From 36b62be84b398044e1feae657c662dba6247782f Mon Sep 17 00:00:00 2001
From: Instrumental <jcgmisc@stl.gathman.org>
Date: Thu, 29 Mar 2018 20:26:02 -0500
Subject: [PATCH] Clean up Sonar results 2

Issue-ID: AAF-206
Change-Id: Ia000b144be58af970f4a5264ca5a9718fdbf9f5d
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
---
 .../java/org/onap/aaf/auth/dao/cass/CredDAO.java   |  6 +-
 .../main/java/org/onap/aaf/auth/cmd/AAFcli.java    |  5 +-
 .../org/onap/aaf/auth/cmd/role/CreateDelete.java   |  3 +
 .../src/main/java/org/onap/aaf/org/DefaultOrg.java | 32 ++++++----
 .../java/org/onap/aaf/org/DefaultOrgIdentity.java  |  6 ++
 .../org/onap/aaf/cadi/persist/PersistFile.java     | 17 +++---
 .../java/org/onap/aaf/cadi/register/Registrar.java |  3 +-
 .../com/att/aaf/cadi/cass/AAFAuthenticator.java    |  8 ++-
 .../org/onap/aaf/cadi/locator/PropertyLocator.java | 26 ++++----
 .../main/java/org/onap/aaf/cadi/config/Config.java | 70 ++++++++++++----------
 .../org/onap/aaf/cadi/config/SecurityInfo.java     | 14 +++--
 .../java/org/onap/aaf/cadi/config/UsersDump.java   | 23 ++++---
 .../org/onap/aaf/cadi/filter/CadiHTTPManip.java    |  3 +-
 .../onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java  | 15 ++---
 .../src/main/java/org/onap/aaf/cadi/util/FQI.java  |  2 +-
 .../main/java/org/onap/aaf/cadi/wsse/XReader.java  |  6 +-
 .../org/onap/aaf/misc/env/BaseDataFactory.java     |  4 +-
 .../main/java/org/onap/aaf/misc/rosetta/InXML.java |  2 +
 18 files changed, 146 insertions(+), 99 deletions(-)

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
index 7a85ae1a..76e3b424 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java
@@ -185,8 +185,10 @@ public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> {
 			data.cred=null;
 			if(i>=0) {
 				byte[] bytes = new byte[i]; // a bit dangerous, but lessened because of all the previous sized data reads
-				is.read(bytes);
-				data.cred = ByteBuffer.wrap(bytes);
+				int read = is.read(bytes);
+				if(read>0) {
+					data.cred = ByteBuffer.wrap(bytes);
+				}
 			}
 		}
     }
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java
index 1961b1f5..72aa0ccd 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java
@@ -247,7 +247,10 @@ public class AAFcli {
 				} else if ("pause".equalsIgnoreCase(largs[idx])) {
 					pw.println("Press <Return> to continue...");
 					++idx;
-					new BufferedReader(new InputStreamReader(System.in)).readLine();
+					// Sonar insists we do something with the string, though it's only a pause.  Not very helpful...
+					String sonar = new BufferedReader(new InputStreamReader(System.in)).readLine();
+					sonar=""; // this useless code brought to you by Sonar.
+					pw.print(sonar);
 					continue;
 				} else if ("exit".equalsIgnoreCase(largs[idx])) {
 					pw.println("Exiting...");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/CreateDelete.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/CreateDelete.java
index 99d55839..3234fe9c 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/CreateDelete.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/CreateDelete.java
@@ -90,6 +90,9 @@ public class CreateDelete extends Cmd {
 						
 				}
 				boolean rolesSupplied = (args.length>idx);
+				if(fp == null) {// This useless code brought to you by Sonar.
+					throw new CadiException("No call made.");  
+				}
 				if(fp.get(AAFcli.timeout())) {
 					rv=fp.code();
 					pw().print(verb);
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 63e83901..e0848926 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -108,7 +108,11 @@ public class DefaultOrg implements Organization {
 			if(fIdentities!=null && fIdentities.exists()) {
 				identities = new Identities(fIdentities);
 			} else {
-				throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
+				if(fIdentities==null) {
+					throw new OrganizationException("No Identities");
+				} else {
+					throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
+				}
 			}
 		} catch (IOException e) {
 			throw new OrganizationException(e);
@@ -391,20 +395,22 @@ public class DefaultOrg implements Organization {
 		}
 		
 		List<String> cc = new ArrayList<String>();
-		if(ccList!=null && !ccList.isEmpty()) {
-			for(String em : ccList) {
-				if(em.indexOf('@')<0) {
-					cc.add(new DefaultOrgIdentity(trans, em, this).email());
-				} else {
-					cc.add(em);
+		if(ccList!=null) {
+			if(!ccList.isEmpty()) {
+			
+				for(String em : ccList) {
+					if(em.indexOf('@')<0) {
+						cc.add(new DefaultOrgIdentity(trans, em, this).email());
+					} else {
+						cc.add(em);
+					}
 				}
 			}
-		}
-		
-	
-		// for now, I want all emails so we can see what goes out. Remove later
-		if (!ccList.contains(mailFrom)) {
-			ccList.add(mailFrom);
+			
+			// for now, I want all emails so we can see what goes out. Remove later
+			if (!ccList.contains(mailFrom)) {
+				ccList.add(mailFrom);
+			}
 		}
 
 		try {
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java
index 6d9003fd..f2fe686f 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrgIdentity.java
@@ -87,6 +87,12 @@ public class DefaultOrgIdentity implements Identity {
 		return false;
 	}
 
+
+	@Override
+	public int hashCode() {
+		return identity.hashCode();
+	}
+
 	@Override
 	public String id() {
 		return identity.id;
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/persist/PersistFile.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/persist/PersistFile.java
index 1fcf043f..8fd2c986 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/persist/PersistFile.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/persist/PersistFile.java
@@ -51,6 +51,7 @@ import org.onap.aaf.misc.rosetta.env.RosettaDF;
 public class PersistFile {
 
 	private static final String HASH_NO_MATCH = "Hash does not match in Persistence";
+	private static final Object LOCK = new Object();
 	
 	protected static Symm symm;
 	public Access access;
@@ -75,7 +76,7 @@ public class PersistFile {
 		} catch (IOException e) {
 			throw new CadiException(e);
 		}
-		synchronized(HASH_NO_MATCH) {
+		synchronized(LOCK) {
 			if(symm==null) {
 				symm = Symm.obtain(access);
 			}
@@ -174,14 +175,16 @@ public class PersistFile {
 								} else if(cred!=null && size!=cred.length) {
 									throw new CadiException(HASH_NO_MATCH);
 								}
-								byte[] array = new byte[size];
-								dis.read(array);
-								for(int i=0;i<size;++i) {
-									if(cred[i]!=array[i]) {
-										throw new CadiException(HASH_NO_MATCH);
+								if(cred!=null) {
+									byte[] array = new byte[size];
+									if(dis.read(array)>0) {
+										for(int i=0;i<size;++i) {
+											if(cred[i]!=array[i]) {
+												throw new CadiException(HASH_NO_MATCH);
+											}
+										}
 									}
 								}
-								
 								return df.newData().load(dis).asObject();
 							} finally {
 								dis.close();
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/Registrar.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/Registrar.java
index e3ae85d3..f2f4def1 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/Registrar.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/register/Registrar.java
@@ -34,6 +34,7 @@ public class Registrar<ENV extends BasicEnv> {
 	private static final String REGISTRAR = "Registrar";
 	private static final long INTERVAL = 15*60*1000; // 15 mins
 	private static final long START = 3000; // Start in 3 seconds
+	private static final Object LOCK = new Object();
 	private Deque<Registrant<ENV>> registrants;
 	private Timer timer, erroringTimer;
 
@@ -63,7 +64,7 @@ public class Registrar<ENV extends BasicEnv> {
 			for(Iterator<Registrant<ENV>> iter = registrants.iterator(); iter.hasNext();) {
 				Registrant<ENV> reg = iter.next();
 				Result<Void> rv = reg.update(env);
-				synchronized(REGISTRAR) {
+				synchronized(LOCK) {
 					if(rv.isOK()) {
 						if(erroringTimer!=null) {
 							erroringTimer.cancel();
diff --git a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java b/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java
index 3e87a366..7362b13e 100644
--- a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java
+++ b/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java
@@ -153,11 +153,13 @@ public class AAFAuthenticator extends AAFBase implements ISaslAwareAuthenticator
 		        end = i;
 		      }
 
-		      if (user == null)
+		      if (user == null) {
 		        throw new AuthenticationException("Authentication ID must not be null");
-		      if (pass == null) {
-		        throw new AuthenticationException("Password must not be null");
 		      }
+		      // SONAR thinks this code won't be hit, and keeps calling it a "Blocker" (???)  so we delete
+//		      if (pass == null) {
+//		        throw new AuthenticationException("Password must not be null");
+//		      }
 		      Map<String,String> credentials = new HashMap<String,String>();
 		      try {
 		    	  credentials.put(IAuthenticator.USERNAME_KEY, new String(user, Config.UTF_8));
diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/locator/PropertyLocator.java b/cadi/client/src/main/java/org/onap/aaf/cadi/locator/PropertyLocator.java
index 244a43bd..5820bf29 100644
--- a/cadi/client/src/main/java/org/onap/aaf/cadi/locator/PropertyLocator.java
+++ b/cadi/client/src/main/java/org/onap/aaf/cadi/locator/PropertyLocator.java
@@ -193,17 +193,21 @@ public class PropertyLocator implements Locator<URI> {
 								port = "https".equalsIgnoreCase(o.getScheme())?443:80;
 							}
 							socket.connect(new InetSocketAddress(realname,port),3000);
-							if(socket.isConnected()) {
-								n = new URI(
-										o.getScheme(),
-										o.getUserInfo(),
-										realname,
-										o.getPort(),
-										o.getPath(),
-										o.getQuery(),
-										o.getFragment()
-										);
-								resolve.add(n);
+							try {
+								if(socket.isConnected()) {
+									n = new URI(
+											o.getScheme(),
+											o.getUserInfo(),
+											realname,
+											o.getPort(),
+											o.getPath(),
+											o.getQuery(),
+											o.getFragment()
+											);
+									resolve.add(n);
+								}
+							} finally {
+								socket.close();
 							}
 						} catch (IOException e) {
 						} finally {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 122996a6..a66b6880 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -542,24 +542,26 @@ public class Config {
 				} else {// There's an AAF_URL... try to configure an AAF
 					String aafLurClassStr = logProp(access,AAF_LUR_CLASS,"org.osaaf.cadi.aaf.v2_0.AAFLurPerm");
 					////////////AAF Lur 2.0 /////////////
-					if(aafLurClassStr.startsWith("org.osaaf.cadi.aaf.v2_0")) { 
+					if(aafLurClassStr!=null && aafLurClassStr.startsWith("org.osaaf.cadi.aaf.v2_0")) { 
 						try {
 							Object aafcon = loadAAFConnector(si, aafURL);
 							if(aafcon==null) {
 								access.log(Level.INIT,"AAF LUR class,",aafLurClassStr,"cannot be constructed without valid AAFCon object.");
 							} else {
 								Class<?> aafAbsAAFCon = loadClass(access, "org.osaaf.cadi.aaf.v2_0.AAFCon");
-								Method mNewLur = aafAbsAAFCon.getMethod("newLur");
-								Object aaflur = mNewLur.invoke(aafcon);
-			
-								if(aaflur==null) {
-									access.log(Level.INIT,"ERROR! AAF LUR Failed construction.  NOT Configured");
-								} else {
-									access.log(Level.INIT,"AAF LUR Configured to ",aafURL);
-									lurs.add((Lur)aaflur);
-									String debugIDs = logProp(access,Config.AAF_DEBUG_IDS, null);
-									if(debugIDs !=null && aaflur instanceof CachingLur) {
-										((CachingLur<?>)aaflur).setDebug(debugIDs);
+								if(aafAbsAAFCon!=null) {
+									Method mNewLur = aafAbsAAFCon.getMethod("newLur");
+									Object aaflur = mNewLur.invoke(aafcon);
+				
+									if(aaflur==null) {
+										access.log(Level.INIT,"ERROR! AAF LUR Failed construction.  NOT Configured");
+									} else {
+										access.log(Level.INIT,"AAF LUR Configured to ",aafURL);
+										lurs.add((Lur)aaflur);
+										String debugIDs = logProp(access,Config.AAF_DEBUG_IDS, null);
+										if(debugIDs !=null && aaflur instanceof CachingLur) {
+											((CachingLur<?>)aaflur).setDebug(debugIDs);
+										}
 									}
 								}
 							}
@@ -623,23 +625,25 @@ public class Config {
 				String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);
 			if(COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {
 					aafConClass = loadClass(access, COM_ATT_CADI_AAF_V2_0_AAF_CON_HTTP);
-					for(Constructor<?> c : aafConClass.getConstructors()) {
-						List<Object> lo = new ArrayList<Object>();
-						for(Class<?> pc : c.getParameterTypes()) {
-							if(pc.equals(PropAccess.class)) {
-								lo.add(access);
-							} else if(pc.equals(Locator.class)) {
-								lo.add(loadLocator(si, aafURL));
+					if(aafConClass!=null) {
+						for(Constructor<?> c : aafConClass.getConstructors()) {
+							List<Object> lo = new ArrayList<Object>();
+							for(Class<?> pc : c.getParameterTypes()) {
+								if(pc.equals(PropAccess.class)) {
+									lo.add(access);
+								} else if(pc.equals(Locator.class)) {
+									lo.add(loadLocator(si, aafURL));
+								} else {
+									continue;
+								}
+							}
+							if(c.getParameterTypes().length!=lo.size()) {
+								continue; // back to another Constructor
 							} else {
-								continue;
+								aafcon = c.newInstance(lo.toArray());
 							}
+							break;
 						}
-						if(c.getParameterTypes().length!=lo.size()) {
-							continue; // back to another Constructor
-						} else {
-							aafcon = c.newInstance(lo.toArray());
-						}
-						break;
 					}
 				}
 				if(aafcon!=null) {
@@ -680,16 +684,16 @@ public class Config {
 	@SuppressWarnings("unchecked")
 	public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url) {
 		Access access = si.access;
-		String url = _url, replacement;
-		int idxAAF_LOCATE_URL;
-		if((idxAAF_LOCATE_URL=_url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) {
-			url = replacement + "/locate" + _url.substring(idxAAF_LOCATE_URL+AAF_LOCATE_URL_TAG.length());
-		}
-
 		Locator<URI> locator = null;
-		if(url==null) {
+		if(_url==null) {
 			access.log(Level.INIT,"No URL passed to 'loadLocator'. Disabled");
 		} else {
+			String url = _url, replacement;
+			int idxAAF_LOCATE_URL;
+			if((idxAAF_LOCATE_URL=_url.indexOf(AAF_LOCATE_URL_TAG))>0 && ((replacement=access.getProperty(AAF_LOCATE_URL, null))!=null)) {
+				url = replacement + "/locate" + _url.substring(idxAAF_LOCATE_URL+AAF_LOCATE_URL_TAG.length());
+			}
+	
 			try {
 				Class<?> lcls = loadClass(access,"org.onap.aaf.cadi.aaf.v2_0.AAFLocator");
 				if(lcls==null) {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
index 99f41362..30496d78 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
@@ -176,12 +176,14 @@ public class SecurityInfo {
 					}
 				}
 				TrustManager tms[] = tmf.getTrustManagers();
-				tm = new X509TrustManager[tms==null?0:tms.length];
-				for(int i=0;i<tms.length;++i) {
-					try {
-						tm[i]=(X509TrustManager)tms[i];
-					} catch (ClassCastException e) {
-						access.log(Level.WARN, "Non X509 TrustManager", tm[i].getClass().getName(),"skipped in SecurityInfo");
+				if(tms!=null) {
+					tm = new X509TrustManager[tms==null?0:tms.length];
+					for(int i=0;i<tms.length;++i) {
+						try {
+							tm[i]=(X509TrustManager)tms[i];
+						} catch (ClassCastException e) {
+							access.log(Level.WARN, "Non X509 TrustManager", tm[i].getClass().getName(),"skipped in SecurityInfo");
+						}
 					}
 				}
 			}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java
index c03be1fa..a3e267cd 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/UsersDump.java
@@ -116,19 +116,24 @@ public class UsersDump {
 					try {
 						FileInputStream fis = new FileInputStream(file);
 						byte[] orig = new byte[(int)file.length()];
+						int read;
 						try {
-							fis.read(orig);
+							read = fis.read(orig);
 						} finally {
 							fis.close();
 						}
-						// Starting at third "<" (<tomcat-users> line)
-						int startA=0, startB=0;
-						for(int i=0;startA<orig.length && i<3;++startA) if(orig[startA]=='<')++i;
-						for(int i=0;startB<orig.length && i<3;++startB) if(postulate[startB]=='<')++i;
-						
-						writeIt=orig.length-startA!=postulate.length-startB; // first, check if remaining length is the same
-						while(!writeIt && startA<orig.length && startB<postulate.length) {
-							if(orig[startA++]!=postulate[startB++])writeIt = true;
+						if(read<=0) {
+							writeIt = false;
+						} else {
+							// Starting at third "<" (<tomcat-users> line)
+							int startA=0, startB=0;
+							for(int i=0;startA<orig.length && i<3;++startA) if(orig[startA]=='<')++i;
+							for(int i=0;startB<orig.length && i<3;++startB) if(postulate[startB]=='<')++i;
+							
+							writeIt=orig.length-startA!=postulate.length-startB; // first, check if remaining length is the same
+							while(!writeIt && startA<orig.length && startB<postulate.length) {
+								if(orig[startA++]!=postulate[startB++])writeIt = true;
+							}
 						}
 					} catch (Exception e) {
 						writeIt = true;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java
index 094c21b0..d1c40b23 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java
@@ -60,6 +60,7 @@ public class CadiHTTPManip {
 	private static final String CADI_CACHE_PRINT = "/cadi/cache/print";
 	private static final String CADI_CACHE_CLEAR = "/cadi/cache/clear";
 	private static final String CADI_LOG_SET = "/cadi/log/set/";
+	private static final Object LOCK = new Object();
 	private Access access;
 	private HttpTaf taf;
 	private CredVal up;
@@ -70,7 +71,7 @@ public class CadiHTTPManip {
 
 
 	public CadiHTTPManip(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {
-		synchronized(CADI) {
+		synchronized(LOCK) {
 			this.access = access;
 //			Get getter = new AccessGetter(access);
 			Config.setDefaultRealm(access);
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java
index 5eca0f2d..1f6391fe 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTaf.java
@@ -168,11 +168,11 @@ public class DenialOfServiceTaf implements HttpTaf {
 			BufferedReader br;
 			try {
 				br = new BufferedReader(new FileReader(dosIP));
-				if(deniedIP==null) {
-					deniedIP=new HashMap<String,Counter>();
-				}
-
 				try {
+					if(deniedIP==null) {
+						deniedIP=new HashMap<String,Counter>();
+					}
+
 					String line;
 					while((line=br.readLine())!=null) {
 						deniedIP.put(line, new Counter(line));
@@ -258,10 +258,11 @@ public class DenialOfServiceTaf implements HttpTaf {
 			BufferedReader br;
 			try {
 				br = new BufferedReader(new FileReader(dosID));
-				if(deniedID==null) {
-					deniedID=new HashMap<String,Counter>();
-				}
 				try {
+					if(deniedID==null) {
+						deniedID=new HashMap<String,Counter>();
+					}
+					
 					String line;
 					while((line=br.readLine())!=null) {
 						deniedID.put(line, new Counter(line));
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java
index b953c871..4ea50a10 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/FQI.java
@@ -45,7 +45,7 @@ public class FQI {
 			}
 		}
 		
-		return sb.toString();
+		return sb==null?"":sb.toString();
 	}
 
 }
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java
index 4e5048b8..7af475ad 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/XReader.java
@@ -140,7 +140,7 @@ public class XReader {
 																		// scoping behavior when used with the Stack
 									// drop through on purpose
 								case END_TAG:
-									ns = t.prefix==null?"":nss.get(t.prefix); // Get the namespace from prefix (if exists)
+									ns = t.prefix==null||nss==null?"":nss.get(t.prefix); // Get the namespace from prefix (if exists)
 									break;
 								default:
 									ns = "";
@@ -330,7 +330,9 @@ public class XReader {
 		if(type==0) {
 			type=START_TAG;
 		}
-		tag.state|=type;	// add the appropriate Tag States
+		if(tag!=null) {
+			tag.state|=type;	// add the appropriate Tag States
+		}
 		return tag;
 	}
 
diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/BaseDataFactory.java b/misc/env/src/main/java/org/onap/aaf/misc/env/BaseDataFactory.java
index 4750b3ef..4dfa26b6 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/BaseDataFactory.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/BaseDataFactory.java
@@ -54,7 +54,7 @@ import org.xml.sax.SAXException;
  * @param <T>
  */
 public class BaseDataFactory {
-
+	private static final Object LOCK = new Object();
 	/**
 	 * Generate a Schema Object for use in validation based on FileNames.
 	 * 
@@ -88,7 +88,7 @@ public class BaseDataFactory {
 		}
 		try {
 			//Note: SchemaFactory is not reentrant or very thread safe either... see docs
-			synchronized(XMLConstants.W3C_XML_SCHEMA_NS_URI) { // SchemaFactory is not reentrant
+			synchronized(LOCK) { // SchemaFactory is not reentrant
 				return SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI)
 				 	.newSchema(sources);
 			}
diff --git a/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/InXML.java b/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/InXML.java
index 51926573..48275926 100644
--- a/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/InXML.java
+++ b/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/InXML.java
@@ -96,6 +96,8 @@ public class InXML implements Parse<Reader, State> {
 					sb.append(c);
 				} else if(c=='&') {
 					XmlEscape.xmlEscape(sb,r);
+				} else if(c=='\\') {
+					escaped=true;
 				} else {
 					switch(c) {
 						case '<':
-- 
2.16.6