From a84001c07c0ca3d8c08a3f5b3f500c03be4d6f8b Mon Sep 17 00:00:00 2001
From: esobmar <mariusz.sobucki@ericsson.com>
Date: Tue, 25 Sep 2018 13:40:47 +0100
Subject: [PATCH] Fix Parameters Vulnerabilities

Change-Id: I0774c1a592f9daf5c09f4d0935a9ee862a834e51
Signed-off-by: Mariusz Sobucki <mariusz.sobucki@ericsson.com>
Issue-ID: DMAAP-775
---
 .../datarouter/provisioning/beans/Parameters.java  | 42 +++++++++++-----------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
index b2378218..4d2c9d1f 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
@@ -35,13 +35,14 @@ import org.json.JSONObject;
 import org.onap.dmaap.datarouter.provisioning.utils.DB;
 
 /**
- * Methods to provide access to Provisioning parameters in the DB.
- * This class also provides constants of the standard parameters used by the Data Router.
+ * Methods to provide access to Provisioning parameters in the DB. This class also provides constants of the standard
+ * parameters used by the Data Router.
  *
  * @author Robert Eby
  * @version $Id: Parameters.java,v 1.11 2014/03/12 19:45:41 eby Exp $
  */
 public class Parameters extends Syncable {
+
     public static final String PROV_REQUIRE_SECURE = "PROV_REQUIRE_SECURE";
     public static final String PROV_REQUIRE_CERT = "PROV_REQUIRE_CERT";
     public static final String PROV_AUTH_ADDRESSES = "PROV_AUTH_ADDRESSES";
@@ -90,9 +91,9 @@ public class Parameters extends Syncable {
             DB db = new DB();
             @SuppressWarnings("resource")
             Connection conn = db.getConnection();
-            try(Statement stmt = conn.createStatement()) {
+            try (Statement stmt = conn.createStatement()) {
                 String sql = "select * from PARAMETERS";
-                try(ResultSet rs = stmt.executeQuery(sql)) {
+                try (ResultSet rs = stmt.executeQuery(sql)) {
                     while (rs.next()) {
                         Parameters p = new Parameters(rs);
                         coll.add(p);
@@ -101,7 +102,7 @@ public class Parameters extends Syncable {
             }
             db.release(conn);
         } catch (SQLException e) {
-            e.printStackTrace();
+            intlogger.error("SQLException " + e.getMessage());
         }
         return coll;
     }
@@ -118,9 +119,10 @@ public class Parameters extends Syncable {
             DB db = new DB();
             @SuppressWarnings("resource")
             Connection conn = db.getConnection();
-            try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {
+            try (PreparedStatement stmt = conn
+                    .prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {
                 stmt.setString(1, k);
-                try(ResultSet rs = stmt.executeQuery()) {
+                try (ResultSet rs = stmt.executeQuery()) {
                     if (rs.next()) {
                         v = new Parameters(rs);
                     }
@@ -128,7 +130,7 @@ public class Parameters extends Syncable {
             }
             db.release(conn);
         } catch (SQLException e) {
-            e.printStackTrace();
+            intlogger.error("SQLException " + e.getMessage());
         }
         return v;
     }
@@ -185,14 +187,13 @@ public class Parameters extends Syncable {
         } catch (SQLException e) {
             rv = false;
             intlogger.warn("PROV0005 doInsert: " + e.getMessage());
-            e.printStackTrace();
         } finally {
             try {
-                if(ps!=null) {
+                if (ps != null) {
                     ps.close();
                 }
             } catch (SQLException e) {
-                e.printStackTrace();
+                intlogger.error("SQLException " + e.getMessage());
             }
         }
         return rv;
@@ -212,14 +213,13 @@ public class Parameters extends Syncable {
         } catch (SQLException e) {
             rv = false;
             intlogger.warn("PROV0006 doUpdate: " + e.getMessage());
-            e.printStackTrace();
         } finally {
             try {
-                if(ps!=null) {
+                if (ps != null) {
                     ps.close();
                 }
             } catch (SQLException e) {
-                e.printStackTrace();
+                intlogger.error("SQLException " + e.getMessage());
             }
         }
         return rv;
@@ -238,14 +238,13 @@ public class Parameters extends Syncable {
         } catch (SQLException e) {
             rv = false;
             intlogger.warn("PROV0007 doDelete: " + e.getMessage());
-            e.printStackTrace();
         } finally {
             try {
-                if(ps!=null) {
+                if (ps != null) {
                     ps.close();
                 }
             } catch (SQLException e) {
-                e.printStackTrace();
+                intlogger.error("SQLException " + e.getMessage());
             }
         }
         return rv;
@@ -258,13 +257,16 @@ public class Parameters extends Syncable {
 
     @Override
     public boolean equals(Object obj) {
-        if (!(obj instanceof Parameters))
+        if (!(obj instanceof Parameters)) {
             return false;
+        }
         Parameters of = (Parameters) obj;
-        if (!keyname.equals(of.keyname))
+        if (!keyname.equals(of.keyname)) {
             return false;
-        if (!value.equals(of.value))
+        }
+        if (!value.equals(of.value)) {
             return false;
+        }
         return true;
     }
 
-- 
2.16.6