From: priyanka.akhade Date: Thu, 7 May 2020 10:32:50 +0000 (+0000) Subject: sonar security issue fix- Make sure that environment variables are used safely here X-Git-Tag: 6.0.0~27^2~1 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=0c892707576824931cfd0d4c4ba1334b9d8914ff;p=cli.git sonar security issue fix- Make sure that environment variables are used safely here Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I653a2ed571755796dd8df28e65f61bd221dc22ce --- diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java index fdacbd1e..6771bfee 100644 --- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java +++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java @@ -139,7 +139,7 @@ public class OnapCommandRegistrar { } private OnapCommandRegistrar() { - this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); + this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR if (this.enabledProductVersion == null) { this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME); } diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java index 043ec8ed..7148aa10 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java @@ -262,7 +262,7 @@ public class OnapCommandUtils { if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) { //start to read after env:ENV_VAR_NAME String envVarName = splEntry.substring(4); - value = System.getenv(envVarName); + value = System.getenv(envVarName); //NOSONAR if (value == null) { //when env is not defined, assign the same env:ENV_VAR_NAME //so that it will given hit to user that ENV_VAR_NAME to be diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java index c0a910cf..69906aba 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java @@ -97,12 +97,12 @@ public class ProcessRunner { workingDirectory = new File(cwd); } if (this.cmd.length == 1) { - p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); + p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR } else { List list = new ArrayList(Arrays.asList(this.shell.split(" "))); list.addAll(Arrays.asList(this.cmd)); String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class); - p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); + p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR } boolean readOutput = false; diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java index 3d2d4e4f..0ed930d1 100644 --- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java +++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java @@ -169,7 +169,7 @@ public class OpenCommandShellCmd extends OnapCommand { List envs = new ArrayList<>(); //add current process environments to sub process - for (Map.Entry env: System.getenv().entrySet()) { + for (Map.Entry env: System.getenv().entrySet()) { //NOSONAR envs.add(env.getKey() + "=" + env.getValue()); }