Fix LogRecord vulnerabilities

Change-Id: Iadcacd9ee4ac7546f9f766e2c9f53670495cb832
Signed-off-by: Ronan Keogh <ronan.keogh@ericsson.com>
Issue-ID: DMAAP-775

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/LogRecord.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/LogRecord.java
index 70b8e6a..1791bdc 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/LogRecord.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/LogRecord.java
@@ -30,22 +30,22 @@ import java.sql.Connection;
 import java.sql.PreparedStatement;\r
 import java.sql.ResultSet;\r
 import java.sql.SQLException;\r
-import java.sql.Statement;\r
 import java.sql.Types;\r
 import java.text.ParseException;\r
 import java.util.Iterator;\r
-\r
+import org.apache.log4j.Logger;\r
 import org.onap.dmaap.datarouter.provisioning.utils.DB;\r
 import org.onap.dmaap.datarouter.provisioning.utils.RLEBitSet;\r
 \r
 /**\r
- * The representation of a Log Record, as retrieved from the DB.  Since this record format is only used\r
- * to replicate between provisioning servers, it is very bare-bones; e.g. there are no field setters and only 1 getter.\r
+ * The representation of a Log Record, as retrieved from the DB.  Since this record format is only used to replicate\r
+ * between provisioning servers, it is very bare-bones; e.g. there are no field setters and only 1 getter.\r
  *\r
  * @author Robert Eby\r
  * @version $Id: LogRecord.java,v 1.7 2014/03/12 19:45:41 eby Exp $\r
  */\r
 public class LogRecord extends BaseLogRecord {\r
+\r
     /**\r
      * Print all log records whose RECORD_IDs are in the bit set provided.\r
      *\r
@@ -53,34 +53,29 @@ public class LogRecord extends BaseLogRecord {
      * @param bs the {@link RLEBitSet} listing the record IDs to print\r
      * @throws IOException\r
      */\r
+    private static Logger intlogger = Logger.getLogger("org.onap.dmaap.datarouter.provisioning.beans");\r
+\r
     public static void printLogRecords(OutputStream os, RLEBitSet bs) throws IOException {\r
         final String sql = "select * from LOG_RECORDS where RECORD_ID >= ? AND RECORD_ID <= ?";\r
         DB db = new DB();\r
-        Connection conn = null;\r
-        try {\r
-            conn = db.getConnection();\r
-            try(Statement stmt = conn.createStatement()) {\r
-                Iterator<Long[]> iter = bs.getRangeIterator();\r
-                try(PreparedStatement ps = conn.prepareStatement(sql)) {\r
-                    while (iter.hasNext()) {\r
-                        Long[] n = iter.next();\r
-                        ps.setLong(1, n[0]);\r
-                        ps.setLong(2, n[1]);\r
-                        try(ResultSet rs = ps.executeQuery()) {\r
-                            while (rs.next()) {\r
-                                LogRecord lr = new LogRecord(rs);\r
-                                os.write(lr.toString().getBytes());\r
-                            }\r
-                            ps.clearParameters();\r
+        try (Connection conn = db.getConnection()) {\r
+            Iterator<Long[]> iter = bs.getRangeIterator();\r
+            try (PreparedStatement ps = conn.prepareStatement(sql)) {\r
+                while (iter.hasNext()) {\r
+                    Long[] n = iter.next();\r
+                    ps.setLong(1, n[0]);\r
+                    ps.setLong(2, n[1]);\r
+                    try (ResultSet rs = ps.executeQuery()) {\r
+                        while (rs.next()) {\r
+                            LogRecord lr = new LogRecord(rs);\r
+                            os.write(lr.toString().getBytes());\r
                         }\r
+                        ps.clearParameters();\r
                     }\r
                 }\r
             }\r
         } catch (SQLException e) {\r
-            e.printStackTrace();\r
-        } finally {\r
-            if (conn != null)\r
-                db.release(conn);\r
+            intlogger.error("SQLException: " + e.getMessage());\r
         }\r
     }\r
 \r