Changed the code to not log user-controlled data.

author sharath reddy <bs.reddy@huawei.com>

Tue, 24 May 2022 05:04:53 +0000 (10:34 +0530)

committer sharath reddy <bs.reddy@huawei.com>

Tue, 24 May 2022 05:05:54 +0000 (10:35 +0530)
author sharath reddy <bs.reddy@huawei.com>
Tue, 24 May 2022 05:04:53 +0000 (10:34 +0530)
committer sharath reddy <bs.reddy@huawei.com>
Tue, 24 May 2022 05:05:54 +0000 (10:35 +0530)
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java

index 5ee7c30..bc7f345 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java
@@ -23,7 +23,9 @@ import java.io.InputStream;
  import java.io.OutputStream;
  import java.text.DecimalFormat;
  import java.util.Collection;
+import java.util.Objects;
  import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import com.google.gson.Gson;
@@ -73,11 +75,16 @@ public class ToolUtil {
       * @return String
       * @throws IOException e
       */
+    private static  String loggerPatternBreaking(String loggerInput) {
+        return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
+    }
      public static String storeChunkFileInLocal(String dirName, String fileName, InputStream uploadedInputStream)
              throws IOException {
          File tmpDir = new File(dirName);
          dirName = File.separator + dirName;
-        LOG.info("tmpdir = {}" , dirName);
+        if(LOG.isInfoEnabled()) {
+            LOG.info("tmpdir = {}" , loggerPatternBreaking(dirName));
+        }
          if(!tmpDir.exists()) {
              tmpDir.mkdirs();
          }
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java

index 8afc259..e0cad37 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
@@ -314,7 +314,9 @@ public class PackageWrapper {
          }
  
          String fileLocation = ToolUtil.storeChunkFileInLocal(localDirName, fileName, uploadedInputStream);
-        LOG.info("the fileLocation when upload package is :{}" , fileLocation);
+        if(LOG.isInfoEnabled()) {
+            LOG.info("the fileLocation when upload package is :{}", loggerPatternBreaking(fileLocation));
+        }
  
          uploadedInputStream.close();
  
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java

index b6b2dbc..915cd14 100644 (file)
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java
@@ -27,6 +27,7 @@ import java.util.Arrays;
  import java.util.Iterator;
  import java.util.List;
  import java.util.Map;
+import java.util.Objects;
  import java.util.regex.Matcher;
  
  import javax.ws.rs.Consumes;
@@ -42,6 +43,7 @@ import javax.ws.rs.core.Response;
  
  import com.google.common.collect.Maps;
  import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang3.StringUtils;
  import org.apache.cxf.common.util.CollectionUtils;
  import org.eclipse.jetty.http.HttpStatus;
  import org.glassfish.jersey.media.multipart.BodyPartEntity;
@@ -126,6 +128,9 @@ public class VTPScenarioResource extends VTPResource{
  
          return list;
      }
+    private String loggerPatternBreaking(String loggerInput) {
+        return Objects.nonNull(loggerInput) ? loggerInput.replaceAll("[\n\r\t]", "_") : StringUtils.EMPTY;
+    }
  
      @Path("/scenarios")
      @GET
@@ -416,6 +421,9 @@ public class VTPScenarioResource extends VTPResource{
          File scenarioDir = new File(VTP_YAML_STORE, scenario);
          List<File> yamls =  FileUtil.searchFiles(scenarioDir, CommonConstant.YAML_SUFFIX);
          if (!CollectionUtils.isEmpty(yamls)) {
+        if (LOG.isInfoEnabled()) {
+            LOG.error("The scenario yaml {} has sub testcase yamls, delete failed", loggerPatternBreaking(scenarioName));
+        }
              LOG.error("The scenario yaml {} has sub testcase yamls, delete failed", scenarioName);
              throw new VTPException(
                      new VTPError().setMessage(MessageFormat.format("The scenario yaml {0} has sub testcase yamls, delete failed !!!", scenarioName))
author	sharath reddy <bs.reddy@huawei.com>
	Tue, 24 May 2022 05:04:53 +0000 (10:34 +0530)
committer	sharath reddy <bs.reddy@huawei.com>
	Tue, 24 May 2022 05:05:54 +0000 (10:35 +0530)
vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/ToolUtil.java		patch \| blob \| history
vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java		patch \| blob \| history
vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vtp/scenario/VTPScenarioResource.java		patch \| blob \| history