From e1632a5f93a45232b3e610ffc603a4c276604ee4 Mon Sep 17 00:00:00 2001
From: sharath reddy <bs.reddy@huawei.com>
Date: Thu, 5 May 2022 10:29:38 +0530
Subject: Changed code to not log user-controlled data.

Issue-ID: VNFSDK-834

Signed-off-by: sharath reddy <bs.reddy@huawei.com>
Change-Id: Ifa4f7bcf1dffee59a9aa6c0f9a0f6835f7ae85fb
---
 .../marketplace/filemanage/http/HttpFileManagerImpl.java  | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java
index cffbe018..e8a91af6 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/filemanage/http/HttpFileManagerImpl.java
@@ -17,7 +17,9 @@ package org.onap.vnfsdk.marketplace.filemanage.http;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.Objects;
 
+import org.apache.commons.lang3.StringUtils;
 import org.onap.vnfsdk.marketplace.filemanage.FileManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -29,7 +31,9 @@ public class HttpFileManagerImpl implements FileManager {
   @Override
   public boolean upload(String srcPath, String dstPath) {
     boolean flag = true;
-    LOGGER.info("start upload file.srcPath:{} dstPath{}" , srcPath , dstPath);
+    if (LOGGER.isInfoEnabled()) {
+      LOGGER.info("start upload file.srcPath:{} dstPath{}" , loggerPatternBreaking(srcPath) , loggerPatternBreaking(dstPath));
+    }
     File srcFile = new File(srcPath);
     if (!srcFile.exists()) {
       LOGGER.error("src file not exist!");
@@ -55,11 +59,16 @@ public class HttpFileManagerImpl implements FileManager {
 
   @Override
   public boolean delete(String srcPath) {
-    LOGGER.info("start delete file from http server.srcPath:{}" , srcPath);
+    if (LOGGER.isInfoEnabled()) {
+      LOGGER.info("start delete file from http server.srcPath:{}" , loggerPatternBreaking(srcPath));
+    }
     boolean flag = ToolUtil.deleteDir(new File(ToolUtil.getHttpServerAbsolutePath() + srcPath));
     LOGGER.info("delete file from http server end.flag:{}" , flag);
     return flag;
   }
+  private String loggerPatternBreaking(String loggerInput) {
+    return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
 
-}
+  }
 
+}
-- 
cgit 1.2.3-korg