From f7c7ad2667bbce3a2c2df3a16e00bbf7c17886dd Mon Sep 17 00:00:00 2001 From: Elena Mokeeva Date: Tue, 13 Jun 2023 11:52:15 +0200 Subject: [PATCH] Closes #2289 - fix Sonarcloud vulnerabilities and bugs --- .../internal/ClassificationServiceImpl.java | 21 ++++++++----------- .../user/internal/UserServiceImpl.java | 9 ++++++-- .../internal/WorkbasketServiceImpl.java | 5 +++-- .../example/TaskanaTestController.java | 6 +++--- .../src/main/resources/templates/login.html | 2 +- .../src/main/resources/templates/login.html | 2 +- .../taskana/common/rest/ldap/LdapClient.java | 14 +++++++------ .../ReportRepresentationModelAssembler.java | 10 ++++----- 8 files changed, 37 insertions(+), 32 deletions(-) diff --git a/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java index a4016cbb6..6b2ec9ab7 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java @@ -179,11 +179,8 @@ public class ClassificationServiceImpl implements ClassificationService { @Override public Classification createClassification(Classification classification) - throws ClassificationAlreadyExistException, - DomainNotFoundException, - InvalidArgumentException, - MalformedServiceLevelException, - NotAuthorizedException { + throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException, + MalformedServiceLevelException, NotAuthorizedException { taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN); if (!taskanaEngine.domainExists(classification.getDomain()) && !MASTER_DOMAIN.equals(classification.getDomain())) { @@ -222,7 +219,9 @@ public class ClassificationServiceImpl implements ClassificationService { } if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Method createClassification created classification {}.", classificationImpl); + LOGGER.debug( + "Method createClassification created classification {}.", + LogSanitizer.stripLineBreakingChars(classificationImpl)); } if (!classification.getDomain().isEmpty()) { @@ -236,11 +235,8 @@ public class ClassificationServiceImpl implements ClassificationService { @Override public Classification updateClassification(Classification classification) - throws ConcurrencyException, - ClassificationNotFoundException, - InvalidArgumentException, - MalformedServiceLevelException, - NotAuthorizedException { + throws ConcurrencyException, ClassificationNotFoundException, InvalidArgumentException, + MalformedServiceLevelException, NotAuthorizedException { taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN); ClassificationImpl classificationImpl; try { @@ -283,7 +279,8 @@ public class ClassificationServiceImpl implements ClassificationService { } if (LOGGER.isDebugEnabled()) { LOGGER.debug( - "Method updateClassification() updated the classification {}.", classificationImpl); + "Method updateClassification() updated the classification {}.", + LogSanitizer.stripLineBreakingChars(classificationImpl)); } return classification; } finally { diff --git a/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java index d1bacbf8f..89cc6f058 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java @@ -16,6 +16,7 @@ import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.internal.InternalTaskanaEngine; +import pro.taskana.common.internal.util.LogSanitizer; import pro.taskana.user.api.UserService; import pro.taskana.user.api.exceptions.UserAlreadyExistException; import pro.taskana.user.api.exceptions.UserNotFoundException; @@ -103,7 +104,9 @@ public class UserServiceImpl implements UserService { ((UserImpl) userToCreate).setDomains(determineDomains(userToCreate)); if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Method createUser() created User '{}'.", userToCreate); + LOGGER.debug( + "Method createUser() created User '{}'.", + LogSanitizer.stripLineBreakingChars(userToCreate)); } return userToCreate; } @@ -127,7 +130,9 @@ public class UserServiceImpl implements UserService { ((UserImpl) userToUpdate).setDomains(determineDomains(userToUpdate)); if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Method updateUser() updated User '{}'.", userToUpdate); + LOGGER.debug( + "Method updateUser() updated User '{}'.", + LogSanitizer.stripLineBreakingChars(userToUpdate)); } return userToUpdate; diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java index 80ae48f0b..f1ac104cd 100644 --- a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java +++ b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java @@ -24,6 +24,7 @@ import pro.taskana.common.api.exceptions.NotAuthorizedException; import pro.taskana.common.api.exceptions.TaskanaException; import pro.taskana.common.internal.InternalTaskanaEngine; import pro.taskana.common.internal.util.IdGenerator; +import pro.taskana.common.internal.util.LogSanitizer; import pro.taskana.common.internal.util.ObjectAttributeChangeDetector; import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemCreatedEvent; import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemDeletedEvent; @@ -644,8 +645,8 @@ public class WorkbasketServiceImpl implements WorkbasketService { LOGGER.debug( "Method setDistributionTargets() created distribution target " + "for source '{}' and target {}", - sourceWorkbasketId, - targetId); + LogSanitizer.stripLineBreakingChars(sourceWorkbasketId), + LogSanitizer.stripLineBreakingChars(targetId)); } } diff --git a/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java b/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java index 0d41f07b0..63266c06e 100644 --- a/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java +++ b/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java @@ -56,7 +56,7 @@ public class TaskanaTestController { NotAuthorizedException { taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key", "workbasket")); - int workbaskets = getWorkbaskets(); + Integer workbaskets = getWorkbaskets(); if (Boolean.parseBoolean(rollback)) { throw new RuntimeException(); } else { @@ -113,12 +113,12 @@ public class TaskanaTestController { return "cleaned workbasket and test tables"; } - private int getWorkbaskets() { + private Integer getWorkbaskets() { // return taskanaEngine.getWorkbasketService().getWorkbaskets().size(); return jdbcTemplate.queryForObject("SELECT COUNT(*) FROM WORKBASKET", Integer.class); } - private int getCustomdbTests() { + private Integer getCustomdbTests() { return jdbcTemplate.queryForObject("SELECT COUNT(*) FROM CUSTOMDB.TEST", Integer.class); } diff --git a/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html b/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html index 5252b83c9..7cc731b70 100644 --- a/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html +++ b/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html @@ -1,5 +1,5 @@ - + Taskana login diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html b/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html index 6e42bd997..9b38fc35f 100644 --- a/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html +++ b/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html @@ -1,5 +1,5 @@ - + Taskana login diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java index dabad6bfd..1c04b9e7e 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java @@ -31,6 +31,7 @@ import pro.taskana.TaskanaConfiguration; import pro.taskana.common.api.TaskanaRole; import pro.taskana.common.api.exceptions.InvalidArgumentException; import pro.taskana.common.api.exceptions.SystemException; +import pro.taskana.common.internal.util.LogSanitizer; import pro.taskana.common.rest.models.AccessIdRepresentationModel; import pro.taskana.user.api.models.User; import pro.taskana.user.internal.models.UserImpl; @@ -92,7 +93,7 @@ public class LdapClient { LOGGER.debug( "entry to searchUsersByNameOrAccessIdInUserRoleGroups(nameOrAccessId = {}).", - nameOrAccessId); + LogSanitizer.stripLineBreakingChars(nameOrAccessId)); isInitOrFail(); testMinSearchForLength(nameOrAccessId); @@ -261,11 +262,12 @@ public class LdapClient { andFilter.and(orFilter); String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()}; - - LOGGER.debug( - "Using filter '{}' for LDAP query with group search base {}.", - andFilter, - getGroupSearchBase()); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug( + "Using filter '{}' for LDAP query with group search base {}.", + andFilter, + getGroupSearchBase()); + } return ldapTemplate.search( getGroupSearchBase(), diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java index 9a97edc82..4363a759d 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java @@ -138,11 +138,11 @@ public class ReportRepresentationModelAssembler { @NonNull public ReportRepresentationModel toModel( - @NonNull TaskStatusReport report, - @NonNull List domain, - @NonNull List state, - @NonNull List workbasketIds, - @NonNull Integer priorityMinimum) + TaskStatusReport report, + List domain, + List state, + List workbasketIds, + Integer priorityMinimum) throws NotAuthorizedException { ReportRepresentationModel resource = toReportResource(report); resource.add(