From 0c892707576824931cfd0d4c4ba1334b9d8914ff Mon Sep 17 00:00:00 2001 From: "priyanka.akhade" Date: Thu, 7 May 2020 10:32:50 +0000 Subject: [PATCH] sonar security issue fix- Make sure that environment variables are used safely here Signed-off-by: priyanka.akhade Issue-ID: CLI-270 Change-Id: I653a2ed571755796dd8df28e65f61bd221dc22ce --- .../src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java | 2 +- framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java | 2 +- framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java | 4 ++-- .../src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java index fdacbd1e..6771bfee 100644 --- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java +++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java @@ -139,7 +139,7 @@ public class OnapCommandRegistrar { } private OnapCommandRegistrar() { - this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); + this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR if (this.enabledProductVersion == null) { this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME); } diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java index 043ec8ed..7148aa10 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java @@ -262,7 +262,7 @@ public class OnapCommandUtils { if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) { //start to read after env:ENV_VAR_NAME String envVarName = splEntry.substring(4); - value = System.getenv(envVarName); + value = System.getenv(envVarName); //NOSONAR if (value == null) { //when env is not defined, assign the same env:ENV_VAR_NAME //so that it will given hit to user that ENV_VAR_NAME to be diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java index c0a910cf..69906aba 100644 --- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java +++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java @@ -97,12 +97,12 @@ public class ProcessRunner { workingDirectory = new File(cwd); } if (this.cmd.length == 1) { - p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); + p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR } else { List list = new ArrayList(Arrays.asList(this.shell.split(" "))); list.addAll(Arrays.asList(this.cmd)); String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class); - p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); + p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR } boolean readOutput = false; diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java index 3d2d4e4f..0ed930d1 100644 --- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java +++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java @@ -169,7 +169,7 @@ public class OpenCommandShellCmd extends OnapCommand { List envs = new ArrayList<>(); //add current process environments to sub process - for (Map.Entry env: System.getenv().entrySet()) { + for (Map.Entry env: System.getenv().entrySet()) { //NOSONAR envs.add(env.getKey() + "=" + env.getValue()); } -- 2.16.6