Gitiles
Code Review Sign In
gerrit.nordix.org / onap / policy / clamp / 048c655b281c0b65ecb710afb4024261d2114b9b^! / .
commit048c655b281c0b65ecb710afb4024261d2114b9b[log] [tgz]
authorsebdet <sebastien.determe@intl.att.com>Fri Apr 16 17:44:09 2021 +0200
committerS�bastien Determe <sebastien.determe@intl.att.com>Fri Apr 16 16:41:23 2021 +0000
tree89d2fb98b4d7d4fe006b2c8ee96c1df7403e47c4
parent4b6371f7ed8e35fd157ea640d05b5898989f32ca [diff]
Fix Sonar security HotSpot

Fix sec issues reported by Sonar

Issue-ID: POLICY-3200
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I6cdd3ff24d150333ab69e959bae39e3f0c30263f

diff --git a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
index 0158681..74aeccd 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/DefaultUserConfiguration.java

@@ -1,8 +1,8 @@
 /*-
  * ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
  * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Modifications Copyright (c) 2019 Samsung
@@ -73,7 +73,7 @@
     @Override
     protected void configure(HttpSecurity http) {
         try {
-            http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
+            http.httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
                     .authenticated().anyRequest().permitAll().and().sessionManagement()
                     .maximumSessions(1);
 

diff --git a/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java b/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java
index 4ca6b1c..39e64e4 100644
--- a/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java
+++ b/src/main/java/org/onap/policy/clamp/clds/sdc/controller/SdcSingleController.java

@@ -1,8 +1,8 @@
 /*-
  * ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
  * ================================================================================
- * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2018-2019, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,9 +26,9 @@
 
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
+import java.security.SecureRandom;
 import java.util.Date;
 import java.util.Map.Entry;
-import java.util.concurrent.ThreadLocalRandom;
 import org.onap.policy.clamp.clds.config.ClampProperties;
 import org.onap.policy.clamp.clds.config.sdc.SdcSingleControllerConfiguration;
 import org.onap.policy.clamp.clds.exception.sdc.controller.BlueprintParserException;
@@ -261,7 +261,7 @@
         try {
             // wait for a random time, so that 2 running Clamp will not treat
             // the same Notification at the same time
-            Thread.sleep(ThreadLocalRandom.current().nextInt(1, 10) * 1000L);
+            Thread.sleep((new SecureRandom().nextInt(10) + 1) * 1000L);
             logger.info("Notification received for service UUID:" + notificationData.getServiceUUID());
             this.changeControllerStatus(SdcSingleControllerStatus.BUSY);
             csar = new CsarHandler(notificationData, this.sdcConfig.getSdcControllerName(),
@@ -383,23 +383,28 @@
         try {
             IComponentDoneStatusMessage message = new IComponentDoneStatusMessage() {
 
-                @Override public String getDistributionID() {
+                @Override
+                public String getDistributionID() {
                     return notificationData.getDistributionID();
                 }
 
-                @Override public String getConsumerID() {
+                @Override
+                public String getConsumerID() {
                     return sdcConfig.getConsumerID();
                 }
 
-                @Override public long getTimestamp() {
+                @Override
+                public long getTimestamp() {
                     return System.currentTimeMillis();
                 }
 
-                @Override public DistributionStatusEnum getStatus() {
+                @Override
+                public DistributionStatusEnum getStatus() {
                     return status;
                 }
 
-                @Override public String getComponentName() {
+                @Override
+                public String getComponentName() {
                     return sdcConfig.getUser();
                 }
             };

diff --git a/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java b/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java
index 2e5db8e..be5e791 100644
--- a/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java
+++ b/src/main/java/org/onap/policy/clamp/policy/microservice/MicroServicePolicy.java

@@ -26,6 +26,7 @@
 import com.google.gson.JsonObject;
 import com.google.gson.annotations.Expose;
 import java.io.Serializable;
+import java.security.SecureRandom;
 import java.util.HashSet;
 import java.util.Set;
 import javax.persistence.Column;
@@ -130,7 +131,7 @@
         this(Policy.generatePolicyName("MICROSERVICE", service.getName(), service.getVersion(),
                 loopElementModel.getPolicyModels().first().getPolicyAcronym() + '_'
                         + loopElementModel.getPolicyModels().first().getVersion(),
-                RandomStringUtils.randomAlphanumeric(3)),
+                RandomStringUtils.random(3, 0, 0, true, true, null, new SecureRandom())),
                 loopElementModel.getPolicyModels().first(), false, new JsonObject(), loopElementModel, null, null);
         this.updateJsonRepresentation(toscaConverter, service);
     }

diff --git a/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java b/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java
index 5b29f31..1646a7c 100644
--- a/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java
+++ b/src/main/java/org/onap/policy/clamp/policy/operational/OperationalPolicy.java

@@ -30,6 +30,7 @@
 import com.google.gson.annotations.Expose;
 import java.io.Serializable;
 import java.io.UnsupportedEncodingException;
+import java.security.SecureRandom;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
@@ -114,7 +115,7 @@
         this(Policy.generatePolicyName("OPERATIONAL", service.getName(), service.getVersion(),
                 loopElementModel.getPolicyModels().first().getPolicyAcronym() + '_'
                         + loopElementModel.getPolicyModels().first().getVersion(),
-                RandomStringUtils.randomAlphanumeric(3)), new JsonObject(),
+                RandomStringUtils.random(3, 0, 0, true, true, null, new SecureRandom())), new JsonObject(),
                 new JsonObject(), loopElementModel.getPolicyModels().first(), loopElementModel, null, null);
         this.setLoop(loop);
         this.updateJsonRepresentation(toscaConverter, service);
@@ -132,7 +133,7 @@
                              ToscaConverterWithDictionarySupport toscaConverter) {
         this(Policy.generatePolicyName("OPERATIONAL", service.getName(), service.getVersion(),
                 policyModel.getPolicyAcronym() + '_' + policyModel.getVersion(),
-                RandomStringUtils.randomAlphanumeric(3)),
+                RandomStringUtils.random(3, 0, 0, true, true, null, new SecureRandom())),
                 new JsonObject(),
                 new JsonObject(), policyModel, null, null, null);
         this.setLoop(loop);