From: Conor Ward <conor.ward@ericsson.com>
Date: Fri, 14 Sep 2018 06:55:06 +0000 (+0000)
Subject: Fix new sonar vulnerabilities
X-Git-Tag: 1.0.2~40^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdatarouter.git;a=commitdiff_plain;h=e5231e1f3585144e1f8bfab9d62733b8a43c3f9d

Fix new sonar vulnerabilities

Change-Id: I56258ef54bbe44ff1c172ab51d19f251adb7aaf4
Signed-off-by: Conor Ward <conor.ward@ericsson.com>
Issue-ID: DMAAP-771
---

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 61845cef..10aea782 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -245,8 +245,12 @@ public class InternalServlet extends ProxyServlet {
         }
         if (path.equals("/prov")) {
             if (isProxyOK(req) && isProxyServer()) {
-                if (super.doGetWithFallback(req, resp)) {
-                    return;
+                try {
+                    if (super.doGetWithFallback(req, resp)) {
+                        return;
+                    }
+                } catch (IOException ioe) {
+                    intlogger.error("Error: " + ioe.getMessage());
                 }
                 // fall back to returning the local data if the remote is unreachable
                 intlogger.info("Active server unavailable; falling back to local copy.");
@@ -469,9 +473,13 @@ public class InternalServlet extends ProxyServlet {
             }
             InputStream is = req.getInputStream();
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            int ch = 0;
-            while ((ch = is.read()) >= 0) {
-                bos.write(ch);
+            int ch;
+            try {
+                while ((ch = is.read()) >= 0) {
+                    bos.write(ch);
+                }
+            } catch (IOException ioe) {
+                intlogger.error("Error: " + ioe.getMessage());
             }
             RLEBitSet bs = new RLEBitSet(bos.toString());    // The set of records to retrieve
             elr.setResult(HttpServletResponse.SC_OK);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
index 8d6bfcf0..66a9d42b 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
@@ -109,8 +109,7 @@ public class ProxyServlet extends BaseServlet {
         try (FileInputStream instream = new FileInputStream(new File(store))) {
             ks.load(instream, pass.toCharArray());
         } catch (FileNotFoundException fileNotFoundException) {
-            System.err.println("ProxyServlet: " + fileNotFoundException);
-            fileNotFoundException.printStackTrace();
+            intlogger.error("ProxyServlet: " + fileNotFoundException.getMessage());
         } catch (Exception x) {
             System.err.println("READING TRUSTSTORE: " + x);
         }
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
index c08bce57..9c060d5e 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
@@ -72,8 +72,9 @@ public class Feed extends Syncable {
         try {
             DB db = new DB();
             Connection conn = db.getConnection();
-            try(Statement stmt = conn.createStatement()) {
-                try(ResultSet rs = stmt.executeQuery("select COUNT(*) from FEEDS where FEEDID = " + id)) {
+            try(PreparedStatement stmt = conn.prepareStatement("select COUNT(*) from FEEDS where FEEDID = ?")) {
+                stmt.setInt(1, id);
+                try(ResultSet rs = stmt.executeQuery()) {
                     if (rs.next()) {
                         count = rs.getInt(1);
                     }
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
index a460d647..91d6c1b4 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
@@ -133,14 +133,15 @@ public class Group extends Syncable {
     }
 
     public static Collection<String> getGroupsByClassfication(String classfication) {
-        List<String> list = new ArrayList<String>();
-        String sql = "select * from GROUPS where classification = '" + classfication + "'";
+        List<String> list = new ArrayList<>();
+        String sql = "select * from GROUPS where classification = ?";
         try {
             DB db = new DB();
             @SuppressWarnings("resource")
             Connection conn = db.getConnection();
-            try(Statement stmt = conn.createStatement()) {
-                try(ResultSet rs = stmt.executeQuery(sql)) {
+            try(PreparedStatement stmt = conn.prepareStatement(sql)) {
+                stmt.setString(1, classfication);
+                try(ResultSet rs = stmt.executeQuery()) {
                     while (rs.next()) {
                         int groupid = rs.getInt("groupid");
 
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
index 3e8c90b4..b2378218 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
@@ -118,9 +118,9 @@ public class Parameters extends Syncable {
             DB db = new DB();
             @SuppressWarnings("resource")
             Connection conn = db.getConnection();
-            try(Statement stmt = conn.createStatement()) {
-                String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";
-                try(ResultSet rs = stmt.executeQuery(sql)) {
+            try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {
+                stmt.setString(1, k);
+                try(ResultSet rs = stmt.executeQuery()) {
                     if (rs.next()) {
                         v = new Parameters(rs);
                     }
diff --git a/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java b/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
index 39ab166b..329c06a5 100644
--- a/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
+++ b/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
@@ -26,9 +26,12 @@ package org.onap.dmaap.datarouter.subscriber;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.apache.log4j.Logger;
+
 public class SubscriberProps {
 
     private static SubscriberProps instance = null;
+    private static Logger subLogger = Logger.getLogger("org.onap.dmaap.datarouter.subscriber.internal");
     private Properties properties;
 
     private SubscriberProps(String propsPath) throws IOException{
@@ -42,7 +45,7 @@ public class SubscriberProps {
             try {
                 instance = new SubscriberProps(propsPath);
             } catch (IOException ioe) {
-                ioe.printStackTrace();
+                subLogger.error("IO Exception: " + ioe.getMessage());
             }
         }
         return instance;