Fix new sonar vulnerabilities

Change-Id: I56258ef54bbe44ff1c172ab51d19f251adb7aaf4
Signed-off-by: Conor Ward <conor.ward@ericsson.com>
Issue-ID: DMAAP-771

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 61845ce..10aea78 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -245,8 +245,12 @@ public class InternalServlet extends ProxyServlet {
         }
         if (path.equals("/prov")) {
             if (isProxyOK(req) && isProxyServer()) {
-                if (super.doGetWithFallback(req, resp)) {
-                    return;
+                try {
+                    if (super.doGetWithFallback(req, resp)) {
+                        return;
+                    }
+                } catch (IOException ioe) {
+                    intlogger.error("Error: " + ioe.getMessage());
                 }
                 // fall back to returning the local data if the remote is unreachable
                 intlogger.info("Active server unavailable; falling back to local copy.");
@@ -469,9 +473,13 @@ public class InternalServlet extends ProxyServlet {
             }
             InputStream is = req.getInputStream();
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            int ch = 0;
-            while ((ch = is.read()) >= 0) {
-                bos.write(ch);
+            int ch;
+            try {
+                while ((ch = is.read()) >= 0) {
+                    bos.write(ch);
+                }
+            } catch (IOException ioe) {
+                intlogger.error("Error: " + ioe.getMessage());
             }
             RLEBitSet bs = new RLEBitSet(bos.toString());    // The set of records to retrieve
             elr.setResult(HttpServletResponse.SC_OK);

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
index 8d6bfcf..66a9d42 100755 (executable)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
@@ -109,8 +109,7 @@ public class ProxyServlet extends BaseServlet {
         try (FileInputStream instream = new FileInputStream(new File(store))) {
             ks.load(instream, pass.toCharArray());
         } catch (FileNotFoundException fileNotFoundException) {
-            System.err.println("ProxyServlet: " + fileNotFoundException);
-            fileNotFoundException.printStackTrace();
+            intlogger.error("ProxyServlet: " + fileNotFoundException.getMessage());
         } catch (Exception x) {
             System.err.println("READING TRUSTSTORE: " + x);
         }

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
index c08bce5..9c060d5 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
@@ -72,8 +72,9 @@ public class Feed extends Syncable {
         try {\r
             DB db = new DB();\r
             Connection conn = db.getConnection();\r
-            try(Statement stmt = conn.createStatement()) {\r
-                try(ResultSet rs = stmt.executeQuery("select COUNT(*) from FEEDS where FEEDID = " + id)) {\r
+            try(PreparedStatement stmt = conn.prepareStatement("select COUNT(*) from FEEDS where FEEDID = ?")) {\r
+                stmt.setInt(1, id);\r
+                try(ResultSet rs = stmt.executeQuery()) {\r
                     if (rs.next()) {\r
                         count = rs.getInt(1);\r
                     }\r

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
index a460d64..91d6c1b 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
@@ -133,14 +133,15 @@ public class Group extends Syncable {
     }\r
 \r
     public static Collection<String> getGroupsByClassfication(String classfication) {\r
-        List<String> list = new ArrayList<String>();\r
-        String sql = "select * from GROUPS where classification = '" + classfication + "'";\r
+        List<String> list = new ArrayList<>();\r
+        String sql = "select * from GROUPS where classification = ?";\r
         try {\r
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            try(Statement stmt = conn.createStatement()) {\r
-                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+            try(PreparedStatement stmt = conn.prepareStatement(sql)) {\r
+                stmt.setString(1, classfication);\r
+                try(ResultSet rs = stmt.executeQuery()) {\r
                     while (rs.next()) {\r
                         int groupid = rs.getInt("groupid");\r
 \r

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
index 3e8c90b..b237821 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
@@ -118,9 +118,9 @@ public class Parameters extends Syncable {
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            try(Statement stmt = conn.createStatement()) {\r
-                String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";\r
-                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+            try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {\r
+                stmt.setString(1, k);\r
+                try(ResultSet rs = stmt.executeQuery()) {\r
                     if (rs.next()) {\r
                         v = new Parameters(rs);\r
                     }\r

diff --git a/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java b/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
index 39ab166..329c06a 100644 (file)
--- a/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
+++ b/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
@@ -26,9 +26,12 @@ package org.onap.dmaap.datarouter.subscriber;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.apache.log4j.Logger;
+
 public class SubscriberProps {
 
     private static SubscriberProps instance = null;
+    private static Logger subLogger = Logger.getLogger("org.onap.dmaap.datarouter.subscriber.internal");
     private Properties properties;
 
     private SubscriberProps(String propsPath) throws IOException{
@@ -42,7 +45,7 @@ public class SubscriberProps {
             try {
                 instance = new SubscriberProps(propsPath);
             } catch (IOException ioe) {
-                ioe.printStackTrace();
+                subLogger.error("IO Exception: " + ioe.getMessage());
             }
         }
         return instance;