Fix all bugs reported by Sonar in policy/engine

[policy/engine.git] / ONAP-PAP-REST / src / main / java / org / onap / policy / pap / xacml / rest / controller / PushPolicyController.java

diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java
index a695ec3..397904f 100644 (file)
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP-PAP-REST
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,10 +62,17 @@ public class PushPolicyController {
        private static String errorMsg  = "error";
        private static String operation = "operation";
        private static String messageContent = "message";
+       
+       private static final String REGEX = "[0-9a-zA-Z._ ]*";
+       
        @Autowired
        public PushPolicyController(CommonClassDao commonClassDao){
                PushPolicyController.commonClassDao = commonClassDao;
        }
+       
+       public void setCommonClassDao(CommonClassDao commonClassDao){
+               PushPolicyController.commonClassDao = commonClassDao;
+       }
        /*
         * This is an empty constructor
         */
@@ -124,12 +131,12 @@ public class PushPolicyController {
                }
                if(selectedPDPGroup==null){
                        String message = "Unknown groupId '" + selectedPDPGroup + "'";
+                       if(!message.matches(REGEX) ){
+                               message = "Unknown groupId";
+                       }
                        PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
                        response.addHeader(errorMsg, "unknownGroupId");
                        response.addHeader(operation, "push");
-                       //for fixing Header Manipulation of Fortify issue
-                       message = message.replace("\n", "");
-                       message = message.replace("\r", "");
                        response.addHeader(messageContent, message);
                        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
                        return;
@@ -154,10 +161,8 @@ public class PushPolicyController {
                        return;
                }
                File temp = new File(policyName);
-               try {
-                       BufferedWriter bw = new BufferedWriter(new FileWriter(temp));
+               try (BufferedWriter bw = new BufferedWriter(new FileWriter(temp))){
                        bw.write(policyEntity.getPolicyData());
-                       bw.close();
                        URI selectedURI = temp.toURI();
                        // Create the policy Object
                        selectedPolicy = new StdPDPPolicy(policyName, true, policyID, selectedURI);