From: akshay.khairnar@t-systems.com Date: Tue, 16 Sep 2025 09:14:54 +0000 (+0200) Subject: Sonarqube bugs and security hotspot fixes for A&AI component aai-resources X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=bca17fa7f18a5ec3e38f3b5389de36ce31d084b3;p=aai%2Fresources.git Sonarqube bugs and security hotspot fixes for A&AI component aai-resources Issue-ID: AAI-4185 Change-Id: Iade776e342dc63a7eb1197714d6bc65e17d89466 Signed-off-by: akshay.khairnar@t-systems.com --- diff --git a/aai-resources/src/main/java/org/onap/aai/interceptors/pre/AuthInterceptor.java b/aai-resources/src/main/java/org/onap/aai/interceptors/pre/AuthInterceptor.java index a81002a0..63366ddc 100644 --- a/aai-resources/src/main/java/org/onap/aai/interceptors/pre/AuthInterceptor.java +++ b/aai-resources/src/main/java/org/onap/aai/interceptors/pre/AuthInterceptor.java @@ -48,15 +48,15 @@ import lombok.RequiredArgsConstructor; @Priority(AAIRequestFilterPriority.AUTHORIZATION) public class AuthInterceptor extends AAIContainerFilter implements ContainerRequestFilter { - private static final Pattern PATTERN_ECHO = Pattern.compile("^.*/util/echo$"); - private static final Pattern PATTERN_ACTUATOR = Pattern.compile("^.*/actuator/.*$"); + private static final String ECHO_SEGMENT = "/util/echo"; + private static final String ACTUATOR_SEGMENT = "/actuator/"; private static final AAIException AAI_EXCEPTION = new AAIException("AAI_3300"); private final AuthorizationService authorizationService; @Override public void filter(ContainerRequestContext requestContext) throws IOException { String path = requestContext.getUriInfo().getRequestUri().getPath(); - if (PATTERN_ECHO.matcher(path).matches() || PATTERN_ACTUATOR.matcher(path).matches()) { + if (path.endsWith(ECHO_SEGMENT) || path.contains(ACTUATOR_SEGMENT)) { return; } diff --git a/aai-resources/src/main/java/org/onap/aai/interceptors/pre/VersionInterceptor.java b/aai-resources/src/main/java/org/onap/aai/interceptors/pre/VersionInterceptor.java index cdada62c..63443d3c 100644 --- a/aai-resources/src/main/java/org/onap/aai/interceptors/pre/VersionInterceptor.java +++ b/aai-resources/src/main/java/org/onap/aai/interceptors/pre/VersionInterceptor.java @@ -43,7 +43,7 @@ import org.springframework.beans.factory.annotation.Autowired; @Priority(AAIRequestFilterPriority.VERSION) public class VersionInterceptor extends AAIContainerFilter implements ContainerRequestFilter { - public static final Pattern EXTRACT_VERSION_PATTERN = Pattern.compile("^(v[1-9][0-9]*).*$"); + public static final Pattern EXTRACT_VERSION_PATTERN = Pattern.compile("^(v[1-9][0-9]*)(?>.{0,2048})$"); private final Set allowedVersions; diff --git a/aai-resources/src/main/java/org/onap/aai/rest/BulkConsumer.java b/aai-resources/src/main/java/org/onap/aai/rest/BulkConsumer.java index 3f99e7e1..2b89697a 100644 --- a/aai-resources/src/main/java/org/onap/aai/rest/BulkConsumer.java +++ b/aai-resources/src/main/java/org/onap/aai/rest/BulkConsumer.java @@ -353,8 +353,8 @@ public abstract class BulkConsumer extends RESTAPI { UriComponents uriComponents = UriComponentsBuilder.fromUriString(itemURIfield.getAsString()).build(); - if (uriComponents.getPath() != null - && uriComponents.getPath().endsWith("/relationship-list/relationship")) { + String path = uriComponents.getPath(); + if (path != null && path.endsWith("/relationship-list/relationship")) { if (method.equals(HttpMethod.PUT)) { bulkOperation.setHttpMethod(HttpMethod.PUT_EDGE); } else if (method.equals(HttpMethod.DELETE)) { diff --git a/aai-resources/src/main/java/org/onap/aai/tenantisolation/DataImportTasks.java b/aai-resources/src/main/java/org/onap/aai/tenantisolation/DataImportTasks.java index ede04b73..74f3f0e2 100644 --- a/aai-resources/src/main/java/org/onap/aai/tenantisolation/DataImportTasks.java +++ b/aai-resources/src/main/java/org/onap/aai/tenantisolation/DataImportTasks.java @@ -110,8 +110,9 @@ public class DataImportTasks { } // clean up - payloadFile.delete(); - + if (!payloadFile.delete()) { + log.warn("Failed to delete payload file: {}", payloadFile.getAbsolutePath()); + } } /** @@ -125,17 +126,22 @@ public class DataImportTasks { int count = 0; try { - process = new ProcessBuilder().command("bash", "-c", "ps -ef | grep 'addManualData'").start(); + process = new ProcessBuilder().command("/bin/bash", "-c", "ps -ef | grep 'addManualData'").start(); InputStream is = process.getInputStream(); InputStreamReader isr = new InputStreamReader(is); BufferedReader br = new BufferedReader(isr); - while (br.readLine() != null) { + String line; + while ((line = br.readLine()) != null) { count++; } int exitVal = process.waitFor(); log.info("Check if dataImport is running returned: " + exitVal); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + log.warn("Thread interrupted while checking if dataImport is running", ie); + return false; } catch (Exception e) { ErrorLogHelper.logError("AAI_8002", "Exception while running the check to see if dataImport is running " + e.getMessage()); @@ -172,8 +178,11 @@ public class DataImportTasks { if (!foundTheLatestPayload && isTargzExtension(f.getAbsolutePath())) { payloadFile = f; foundTheLatestPayload = true; - } else // delete all files except the latest payload file! - f.delete(); + } else { + if (!f.delete()) { + log.warn("Failed to delete old payload file: {}", f.getAbsolutePath()); + } + } } } else { if (isTargzExtension(allFilesArr[0].getAbsolutePath())) @@ -219,9 +228,13 @@ public class DataImportTasks { try { process = - new ProcessBuilder().command("bash", "-c", "gzip –d < " + payLoadFileName + " | tar xf -").start(); + new ProcessBuilder().command("/bin/bash", "-c", "gzip –d < " + payLoadFileName + " | tar xf -").start(); int exitVal = process.waitFor(); log.info("gzip -d returned: " + exitVal); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + log.warn("Thread interrupted while running the unzip {}", payLoadFileName, ie); + return false; } catch (Exception e) { ErrorLogHelper.logError("AAI_8002", "Exception while running the unzip " + e.getMessage()); log.info("Exception while running the unzip " + e.getMessage()); @@ -265,6 +278,9 @@ public class DataImportTasks { process = new ProcessBuilder().command(script).start(); int exitVal = process.waitFor(); log.info("addManualData.sh returned: " + exitVal); + } catch (InterruptedException ie) { + Thread.currentThread().interrupt(); + log.warn("Thread interrupted while running addManualData.sh", ie); } catch (Exception e) { ErrorLogHelper.logError("AAI_8002", "Exception while running addManualData.sh " + e.getMessage()); log.info("Exception while running addManualData.sh" + e.getMessage());