name as the trusted class and thereby gain trusted access.
Instead, the instanceof operator or the Class.isAssignableFrom() method should be used to check the object's underlying type.
Issue-ID: SDC-2697
Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
Change-Id: Ie4fd94618135b425a7e505992649f1a6384b0f98
Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
Diffstat (limited to 'security-util-lib/src')
| -rw-r--r-- | security-util-lib/src/main/java/org/onap/sdc/security/logging/elements/LoggerFactory.java | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/security-util-lib/src/main/java/org/onap/sdc/security/logging/elements/LoggerFactory.java b/security-util-lib/src/main/java/org/onap/sdc/security/logging/elements/LoggerFactory.java index fe67de1..67645d7 100644 --- a/security-util-lib/src/main/java/org/onap/sdc/security/logging/elements/LoggerFactory.java +++ b/security-util-lib/src/main/java/org/onap/sdc/security/logging/elements/LoggerFactory.java @@ -30,19 +30,19 @@ public class LoggerFactory { @SuppressWarnings("unchecked") public static <T, V> V getLogger(Class<T> type, Logger logger) { - if (type.getName().equals(LoggerAudit.class.getName())) { + if (type.isAssignableFrom(LoggerAudit.class) ) { return (V) new LoggerAudit(new LogFieldsMdcHandler(), logger); } - if (type.getName().equals(LoggerDebug.class.getName())) { + if (type.isAssignableFrom(LoggerDebug.class)) { return (V) new LoggerDebug(new LogFieldsMdcHandler(), logger); } - if (type.getName().equals(LoggerMetric.class.getName())) { + if (type.isAssignableFrom(LoggerMetric.class)) { return (V) new LoggerMetric(new LogFieldsMdcHandler(), logger); } - if (type.getName().equals(LoggerError.class.getName())) { + if (type.isAssignableFrom(LoggerError.class)) { return (V) new LoggerError(new LogFieldsMdcHandler(), logger); } @@ -52,23 +52,23 @@ public class LoggerFactory { @SuppressWarnings("unchecked") public static <T, V> V getMdcLogger(Class<T> type, Logger logger) { - if (type.getName().equals(LoggerAudit.class.getName())) { + if (type.isAssignableFrom(LoggerAudit.class)) { return (V) new LoggerAudit(LogFieldsMdcHandler.getInstance(), logger); } - if (type.getName().equals(LoggerDebug.class.getName())) { + if (type.isAssignableFrom(LoggerDebug.class)) { return (V) new LoggerDebug(LogFieldsMdcHandler.getInstance(), logger); } - if (type.getName().equals(LoggerMetric.class.getName())) { + if (type.isAssignableFrom(LoggerMetric.class)) { return (V) new LoggerMetric(LogFieldsMdcHandler.getInstance(), logger); } - if (type.getName().equals(LoggerError.class.getName())) { + if (type.isAssignableFrom(LoggerError.class)) { return (V) new LoggerError(LogFieldsMdcHandler.getInstance(), logger); } - if (type.getName().equals(LoggerSupportability.class.getName())) { + if (type.isAssignableFrom(LoggerSupportability.class)) { return (V) new LoggerSupportability(LogFieldsMdcHandler.getInstance(), logger); } |