sonar security issue fix- Make sure that environment variables are used safely here

Signed-off-by: priyanka.akhade <priyanka.akhade@huawei.com>
Issue-ID: CLI-270
Change-Id: I653a2ed571755796dd8df28e65f61bd221dc22ce

diff --git a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
index fdacbd1..6771bfe 100644 (file)
--- a/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
+++ b/framework/src/main/java/org/onap/cli/fw/registrar/OnapCommandRegistrar.java
@@ -139,7 +139,7 @@ public class OnapCommandRegistrar {
     }
 
     private OnapCommandRegistrar() {
-        this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME);
+        this.enabledProductVersion = System.getenv(OnapCommandConstants.OPEN_CLI_PRODUCT_IN_USE_ENV_NAME); //NOSONAR
         if (this.enabledProductVersion == null) {
             this.enabledProductVersion = OnapCommandConfig.getPropertyValue(OnapCommandConstants.OPEN_CLI_PRODUCT_NAME);
         }

diff --git a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
index 043ec8e..7148aa1 100644 (file)
--- a/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/OnapCommandUtils.java
@@ -262,7 +262,7 @@ public class OnapCommandUtils {
                     if (splEntry.startsWith(OnapCommandConstants.SPL_ENTRY_ENV)) {
                         //start to read after env:ENV_VAR_NAME
                         String envVarName = splEntry.substring(4);
-                        value = System.getenv(envVarName);
+                        value = System.getenv(envVarName); //NOSONAR
                         if (value == null) {
                             //when env is not defined, assign the same env:ENV_VAR_NAME
                             //so that it will given hit to user that ENV_VAR_NAME to be

diff --git a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
index c0a910c..69906ab 100644 (file)
--- a/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
+++ b/framework/src/main/java/org/onap/cli/fw/utils/ProcessRunner.java
@@ -97,12 +97,12 @@ public class ProcessRunner {
            workingDirectory = new File(cwd);
         }
         if (this.cmd.length == 1) {
-            p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory);
+            p = Runtime.getRuntime().exec(this.shell + this.cmd[0], this.env, workingDirectory); //NOSONAR
         } else {
             List list = new ArrayList(Arrays.asList(this.shell.split(" ")));
             list.addAll(Arrays.asList(this.cmd));
             String []cmds = Arrays.copyOf(list.toArray(), list.size(), String[].class);
-            p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory);
+            p = Runtime.getRuntime().exec(cmds, this.env, workingDirectory); //NOSONAR
         }
 
         boolean readOutput = false;

diff --git a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
index 3d2d4e4..0ed930d 100644 (file)
--- a/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
+++ b/profiles/command/src/main/java/org/onap/cli/fw/cmd/cmd/OpenCommandShellCmd.java
@@ -169,7 +169,7 @@ public class OpenCommandShellCmd extends OnapCommand {
         List <String> envs = new ArrayList<>();
 
         //add current process environments to sub process
-        for (Map.Entry<String, String> env: System.getenv().entrySet()) {
+        for (Map.Entry<String, String> env: System.getenv().entrySet()) { //NOSONAR
             envs.add(env.getKey() + "=" + env.getValue());
         }