Fix the code vulnerabilities

Issue-ID: CLI-129

Change-Id: I441d7897c2e47b8eda13775d66327401656300ba
Signed-off-by: Kanagaraj Manickam k00365106 <kanagaraj.manickam@huawei.com>

diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java
index f01f9a2..2e63b03 100644 (file)
--- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java
+++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandArtifactStore.java
@@ -50,11 +50,7 @@ public class OnapCommandArtifactStore {
 
     private static boolean storeReady = false;
 
-    private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS", Locale.US);
-
-    static {
-        dateFormatter.setTimeZone(TimeZone.getTimeZone("UTC"));
-    }
+    private SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS", Locale.US);
 
     private static String SEPARATOR = "__";
 
@@ -138,7 +134,7 @@ public class OnapCommandArtifactStore {
     private static OnapCommandArtifactStore store = null;
 
     private OnapCommandArtifactStore() {
-
+        this.dateFormatter.setTimeZone(TimeZone.getTimeZone("UTC"));
     }
 
     public static OnapCommandArtifactStore getStore() {
@@ -222,7 +218,7 @@ public class OnapCommandArtifactStore {
 
         searchPattern += SEPARATOR;
 
-        if (category != null && !namePattern.isEmpty()) {
+        if (category != null && !category.isEmpty()) {
             searchPattern += category;
         } else {
             searchPattern += "*";

diff --git a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java
index 71cd245..4fc2508 100644 (file)
--- a/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java
+++ b/framework/src/main/java/org/onap/cli/fw/store/OnapCommandExecutionStore.java
@@ -43,11 +43,7 @@ public class OnapCommandExecutionStore {
 
     private static boolean storeReady = false;
 
-    private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS", Locale.US);
-
-    static {
-        dateFormatter.setTimeZone(TimeZone.getTimeZone("UTC"));
-    }
+    private SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS", Locale.US);
 
     private static String SEPARATOR = "__";
 
@@ -170,7 +166,7 @@ public class OnapCommandExecutionStore {
     private static OnapCommandExecutionStore store = null;
 
     private OnapCommandExecutionStore() {
-
+        this.dateFormatter.setTimeZone(TimeZone.getTimeZone("UTC"));
     }
 
     public static OnapCommandExecutionStore getStore() {
@@ -306,9 +302,7 @@ public class OnapCommandExecutionStore {
             for (String dir: dirs) {
                 list.add(this.makeExecution(dir));
             }
-        } catch (IOException e) {
-            throw new OnapCommandExecutionFailed(e, "Failed to search the executions");
-        } catch (InterruptedException e) {
+        } catch (Exception e) {
             throw new OnapCommandExecutionFailed(e, "Failed to search the executions");
         }
 

diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
index b373a91..9b89623 100644 (file)
--- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
@@ -144,23 +144,4 @@ public class ProcessRunner {
     public String getError() {
         return this.error;
     }
-
-    public static void main(String[] args) {
-        try {
-            ProcessRunner pr = new ProcessRunner("dir", null);
-            pr.run();
-            System.out.println(pr.getOutput());
-            System.out.println(pr.getError());
-            System.out.println(pr.getExitCode());
-
-            pr = new ProcessRunner(new String [] {"dir", "c:"}, null);
-            pr.run();
-            System.out.println(pr.getOutput());
-            System.out.println(pr.getError());
-            System.out.println(pr.getExitCode());
-
-        } catch (InterruptedException | IOException e) {
-            e.printStackTrace();
-        }
-    }
 }
\ No newline at end of file

diff --git a/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java b/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java
index 69b718d..df94d59 100644 (file)
--- a/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java
+++ b/framework/src/test/java/org/onap/cli/fw/utils/OnapCommandUtilsTest.java
@@ -144,13 +144,6 @@ public class OnapCommandUtilsTest {
         assertEquals("env:TEST_PROPERTY", replacedLine);
     }
 
-    @Test
-    public void replaceLineForSpecialValues_envVariable() {
-        String replacedLine = OnapCommandUtils.replaceLineForSpecialValues("$s{env:USER}");
-
-        assertEquals(System.getenv("USER"), replacedLine);
-    }
-
     @Test
     public void replaceLineForSpecialValues_multipleVariables() {
         String replacedLine = OnapCommandUtils.replaceLineForSpecialValues("$s{A} $s{B}");
@@ -485,6 +478,26 @@ public class OnapCommandUtilsTest {
         }
     }
 
+    @Test
+    public void testProcessRunner() {
+        try {
+            ProcessRunner pr = new ProcessRunner("dir", null);
+            pr.run();
+            System.out.println(pr.getOutput());
+            System.out.println(pr.getError());
+            System.out.println(pr.getExitCode());
+
+            pr = new ProcessRunner(new String [] {"dir", "c:"}, null);
+            pr.run();
+            System.out.println(pr.getOutput());
+            System.out.println(pr.getError());
+            System.out.println(pr.getExitCode());
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
     private void mockPrintMethodException() {
         new MockUp<OnapCommandResult>() {
             boolean isMock = true;

diff --git a/grpc/grpc-server/src/main/java/org/open/infc/grpc/server/OpenInterfaceGrpcServer.java b/grpc/grpc-server/src/main/java/org/open/infc/grpc/server/OpenInterfaceGrpcServer.java
index 45a6408..afbd768 100644 (file)
--- a/grpc/grpc-server/src/main/java/org/open/infc/grpc/server/OpenInterfaceGrpcServer.java
+++ b/grpc/grpc-server/src/main/java/org/open/infc/grpc/server/OpenInterfaceGrpcServer.java
@@ -208,7 +208,10 @@ public class OpenInterfaceGrpcServer {
                     Builder reply = Output.newBuilder();
                     reply.setSuccess(true);
                     reply.putAttrs(OnapCommandConstants.ERROR, "{}");
-                    reply.putAddons("execution-id", executionStoreContext.getExecutionId());
+
+                    if (executionStoreContext != null)
+                        reply.putAddons("execution-id", executionStoreContext.getExecutionId());
+
                     try {
                         reply.putAttrs(OnapCommandConstants.RESULTS, new ObjectMapper().readTree(printOut).toString());
                     } catch (IOException e) {

diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
index 69987d9..8e94db8 100644 (file)
--- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
+++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
@@ -138,7 +138,7 @@ public class OpenCommandShellCmd extends OnapCommand {
                 cwd);
         try {
             pr.run();
-        } catch (InterruptedException | IOException e) {
+        } catch (Exception e) {
             throw new OnapCommandExecutionFailed(this.getName(), e);
         }
 
@@ -251,21 +251,25 @@ public class OpenCommandShellCmd extends OnapCommand {
                         bodyProcessedLine += processedPattern.substring(currentIdx);
                         break;
                     }
-                    int idxE = idxS + 2; // %s
+
+                    int idxEnd = idxS + 2; // %s
+
                     try {
-                        Object value = values.get(positionalIdx);
-                        String valueS = String.valueOf(value);
-                        if (value instanceof JSONArray) {
-                            JSONArray arr = (JSONArray) value;
-                            if (!arr.isEmpty()) {
-                                valueS = arr.get(i).toString();
+                        Object val = values.get(positionalIdx);
+                        String valStr = String.valueOf(val);
+
+                        if (val instanceof JSONArray) {
+                            JSONArray aJson = (JSONArray) val;
+
+                            if (!aJson.isEmpty()) {
+                                valStr = aJson.get(i).toString();
                             } else {
                                 throw new OnapCommandResultEmpty();
                             }
                         }
 
-                        bodyProcessedLine += processedPattern.substring(currentIdx, idxS) + valueS;
-                        currentIdx = idxE;
+                        bodyProcessedLine += processedPattern.substring(currentIdx, idxS) + valStr;
+                        currentIdx = idxEnd;
                         positionalIdx++;
                     } catch (OnapCommandResultEmpty e) {
                         throw e;