From 1f115d5072b18b525acade99d16aebdd305f690a Mon Sep 17 00:00:00 2001 From: sharath reddy Date: Wed, 4 May 2022 14:15:53 +0530 Subject: Change this code to not log user-controlled data. Issue-ID: VNFSDK-834 Signed-off-by: sharath reddy Change-Id: I294170d0d118e8217d2ce388555d6f9d3ca1600b --- .../marketplace/db/resource/PackageManager.java | 74 +++++++++++++++------- 1 file changed, 50 insertions(+), 24 deletions(-) diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java index 8953b966..bacc4365 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/db/resource/PackageManager.java @@ -15,11 +15,12 @@ */ package org.onap.vnfsdk.marketplace.db.resource; - import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Objects; +import org.apache.commons.lang3.StringUtils; import org.onap.vnfsdk.marketplace.db.common.Parameters; import org.onap.vnfsdk.marketplace.db.entity.PackageData; import org.onap.vnfsdk.marketplace.db.exception.MarketplaceResourceException; @@ -35,6 +36,7 @@ public class PackageManager { /** * get PackageManager instance. + * @return PackageManager instance */ public static synchronized PackageManager getInstance() { @@ -48,36 +50,51 @@ public class PackageManager { * private PackageManager() {} * add package. + * @param packageData package data * @return PackageData * @throws MarketplaceResourceException e */ public PackageData addPackage(PackageData packageData) throws MarketplaceResourceException { String jsonPackageData = MarketplaceDbUtil.objectToString(packageData); - LOGGER.info("start add package info to db.info:{}" , jsonPackageData); + + LOGGER.info("start add package info to db.info:{}", (jsonPackageData)); + PackageData data = handler.create(packageData); String jsonData = MarketplaceDbUtil.objectToString(data); - LOGGER.info(" package info to db end.info:{}" , jsonData); + + LOGGER.info(" package info to db end.info:{}", (jsonData)); + return data; } + private String loggerPatternBreaking(String loggerInput) { + return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY; + + } + /** * query package by package id. + * @param csarId package id * @return package data list * @throws MarketplaceResourceException e */ - public List queryPackageByCsarId(String csarId) - throws MarketplaceResourceException { - LOGGER.info("start query package info by csarid.{}" , csarId); + public List queryPackageByCsarId(String csarId) throws MarketplaceResourceException { + if (LOGGER.isInfoEnabled()) { + LOGGER.info("start query package info by csarid.{}", loggerPatternBreaking(csarId)); + } List data = handler.queryByID(csarId); String jsonData = MarketplaceDbUtil.objectToString(data); - LOGGER.info("query package info end.size:{} detail:{}", data.size(), jsonData); + + LOGGER.info("query package info end.size:{} detail:{}", data.size(), (jsonData)); + return data; } /** * query package by condition. + * @param name package name * @param provider package provider * @param version package version @@ -87,8 +104,10 @@ public class PackageManager { * @throws MarketplaceResourceException e */ public List queryPackage(String name, String provider, String version, - String deletionPending, String type) throws MarketplaceResourceException { - LOGGER.info("start query package info.name:{} provider:{} version:{} type:{}", name , provider , version, type); + String deletionPending,String type) throws MarketplaceResourceException { + if (LOGGER.isInfoEnabled()) { + LOGGER.info("start query package info.name:{} provider:{} version:{} type:{}", loggerPatternBreaking(name),loggerPatternBreaking(provider), loggerPatternBreaking(version), loggerPatternBreaking(type)); + } Map queryParam = new HashMap<>(); if (MarketplaceDbUtil.isNotEmpty(name)) { queryParam.put(Parameters.NAME.name(), name); @@ -113,42 +132,49 @@ public class PackageManager { /** * delete package according package id. + * @param packageId package id * @throws MarketplaceResourceException e */ public void deletePackage(String packageId) throws MarketplaceResourceException { - LOGGER.info("start delete package info by id.{}" , packageId); + if (LOGGER.isInfoEnabled()) { + LOGGER.info("start delete package info by id.{}", loggerPatternBreaking(packageId)); + } handler.delete(packageId); - LOGGER.info(" delete package info end id.{}" , packageId); + if (LOGGER.isInfoEnabled()) { + LOGGER.info(" delete package info end id.{}", loggerPatternBreaking(packageId)); + } } /** * update download count of package according package id. + * @param packageId package id * @throws MarketplaceResourceException e */ - public void updateDownloadCount(String packageId) throws MarketplaceResourceException - { - LOGGER.info("Request received for Updating down load count for ID:{}" , packageId); + public void updateDownloadCount(String packageId) throws MarketplaceResourceException { + if (LOGGER.isInfoEnabled()) { + LOGGER.info("Request received for Updating down load count for ID:{}", loggerPatternBreaking(packageId)); + } - //STEP 1: Get the Existing download count from DB - //------------------------------------------------- + // STEP 1: Get the Existing download count from DB + // ------------------------------------------------- List data = handler.queryByID(packageId); - if(data.isEmpty()) - { - LOGGER.info("Package Info not foun for ID:{}" , packageId); + if (data.isEmpty()) { + if (LOGGER.isInfoEnabled()) { + LOGGER.info("Package Info not foun for ID:{}", loggerPatternBreaking(packageId)); + } return; } - //STEP 2: Increment download Count in DB - //-------------------------------------- + // STEP 2: Increment download Count in DB + // -------------------------------------- PackageData oPackageData = data.get(0); int idownloadcount = oPackageData.getDownloadCount(); oPackageData.setDownloadCount(++idownloadcount); handler.update(oPackageData); - LOGGER.info("Download count updated to :{}" , idownloadcount); + LOGGER.info("Download count updated to :{}", idownloadcount); } -} - +} \ No newline at end of file -- cgit 1.2.3-korg