Fix Fortify Scan Issue:
[policy/engine.git] / ONAP-PAP-REST / src / main / java / org / onap / policy / pap / xacml / rest / controller / PushPolicyController.java
index a545bb4..1079835 100644 (file)
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP-PAP-REST
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -58,12 +58,24 @@ public class PushPolicyController {
        private static final Logger LOGGER  = FlexLogger.getLogger(PushPolicyController.class);
        
        private static CommonClassDao commonClassDao;
+       private static String policyNames = "policyName";
+       private static String errorMsg  = "error";
+       private static String operation = "operation";
+       private static String messageContent = "message";
+       
+       private static final String REGEX = "[0-9a-zA-Z._ ]*";
        
        @Autowired
        public PushPolicyController(CommonClassDao commonClassDao){
                PushPolicyController.commonClassDao = commonClassDao;
        }
        
+       public void setCommonClassDao(CommonClassDao commonClassDao){
+               PushPolicyController.commonClassDao = commonClassDao;
+       }
+       /*
+        * This is an empty constructor
+        */
        public PushPolicyController(){}
        
        @RequestMapping(value="/pushPolicy", method=RequestMethod.POST)
@@ -74,17 +86,17 @@ public class PushPolicyController {
                        JsonNode root = mapper.readTree(request.getInputStream());
                        String policyScope = root.get("policyScope").asText();
                        String filePrefix = root.get("filePrefix").asText();
-                       String policyName = root.get("policyName").asText();
+                       String policyName = root.get(policyNames).asText();
                        String pdpGroup = root.get("pdpGroup").asText();
                        String requestID = request.getHeader("X-ECOMP-RequestID");
                        if(requestID==null){
                                requestID = UUID.randomUUID().toString();
-                LOGGER.info("No request ID provided, sending generated ID: " + requestID.toString());
+                LOGGER.info("No request ID provided, sending generated ID: " + requestID);
                        }
-                       LOGGER.info("Push policy Request : " + root.asText());
+                       LOGGER.info("Push policy Request to get the selectedPolicy : " + root.asText());
                        String policyVersionName = policyScope.replace(".", File.separator) + File.separator
                                        + filePrefix + policyName;
-                       List<?> policyVersionObject = commonClassDao.getDataById(PolicyVersion.class, "policyName", policyVersionName);
+                       List<?> policyVersionObject = commonClassDao.getDataById(PolicyVersion.class, policyNames, policyVersionName);
                        if(policyVersionObject!=null){
                                PolicyVersion policyVersion = (PolicyVersion) policyVersionObject.get(0);
                                String policyID = policyVersionName.replace(File.separator, "."); // This is before adding version.
@@ -93,18 +105,17 @@ public class PushPolicyController {
                        }else{
                                String message = "Unknown Policy '" + policyName + "'";
                                PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
-                               response.addHeader("error", "unknownPolicy");
-                               response.addHeader("operation", "push");
-                               response.addHeader("message", message);
+                               response.addHeader(errorMsg, "unknownPolicy");
+                               response.addHeader(operation, "push");
+                               response.addHeader(messageContent, message);
                                response.setStatus(HttpServletResponse.SC_NOT_FOUND);
                                return;
                        }
-                       //safetyChecker(policyName);
                } catch (NullPointerException | IOException e) {
                        LOGGER.error(e);
                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
-                       response.addHeader("error", "unknown");
-                       response.addHeader("operation", "push");
+                       response.addHeader(errorMsg, "unknown");
+                       response.addHeader(operation, "push");
                        return;
                }
        }
@@ -112,8 +123,7 @@ public class PushPolicyController {
        private void addPolicyToGroup(String policyScope, String policyID, String policyName, String pdpGroup, HttpServletResponse response) {
                StdPDPGroup selectedPDPGroup = null;
                StdPDPPolicy selectedPolicy = null;
-               //Get the current policies from the Group and Add the new one
-               //Set<PDPPolicy> currentPoliciesInGroup = null;
+               //Get the selected PDP Group to push the policy
                try {
                        selectedPDPGroup = (StdPDPGroup) XACMLPapServlet.getPAPEngine().getGroup(pdpGroup);
                } catch (PAPException e1) {
@@ -121,10 +131,13 @@ public class PushPolicyController {
                }
                if(selectedPDPGroup==null){
                        String message = "Unknown groupId '" + selectedPDPGroup + "'";
+                       if(!message.matches(REGEX) ){
+                               message = "Unknown groupId";
+                       }
                        PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
-                       response.addHeader("error", "unknownGroupId");
-                       response.addHeader("operation", "push");
-                       response.addHeader("message", message);
+                       response.addHeader(errorMsg, "unknownGroupId");
+                       response.addHeader(operation, "push");
+                       response.addHeader(messageContent, message);
                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
                        return;
                }
@@ -132,18 +145,18 @@ public class PushPolicyController {
                EntityManager em = XACMLPapServlet.getEmf().createEntityManager();
                Query createPolicyQuery = em.createQuery("SELECT p FROM PolicyEntity p WHERE p.scope=:scope AND p.policyName=:policyName");                     
                createPolicyQuery.setParameter("scope", policyScope);
-               createPolicyQuery.setParameter("policyName", policyName.substring(policyScope.length()+1));
+               createPolicyQuery.setParameter(policyNames, policyName.substring(policyScope.length()+1));
                List<?> createPolicyQueryList = createPolicyQuery.getResultList();
                PolicyEntity policyEntity = null;
-               if(createPolicyQueryList.size()>0){
+               if(!createPolicyQueryList.isEmpty()){
                        policyEntity = (PolicyEntity)createPolicyQueryList.get(0);
                }else{
                        PolicyLogger.error("Somehow, more than one policy with the same scope, name, and deleted status were found in the database");
                        String message = "Unknown Policy '" + policyName + "'";
                        PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
-                       response.addHeader("error", "unknownPolicy");
-                       response.addHeader("operation", "push");
-                       response.addHeader("message", message);
+                       response.addHeader(errorMsg, "unknownPolicy");
+                       response.addHeader(operation, "push");
+                       response.addHeader(messageContent, message);
                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
                        return;
                }
@@ -156,74 +169,22 @@ public class PushPolicyController {
                        // Create the policy Object
                        selectedPolicy = new StdPDPPolicy(policyName, true, policyID, selectedURI);
                } catch (IOException e) {
-                       LOGGER.error("Unable to create policy '" + policyName + "': "+ e.getMessage());
+                       LOGGER.error("Unable to get policy '" + policyName + "': "+ e.getMessage(),e);
                } 
                try {
                        new ObjectOutputStream(response.getOutputStream()).writeObject(selectedPolicy);
                } catch (IOException e) {
                        LOGGER.error(e);
-                       response.addHeader("error", "policyCopyError");
-                       response.addHeader("message", e.getMessage());
+                       response.addHeader(errorMsg, "policyCopyError");
+                       response.addHeader(messageContent, e.getMessage());
                        response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                        return;
                }
                response.addHeader("Content-Type","application/json");
                response.setStatus(HttpServletResponse.SC_ACCEPTED);
-               response.addHeader("operation", "push");
+               response.addHeader(operation, "push");
                response.addHeader("policyId", policyName);
                return;
                // TODO : Check point to push policies within PAP. 
-               /*PolicyDBDaoTransaction addPolicyToGroupTransaction = XACMLPapServlet.getDbDaoTransaction();
-               try{
-                       if (selectedPolicy != null) {
-                               // Add Current policies from container
-                               currentPoliciesInGroup = selectedPDPGroup.getPolicies();
-                               // copy policy to PAP
-                               addPolicyToGroupTransaction.addPolicyToGroup(selectedPDPGroup.getId(), policyName,"XACMLPapServlet.pushPolicyController");
-                               ((StdPDPGroup) selectedPDPGroup).copyPolicyToFile(policyName, policyID, new FileInputStream(temp));
-                               addPolicyToGroupTransaction.commitTransaction();
-                       }
-               }catch (Exception e) {
-                       addPolicyToGroupTransaction.rollbackTransaction();
-                       String message = "Policy '" + policyName + "' not copied to group '" + pdpGroup +"': " + e;
-                       PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW + " " + message);
-                       PolicyLogger.audit("Transaction Failed - See Error.log");
-                       response.addHeader("error", "policyCopyError");
-                       response.addHeader("message", message);
-                       response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-                       return;
-               }
-               //If the selected policy is in the group we must remove it because the name is default
-               for (PDPPolicy existingPolicy : currentPoliciesInGroup) {
-                       if (existingPolicy.getId().equals(selectedPolicy.getId())) {
-                               selectedPDPGroup.removePolicyFromGroup(existingPolicy);
-                               LOGGER.debug("Removing existing policy: " + existingPolicy);
-                               break;
-                       }
-               }
-               //Update the PDP Group after removing old version of policy
-               //Set<PDPPolicy> updatedPoliciesInGroup = selectedPDPGroup.getPolicies();
-               //need to remove the policy with default name from group
-               for (PDPPolicy updatedPolicy : currentPoliciesInGroup) {
-                       if (updatedPolicy.getName().equalsIgnoreCase("default")) {
-                               selectedPDPGroup.removePolicyFromGroup(updatedPolicy);
-                       }
-               }
-               Set<PDPPolicy> policies = selectedPDPGroup.getPolicies();
-               policies.add(selectedPolicy);
-               selectedPDPGroup.setPolicies(policies);
-               // Update now. 
-               try {
-                       XACMLPapServlet.getPAPEngine().updateGroup(selectedPDPGroup);
-               } catch (PAPException e) {
-                       // TODO Auto-generated catch block
-                       logger.error("Exception Occured"+e);
-               }
-               // policy file copied ok and the Group was updated on the PDP
-               response.setStatus(HttpServletResponse.SC_NO_CONTENT);
-               response.addHeader("operation", "push");
-               response.addHeader("policyId", policyName);
-               response.addHeader("groupId", pdpGroup);
-               return;*/
        }
 }