Fixes for sonar critical issues

[policy/engine.git] / POLICY-SDK-APP / src / main / java / org / onap / policy / controller / PolicyNotificationController.java

diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java
index f3291a7..21f3793 100644 (file)
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java
@@ -25,13 +25,17 @@ package org.onap.policy.controller;
  * 
  * */
 import java.io.File;
+import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.List;
 
+import javax.script.SimpleBindings;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.json.JSONObject;
+import org.onap.policy.common.logging.flexlogger.FlexLogger;
+import org.onap.policy.common.logging.flexlogger.Logger;
 import org.onap.policy.rest.dao.CommonClassDao;
 import org.onap.policy.rest.jpa.WatchPolicyNotificationTable;
 import org.openecomp.portalsdk.core.controller.RestrictedBaseController;
@@ -49,12 +53,13 @@ import com.fasterxml.jackson.databind.node.ArrayNode;
 @Controller
 @RequestMapping({"/"})
 public class PolicyNotificationController extends RestrictedBaseController {
+    private static Logger logger = FlexLogger.getLogger(PolicyNotificationController.class);
 
        @Autowired
        CommonClassDao commonClassDao;
        
        @RequestMapping(value={"/watchPolicy"}, method={org.springframework.web.bind.annotation.RequestMethod.POST})
-       public ModelAndView watchPolicy(HttpServletRequest request, HttpServletResponse response) throws Exception{
+       public ModelAndView watchPolicy(HttpServletRequest request, HttpServletResponse response) throws IOException{
                String path = "";
                String responseValue = "";
                try {
@@ -86,8 +91,11 @@ public class PolicyNotificationController extends RestrictedBaseController {
                        if(finalName.contains("\\")){
                                finalName = finalName.replace("\\", "\\\\");
                        }
-                       String query = "from WatchPolicyNotificationTable where POLICYNAME = '"+finalName+"' and LOGINIDS = '"+userId+"'";
-                       List<Object> watchList = commonClassDao.getDataByQuery(query);
+                       String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
+                       SimpleBindings params = new SimpleBindings();
+                       params.put("finalName", finalName);
+                       params.put("userId", userId);
+                       List<Object> watchList = commonClassDao.getDataByQuery(query, params);
                        if(watchList.isEmpty()){
                                if(finalName.contains("\\\\")){
                                        finalName = finalName.replace("\\\\", File.separator);
@@ -114,6 +122,7 @@ public class PolicyNotificationController extends RestrictedBaseController {
                }catch(Exception e){
                        response.setCharacterEncoding("UTF-8");
                        request.setCharacterEncoding("UTF-8");
+                       logger.error("Error druing watchPolicy function " + e);
                        PrintWriter out = response.getWriter();
                        out.write(e.getMessage());
                }