DMAAP-DR - SOnar SQL injection fix

[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / StatisticsServlet.java

/*******************************************************************************\r
 * ============LICENSE_START==================================================\r
 * * org.onap.dmaap\r
 * * ===========================================================================\r
 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
 * * ===========================================================================\r
 * * Licensed under the Apache License, Version 2.0 (the "License");\r
 * * you may not use this file except in compliance with the License.\r
 * * You may obtain a copy of the License at\r
 * *\r
 *  *      http://www.apache.org/licenses/LICENSE-2.0\r
 * *\r
 *  * Unless required by applicable law or agreed to in writing, software\r
 * * distributed under the License is distributed on an "AS IS" BASIS,\r
 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * * See the License for the specific language governing permissions and\r
 * * limitations under the License.\r
 * * ============LICENSE_END====================================================\r
 * *\r
 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * *\r
 ******************************************************************************/\r
\r
package org.onap.dmaap.datarouter.provisioning;\r
\r
import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;\r
\r
import java.io.IOException;\r
import java.sql.Connection;\r
import java.sql.PreparedStatement;\r
import java.sql.ResultSet;\r
import java.sql.SQLException;\r
import java.text.ParseException;\r
import java.text.SimpleDateFormat;\r
import java.time.LocalDateTime;\r
import java.time.format.DateTimeFormatter;\r
import java.util.Calendar;\r
import java.util.Date;\r
import java.util.HashMap;\r
import java.util.Map;\r
import java.util.TimeZone;\r
import javax.servlet.ServletOutputStream;\r
import javax.servlet.http.HttpServletRequest;\r
import javax.servlet.http.HttpServletResponse;\r
import org.json.JSONException;\r
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;\r
import org.onap.dmaap.datarouter.provisioning.utils.LOGJSONObject;\r
import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;\r
\r
\r
/**\r
 * This Servlet handles requests to the <Statistics API> and  <Statistics consilidated\r
 * resultset>.\r
 *\r
 * @author Manish Singh\r
 * @version $Id: StatisticsServlet.java,v 1.11 2016/08/10 17:27:02 Manish Exp $\r
 */\r
@SuppressWarnings("serial")\r
\r
\r
public class StatisticsServlet extends BaseServlet {\r
\r
    private static final long TWENTYFOUR_HOURS = (24 * 60 * 60 * 1000L);\r
    private static final String FMT1 = "yyyy-MM-dd'T'HH:mm:ss'Z'";\r
    private static final String FMT2 = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";\r
    public static final String FEEDID = "FEEDID";\r
\r
    //sql Strings\r
    private static final String SQL_SELECT_NAME = "SELECT (SELECT NAME FROM FEEDS AS f WHERE f.FEEDID in(";\r
    private static final String SQL_FEED_ID = ") and f.FEEDID=e.FEEDID) AS FEEDNAME, e.FEEDID as FEEDID, ";\r
    private static final String SQL_SELECT_COUNT = "(SELECT COUNT(*) FROM LOG_RECORDS AS c WHERE c.FEEDID in(";\r
    private static final String SQL_TYPE_PUB = ") and c.FEEDID=e.FEEDID AND c.TYPE='PUB') AS FILES_PUBLISHED,";\r
    private static final String SQL_SELECT_SUM = "(SELECT SUM(content_length) FROM LOG_RECORDS AS c WHERE c.FEEDID in(";\r
    private static final String SQL_PUBLISH_LENGTH = ") and c.FEEDID=e.FEEDID AND c.TYPE='PUB') AS PUBLISH_LENGTH, COUNT(e.EVENT_TIME) as FILES_DELIVERED,";\r
    private static final String SQL_SUBSCRIBER_URL = " sum(m.content_length) as DELIVERED_LENGTH, SUBSTRING_INDEX(e.REQURI,'/',+3) as SUBSCRIBER_URL,";\r
    private static final String SQL_SUB_ID = " e.DELIVERY_SUBID as SUBID, ";\r
    private static final String SQL_DELIVERY_TIME = " e.EVENT_TIME AS PUBLISH_TIME, m.EVENT_TIME AS DELIVERY_TIME, ";\r
    private static final String SQL_AVERAGE_DELAY = " AVG(e.EVENT_TIME - m.EVENT_TIME)/1000 as AverageDelay FROM LOG_RECORDS";\r
    private static final String SQL_JOIN_RECORDS = " e JOIN LOG_RECORDS m ON m.PUBLISH_ID = e.PUBLISH_ID AND e.FEEDID IN (";\r
    private static final String SQL_STATUS_204 = " AND m.STATUS=204 AND e.RESULT=204 ";\r
    private static final String SQL_GROUP_SUB_ID = " group by SUBID";\r
    private static final String JSON_OUTPUT_TYPE = "json";\r
    private static final String CSV_OUTPUT_TYPE = "csv";\r
\r
\r
    /**\r
     * DELETE a logging URL -- not supported.\r
     */\r
    @Override\r
    public void doDelete(HttpServletRequest req, HttpServletResponse resp) {\r
        String message = "DELETE not allowed for the logURL.";\r
        EventLogRecord elr = new EventLogRecord(req);\r
        elr.setMessage(message);\r
        elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);\r
        eventlogger.error(elr.toString());\r
        sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);\r
    }\r
\r
    /**\r
     * GET a Statistics URL -- retrieve Statistics data for a feed or subscription. See the\r
     * <b>Statistics API</b> document for details on how this     method should be invoked.\r
     */\r
    @Override\r
    public void doGet(HttpServletRequest req, HttpServletResponse resp) {\r
        Map<String, String> map = buildMapFromRequest(req);\r
        if (map.get("err") != null) {\r
            sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST,\r
                "Invalid arguments: " + map.get("err"), eventlogger);\r
            return;\r
        }\r
        // check Accept: header??\r
        resp.setStatus(HttpServletResponse.SC_OK);\r
        resp.setContentType(LOGLIST_CONTENT_TYPE);\r
        String outputType = JSON_OUTPUT_TYPE;\r
        if (req.getParameter(FEEDID) == null && req.getParameter(GROUPID) == null) {\r
            try {\r
                resp.getOutputStream().print("Invalid request, Feedid or Group ID is required.");\r
            } catch (IOException ioe) {\r
                eventlogger.error("PROV0171 StatisticsServlet.doGet: " + ioe.getMessage(), ioe);\r
            }\r
        }\r
        if (req.getParameter(FEEDID) != null && req.getParameter(GROUPID) == null) {\r
            map.put(FEEDIDS, req.getParameter(FEEDID).replace("|", ","));\r
        }\r
        if (req.getParameter(GROUPID) != null && req.getParameter(FEEDID) == null) {\r
            StringBuilder groupid1;\r
            try {\r
                groupid1 = this.getFeedIdsByGroupId(Integer.parseInt(req.getParameter(GROUPID)));\r
                map.put(FEEDIDS, groupid1.toString());\r
            } catch (NumberFormatException e) {\r
                eventlogger.error("PROV0172 StatisticsServlet.doGet: " + e.getMessage(), e);\r
            }\r
        }\r
        if (req.getParameter(GROUPID) != null && req.getParameter(FEEDID) != null) {\r
            StringBuilder groupid1;\r
            try {\r
                groupid1 = this.getFeedIdsByGroupId(Integer.parseInt(req.getParameter(GROUPID)));\r
                groupid1.append(",");\r
                groupid1.append(req.getParameter(FEEDID).replace("|", ","));\r
                map.put(FEEDIDS, groupid1.toString());\r
            } catch (NumberFormatException e) {\r
                eventlogger.error("PROV0173 StatisticsServlet.doGet: " + e.getMessage(), e);\r
            }\r
        }\r
        if (req.getParameter(SUBID) != null && req.getParameter(FEEDID) != null) {\r
            String subidstr = "and e.DELIVERY_SUBID in("\r
                + req.getParameter(SUBID).replace("|", ",") + ")";\r
            map.put(SUBID, subidstr);\r
        }\r
        if (req.getParameter(SUBID) != null && req.getParameter(GROUPID) != null) {\r
            String subidstr = "and e.DELIVERY_SUBID in("\r
                + req.getParameter(SUBID).replace("|", ",") + ")";\r
            map.put(SUBID, subidstr);\r
        }\r
        if (req.getParameter("type") != null) {\r
            map.put(EVENT_TYPE, req.getParameter("type").replace("|", ","));\r
        }\r
        if (req.getParameter(OUTPUT_TYPE) != null && req.getParameter(OUTPUT_TYPE).equals(CSV_OUTPUT_TYPE)) {\r
            map.put(OUTPUT_TYPE, CSV_OUTPUT_TYPE);\r
            outputType = CSV_OUTPUT_TYPE;\r
        }\r
        if (req.getParameter(OUTPUT_TYPE) != null && req.getParameter(OUTPUT_TYPE).equals(JSON_OUTPUT_TYPE)) {\r
            map.put(OUTPUT_TYPE, JSON_OUTPUT_TYPE);\r
        }\r
        if (req.getParameter(START_TIME) != null) {\r
            map.put(START_TIME, req.getParameter(START_TIME));\r
        }\r
        if (req.getParameter(END_TIME) != null) {\r
            map.put(END_TIME, req.getParameter(END_TIME));\r
        }\r
        if (req.getParameter("time") != null) {\r
            map.put(START_TIME, req.getParameter("time"));\r
            map.put(END_TIME, null);\r
        }\r
        try {\r
            this.getRecordsForSQL(map, outputType, resp.getOutputStream(), resp);\r
        } catch (IOException ioe) {\r
            eventlogger.error("PROV0174 StatisticsServlet.doGet: " +  ioe.getMessage(), ioe);\r
        }\r
\r
    }\r
\r
\r
    /**\r
     * rsToJson - Converting RS to JSON object.\r
     *\r
     * @param out ServletOutputStream\r
     * @param rs as ResultSet\r
     * @throws IOException input/output exception\r
     * @throws SQLException SQL exception\r
     */\r
    private void rsToCSV(ResultSet rs, ServletOutputStream out) throws IOException, SQLException {\r
        String header = "FEEDNAME,FEEDID,FILES_PUBLISHED,PUBLISH_LENGTH, FILES_DELIVERED, "\r
            + "DELIVERED_LENGTH, SUBSCRIBER_URL, SUBID, PUBLISH_TIME,DELIVERY_TIME, AverageDelay\n";\r
        out.write(header.getBytes());\r
\r
        while (rs.next()) {\r
            String line = rs.getString("FEEDNAME")\r
                + ","\r
                + rs.getString(FEEDID)\r
                + ","\r
                + rs.getString("FILES_PUBLISHED")\r
                + ","\r
                + rs.getString("PUBLISH_LENGTH")\r
                + ","\r
                + rs.getString("FILES_DELIVERED")\r
                + ","\r
                + rs.getString("DELIVERED_LENGTH")\r
                + ","\r
                + rs.getString("SUBSCRIBER_URL")\r
                + ","\r
                + rs.getString("SUBID")\r
                + ","\r
                + rs.getString("PUBLISH_TIME")\r
                + ","\r
                + rs.getString("DELIVERY_TIME")\r
                + ","\r
                + rs.getString("AverageDelay")\r
                + ","\r
                + "\n";\r
            out.write(line.getBytes());\r
            out.flush();\r
        }\r
    }\r
\r
    /**\r
     * rsToJson - Converting RS to JSON object.\r
     *\r
     * @param out ServletOutputStream\r
     * @param rs as ResultSet\r
     * @throws IOException input/output exception\r
     * @throws SQLException SQL exception\r
     */\r
    private void rsToJson(ResultSet rs, ServletOutputStream out) throws IOException, SQLException {\r
        String[] fields = {"FEEDNAME", FEEDID, "FILES_PUBLISHED", "PUBLISH_LENGTH", "FILES_DELIVERED",\r
            "DELIVERED_LENGTH", "SUBSCRIBER_URL", "SUBID", "PUBLISH_TIME", "DELIVERY_TIME",\r
            "AverageDelay"};\r
        StringBuilder line = new StringBuilder();\r
        line.append("[\n");\r
        while (rs.next()) {\r
            LOGJSONObject j2 = new LOGJSONObject();\r
            for (String key : fields) {\r
                Object val = rs.getString(key);\r
                if (val != null) {\r
                    j2.put(key.toLowerCase(), val);\r
                } else {\r
                    j2.put(key.toLowerCase(), "");\r
                }\r
            }\r
            line.append(j2.toString());\r
            line.append(",\n");\r
        }\r
        line.append("]");\r
        out.print(line.toString());\r
    }\r
\r
    /**\r
     * getFeedIdsByGroupId - Getting FEEDID's by GROUP ID.\r
     *\r
     * @param groupIds Integer ref of Group\r
     */\r
    private StringBuilder getFeedIdsByGroupId(int groupIds) {\r
        StringBuilder feedIds = new StringBuilder();\r
        try (Connection conn = ProvDbUtils.getInstance().getConnection();\r
            PreparedStatement prepareStatement = conn.prepareStatement(\r
                " SELECT FEEDID from FEEDS  WHERE GROUPID = ?")) {\r
            prepareStatement.setInt(1, groupIds);\r
            try (ResultSet resultSet = prepareStatement.executeQuery()) {\r
                while (resultSet.next()) {\r
                    feedIds.append(resultSet.getInt(FEEDID));\r
                    feedIds.append(",");\r
                }\r
            }\r
            feedIds.deleteCharAt(feedIds.length() - 1);\r
            eventlogger.info("PROV0177 StatisticsServlet.getFeedIdsByGroupId: feedIds = " + feedIds.toString());\r
        } catch (SQLException e) {\r
            eventlogger.error("PROV0175 StatisticsServlet.getFeedIdsByGroupId: " + e.getMessage(), e);\r
        }\r
        return feedIds;\r
    }\r
\r
\r
    /**\r
     * queryGeneretor - Generating sql query.\r
     *\r
     * @param map as key value pare of all user input fields\r
     */\r
    private String queryGeneretor(Map<String, String> map) throws ParseException {\r
\r
        String sql;\r
        String feedids = null;\r
        String startTime = null;\r
        String endTime = null;\r
        String subid = " ";\r
\r
        if (map.get(FEEDIDS) != null) {\r
            feedids = map.get(FEEDIDS);\r
        }\r
        if (map.get(START_TIME) != null) {\r
            startTime = map.get(START_TIME);\r
        }\r
        if (map.get(END_TIME) != null) {\r
            endTime =  map.get(END_TIME);\r
        }\r
        if (map.get(SUBID) != null) {\r
            subid = map.get(SUBID);\r
        }\r
\r
        eventlogger.info("Generating sql query to get Statistics resultset. ");\r
\r
        if (endTime == null && startTime == null) {\r
\r
            sql =  SQL_SELECT_NAME + feedids + SQL_FEED_ID + SQL_SELECT_COUNT + feedids + SQL_TYPE_PUB\r
                + SQL_SELECT_SUM\r
                + feedids + SQL_PUBLISH_LENGTH\r
                + SQL_SUBSCRIBER_URL + SQL_SUB_ID + SQL_DELIVERY_TIME + SQL_AVERAGE_DELAY + SQL_JOIN_RECORDS\r
                + feedids + ") " + subid\r
                + SQL_STATUS_204 + SQL_GROUP_SUB_ID;\r
\r
            return sql;\r
        } else if (startTime != null && endTime == null) {\r
\r
            long inputTimeInMilli = 60000 * Long.parseLong(startTime);\r
            Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT"));\r
            long currentTimeInMilli = cal.getTimeInMillis();\r
            long compareTime = currentTimeInMilli - inputTimeInMilli;\r
\r
            sql = SQL_SELECT_NAME + feedids + SQL_FEED_ID + SQL_SELECT_COUNT + feedids + SQL_TYPE_PUB\r
                + SQL_SELECT_SUM\r
                + feedids + SQL_PUBLISH_LENGTH\r
                + SQL_SUBSCRIBER_URL + SQL_SUB_ID + SQL_DELIVERY_TIME + SQL_AVERAGE_DELAY + SQL_JOIN_RECORDS\r
                + feedids + ") " + subid\r
                + SQL_STATUS_204 + " and e.event_time>=" + compareTime + SQL_GROUP_SUB_ID;\r
            return sql;\r
\r
        } else {\r
            SimpleDateFormat inFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");\r
            Date startDate = inFormat.parse(startTime);\r
            Date endDate = inFormat.parse(endTime);\r
\r
            long startInMillis = startDate.getTime();\r
            long endInMillis = endDate.getTime();\r
\r
            sql = SQL_SELECT_NAME + feedids + SQL_FEED_ID + SQL_SELECT_COUNT + feedids + SQL_TYPE_PUB\r
                + SQL_SELECT_SUM\r
                + feedids + SQL_PUBLISH_LENGTH + SQL_SUBSCRIBER_URL\r
                + SQL_SUB_ID + SQL_DELIVERY_TIME + SQL_AVERAGE_DELAY + SQL_JOIN_RECORDS + feedids + ")" + subid + SQL_STATUS_204\r
                +" and e.event_time between " + startInMillis + " and " + endInMillis + SQL_GROUP_SUB_ID;\r
\r
            return sql;\r
        }\r
    }\r
\r
\r
    /**\r
     * PUT a Statistics URL -- not supported.\r
     */\r
    @Override\r
    public void doPut(HttpServletRequest req, HttpServletResponse resp) {\r
        String message = "PUT not allowed for the StatisticsURL.";\r
        EventLogRecord elr = new EventLogRecord(req);\r
        elr.setMessage(message);\r
        elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);\r
        eventlogger.error(elr.toString());\r
        sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);\r
    }\r
\r
    /**\r
     * POST a Statistics URL -- not supported.\r
     */\r
    @Override\r
    public void doPost(HttpServletRequest req, HttpServletResponse resp) {\r
        String message = "POST not allowed for the StatisticsURL.";\r
        EventLogRecord elr = new EventLogRecord(req);\r
        elr.setMessage(message);\r
        elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);\r
        eventlogger.error(elr.toString());\r
        sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);\r
    }\r
\r
    private Map<String, String> buildMapFromRequest(HttpServletRequest req) {\r
        Map<String, String> map = new HashMap<>();\r
        String str = req.getParameter("type");\r
        if (str != null) {\r
            if ("pub".equals(str) || "del".equals(str) || "exp".equals(str)) {\r
                map.put("type", str);\r
            } else {\r
                map.put("err", "bad type");\r
                return map;\r
            }\r
        } else {\r
            map.put("type", "all");\r
        }\r
        map.put("publishSQL", "");\r
        map.put("statusSQL", "");\r
        map.put("resultSQL", "");\r
        map.put(REASON_SQL, "");\r
\r
        str = req.getParameter("publishId");\r
        if (str != null) {\r
            if (str.indexOf("'") >= 0) {\r
                map.put("err", "bad publishId");\r
                return map;\r
            }\r
            map.put("publishSQL", " AND PUBLISH_ID = '" + str + "'");\r
        }\r
\r
        str = req.getParameter("statusCode");\r
        if (str != null) {\r
            String sql = null;\r
            switch (str) {\r
                case "success":\r
                    sql = " AND STATUS >= 200 AND STATUS < 300";\r
                    break;\r
                case "redirect":\r
                    sql = " AND STATUS >= 300 AND STATUS < 400";\r
                    break;\r
                case "failure":\r
                    sql = " AND STATUS >= 400";\r
                    break;\r
                default:\r
                    try {\r
                        int statusCode = Integer.parseInt(str);\r
                        if ((statusCode >= 100 && statusCode < 600) || (statusCode == -1)) {\r
                            sql = " AND STATUS = " + statusCode;\r
                        }\r
                    } catch (NumberFormatException e) {\r
                        eventlogger.error("Failed to parse input", e);\r
                    }\r
                    break;\r
            }\r
            if (sql == null) {\r
                map.put("err", "bad statusCode");\r
                return map;\r
            }\r
            map.put("statusSQL", sql);\r
            map.put("resultSQL", sql.replaceAll("STATUS", "RESULT"));\r
        }\r
\r
        str = req.getParameter("expiryReason");\r
        if (str != null) {\r
            map.put("type", "exp");\r
            switch (str) {\r
                case "notRetryable":\r
                    map.put(REASON_SQL, " AND REASON = 'notRetryable'");\r
                    break;\r
                case "retriesExhausted":\r
                    map.put(REASON_SQL, " AND REASON = 'retriesExhausted'");\r
                    break;\r
                case "diskFull":\r
                    map.put(REASON_SQL, " AND REASON = 'diskFull'");\r
                    break;\r
                case "other":\r
                    map.put(REASON_SQL, " AND REASON = 'other'");\r
                    break;\r
                default:\r
                    map.put("err", "bad expiryReason");\r
                    return map;\r
            }\r
        }\r
\r
        long stime = getTimeFromParam(req.getParameter("start"));\r
        if (stime < 0) {\r
            map.put("err", "bad start");\r
            return map;\r
        }\r
        long etime = getTimeFromParam(req.getParameter("end"));\r
        if (etime < 0) {\r
            map.put("err", "bad end");\r
            return map;\r
        }\r
        if (stime == 0 && etime == 0) {\r
            etime = System.currentTimeMillis();\r
            stime = etime - TWENTYFOUR_HOURS;\r
        } else if (stime == 0) {\r
            stime = etime - TWENTYFOUR_HOURS;\r
        } else if (etime == 0) {\r
            etime = stime + TWENTYFOUR_HOURS;\r
        }\r
        map.put("timeSQL", String.format(" AND EVENT_TIME >= %d AND EVENT_TIME <= %d", stime, etime));\r
        return map;\r
    }\r
\r
    private long getTimeFromParam(final String str) {\r
        if (str == null) {\r
            return 0;\r
        }\r
        try {\r
            // First, look for an RFC 3339 date\r
            String fmt = (str.indexOf('.') > 0) ? FMT2 : FMT1;\r
            SimpleDateFormat sdf = new SimpleDateFormat(fmt);\r
            Date date = sdf.parse(str);\r
            return date.getTime();\r
        } catch (ParseException e) {\r
            intlogger.error("Exception in getting Time :- " + e.getMessage(), e);\r
        }\r
        try {\r
            // Also allow a long (in ms); useful for testing\r
            return Long.parseLong(str);\r
        } catch (NumberFormatException e) {\r
            intlogger.error("Exception in getting Time :- " + e.getMessage(), e);\r
        }\r
        intlogger.info("Error parsing time=" + str);\r
        return -1;\r
    }\r
\r
    private void getRecordsForSQL(Map<String, String> map, String outputType, ServletOutputStream out,\r
        HttpServletResponse resp) {\r
        try {\r
            String filterQuery = this.queryGeneretor(map);\r
            eventlogger.debug("SQL Query for Statistics resultset. " + filterQuery);\r
            intlogger.debug(filterQuery);\r
            long start = System.currentTimeMillis();\r
            try (Connection conn = ProvDbUtils.getInstance().getConnection();\r
                PreparedStatement ps = conn.prepareStatement(filterQuery);\r
                ResultSet rs = ps.executeQuery()) {\r
                if (CSV_OUTPUT_TYPE.equals(outputType)) {\r
                    resp.setContentType("application/octet-stream");\r
                    DateTimeFormatter formatter = DateTimeFormatter.ofPattern("dd-MM-yyyy HH:mm:ss");\r
                    resp.setHeader("Content-Disposition",\r
                        "attachment; filename=\"result:" + LocalDateTime.now().format(formatter) + ".csv\"");\r
                    eventlogger.info("Generating CSV file from Statistics resultset");\r
                    rsToCSV(rs, out);\r
                } else {\r
                    eventlogger.info("Generating JSON for Statistics resultset");\r
                    this.rsToJson(rs, out);\r
                }\r
            } catch (SQLException e) {\r
                eventlogger.error("SQLException:" + e);\r
            }\r
            intlogger.debug("Time: " + (System.currentTimeMillis() - start) + " ms");\r
        } catch (IOException e) {\r
            eventlogger.error("IOException - Generating JSON/CSV:" + e);\r
        } catch (JSONException e) {\r
            eventlogger.error("JSONException - executing SQL query:" + e);\r
        } catch (ParseException e) {\r
            eventlogger.error("ParseException - executing SQL query:" + e);\r
        }\r
    }\r
}\r
\r