Apply defect and Fortify fixes to config bundle code

author Keighron, Lori (lk2924) <lk2924@att.com>

Tue, 19 Nov 2019 20:12:06 +0000 (15:12 -0500)

committer Keighron, Lori (lk2924) <lk2924@att.com>

Tue, 19 Nov 2019 20:16:48 +0000 (15:16 -0500)
author Keighron, Lori (lk2924) <lk2924@att.com>
Tue, 19 Nov 2019 20:12:06 +0000 (15:12 -0500)
committer Keighron, Lori (lk2924) <lk2924@att.com>
Tue, 19 Nov 2019 20:16:48 +0000 (15:16 -0500)
diff --git a/appc-config/appc-config-adaptor/provider/src/main/java/org/onap/appc/ccadaptor/ConfigComponentAdaptor.java b/appc-config/appc-config-adaptor/provider/src/main/java/org/onap/appc/ccadaptor/ConfigComponentAdaptor.java

index dd92422..bb36275 100644 (file)
--- a/appc-config/appc-config-adaptor/provider/src/main/java/org/onap/appc/ccadaptor/ConfigComponentAdaptor.java
+++ b/appc-config/appc-config-adaptor/provider/src/main/java/org/onap/appc/ccadaptor/ConfigComponentAdaptor.java
@@ -163,7 +163,7 @@ public class ConfigComponentAdaptor implements SvcLogicAdaptor {
  
          parmval = parameters.get("config-component-configPassword");
          if ((parmval != null) && (parmval.length() > 0)) {
-            log.debug("Overwriting configPassword with " + parmval);
+            //log.debug("Overwriting configPassword with " + parmval);
              configPassword = parmval;
          }
  
diff --git a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java

index e5e2b75..9f1e4c9 100644 (file)
--- a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
+++ b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
@@ -29,6 +29,7 @@ package org.onap.sdnc.config.audit.node;
  import java.io.IOException;
  import java.io.StringReader;
  
+import javax.xml.XMLConstants;
  import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.parsers.ParserConfigurationException;
@@ -121,6 +122,10 @@ public class CompareXmlData implements CompareDataInterface
      public Document getCompareDoc(String inXml) throws ParserConfigurationException, SAXException, IOException
      {
          DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+        dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+
          DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
          StringReader reader = new StringReader(inXml);
          InputSource inputSource = new InputSource(reader);
diff --git a/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java b/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java

index 17d3447..38089ec 100644 (file)
--- a/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java
+++ b/appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java
@@ -26,6 +26,8 @@ package org.onap.sdnc.config.generator.tool;
  import com.att.eelf.configuration.EELFLogger;
  import com.att.eelf.configuration.EELFManager;
  import java.io.StringReader;
+
+import javax.xml.XMLConstants;
  import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.DocumentBuilderFactory;
  import org.codehaus.jettison.json.JSONArray;
@@ -73,6 +75,10 @@ public class CheckDataTool {
      public static boolean isXML(String data) {
          try {
              DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+            dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+
              DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
              dBuilder.parse(new InputSource(new StringReader(data)));
              return true;
diff --git a/appc-config/appc-encryption-tool/provider/src/main/java/org/onap/appc/encryptiontool/wrapper/WrapperEncryptionTool.java b/appc-config/appc-encryption-tool/provider/src/main/java/org/onap/appc/encryptiontool/wrapper/WrapperEncryptionTool.java

index 2870817..8de6d5b 100644 (file)
--- a/appc-config/appc-encryption-tool/provider/src/main/java/org/onap/appc/encryptiontool/wrapper/WrapperEncryptionTool.java
+++ b/appc-config/appc-encryption-tool/provider/src/main/java/org/onap/appc/encryptiontool/wrapper/WrapperEncryptionTool.java
@@ -52,8 +52,8 @@ public class WrapperEncryptionTool {
          String action = args[4];
          String port = args[5];
          String url = args[6];
-        log.info("vnfType = " + vnfType + " protocol = " + protocol + " " + USER_PARAM + "=" + user + " " + PASS_PARAM
-                + "=" + password + " action=" + action + " " + PORT_PARAM + "=" + port + " " + URL_PARAM + "=" + url);
+        //log.info("vnfType = " + vnfType + " protocol = " + protocol + " " + USER_PARAM + "=" + user + " " + PASS_PARAM
+        //      + "=" + password + " action=" + action + " " + PORT_PARAM + "=" + port + " " + URL_PARAM + "=" + url);
  
          if (StringUtils.isBlank(user)) {
              log.info("ERROR-USER can not be null");
diff --git a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java

index 408f0a3..d8036f5 100644 (file)
--- a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java
+++ b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java
@@ -52,7 +52,8 @@ public class RestExecutor implements FlowExecutorInterface {
  
      @Override
      public Map<String, String> execute(Transaction transaction, SvcLogicContext ctx) throws Exception {
-        log.info("Configuring Rest Operation....." + transaction.toString());
+        String woPswd = transaction.toString().replaceAll("pswd=(.*?), ", "pswd=XXXX, ");
+        log.info("Configuring Rest Operation....." + woPswd);
          Map<String, String> outputMessage = new HashMap<>();
          Client client = null;
  
diff --git a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowControlNode.java b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowControlNode.java

index e298967..74932b4 100644 (file)
--- a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowControlNode.java
+++ b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowControlNode.java
@@ -28,6 +28,7 @@ import static org.onap.appc.flow.controller.utils.FlowControllerConstants.DESING
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.GRAPH;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.INPUT_PARAM_RESPONSE_PREFIX;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.NODE;
+import static org.onap.appc.flow.controller.utils.FlowControllerConstants.OUTPUT_PARAM_ERROR_CODE;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.OUTPUT_PARAM_ERROR_MESSAGE;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.OUTPUT_PARAM_STATUS;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.OUTPUT_STATUS_FAILURE;
@@ -104,6 +105,7 @@ public class FlowControlNode implements SvcLogicJavaPlugin {
          } catch (Exception e) {
              ctx.setAttribute(responsePrefix + OUTPUT_PARAM_STATUS, OUTPUT_STATUS_FAILURE);
              ctx.setAttribute(responsePrefix + OUTPUT_PARAM_ERROR_MESSAGE, e.getMessage());
+            ctx.setAttribute(responsePrefix + OUTPUT_PARAM_ERROR_CODE, ctx.getAttribute(OUTPUT_PARAM_ERROR_CODE));
              log.error("Error occurred in processFlow ", e);
              throw new SvcLogicException(e.getMessage());
          }
diff --git a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowSequenceGenerator.java b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowSequenceGenerator.java

index 276301e..345b3e1 100644 (file)
--- a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowSequenceGenerator.java
+++ b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowSequenceGenerator.java
@@ -23,6 +23,8 @@ import static org.onap.appc.flow.controller.utils.FlowControllerConstants.DESING
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.EXTERNAL;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.FLOW_SEQUENCE;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.GENERATION_NODE;
+import static org.onap.appc.flow.controller.utils.FlowControllerConstants.OUTPUT_PARAM_ERROR_CODE;
+import static org.onap.appc.flow.controller.utils.FlowControllerConstants.OUTPUT_PARAM_ERROR_MESSAGE;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.RUNTIME;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.SEQUENCE_TYPE;
  import static org.onap.appc.flow.controller.utils.FlowControllerConstants.VNFC_TYPE;
@@ -131,8 +133,21 @@ class FlowSequenceGenerator {
        flowSequence = output.toString();
        log.info("MultistepSequenceGenerator-Output: " + flowSequence);
  
-      if (!flowSequence.contains("transactions")) {
-          throw new Exception("No transactions were generated for this request");
+      // check for transactions data
+      if (!flowSequence.contains("transaction-id")) {
+          // check for status data
+          JSONObject statusJson = new JSONObject(output.toString()).optJSONObject("status");
+          if (statusJson != null) {
+              log.info("statusJson=" + statusJson);
+              if (statusJson.has("code")) {
+                  // extract code and set into ctx
+                  log.info("Setting " + OUTPUT_PARAM_ERROR_CODE + "=" + statusJson.get("code").toString() + " in context ctx");
+                  ctx.setAttribute(OUTPUT_PARAM_ERROR_CODE, statusJson.get("code").toString());
+                  log.info("Setting " + OUTPUT_PARAM_ERROR_MESSAGE + "=" + statusJson.get("message").toString() + " in context ctx");
+                  ctx.setAttribute(OUTPUT_PARAM_ERROR_MESSAGE, statusJson.get("message").toString());
+              }
+          }
+          throw new Exception("Failed to generate the sequence for this request");
        }
  
      } else if (sequenceType.equalsIgnoreCase(EXTERNAL)) {
diff --git a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/utils/FlowControllerConstants.java b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/utils/FlowControllerConstants.java

index c4000df..411cea5 100644 (file)
--- a/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/utils/FlowControllerConstants.java
+++ b/appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/utils/FlowControllerConstants.java
@@ -34,6 +34,7 @@ public class FlowControllerConstants {
  
      public static final String OUTPUT_PARAM_STATUS = "status";
      public static final String OUTPUT_PARAM_ERROR_MESSAGE = "error-message";
+    public static final String OUTPUT_PARAM_ERROR_CODE = "error-code";
      public static final String OUTPUT_STATUS_SUCCESS = "success";
      public static final String OUTPUT_STATUS_FAILURE = "failure";
  
diff --git a/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowControlNodeTest.java b/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowControlNodeTest.java

index d89059d..64914bb 100644 (file)
--- a/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowControlNodeTest.java
+++ b/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowControlNodeTest.java
@@ -37,7 +37,6 @@ import org.junit.Before;
  import org.junit.Test;
  import org.mockito.Mockito;
  import org.onap.appc.flow.controller.data.ResponseAction;
-import org.onap.appc.flow.controller.data.Transaction;
  import org.onap.appc.flow.controller.dbervices.FlowControlDBService;
  import org.onap.ccsdk.sli.core.sli.SvcLogicContext;
  import org.onap.ccsdk.sli.core.sli.SvcLogicException;
diff --git a/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowSequenceGeneratorTest.java b/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowSequenceGeneratorTest.java

index 1846a09..8658e45 100644 (file)
--- a/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowSequenceGeneratorTest.java
+++ b/appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowSequenceGeneratorTest.java
@@ -171,7 +171,6 @@ public class FlowSequenceGeneratorTest {
  
      String flowSequence = flowSequenceGenerator.getFlowSequence(inParams, ctx, localCtx);
  
-    //Assert.assertEquals("{'dummy-json-object':'some-param'}".replaceAll("'", "\""), flowSequence);
      Assert.assertEquals("{'transactions':[{'transaction-id':'1','payload':''}]}".replaceAll("'", "\""), flowSequence);
    }
  
@@ -185,7 +184,7 @@ public class FlowSequenceGeneratorTest {
      // {"status":{"code":450,"message":"Request is not supported"}}
      map.put("restResponse", "{'output':{'status':{'code':450,'message':'Request is not supported'}}}".replaceAll("'", "\""));
      when(restExecutor.execute(any(Transaction.class), eq(localCtx))).thenReturn(map);
-    expectedException.expectMessage("No transactions were generated for this request");
+    expectedException.expectMessage("Failed to generate the sequence for this request");
      
      String flowSequence = flowSequenceGenerator.getFlowSequence(inParams, ctx, localCtx);
    }
author	Keighron, Lori (lk2924) <lk2924@att.com>
	Tue, 19 Nov 2019 20:12:06 +0000 (15:12 -0500)
committer	Keighron, Lori (lk2924) <lk2924@att.com>
	Tue, 19 Nov 2019 20:16:48 +0000 (15:16 -0500)
appc-config/appc-config-adaptor/provider/src/main/java/org/onap/appc/ccadaptor/ConfigComponentAdaptor.java		patch \| blob \| history
appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java		patch \| blob \| history
appc-config/appc-config-generator/provider/src/main/java/org/onap/sdnc/config/generator/tool/CheckDataTool.java		patch \| blob \| history
appc-config/appc-encryption-tool/provider/src/main/java/org/onap/appc/encryptiontool/wrapper/WrapperEncryptionTool.java		patch \| blob \| history
appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java		patch \| blob \| history
appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowControlNode.java		patch \| blob \| history
appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/node/FlowSequenceGenerator.java		patch \| blob \| history
appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/utils/FlowControllerConstants.java		patch \| blob \| history
appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowControlNodeTest.java		patch \| blob \| history
appc-config/appc-flow-controller/provider/src/test/java/org/onap/appc/flow/controller/node/FlowSequenceGeneratorTest.java		patch \| blob \| history