X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2Fcontroller%2FPushPolicyController.java;h=397904f30defde9f04350970b83c5714b9fbbff2;hb=eef3c224cb6cad4b82a96938ade1e42ca881eea2;hp=a695ec389f5bbdeb3b2610656470a53660bd108a;hpb=0c8425b25c093f638351a14f84a7b1df731cd0de;p=policy%2Fengine.git

diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java
index a695ec389..397904f30 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/controller/PushPolicyController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP-PAP-REST
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,10 +62,17 @@ public class PushPolicyController {
 	private static String errorMsg	= "error";
 	private static String operation = "operation";
 	private static String messageContent = "message";
+	
+	private static final String REGEX = "[0-9a-zA-Z._ ]*";
+	
 	@Autowired
 	public PushPolicyController(CommonClassDao commonClassDao){
 		PushPolicyController.commonClassDao = commonClassDao;
 	}
+	
+	public void setCommonClassDao(CommonClassDao commonClassDao){
+		PushPolicyController.commonClassDao = commonClassDao;
+	}
 	/*
 	 * This is an empty constructor
 	 */
@@ -124,12 +131,12 @@ public class PushPolicyController {
 		}
 		if(selectedPDPGroup==null){
 			String message = "Unknown groupId '" + selectedPDPGroup + "'";
+			if(!message.matches(REGEX) ){
+				message = "Unknown groupId";
+			}
 			PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + " " + message);
 			response.addHeader(errorMsg, "unknownGroupId");
 			response.addHeader(operation, "push");
-			//for fixing Header Manipulation of Fortify issue
-			message = message.replace("\n", "");
-			message = message.replace("\r", "");
 			response.addHeader(messageContent, message);
 			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
 			return;
@@ -154,10 +161,8 @@ public class PushPolicyController {
 			return;
 		}
 		File temp = new File(policyName);
-		try {
-			BufferedWriter bw = new BufferedWriter(new FileWriter(temp));
+		try (BufferedWriter bw = new BufferedWriter(new FileWriter(temp))){
 			bw.write(policyEntity.getPolicyData());
-			bw.close();
 			URI selectedURI = temp.toURI();
 			// Create the policy Object
 			selectedPolicy = new StdPDPPolicy(policyName, true, policyID, selectedURI);