From e1632a5f93a45232b3e610ffc603a4c276604ee4 Mon Sep 17 00:00:00 2001 From: sharath reddy Date: Thu, 5 May 2022 10:29:38 +0530 Subject: Changed code to not log user-controlled data. Issue-ID: VNFSDK-834 Signed-off-by: sharath reddy Change-Id: Ifa4f7bcf1dffee59a9aa6c0f9a0f6835f7ae85fb --- .../marketplace/filemanage/http/HttpFileManagerImpl.java | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java index cffbe018..e8a91af6 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java @@ -17,7 +17,9 @@ package org.onap.vnfsdk.marketplace.filemanage.http; import java.io.File; import java.io.IOException; +import java.util.Objects; +import org.apache.commons.lang3.StringUtils; import org.onap.vnfsdk.marketplace.filemanage.FileManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -29,7 +31,9 @@ public class HttpFileManagerImpl implements FileManager { @Override public boolean upload(String srcPath, String dstPath) { boolean flag = true; - LOGGER.info("start upload file.srcPath:{} dstPath{}" , srcPath , dstPath); + if (LOGGER.isInfoEnabled()) { + LOGGER.info("start upload file.srcPath:{} dstPath{}" , loggerPatternBreaking(srcPath) , loggerPatternBreaking(dstPath)); + } File srcFile = new File(srcPath); if (!srcFile.exists()) { LOGGER.error("src file not exist!"); @@ -55,11 +59,16 @@ public class HttpFileManagerImpl implements FileManager { @Override public boolean delete(String srcPath) { - LOGGER.info("start delete file from http server.srcPath:{}" , srcPath); + if (LOGGER.isInfoEnabled()) { + LOGGER.info("start delete file from http server.srcPath:{}" , loggerPatternBreaking(srcPath)); + } boolean flag = ToolUtil.deleteDir(new File(ToolUtil.getHttpServerAbsolutePath() + srcPath)); LOGGER.info("delete file from http server end.flag:{}" , flag); return flag; } + private String loggerPatternBreaking(String loggerInput) { + return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY; -} + } +} -- cgit 1.2.3-korg