Change this code to not log user-controlled data.

Issue-ID: VNFSDK-834 Signed-off-by: sharath reddy <bs.reddy@huawei.com> Change-Id: I294170d0d118e8217d2ce388555d6f9d3ca1600b
author: sharath reddy <bs.reddy@huawei.com> 2022-05-04 14:15:53 +0530
committer: sharath reddy <bs.reddy@huawei.com> 2022-05-04 14:17:18 +0530
commit: 1f115d5072b18b525acade99d16aebdd305f690a (patch)
tree: 717a2a1dbf199c4c4df938ff250268c3f594ae83
parent: 27292af1f4b84aa2054d37839a907382ac6bc483 (diff)
1 files changed, 50 insertions, 24 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java
index 8953b966..bacc4365 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java
@@ -15,11 +15,12 @@
  */
 package org.onap.vnfsdk.marketplace.db.resource;
 
-
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
+import org.apache.commons.lang3.StringUtils;
 import org.onap.vnfsdk.marketplace.db.common.Parameters;
 import org.onap.vnfsdk.marketplace.db.entity.PackageData;
 import org.onap.vnfsdk.marketplace.db.exception.MarketplaceResourceException;
@@ -35,6 +36,7 @@ public class PackageManager {
 
     /**
      * get PackageManager instance.
+
      * @return PackageManager instance
      */
     public static synchronized PackageManager getInstance() {
@@ -48,36 +50,51 @@ public class PackageManager {
      * private PackageManager() {}
 
      * add package.
+
      * @param packageData package data
      * @return PackageData
      * @throws MarketplaceResourceException e
      */
     public PackageData addPackage(PackageData packageData) throws MarketplaceResourceException {
         String jsonPackageData = MarketplaceDbUtil.objectToString(packageData);
-        LOGGER.info("start add package info  to db.info:{}" , jsonPackageData);
+
+        LOGGER.info("start add package info  to db.info:{}", (jsonPackageData));
+
         PackageData data = handler.create(packageData);
         String jsonData = MarketplaceDbUtil.objectToString(data);
-        LOGGER.info(" package info  to db end.info:{}" , jsonData);
+
+        LOGGER.info(" package info  to db end.info:{}", (jsonData));
+
         return data;
     }
 
+    private String loggerPatternBreaking(String loggerInput) {
+        return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
+
+    }
+
     /**
      * query package by package id.
+
      * @param csarId package id
      * @return package data list
      * @throws MarketplaceResourceException e
      */
-    public List<PackageData> queryPackageByCsarId(String csarId)
-            throws MarketplaceResourceException {
-        LOGGER.info("start query package info by csarid.{}" , csarId);
+    public List<PackageData> queryPackageByCsarId(String csarId) throws MarketplaceResourceException {
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info("start query package info by csarid.{}", loggerPatternBreaking(csarId));
+        }
         List<PackageData> data = handler.queryByID(csarId);
         String jsonData = MarketplaceDbUtil.objectToString(data);
-        LOGGER.info("query package info end.size:{} detail:{}", data.size(), jsonData);
+
+        LOGGER.info("query package info end.size:{} detail:{}", data.size(), (jsonData));
+
         return data;
     }
 
     /**
      * query package by condition.
+
      * @param name package name
      * @param provider package provider
      * @param version package version
@@ -87,8 +104,10 @@ public class PackageManager {
      * @throws MarketplaceResourceException e
      */
     public List<PackageData> queryPackage(String name, String provider, String version,
-            String deletionPending, String type) throws MarketplaceResourceException {
-        LOGGER.info("start query package info.name:{} provider:{} version:{} type:{}", name , provider , version, type);
+                                          String deletionPending,String type) throws MarketplaceResourceException {
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info("start query package info.name:{} provider:{} version:{} type:{}", loggerPatternBreaking(name),loggerPatternBreaking(provider), loggerPatternBreaking(version), loggerPatternBreaking(type));
+        }
         Map<String, String> queryParam = new HashMap<>();
         if (MarketplaceDbUtil.isNotEmpty(name)) {
             queryParam.put(Parameters.NAME.name(), name);
@@ -113,42 +132,49 @@ public class PackageManager {
 
     /**
      * delete package according package id.
+
      * @param packageId package id
      * @throws MarketplaceResourceException e
      */
     public void deletePackage(String packageId) throws MarketplaceResourceException {
-        LOGGER.info("start delete package info by id.{}" , packageId);
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info("start delete package info by id.{}", loggerPatternBreaking(packageId));
+        }
         handler.delete(packageId);
-        LOGGER.info(" delete package info end id.{}" , packageId);
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info(" delete package info end id.{}", loggerPatternBreaking(packageId));
+        }
     }
 
     /**
      * update download count of package according package id.
+
      * @param packageId package id
      * @throws MarketplaceResourceException e
      */
-    public void updateDownloadCount(String packageId) throws MarketplaceResourceException
-    {
-        LOGGER.info("Request received for Updating down load count for ID:{}" , packageId);
+    public void updateDownloadCount(String packageId) throws MarketplaceResourceException {
+        if (LOGGER.isInfoEnabled()) {
+            LOGGER.info("Request received for Updating down load count for ID:{}", loggerPatternBreaking(packageId));
+        }
 
-        //STEP 1: Get the Existing download  count from DB
-        //-------------------------------------------------
+        // STEP 1: Get the Existing download count from DB
+        // -------------------------------------------------
         List<PackageData> data = handler.queryByID(packageId);
-        if(data.isEmpty())
-        {
-            LOGGER.info("Package Info not foun for ID:{}" , packageId);
+        if (data.isEmpty()) {
+            if (LOGGER.isInfoEnabled()) {
+                LOGGER.info("Package Info not foun for ID:{}", loggerPatternBreaking(packageId));
+            }
             return;
         }
 
-        //STEP 2: Increment download Count in DB
-        //--------------------------------------
+        // STEP 2: Increment download Count in DB
+        // --------------------------------------
         PackageData oPackageData = data.get(0);
         int idownloadcount = oPackageData.getDownloadCount();
         oPackageData.setDownloadCount(++idownloadcount);
 
         handler.update(oPackageData);
 
-        LOGGER.info("Download count updated to :{}" , idownloadcount);
+        LOGGER.info("Download count updated to :{}", idownloadcount);
     }
-}
-
+}
+\ No newline at end of file
author	sharath reddy <bs.reddy@huawei.com>	2022-05-04 14:15:53 +0530
committer	sharath reddy <bs.reddy@huawei.com>	2022-05-04 14:17:18 +0530
commit	1f115d5072b18b525acade99d16aebdd305f690a (patch)
tree	717a2a1dbf199c4c4df938ff250268c3f594ae83
parent	27292af1f4b84aa2054d37839a907382ac6bc483 (diff)