More sonar issues in policy-common

Addressed the following sonar issues:
- add parameters to types
- ObjectInputStream.readObject() is unsafe

Issue-ID: POLICY-2650
Change-Id: I41e1bd08643b04f409ce87c884cb0c28995e431b
Signed-off-by: Jim Hahn <jrh3@att.com>
diff --git a/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java b/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java
index 9ab26d3..7e09cd9 100644
--- a/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java
+++ b/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP Policy Engine - Common Modules
  * ================================================================================
- * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -73,7 +73,7 @@
      * @return the object that was de-serialized from the byte array
      * @throws IOException if an error occurs
      */
-    public static <T> T deserialize(Class<T> clazz, byte[] data) throws IOException {
+    private static <T> T deserialize(Class<T> clazz, byte[] data) throws IOException {
 
         try (ByteArrayInputStream in = factory.makeByteArrayInputStream(data);
                         ObjectInputStream ois = factory.makeObjectInputStream(in)) {
@@ -133,7 +133,11 @@
          */
         public Object readObject(ObjectInputStream ois) throws IOException {
             try {
-                return ois.readObject();
+                /*
+                 * This class is only used by junit tests. In addition, it is only used by
+                 * deserialize(), which has been made "private", thus disabling sonar.
+                 */
+                return ois.readObject(); // NOSONAR
 
             } catch (ClassNotFoundException e) {
                 throw new IOException(e);
diff --git a/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java b/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java
index 18502a3..3890ae9 100644
--- a/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java
+++ b/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java
@@ -37,23 +37,22 @@
  *
  * @author Ram Krishna Verma (ram.krishna.verma@est.tech)
  */
-@SuppressWarnings("rawtypes")
 public class ToStringTester implements Tester {
 
-    private final Matcher matcher;
+    private final Matcher<?> matcher;
 
     public ToStringTester() {
         matcher = anything();
     }
 
-    public ToStringTester(final Matcher matcher) {
+    public ToStringTester(final Matcher<?> matcher) {
         this.matcher = matcher;
     }
 
     @SuppressWarnings("unchecked")
     @Override
     public void run(final PojoClass pojoClass) {
-        final Class clazz = pojoClass.getClazz();
+        final Class<?> clazz = pojoClass.getClazz();
         if (anyOf(matcher).matches(clazz)) {
             final Object classInstance = ValidationHelper.getBasicInstance(pojoClass);
 
diff --git a/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java b/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java
index 95abd4d..b5699fa 100644
--- a/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java
+++ b/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP Policy Engine - Common Modules
  * ================================================================================
- * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -80,7 +80,7 @@
         byte[] data2 = Serializer.serialize(obj1);
         assertEquals(Arrays.toString(data), Arrays.toString(data2));
 
-        MyObject obj2 = Serializer.deserialize(MyObject.class, data);
+        MyObject obj2 = Serializer.roundTrip(obj1);
         assertEquals(obj1.value, obj2.value);
     }
 
@@ -210,16 +210,14 @@
             }
         });
 
-        assertThatThrownBy(() -> Serializer.serialize(new MyObject(130))).isEqualTo(ex2);
+        assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(130))).isEqualTo(ex2);
 
     }
 
     @Test
     public void testDeserialize() throws Exception {
         MyObject obj1 = new MyObject(3);
-        byte[] data = Serializer.serialize(obj1);
-
-        MyObject obj2 = Serializer.deserialize(MyObject.class, data);
+        MyObject obj2 = Serializer.roundTrip(obj1);
         assertEquals(obj1.value, obj2.value);
     }
 
@@ -249,8 +247,7 @@
             }
         });
 
-        byte[] data = Serializer.serialize(new MyObject(300));
-        assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex);
+        assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(300))).isEqualTo(ex);
     }
 
     @Test
@@ -267,8 +264,7 @@
             }
         });
 
-        byte[] data = Serializer.serialize(new MyObject(310));
-        assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex);
+        assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(310))).isEqualTo(ex);
     }
 
     @Test
@@ -287,9 +283,20 @@
          */
         text = text.replace("MyObject", "AnObject");
 
-        byte[] data = text.getBytes(binary);
+        byte[] data2 = text.getBytes(binary);
 
-        assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isInstanceOf(IOException.class)
+        /*
+         * Use a factory that returns a byte array for "data2" instead of the real "data".
+         */
+        setFactory(new Factory() {
+            @Override
+            public ByteArrayInputStream makeByteArrayInputStream(byte[] data) {
+                // read from "data2" instead of "data"
+                return super.makeByteArrayInputStream(data2);
+            }
+        });
+
+        assertThatThrownBy(() -> Serializer.roundTrip(obj1)).isInstanceOf(IOException.class)
                         .hasCauseInstanceOf(ClassNotFoundException.class);
     }
 
@@ -313,8 +320,7 @@
             }
         });
 
-        byte[] data = Serializer.serialize(new MyObject(320));
-        assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex);
+        assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(320))).isEqualTo(ex);
     }
 
     @Test
@@ -348,8 +354,7 @@
             }
         });
 
-        byte[] data = Serializer.serialize(new MyObject(330));
-        assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex2);
+        assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(330))).isEqualTo(ex2);
     }
 
     @Test