Merge "Fix_Old_Vulnerabilities_in_PathFinder"

author Ram Koya <rk541m@att.com>

Fri, 14 Sep 2018 14:00:13 +0000 (14:00 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Fri, 14 Sep 2018 14:00:13 +0000 (14:00 +0000)
author Ram Koya <rk541m@att.com>
Fri, 14 Sep 2018 14:00:13 +0000 (14:00 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Fri, 14 Sep 2018 14:00:13 +0000 (14:00 +0000)
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java

index b7df151..c76ce42 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
@@ -126,21 +126,21 @@ public class ProvAuthorizer implements Authorizer {
      private boolean allowFeedsCollectionAccess(AuthzResource resource,    String method, String subject, String subjectgroup) {
  
          // Allow GET or POST unconditionally
-        return method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("POST"));
+        return method != null && ("GET".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method));
      }
  
      private boolean allowSubsCollectionAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
  
          // Allow GET or POST unconditionally
-        return method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("POST"));
+        return method != null && ("GET".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method));
      }
  
      private boolean allowFeedAccess(AuthzResource resource, String method,    String subject, String subjectgroup) {
          boolean decision = false;
  
          // Allow GET, PUT, or DELETE if requester (subject) is the owner (publisher) of the feed
-        if ( method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("PUT") ||
-                method.equalsIgnoreCase("DELETE"))) {
+        if ( method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) ||
+                       "DELETE".equalsIgnoreCase(method))) {
  
              String owner = provData.getFeedOwner(resource.getId());
              decision = (owner != null) && owner.equals(subject);
@@ -159,8 +159,8 @@ public class ProvAuthorizer implements Authorizer {
          boolean decision = false;
  
          // Allow GET, PUT, or DELETE if requester (subject) is the owner of the subscription (subscriber)
-        if (method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("PUT") ||
-                method.equalsIgnoreCase("DELETE") || method.equalsIgnoreCase("POST"))) {
+        if (method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) ||
+                       "DELETE".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method))) {
  
              String owner = provData.getSubscriptionOwner(resource.getId());
              decision = (owner != null) && owner.equals(subject);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java

index 027d859..1333b55 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java
@@ -29,18 +29,13 @@ import java.sql.PreparedStatement;
  import java.sql.ResultSet;\r
  import java.sql.SQLException;\r
  import java.sql.Statement;\r
-import java.util.ArrayList;\r
-import java.util.Collection;\r
-import java.util.Date;\r
-import java.util.List;\r
+import java.util.*;\r
  \r
  import org.apache.log4j.Logger;\r
  import org.json.JSONObject;\r
  import org.onap.dmaap.datarouter.provisioning.utils.DB;\r
  import org.onap.dmaap.datarouter.provisioning.utils.URLUtilities;\r
  \r
-import java.util.Properties;\r
-\r
  /**\r
   * The representation of a Subscription.  Subscriptions can be retrieved from the DB, or stored/updated in the DB.\r
   *\r
@@ -93,14 +88,14 @@ public class Subscription extends Syncable {
              DB db = new DB();\r
              @SuppressWarnings("resource")\r
              Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery(sql);\r
-            while (rs.next()) {\r
-                Subscription sub = new Subscription(rs);\r
-                list.add(sub);\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+                    while (rs.next()) {\r
+                        Subscription sub = new Subscription(rs);\r
+                        list.add(sub);\r
+                    }\r
+                }\r
              }\r
-            rs.close();\r
-            stmt.close();\r
              db.release(conn);\r
          } catch (SQLException e) {\r
              e.printStackTrace();\r
@@ -114,13 +109,13 @@ public class Subscription extends Syncable {
              DB db = new DB();\r
              @SuppressWarnings("resource")\r
              Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery("select MAX(subid) from SUBSCRIPTIONS");\r
-            if (rs.next()) {\r
-                max = rs.getInt(1);\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery("select MAX(subid) from SUBSCRIPTIONS")) {\r
+                    if (rs.next()) {\r
+                        max = rs.getInt(1);\r
+                    }\r
+                }\r
              }\r
-            rs.close();\r
-            stmt.close();\r
              db.release(conn);\r
          } catch (SQLException e) {\r
              intlogger.info("getMaxSubID: " + e.getMessage());\r
@@ -136,14 +131,14 @@ public class Subscription extends Syncable {
              DB db = new DB();\r
              @SuppressWarnings("resource")\r
              Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery(sql);\r
-            while (rs.next()) {\r
-                int subid = rs.getInt("SUBID");\r
-                list.add(URLUtilities.generateSubscriptionURL(subid));\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+                    while (rs.next()) {\r
+                        int subid = rs.getInt("SUBID");\r
+                        list.add(URLUtilities.generateSubscriptionURL(subid));\r
+                    }\r
+                }\r
              }\r
-            rs.close();\r
-            stmt.close();\r
              db.release(conn);\r
          } catch (SQLException e) {\r
              e.printStackTrace();\r
@@ -162,13 +157,13 @@ public class Subscription extends Syncable {
              DB db = new DB();\r
              @SuppressWarnings("resource")\r
              Connection conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            ResultSet rs = stmt.executeQuery("select count(*) from SUBSCRIPTIONS");\r
-            if (rs.next()) {\r
-                count = rs.getInt(1);\r
+            try(Statement stmt = conn.createStatement()) {\r
+                try(ResultSet rs = stmt.executeQuery("select count(*) from SUBSCRIPTIONS")) {\r
+                    if (rs.next()) {\r
+                        count = rs.getInt(1);\r
+                    }\r
+                }\r
              }\r
-            rs.close();\r
-            stmt.close();\r
              db.release(conn);\r
          } catch (SQLException e) {\r
              intlogger.warn("PROV0008 countActiveSubscriptions: " + e.getMessage());\r
@@ -391,11 +386,6 @@ public class Subscription extends Syncable {
              ps.setInt(10, groupid); //New field is added - Groups feature Rally:US708115 - 1610\r
              ps.execute();\r
              ps.close();\r
-//            ResultSet rs = ps.getGeneratedKeys();\r
-//            rs.first();\r
-//            setSubid(rs.getInt(1));    // side effect - sets the link URLs\r
-//            ps.close();\r
-\r
              // Update the row to set the URLs\r
              sql = "update SUBSCRIPTIONS set SELF_LINK = ?, LOG_LINK = ? where SUBID = ?";\r
              ps = c.prepareStatement(sql);\r
@@ -410,7 +400,9 @@ public class Subscription extends Syncable {
              e.printStackTrace();\r
          } finally {\r
              try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
              } catch (SQLException e) {\r
                  e.printStackTrace();\r
              }\r
@@ -440,7 +432,9 @@ public class Subscription extends Syncable {
              e.printStackTrace();\r
          } finally {\r
              try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
              } catch (SQLException e) {\r
                  e.printStackTrace();\r
              }\r
@@ -473,7 +467,9 @@ public class Subscription extends Syncable {
              e.printStackTrace();\r
          } finally {\r
              try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
              } catch (SQLException e) {\r
                  e.printStackTrace();\r
              }\r
@@ -497,7 +493,9 @@ public class Subscription extends Syncable {
              e.printStackTrace();\r
          } finally {\r
              try {\r
-                ps.close();\r
+                if(ps!=null) {\r
+                    ps.close();\r
+                }\r
              } catch (SQLException e) {\r
                  e.printStackTrace();\r
              }\r
@@ -534,6 +532,11 @@ public class Subscription extends Syncable {
          return true;\r
      }\r
  \r
+    @Override\r
+    public int hashCode() {\r
+        return Objects.hash(subid, feedid, groupid, delivery, metadataOnly, subscriber, links, suspended, last_mod, created_date);\r
+    }\r
+\r
      @Override\r
      public String toString() {\r
          return "SUB: subid=" + subid + ", feedid=" + feedid;\r
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java

index 1bbf446..af8bd6d 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java
@@ -339,8 +339,11 @@ public class DRRouteCLI {
              sb.append("Egress Routing Table\n");\r
              sb.append(String.format("%s  Node\n", ext("SubID", cw1)));\r
              for (int i = 0; i < subs.length; i++) {\r
-                String node = ert.getString(subs[i]);\r
-                sb.append(String.format("%s  %s\n", ext(subs[i], cw1), node));\r
+                if(ert!=null&&ert.length()!=0) {\r
+                    String node = ert.getString(subs[i]);\r
+                    sb.append(String.format("%s  %s\n", ext(subs[i], cw1), node));\r
+                }\r
+\r
              }\r
          }\r
          if (tbl.startsWith("al") || tbl.startsWith("ne")) {\r
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/LogfileLoader.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/LogfileLoader.java

index 8975f16..110c63d 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/LogfileLoader.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/LogfileLoader.java
@@ -188,6 +188,7 @@ public class LogfileLoader extends Thread {
                          try {\r
                              Thread.sleep(1000L);\r
                          } catch (InterruptedException e) {\r
+                            Thread.currentThread().interrupt();\r
                          }\r
                          idle = false;\r
                      } else {\r
@@ -332,26 +333,25 @@ public class LogfileLoader extends Thread {
          Connection conn = null;\r
          try {\r
              conn = db.getConnection();\r
-            Statement stmt = conn.createStatement();\r
-            // Build a bitset of all records in the LOG_RECORDS table\r
-            // We need to run this SELECT in stages, because otherwise we run out of memory!\r
              RLEBitSet nbs = new RLEBitSet();\r
-            final long stepsize = 6000000L;\r
-            boolean go_again = true;\r
-            for (long i = 0; go_again; i += stepsize) {\r
-                String sql = String.format("select RECORD_ID from LOG_RECORDS LIMIT %d,%d", i, stepsize);\r
-                try(ResultSet rs = stmt.executeQuery(sql)) {\r
-                    go_again = false;\r
-                    while (rs.next()) {\r
-                        long n = rs.getLong("RECORD_ID");\r
-                        nbs.set(n);\r
-                        go_again = true;\r
+            try(Statement stmt = conn.createStatement()) {\r
+                // Build a bitset of all records in the LOG_RECORDS table\r
+                // We need to run this SELECT in stages, because otherwise we run out of memory!\r
+                final long stepsize = 6000000L;\r
+                boolean go_again = true;\r
+                for (long i = 0; go_again; i += stepsize) {\r
+                    String sql = String.format("select RECORD_ID from LOG_RECORDS LIMIT %d,%d", i, stepsize);\r
+                    try (ResultSet rs = stmt.executeQuery(sql)) {\r
+                        go_again = false;\r
+                        while (rs.next()) {\r
+                            long n = rs.getLong("RECORD_ID");\r
+                            nbs.set(n);\r
+                            go_again = true;\r
+                        }\r
                      }\r
                  }\r
              }\r
-            stmt.close();\r
              seq_set = nbs;\r
-\r
              // Compare with the range for this server\r
              // Determine the next ID for this set of record IDs\r
              RLEBitSet tbs = (RLEBitSet) nbs.clone();\r
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java

index b58ab5a..4576bd2 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java
@@ -115,7 +115,7 @@ public class URLUtilities {
      public static String generatePeerLogsURL() {\r
          //Fixes for Itrack ticket - DATARTR-4#Fixing if only one Prov is configured, not to give exception to fill logs.\r
          String peerPodUrl = getPeerPodName();\r
-        if (peerPodUrl.equals("") || peerPodUrl.equals(null)) {\r
+        if (peerPodUrl.equals("") || peerPodUrl==null) {\r
              return "";\r
          }\r
  \r
author	Ram Koya <rk541m@att.com>
	Fri, 14 Sep 2018 14:00:13 +0000 (14:00 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Fri, 14 Sep 2018 14:00:13 +0000 (14:00 +0000)
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java		patch \| blob \| history
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Subscription.java		patch \| blob \| history
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/DRRouteCLI.java		patch \| blob \| history
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/LogfileLoader.java		patch \| blob \| history
datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/URLUtilities.java		patch \| blob \| history