Closes #2289 - fix Sonarcloud vulnerabilities and bugs

2023-06-13 11:52:15 +02:00 · 2023-06-13 11:52:15 +02:00 · f7c7ad2667
parent 208ee77474
commit f7c7ad2667
8 changed files with 37 additions and 32 deletions
--- a/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java
@ -179,11 +179,8 @@ public class ClassificationServiceImpl implements ClassificationService {

  @Override
  public Classification createClassification(Classification classification)
-      throws ClassificationAlreadyExistException,
-          DomainNotFoundException,
-          InvalidArgumentException,
-          MalformedServiceLevelException,
-          NotAuthorizedException {
+      throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException,
+          MalformedServiceLevelException, NotAuthorizedException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    if (!taskanaEngine.domainExists(classification.getDomain())
        && !MASTER_DOMAIN.equals(classification.getDomain())) {
@ -222,7 +219,9 @@ public class ClassificationServiceImpl implements ClassificationService {
      }

      if (LOGGER.isDebugEnabled()) {
-        LOGGER.debug("Method createClassification created classification {}.", classificationImpl);
+        LOGGER.debug(
+            "Method createClassification created classification {}.",
+            LogSanitizer.stripLineBreakingChars(classificationImpl));
      }

      if (!classification.getDomain().isEmpty()) {
@ -236,11 +235,8 @@ public class ClassificationServiceImpl implements ClassificationService {

  @Override
  public Classification updateClassification(Classification classification)
-      throws ConcurrencyException,
-          ClassificationNotFoundException,
-          InvalidArgumentException,
-          MalformedServiceLevelException,
-          NotAuthorizedException {
+      throws ConcurrencyException, ClassificationNotFoundException, InvalidArgumentException,
+          MalformedServiceLevelException, NotAuthorizedException {
    taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
    ClassificationImpl classificationImpl;
    try {
@ -283,7 +279,8 @@ public class ClassificationServiceImpl implements ClassificationService {
      }
      if (LOGGER.isDebugEnabled()) {
        LOGGER.debug(
-            "Method updateClassification() updated the classification {}.", classificationImpl);
+            "Method updateClassification() updated the classification {}.",
+            LogSanitizer.stripLineBreakingChars(classificationImpl));
      }
      return classification;
    } finally {
--- a/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java
@ -16,6 +16,7 @@ import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
+import pro.taskana.common.internal.util.LogSanitizer;
 import pro.taskana.user.api.UserService;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
 import pro.taskana.user.api.exceptions.UserNotFoundException;
@ -103,7 +104,9 @@ public class UserServiceImpl implements UserService {
    ((UserImpl) userToCreate).setDomains(determineDomains(userToCreate));

    if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Method createUser() created User '{}'.", userToCreate);
+      LOGGER.debug(
+          "Method createUser() created User '{}'.",
+          LogSanitizer.stripLineBreakingChars(userToCreate));
    }
    return userToCreate;
  }
@ -127,7 +130,9 @@ public class UserServiceImpl implements UserService {
    ((UserImpl) userToUpdate).setDomains(determineDomains(userToUpdate));

    if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Method updateUser() updated User '{}'.", userToUpdate);
+      LOGGER.debug(
+          "Method updateUser() updated User '{}'.",
+          LogSanitizer.stripLineBreakingChars(userToUpdate));
    }

    return userToUpdate;
--- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
@ -24,6 +24,7 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
+import pro.taskana.common.internal.util.LogSanitizer;
 import pro.taskana.common.internal.util.ObjectAttributeChangeDetector;
 import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemCreatedEvent;
 import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemDeletedEvent;
@ -644,8 +645,8 @@ public class WorkbasketServiceImpl implements WorkbasketService {
            LOGGER.debug(
                "Method setDistributionTargets() created distribution target "
                    + "for source '{}' and target {}",
-                sourceWorkbasketId,
-                targetId);
+                LogSanitizer.stripLineBreakingChars(sourceWorkbasketId),
+                LogSanitizer.stripLineBreakingChars(targetId));
          }
        }

--- a/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java
+++ b/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java
@ -56,7 +56,7 @@ public class TaskanaTestController {
          NotAuthorizedException {
    taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key", "workbasket"));

-    int workbaskets = getWorkbaskets();
+    Integer workbaskets = getWorkbaskets();
    if (Boolean.parseBoolean(rollback)) {
      throw new RuntimeException();
    } else {
@ -113,12 +113,12 @@ public class TaskanaTestController {
    return "cleaned workbasket and test tables";
  }

-  private int getWorkbaskets() {
+  private Integer getWorkbaskets() {
    // return taskanaEngine.getWorkbasketService().getWorkbaskets().size();
    return jdbcTemplate.queryForObject("SELECT COUNT(*) FROM WORKBASKET", Integer.class);
  }

-  private int getCustomdbTests() {
+  private Integer getCustomdbTests() {
    return jdbcTemplate.queryForObject("SELECT COUNT(*) FROM CUSTOMDB.TEST", Integer.class);
  }

--- a/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html
+++ b/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html
@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
+<html xmlns:th="http://www.thymeleaf.org" lang="en">
 <head>
 	<link rel="icon" type="image/x-icon" th:href="@{/img/logo.png}">
    <title>Taskana login</title>
--- a/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html
@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
+<html xmlns:th="http://www.thymeleaf.org" lang="en">
 <head>
 	<link rel="icon" type="image/x-icon" th:href="@{/img/logo.png}">
    <title>Taskana login</title>
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java
@ -31,6 +31,7 @@ import pro.taskana.TaskanaConfiguration;
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.SystemException;
+import pro.taskana.common.internal.util.LogSanitizer;
 import pro.taskana.common.rest.models.AccessIdRepresentationModel;
 import pro.taskana.user.api.models.User;
 import pro.taskana.user.internal.models.UserImpl;
@ -92,7 +93,7 @@ public class LdapClient {

    LOGGER.debug(
        "entry to searchUsersByNameOrAccessIdInUserRoleGroups(nameOrAccessId = {}).",
-        nameOrAccessId);
+        LogSanitizer.stripLineBreakingChars(nameOrAccessId));

    isInitOrFail();
    testMinSearchForLength(nameOrAccessId);
@ -261,11 +262,12 @@ public class LdapClient {
    andFilter.and(orFilter);

    String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()};
-
-    LOGGER.debug(
-        "Using filter '{}' for LDAP query with group search base {}.",
-        andFilter,
-        getGroupSearchBase());
+    if (LOGGER.isDebugEnabled()) {
+      LOGGER.debug(
+          "Using filter '{}' for LDAP query with group search base {}.",
+          andFilter,
+          getGroupSearchBase());
+    }

    return ldapTemplate.search(
        getGroupSearchBase(),
--- a/rest/taskana-rest-spring/src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java
+++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java
@ -138,11 +138,11 @@ public class ReportRepresentationModelAssembler {

  @NonNull
  public ReportRepresentationModel toModel(
-      @NonNull TaskStatusReport report,
-      @NonNull List<String> domain,
-      @NonNull List<TaskState> state,
-      @NonNull List<String> workbasketIds,
-      @NonNull Integer priorityMinimum)
+      TaskStatusReport report,
+      List<String> domain,
+      List<TaskState> state,
+      List<String> workbasketIds,
+      Integer priorityMinimum)
      throws NotAuthorizedException {
    ReportRepresentationModel resource = toReportResource(report);
    resource.add(