More sonar issues in policy-common
Addressed the following sonar issues:
- add parameters to types
- ObjectInputStream.readObject() is unsafe
Issue-ID: POLICY-2650
Change-Id: I41e1bd08643b04f409ce87c884cb0c28995e431b
Signed-off-by: Jim Hahn <jrh3@att.com>
diff --git a/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java b/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java
index 9ab26d3..7e09cd9 100644
--- a/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java
+++ b/utils-test/src/main/java/org/onap/policy/common/utils/io/Serializer.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP Policy Engine - Common Modules
* ================================================================================
- * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -73,7 +73,7 @@
* @return the object that was de-serialized from the byte array
* @throws IOException if an error occurs
*/
- public static <T> T deserialize(Class<T> clazz, byte[] data) throws IOException {
+ private static <T> T deserialize(Class<T> clazz, byte[] data) throws IOException {
try (ByteArrayInputStream in = factory.makeByteArrayInputStream(data);
ObjectInputStream ois = factory.makeObjectInputStream(in)) {
@@ -133,7 +133,11 @@
*/
public Object readObject(ObjectInputStream ois) throws IOException {
try {
- return ois.readObject();
+ /*
+ * This class is only used by junit tests. In addition, it is only used by
+ * deserialize(), which has been made "private", thus disabling sonar.
+ */
+ return ois.readObject(); // NOSONAR
} catch (ClassNotFoundException e) {
throw new IOException(e);
diff --git a/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java b/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java
index 18502a3..3890ae9 100644
--- a/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java
+++ b/utils-test/src/main/java/org/onap/policy/common/utils/test/ToStringTester.java
@@ -37,23 +37,22 @@
*
* @author Ram Krishna Verma (ram.krishna.verma@est.tech)
*/
-@SuppressWarnings("rawtypes")
public class ToStringTester implements Tester {
- private final Matcher matcher;
+ private final Matcher<?> matcher;
public ToStringTester() {
matcher = anything();
}
- public ToStringTester(final Matcher matcher) {
+ public ToStringTester(final Matcher<?> matcher) {
this.matcher = matcher;
}
@SuppressWarnings("unchecked")
@Override
public void run(final PojoClass pojoClass) {
- final Class clazz = pojoClass.getClazz();
+ final Class<?> clazz = pojoClass.getClazz();
if (anyOf(matcher).matches(clazz)) {
final Object classInstance = ValidationHelper.getBasicInstance(pojoClass);
diff --git a/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java b/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java
index 95abd4d..b5699fa 100644
--- a/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java
+++ b/utils-test/src/test/java/org/onap/policy/common/utils/io/SerializerTest.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP Policy Engine - Common Modules
* ================================================================================
- * Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -80,7 +80,7 @@
byte[] data2 = Serializer.serialize(obj1);
assertEquals(Arrays.toString(data), Arrays.toString(data2));
- MyObject obj2 = Serializer.deserialize(MyObject.class, data);
+ MyObject obj2 = Serializer.roundTrip(obj1);
assertEquals(obj1.value, obj2.value);
}
@@ -210,16 +210,14 @@
}
});
- assertThatThrownBy(() -> Serializer.serialize(new MyObject(130))).isEqualTo(ex2);
+ assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(130))).isEqualTo(ex2);
}
@Test
public void testDeserialize() throws Exception {
MyObject obj1 = new MyObject(3);
- byte[] data = Serializer.serialize(obj1);
-
- MyObject obj2 = Serializer.deserialize(MyObject.class, data);
+ MyObject obj2 = Serializer.roundTrip(obj1);
assertEquals(obj1.value, obj2.value);
}
@@ -249,8 +247,7 @@
}
});
- byte[] data = Serializer.serialize(new MyObject(300));
- assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex);
+ assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(300))).isEqualTo(ex);
}
@Test
@@ -267,8 +264,7 @@
}
});
- byte[] data = Serializer.serialize(new MyObject(310));
- assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex);
+ assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(310))).isEqualTo(ex);
}
@Test
@@ -287,9 +283,20 @@
*/
text = text.replace("MyObject", "AnObject");
- byte[] data = text.getBytes(binary);
+ byte[] data2 = text.getBytes(binary);
- assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isInstanceOf(IOException.class)
+ /*
+ * Use a factory that returns a byte array for "data2" instead of the real "data".
+ */
+ setFactory(new Factory() {
+ @Override
+ public ByteArrayInputStream makeByteArrayInputStream(byte[] data) {
+ // read from "data2" instead of "data"
+ return super.makeByteArrayInputStream(data2);
+ }
+ });
+
+ assertThatThrownBy(() -> Serializer.roundTrip(obj1)).isInstanceOf(IOException.class)
.hasCauseInstanceOf(ClassNotFoundException.class);
}
@@ -313,8 +320,7 @@
}
});
- byte[] data = Serializer.serialize(new MyObject(320));
- assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex);
+ assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(320))).isEqualTo(ex);
}
@Test
@@ -348,8 +354,7 @@
}
});
- byte[] data = Serializer.serialize(new MyObject(330));
- assertThatThrownBy(() -> Serializer.deserialize(MyObject.class, data)).isEqualTo(ex2);
+ assertThatThrownBy(() -> Serializer.roundTrip(new MyObject(330))).isEqualTo(ex2);
}
@Test