Code Review / dmaap / datarouter.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix Group Vulnerabilities
[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / beans / Group.java
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
index a021a60..3536309 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
@@ -29,10 +29,7 @@ import java.sql.PreparedStatement;
 import java.sql.ResultSet;\r
 import java.sql.SQLException;\r
 import java.sql.Statement;\r
-import java.util.ArrayList;\r
-import java.util.Collection;\r
-import java.util.Date;\r
-import java.util.List;\r
+import java.util.*;\r
 \r
 import org.apache.log4j.Logger;\r
 import org.json.JSONObject;\r
@@ -99,17 +96,17 @@ public class Group extends Syncable {
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery(sql);\r
-            while (rs.next()) {\r
-                Group group = new Group(rs);\r
-                list.add(group);\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+                    while (rs.next()) {\r
+                        Group group = new Group(rs);\r
+                        list.add(group);\r
+                    }\r
+                }\r
             }\r
-            rs.close();\r
-            stmt.close();\r
             db.release(conn);\r
         } catch (SQLException e) {\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         }\r
         return list;\r
     }\r
@@ -120,39 +117,40 @@ public class Group extends Syncable {
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery("select MAX(groupid) from GROUPS");\r
-            if (rs.next()) {\r
-                max = rs.getInt(1);\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery("select MAX(groupid) from GROUPS")) {\r
+                    if (rs.next()) {\r
+                        max = rs.getInt(1);\r
+                    }\r
+                }\r
             }\r
-            rs.close();\r
-            stmt.close();\r
             db.release(conn);\r
         } catch (SQLException e) {\r
             intlogger.info("getMaxSubID: " + e.getMessage());\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         }\r
         return max;\r
     }\r
 \r
     public static Collection<String> getGroupsByClassfication(String classfication) {\r
-        List<String> list = new ArrayList<String>();\r
-        String sql = "select * from GROUPS where classification = '" + classfication + "'";\r
+        List<String> list = new ArrayList<>();\r
+        String sql = "select * from GROUPS where classification = ?";\r
         try {\r
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery(sql);\r
-            while (rs.next()) {\r
-                int groupid = rs.getInt("groupid");\r
-                //list.add(URLUtilities.generateSubscriptionURL(groupid));\r
+            try(PreparedStatement stmt = conn.prepareStatement(sql)) {\r
+                stmt.setString(1, classfication);\r
+                try(ResultSet rs = stmt.executeQuery()) {\r
+                    while (rs.next()) {\r
+                        int groupid = rs.getInt("groupid");\r
+\r
+                    }\r
+                }\r
             }\r
-            rs.close();\r
-            stmt.close();\r
             db.release(conn);\r
         } catch (SQLException e) {\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         }\r
         return list;\r
     }\r
@@ -168,17 +166,17 @@ public class Group extends Syncable {
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery("select count(*) from SUBSCRIPTIONS");\r
-            if (rs.next()) {\r
-                count = rs.getInt(1);\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery("select count(*) from SUBSCRIPTIONS")) {\r
+                    if (rs.next()) {\r
+                        count = rs.getInt(1);\r
+                    }\r
+                }\r
             }\r
-            rs.close();\r
-            stmt.close();\r
             db.release(conn);\r
         } catch (SQLException e) {\r
             intlogger.warn("PROV0008 countActiveSubscriptions: " + e.getMessage());\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         }\r
         return count;\r
     }\r
@@ -348,12 +346,14 @@ public class Group extends Syncable {
         } catch (SQLException e) {\r
             rv = false;\r
             intlogger.warn("PROV0005 doInsert: " + e.getMessage());\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         } finally {\r
             try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
             } catch (SQLException e) {\r
-                e.printStackTrace();\r
+                intlogger.error("SQLException " + e.getMessage());\r
             }\r
         }\r
         return rv;\r
@@ -376,12 +376,14 @@ public class Group extends Syncable {
         } catch (SQLException e) {\r
             rv = false;\r
             intlogger.warn("PROV0006 doUpdate: " + e.getMessage());\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         } finally {\r
             try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
             } catch (SQLException e) {\r
-                e.printStackTrace();\r
+                intlogger.error("SQLException " + e.getMessage());\r
             }\r
         }\r
         return rv;\r
@@ -399,12 +401,14 @@ public class Group extends Syncable {
         } catch (SQLException e) {\r
             rv = false;\r
             intlogger.warn("PROV0007 doDelete: " + e.getMessage());\r
-            e.printStackTrace();\r
+            intlogger.error("SQLException " + e.getMessage());\r
         } finally {\r
             try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
             } catch (SQLException e) {\r
-                e.printStackTrace();\r
+                intlogger.error("SQLException " + e.getMessage());\r
             }\r
         }\r
         return rv;\r
@@ -440,4 +444,9 @@ public class Group extends Syncable {
     public String toString() {\r
         return "GROUP: groupid=" + groupid;\r
     }\r
+\r
+    @Override\r
+    public int hashCode() {\r
+        return Objects.hash(groupid, authid, name, description, classification, members, last_mod);\r
+    }\r
 }\r
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API