Fixing sonar vulnerabilities in apex-pdp

Changed the Console class to use logger only for printing stack trace,
as the class is meant to be used for CLI usage.
Changed the CLIParser to use Console class for printing messages.
Changed the client-editor to be hosted on localhost by default, to follow
the same what others clients (deployment, monitoring & client full) are doing.

Change-Id: I6565b4b35a93b3708b926bfee04d79ead6b5346e
Issue-ID: POLICY-954
Signed-off-by: ramverma <ram.krishna.verma@ericsson.com>

diff --git a/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameterParser.java b/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameterParser.java
index 32ebfba..beb589d 100644 (file)
--- a/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameterParser.java
+++ b/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameterParser.java
@@ -55,9 +55,9 @@ public class ApexEditorParameterParser {
                 .desc("the amount of time in seconds that the server will run for before terminating. "
                         + "Default value is " + ApexEditorParameters.INFINITY_TIME_TO_LIVE + " to run indefinitely.")
                 .hasArg().argName("TIME_TO_LIVE").required(false).type(Number.class).build());
-        options.addOption(Option.builder("l").longOpt("listen").desc("the IP address to listen on.  Default value is "
-                + ApexEditorParameters.DEFAULT_SERVER_URI_ROOT + " "
-                + "to listen on all available addresses. Use value 'localhost' to restrict access to the local machine only.")
+        options.addOption(Option.builder("l").longOpt("listen")
+                .desc("the IP address to listen on.  Default value is " + ApexEditorParameters.DEFAULT_SERVER_URI_ROOT
+                        + " to restrict access to the local machine only.")
                 .hasArg().argName("ADDRESS").required(false).type(String.class).build());
     }
 

diff --git a/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameters.java b/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameters.java
index 16afcd1..e0a2cf7 100644 (file)
--- a/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameters.java
+++ b/client/client-editor/src/main/java/org/onap/policy/apex/client/editor/rest/ApexEditorParameters.java
@@ -37,8 +37,8 @@ public class ApexEditorParameters {
 
     // Base URI the HTTP server will listen on
     private static final String DEFAULT_SERVER_URI_PREFIX = "http://";
-    /** The server listens on all available interfaces/addresses. */
-    public static final String DEFAULT_SERVER_URI_ROOT = "0.0.0.0";
+    /** The server listens on localhost by default. */
+    public static final String DEFAULT_SERVER_URI_ROOT = "localhost";
     private static final String DEFAULT_REST_PATH = "/apexservices/";
     private static final String DEFAULT_STATIC_PATH = "/";
 

diff --git a/client/client-editor/src/test/java/org/onap/policy/apex/client/editor/rest/TestApexEditorStartup.java b/client/client-editor/src/test/java/org/onap/policy/apex/client/editor/rest/TestApexEditorStartup.java
index 0ae54e5..d61d43b 100644 (file)
--- a/client/client-editor/src/test/java/org/onap/policy/apex/client/editor/rest/TestApexEditorStartup.java
+++ b/client/client-editor/src/test/java/org/onap/policy/apex/client/editor/rest/TestApexEditorStartup.java
@@ -48,13 +48,13 @@ public class TestApexEditorStartup {
 
         final String outString = runEditor(args);
         assertTrue(outString.startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:18989/apexservices/, TTL=-1sec], "
-                + "State=READY) starting at http://0.0.0.0:18989/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:18989/apexservices/, TTL=-1sec], "
+                + "State=READY) starting at http://localhost:18989/apexservices/"));
         assertTrue(outString.contains("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:18989/apexservices/, TTL=-1sec], "
-                + "State=RUNNING) started at http://0.0.0.0:18989/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:18989/apexservices/, TTL=-1sec], "
+                + "State=RUNNING) started at http://localhost:18989/apexservices/"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").endsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:18989/apexservices/, TTL=-1sec], State=STOPPED) shut down "));
+                + "Config=[ApexEditorParameters: URI=http://localhost:18989/apexservices/, TTL=-1sec], State=STOPPED) shut down "));
     }
 
     /**
@@ -207,13 +207,13 @@ public class TestApexEditorStartup {
         final String outString = runEditor(args);
 
         assertTrue(outString.startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=-1sec], "
-                + "State=READY) starting at http://0.0.0.0:12321/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=-1sec], "
+                + "State=READY) starting at http://localhost:12321/apexservices/"));
         assertTrue(outString.contains("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=-1sec], "
-                + "State=RUNNING) started at http://0.0.0.0:12321/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=-1sec], "
+                + "State=RUNNING) started at http://localhost:12321/apexservices/"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").endsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=-1sec], State=STOPPED) shut down "));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=-1sec], State=STOPPED) shut down "));
     }
 
     /**
@@ -229,13 +229,13 @@ public class TestApexEditorStartup {
         final String outString = runEditor(args);
 
         assertTrue(outString.startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=-1sec], "
-                + "State=READY) starting at http://0.0.0.0:12321/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=-1sec], "
+                + "State=READY) starting at http://localhost:12321/apexservices/"));
         assertTrue(outString.contains("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=-1sec], "
-                + "State=RUNNING) started at http://0.0.0.0:12321/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=-1sec], "
+                + "State=RUNNING) started at http://localhost:12321/apexservices/"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").endsWith("(ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=-1sec], State=STOPPED) shut down "));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=-1sec], State=STOPPED) shut down "));
     }
 
 
@@ -274,7 +274,7 @@ public class TestApexEditorStartup {
         } catch (final Exception e) {
             assertTrue(e.getMessage()
                     .startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                            + "Config=[ApexEditorParameters: URI=http://0.0.0.0:0/apexservices/, TTL=-1sec], "
+                            + "Config=[ApexEditorParameters: URI=http://localhost:0/apexservices/, TTL=-1sec], "
                             + "State=STOPPED) parameters invalid, port must be between 1024 and 65535"));
         }
     }
@@ -295,7 +295,7 @@ public class TestApexEditorStartup {
         } catch (final Exception e) {
             assertTrue(e.getMessage()
                     .startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                            + "Config=[ApexEditorParameters: URI=http://0.0.0.0:1023/apexservices/, TTL=-1sec], "
+                            + "Config=[ApexEditorParameters: URI=http://localhost:1023/apexservices/, TTL=-1sec], "
                             + "State=STOPPED) parameters invalid, port must be between 1024 and 65535"));
         }
     }
@@ -316,7 +316,7 @@ public class TestApexEditorStartup {
         } catch (final Exception e) {
             assertTrue(e.getMessage()
                     .startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                            + "Config=[ApexEditorParameters: URI=http://0.0.0.0:65536/apexservices/, TTL=-1sec], "
+                            + "Config=[ApexEditorParameters: URI=http://localhost:65536/apexservices/, TTL=-1sec], "
                             + "State=STOPPED) parameters invalid, port must be between 1024 and 65535"));
         }
     }
@@ -334,12 +334,12 @@ public class TestApexEditorStartup {
         final String outString = runEditor(args);
 
         assertTrue(outString.startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:18989/apexservices/, TTL=10sec], "
-                + "State=READY) starting at http://0.0.0.0:18989/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:18989/apexservices/, TTL=10sec], "
+                + "State=READY) starting at http://localhost:18989/apexservices/"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").contains("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:18989/apexservices/, TTL=10sec], State=RUNNING) started"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:18989/apexservices/, TTL=10sec], State=RUNNING) started"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").endsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:18989/apexservices/, TTL=10sec], State=STOPPED) shut down "));
+                + "Config=[ApexEditorParameters: URI=http://localhost:18989/apexservices/, TTL=10sec], State=STOPPED) shut down "));
     }
 
     /**
@@ -376,12 +376,12 @@ public class TestApexEditorStartup {
         final String outString = runEditor(args);
 
         assertTrue(outString.startsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=10sec], "
-                + "State=READY) starting at http://0.0.0.0:12321/apexservices/"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=10sec], "
+                + "State=READY) starting at http://localhost:12321/apexservices/"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").contains("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=10sec], State=RUNNING) started"));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=10sec], State=RUNNING) started"));
         assertTrue(outString.replaceAll("[\\r?\\n]+", " ").endsWith("Apex Editor REST endpoint (ApexEditorMain: "
-                + "Config=[ApexEditorParameters: URI=http://0.0.0.0:12321/apexservices/, TTL=10sec], State=STOPPED) shut down "));
+                + "Config=[ApexEditorParameters: URI=http://localhost:12321/apexservices/, TTL=10sec], State=STOPPED) shut down "));
     }
 
 

diff --git a/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/CliParser.java b/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/CliParser.java
index 588abfc..31692dc 100644 (file)
--- a/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/CliParser.java
+++ b/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/CliParser.java
@@ -81,8 +81,8 @@ public class CliParser {
         try {
             cmd = parser.parse(options, args);
         } catch (final ParseException ex) {
-            System.err.println("Parsing failed.  Reason: " + ex.getMessage());
-            ex.printStackTrace();
+            Console.CONSOLE.error("Parsing failed, see reason and cause below");
+            Console.CONSOLE.stacktrace(ex);
         }
         return cmd;
     }

diff --git a/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/Console.java b/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/Console.java
index 5713331..d76caa3 100644 (file)
--- a/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/Console.java
+++ b/tools/tools-common/src/main/java/org/onap/policy/apex/tools/common/Console.java
@@ -25,6 +25,7 @@ import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StrBuilder;
+import org.slf4j.ext.XLoggerFactory;
 import org.slf4j.helpers.MessageFormatter;
 
 /**
@@ -326,12 +327,12 @@ public final class Console {
             if (appName != null) {
                 System.err.print(appName + ": ");
             }
-            System.err.println("exception stack trace: ");
-            System.err.println(" - message: " + exception.getMessage());
+            System.err.println(" exception message: " + exception.getMessage());
             if (exception.getCause() != null) {
-                System.err.println(" - cause: " + exception.getCause());
+                System.err.println(" exception cause: " + exception.getCause());
             }
-            exception.printStackTrace();
+            System.err.println("for exception stack trace, please refer logs.");
+            XLoggerFactory.getXLogger(Console.class).error("stacktrace", exception);
         }
     }