Merge "Fix PublishServlet Vulnerabilities"

diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
index b54068b..51e5992 100644 (file)
--- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
+++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeServlet.java
@@ -137,15 +137,16 @@ public class NodeServlet extends HttpServlet {
     /**
      * Handle all PUT requests
      */
-    protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+    protected void doPut(HttpServletRequest req, HttpServletResponse resp) {
         NodeUtils.setIpAndFqdnForEelf("doPut");
         eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader("X-ATT-DR-ON-BEHALF-OF"),
             getIdFromPath(req) + "");
         try {
             common(req, resp, true);
-        }
-        catch(IOException ioe){
+        } catch(IOException ioe){
             logger.error("IOException" + ioe.getMessage());
+        } catch(ServletException se){
+            logger.error("ServletException" + se.getMessage());
         }
     }
 
@@ -158,9 +159,10 @@ public class NodeServlet extends HttpServlet {
             getIdFromPath(req) + "");
         try {
             common(req, resp, false);
-        }
-        catch(IOException ioe){
+        } catch(IOException ioe){
             logger.error("IOException" + ioe.getMessage());
+        } catch(ServletException se){
+            logger.error("ServletException" + se.getMessage());
         }
     }
 
@@ -277,9 +279,8 @@ public class NodeServlet extends HttpServlet {
         File data = new File(fbase);
         File meta = new File(fbase + ".M");
         OutputStream dos = null;
-        Writer mw = null;
         InputStream is = null;
-        try {
+        try (Writer mw = new FileWriter(meta)){
             StringBuffer mx = new StringBuffer();
             mx.append(req.getMethod()).append('\t').append(fileid).append('\n');
             Enumeration hnames = req.getHeaderNames();
@@ -353,12 +354,10 @@ public class NodeServlet extends HttpServlet {
                 }
                 String dbase = di.getSpool() + "/" + pubid;
                 Files.createLink(Paths.get(dbase), dpath);
-                mw = new FileWriter(meta);
                 mw.write(metadata);
                 if (di.getSubId() == null) {
                     mw.write("X-ATT-DR-ROUTING\t" + t.getRouting() + "\n");
                 }
-                mw.close();
                 meta.renameTo(new File(dbase + ".M"));
             }
             resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
@@ -383,12 +382,6 @@ public class NodeServlet extends HttpServlet {
                 } catch (Exception e) {
                 }
             }
-            if (mw != null) {
-                try {
-                    mw.close();
-                } catch (Exception e) {
-                }
-            }
             try {
                 data.delete();
             } catch (Exception e) {

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
index 3838cad..be87e13 100755 (executable)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
@@ -535,7 +535,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
                 mailprops.load(inStream);
             } catch (IOException e) {
                 intlogger.fatal("PROV9003 Opening properties: " + e.getMessage());
-                e.printStackTrace();
                 System.exit(1);
             } finally {
                 try {
@@ -560,7 +559,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
                 try {
                     notifyPSTeam(p.get("org.onap.dmaap.datarouter.provserver.https.relax.notify").toString());
                 } catch (Exception e) {
-                    e.printStackTrace();
+                    intlogger.warn("Exception: " + e.getMessage());
                 }
             }
             mailSendFlag = true;
@@ -697,7 +696,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
         } catch (SQLException e) {
             rv = false;
             intlogger.warn("PROV0005 doInsert: " + e.getMessage());
-            e.printStackTrace();
         } finally {
             if (conn != null) {
                 db.release(conn);
@@ -722,7 +720,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
         } catch (SQLException e) {
             rv = false;
             intlogger.warn("PROV0006 doUpdate: " + e.getMessage());
-            e.printStackTrace();
         } finally {
             if (conn != null) {
                 db.release(conn);
@@ -747,7 +744,6 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
         } catch (SQLException e) {
             rv = false;
             intlogger.warn("PROV0007 doDelete: " + e.getMessage());
-            e.printStackTrace();
         } finally {
             if (conn != null) {
                 db.release(conn);
@@ -910,7 +906,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
                     return true;
                 }
             } catch (JSONException e) {
-                e.printStackTrace();
+                intlogger.error("JSONException: " + e.getMessage());
             }
         }
         return false;
@@ -980,7 +976,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
             MDC.put(MDC_SERVER_FQDN, InetAddress.getLocalHost().getHostName());
             MDC.put(MDC_SERVER_IP_ADDRESS, InetAddress.getLocalHost().getHostAddress());
         } catch (Exception e) {
-            e.printStackTrace();
+            intlogger.error("Exception: " + e.getMessage());
         }
 
     }