Merge "Fix new sonar vulnerabilities"
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 61845ce..10aea78 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -245,8 +245,12 @@
         }
         if (path.equals("/prov")) {
             if (isProxyOK(req) && isProxyServer()) {
-                if (super.doGetWithFallback(req, resp)) {
-                    return;
+                try {
+                    if (super.doGetWithFallback(req, resp)) {
+                        return;
+                    }
+                } catch (IOException ioe) {
+                    intlogger.error("Error: " + ioe.getMessage());
                 }
                 // fall back to returning the local data if the remote is unreachable
                 intlogger.info("Active server unavailable; falling back to local copy.");
@@ -469,9 +473,13 @@
             }
             InputStream is = req.getInputStream();
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
-            int ch = 0;
-            while ((ch = is.read()) >= 0) {
-                bos.write(ch);
+            int ch;
+            try {
+                while ((ch = is.read()) >= 0) {
+                    bos.write(ch);
+                }
+            } catch (IOException ioe) {
+                intlogger.error("Error: " + ioe.getMessage());
             }
             RLEBitSet bs = new RLEBitSet(bos.toString());    // The set of records to retrieve
             elr.setResult(HttpServletResponse.SC_OK);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
index 8d6bfcf..66a9d42 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/ProxyServlet.java
@@ -109,8 +109,7 @@
         try (FileInputStream instream = new FileInputStream(new File(store))) {
             ks.load(instream, pass.toCharArray());
         } catch (FileNotFoundException fileNotFoundException) {
-            System.err.println("ProxyServlet: " + fileNotFoundException);
-            fileNotFoundException.printStackTrace();
+            intlogger.error("ProxyServlet: " + fileNotFoundException.getMessage());
         } catch (Exception x) {
             System.err.println("READING TRUSTSTORE: " + x);
         }
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
index c08bce5..9c060d5 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
@@ -72,8 +72,9 @@
         try {

             DB db = new DB();

             Connection conn = db.getConnection();

-            try(Statement stmt = conn.createStatement()) {

-                try(ResultSet rs = stmt.executeQuery("select COUNT(*) from FEEDS where FEEDID = " + id)) {

+            try(PreparedStatement stmt = conn.prepareStatement("select COUNT(*) from FEEDS where FEEDID = ?")) {

+                stmt.setInt(1, id);

+                try(ResultSet rs = stmt.executeQuery()) {

                     if (rs.next()) {

                         count = rs.getInt(1);

                     }

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
index a460d64..91d6c1b 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Group.java
@@ -133,14 +133,15 @@
     }

 

     public static Collection<String> getGroupsByClassfication(String classfication) {

-        List<String> list = new ArrayList<String>();

-        String sql = "select * from GROUPS where classification = '" + classfication + "'";

+        List<String> list = new ArrayList<>();

+        String sql = "select * from GROUPS where classification = ?";

         try {

             DB db = new DB();

             @SuppressWarnings("resource")

             Connection conn = db.getConnection();

-            try(Statement stmt = conn.createStatement()) {

-                try(ResultSet rs = stmt.executeQuery(sql)) {

+            try(PreparedStatement stmt = conn.prepareStatement(sql)) {

+                stmt.setString(1, classfication);

+                try(ResultSet rs = stmt.executeQuery()) {

                     while (rs.next()) {

                         int groupid = rs.getInt("groupid");

 

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
index 3e8c90b..b237821 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
@@ -118,9 +118,9 @@
             DB db = new DB();

             @SuppressWarnings("resource")

             Connection conn = db.getConnection();

-            try(Statement stmt = conn.createStatement()) {

-                String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";

-                try(ResultSet rs = stmt.executeQuery(sql)) {

+            try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {

+                stmt.setString(1, k);

+                try(ResultSet rs = stmt.executeQuery()) {

                     if (rs.next()) {

                         v = new Parameters(rs);

                     }

diff --git a/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java b/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
index 39ab166..329c06a 100644
--- a/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
+++ b/datarouter-subscriber/src/main/java/org/onap/dmaap/datarouter/subscriber/SubscriberProps.java
@@ -26,9 +26,12 @@
 import java.io.IOException;
 import java.util.Properties;
 
+import org.apache.log4j.Logger;
+
 public class SubscriberProps {
 
     private static SubscriberProps instance = null;
+    private static Logger subLogger = Logger.getLogger("org.onap.dmaap.datarouter.subscriber.internal");
     private Properties properties;
 
     private SubscriberProps(String propsPath) throws IOException{
@@ -42,7 +45,7 @@
             try {
                 instance = new SubscriberProps(propsPath);
             } catch (IOException ioe) {
-                ioe.printStackTrace();
+                subLogger.error("IO Exception: " + ioe.getMessage());
             }
         }
         return instance;