Attemting to fix security risks indentified by SQ by reducing unlimited spaces to 0-9 spaces
See https://sonarcloud.io/project/security_hotspots?id=onap_cps#
I think the proposed regex changes are acceptable and better then adding @SupressWarning annotation
(have to test by merging this commit as issues are not spotted when using SonarLinit locally?!)
Issue-ID: CPS-89
Change-Id: I00bbacb3145650ab7d21d13152c08d5ccf0c04fa
Signed-off-by: ToineSiebelink <toine.siebelink@est.tech>
@Autowired @Value("${security.auth.password}") final String password
) {
super();
- this.permitUris = permitUris.isEmpty() ? new String[] {"/v3/api-docs"} : permitUris.split("\\s*,\\s*");
+ this.permitUris = permitUris.isEmpty() ? new String[] {"/v3/api-docs"} : permitUris.split("\\s{0,9},\\s{0,9}");
this.username = username;
this.password = password;
}
private static final String NON_CAPTURING_GROUP_1_TO_99_YANG_CONTAINERS = "((?:\\/[^\\/]+){1,99})";
- private static final String YANG_LEAF_VALUE_EQUALS_CONDITION = "\\[\\s*@(\\S+?)\\s*=\\s*(.*?)\\s*\\]";
+ private static final String YANG_LEAF_VALUE_EQUALS_CONDITION =
+ "\\[\\s{0,9}@(\\S+?)\\s{0,9}=\\s{0,9}(.*?)\\s{0,9}\\]";
private static final Pattern QUERY_CPS_PATH_WITH_SINGLE_LEAF_PATTERN =
Pattern.compile(NON_CAPTURING_GROUP_1_TO_99_YANG_CONTAINERS + YANG_LEAF_VALUE_EQUALS_CONDITION);