inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed major issues (Malicious code vulnerability - Field is a mutable array) reported in Sonar

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@89720 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-11-01 20:12:17 +00:00
parent f26dd2f7bf
commit 25b9ab151b
2 changed files with 55 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.record;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar; import java.util.Calendar;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
@@ -138,14 +139,14 @@ public class RecordServiceImpl extends BaseBehaviourBean
}; };
/** record model URI's */ /** record model URI's */
public static final String[] RECORD_MODEL_URIS = new String[] public static final List<String> RECORD_MODEL_URIS = Collections.unmodifiableList(
{ Arrays.asList(
RM_URI, RM_URI,
RM_CUSTOM_URI, RM_CUSTOM_URI,
ReportModel.RMR_URI, ReportModel.RMR_URI,
RecordableVersionModel.RMV_URI, RecordableVersionModel.RMV_URI,
DOD5015Model.DOD_URI DOD5015Model.DOD_URI
}; ));
/** non-record model URI's */ /** non-record model URI's */
private static final String[] NON_RECORD_MODEL_URIS = new String[] private static final String[] NON_RECORD_MODEL_URIS = new String[]
@@ -694,15 +695,15 @@ public class RecordServiceImpl extends BaseBehaviourBean
{ {
return getRecordMetadataAspectsMap().containsKey(aspect); return getRecordMetadataAspectsMap().containsKey(aspect);
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecordMetadataProperty(org.alfresco.service.namespace.QName) * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#isRecordMetadataProperty(org.alfresco.service.namespace.QName)
*/ */
@Override @Override
public boolean isRecordMetadataProperty(QName property) public boolean isRecordMetadataProperty(QName property)
{ {
boolean result = false; boolean result = false;
PropertyDefinition propertyDefinition = dictionaryService.getProperty(property); PropertyDefinition propertyDefinition = dictionaryService.getProperty(property);
if (propertyDefinition != null) if (propertyDefinition != null)
{ {
ClassDefinition classDefinition = propertyDefinition.getContainerClass(); ClassDefinition classDefinition = propertyDefinition.getContainerClass();
@@ -714,7 +715,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
} }
return result; return result;
} }
/** /**
* @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.module.org_alfresco_module_rm.record.RecordService#getRecordMetaDataAspects(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -989,7 +990,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
props.put(PROP_IDENTIFIER, recordId); props.put(PROP_IDENTIFIER, recordId);
props.put(PROP_ORIGIONAL_NAME, name); props.put(PROP_ORIGIONAL_NAME, name);
nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, props); nodeService.addAspect(document, RecordsManagementModel.ASPECT_RECORD, props);
// remove versionable aspect(s) // remove versionable aspect(s)
nodeService.removeAspect(document, RecordableVersionModel.ASPECT_VERSIONABLE); nodeService.removeAspect(document, RecordableVersionModel.ASPECT_VERSIONABLE);
} }
@@ -1363,7 +1364,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
else else
{ {
// check the URI's // check the URI's
result = ArrayUtils.contains(RECORD_MODEL_URIS, property.getNamespaceURI()); result = RECORD_MODEL_URIS.contains(property.getNamespaceURI());
// check the custom model // check the custom model
if (!result && !ArrayUtils.contains(NON_RECORD_MODEL_URIS, property.getNamespaceURI())) if (!result && !ArrayUtils.contains(NON_RECORD_MODEL_URIS, property.getNamespaceURI()))

80
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/version/RecordableVersionNodeServiceImpl.java
View File

@@ -18,6 +18,8 @@
*/ */
package org.alfresco.module.org_alfresco_module_rm.version; package org.alfresco.module.org_alfresco_module_rm.version;
import static org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl.RECORD_MODEL_URIS;
import java.io.Serializable; import java.io.Serializable;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
@@ -28,19 +30,17 @@ import java.util.Set;
import org.alfresco.model.ContentModel; import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService; import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl;
import org.alfresco.repo.version.Node2ServiceImpl; import org.alfresco.repo.version.Node2ServiceImpl;
import org.alfresco.repo.version.Version2Model; import org.alfresco.repo.version.Version2Model;
import org.alfresco.repo.version.common.VersionUtil; import org.alfresco.repo.version.common.VersionUtil;
import org.alfresco.service.cmr.repository.InvalidNodeRefException; import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName; import org.alfresco.service.namespace.QName;
import org.apache.commons.lang.ArrayUtils;
/** /**
* Extended version node service implementation that supports the retrieval of * Extended version node service implementation that supports the retrieval of
* recorded version state. * recorded version state.
* *
* @author Roy Wetherall * @author Roy Wetherall
* @since 2.3 * @since 2.3
*/ */
@@ -49,7 +49,7 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
{ {
/** record service */ /** record service */
private RecordService recordService; private RecordService recordService;
/** /**
* @param recordService record service * @param recordService record service
*/ */
@@ -57,7 +57,7 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
{ {
this.recordService = recordService; this.recordService = recordService;
} }
/** /**
* @see org.alfresco.repo.version.Node2ServiceImpl#getProperties(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.repo.version.Node2ServiceImpl#getProperties(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -65,7 +65,7 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
public Map<QName, Serializable> getProperties(NodeRef nodeRef) throws InvalidNodeRefException public Map<QName, Serializable> getProperties(NodeRef nodeRef) throws InvalidNodeRefException
{ {
// TODO only supported for Version2 // TODO only supported for Version2
NodeRef converted = VersionUtil.convertNodeRef(nodeRef); NodeRef converted = VersionUtil.convertNodeRef(nodeRef);
if (dbNodeService.hasAspect(converted, ASPECT_RECORDED_VERSION)) if (dbNodeService.hasAspect(converted, ASPECT_RECORDED_VERSION))
{ {
@@ -78,41 +78,41 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
return super.getProperties(nodeRef); return super.getProperties(nodeRef);
} }
} }
/** /**
* Process properties map before returning as frozen state. * Process properties map before returning as frozen state.
* *
* @param properties properties map * @param properties properties map
* @return {@link Map}<{@link QName}, {@link Serializable}> processed property map * @return {@link Map}<{@link QName}, {@link Serializable}> processed property map
*/ */
protected Map<QName, Serializable> processProperties(NodeRef version, Map<QName, Serializable> properties) protected Map<QName, Serializable> processProperties(NodeRef version, Map<QName, Serializable> properties)
{ {
Map<QName, Serializable> cloneProperties = new HashMap<QName, Serializable>(properties); Map<QName, Serializable> cloneProperties = new HashMap<QName, Serializable>(properties);
// revert modified record name // revert modified record name
properties.put(ContentModel.PROP_NAME, properties.get(RecordsManagementModel.PROP_ORIGIONAL_NAME)); properties.put(ContentModel.PROP_NAME, properties.get(RecordsManagementModel.PROP_ORIGIONAL_NAME));
// remove all rma, rmc, rmr and rmv properties // remove all rma, rmc, rmr and rmv properties
for (QName property : cloneProperties.keySet()) for (QName property : cloneProperties.keySet())
{ {
if (!PROP_RECORDABLE_VERSION_POLICY.equals(property) && if (!PROP_RECORDABLE_VERSION_POLICY.equals(property) &&
!PROP_FILE_PLAN.equals(property) && !PROP_FILE_PLAN.equals(property) &&
(recordService.isRecordMetadataProperty(property) || (recordService.isRecordMetadataProperty(property) ||
ArrayUtils.contains(RecordServiceImpl.RECORD_MODEL_URIS, property.getNamespaceURI()))) RECORD_MODEL_URIS.contains(property.getNamespaceURI())))
{ {
properties.remove(property); properties.remove(property);
} }
} }
// do standard property processing // do standard property processing
processVersionProperties(version, properties); processVersionProperties(version, properties);
return properties; return properties;
} }
/** /**
* Process version properties. * Process version properties.
* *
* @param version version node reference * @param version version node reference
* @param properties properties map * @param properties properties map
*/ */
@@ -120,12 +120,12 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
{ {
// get version properties // get version properties
Map<QName, Serializable> versionProperties = dbNodeService.getProperties(version); Map<QName, Serializable> versionProperties = dbNodeService.getProperties(version);
if (versionProperties != null) if (versionProperties != null)
{ {
String versionLabel = (String)versionProperties.get(Version2Model.PROP_QNAME_VERSION_LABEL); String versionLabel = (String)versionProperties.get(Version2Model.PROP_QNAME_VERSION_LABEL);
properties.put(ContentModel.PROP_VERSION_LABEL, versionLabel); properties.put(ContentModel.PROP_VERSION_LABEL, versionLabel);
// Convert frozen sys:referenceable properties // Convert frozen sys:referenceable properties
NodeRef nodeRef = (NodeRef)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_NODE_REF); NodeRef nodeRef = (NodeRef)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_NODE_REF);
if (nodeRef != null) if (nodeRef != null)
@@ -134,42 +134,42 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
properties.put(ContentModel.PROP_STORE_IDENTIFIER, nodeRef.getStoreRef().getIdentifier()); properties.put(ContentModel.PROP_STORE_IDENTIFIER, nodeRef.getStoreRef().getIdentifier());
properties.put(ContentModel.PROP_NODE_UUID, nodeRef.getId()); properties.put(ContentModel.PROP_NODE_UUID, nodeRef.getId());
} }
Long dbid = (Long)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_NODE_DBID); Long dbid = (Long)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_NODE_DBID);
properties.put(ContentModel.PROP_NODE_DBID, dbid); properties.put(ContentModel.PROP_NODE_DBID, dbid);
// Convert frozen cm:auditable properties // Convert frozen cm:auditable properties
String creator = (String)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_CREATOR); String creator = (String)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_CREATOR);
if (creator != null) if (creator != null)
{ {
properties.put(ContentModel.PROP_CREATOR, creator); properties.put(ContentModel.PROP_CREATOR, creator);
} }
Date created = (Date)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_CREATED); Date created = (Date)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_CREATED);
if (created != null) if (created != null)
{ {
properties.put(ContentModel.PROP_CREATED, created); properties.put(ContentModel.PROP_CREATED, created);
} }
// TODO - check use-cases for get version, revert, restore .... // TODO - check use-cases for get version, revert, restore ....
String modifier = (String)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_MODIFIER); String modifier = (String)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_MODIFIER);
if (modifier != null) if (modifier != null)
{ {
properties.put(ContentModel.PROP_MODIFIER, modifier); properties.put(ContentModel.PROP_MODIFIER, modifier);
} }
Date modified = (Date)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_MODIFIED); Date modified = (Date)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_MODIFIED);
if (modified != null) if (modified != null)
{ {
properties.put(ContentModel.PROP_MODIFIED, modified); properties.put(ContentModel.PROP_MODIFIED, modified);
} }
Date accessed = (Date)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_ACCESSED); Date accessed = (Date)versionProperties.get(Version2Model.PROP_QNAME_FROZEN_ACCESSED);
if (accessed != null) if (accessed != null)
{ {
properties.put(ContentModel.PROP_ACCESSED, accessed); properties.put(ContentModel.PROP_ACCESSED, accessed);
} }
String owner = (String)versionProperties.get(PROP_FROZEN_OWNER); String owner = (String)versionProperties.get(PROP_FROZEN_OWNER);
if (owner != null) if (owner != null)
{ {
@@ -177,7 +177,7 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
} }
} }
} }
/** /**
* @see org.alfresco.repo.version.Node2ServiceImpl#getAspects(org.alfresco.service.cmr.repository.NodeRef) * @see org.alfresco.repo.version.Node2ServiceImpl#getAspects(org.alfresco.service.cmr.repository.NodeRef)
*/ */
@@ -185,7 +185,7 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
public Set<QName> getAspects(NodeRef nodeRef) throws InvalidNodeRefException public Set<QName> getAspects(NodeRef nodeRef) throws InvalidNodeRefException
{ {
// TODO only supported for Version2 // TODO only supported for Version2
NodeRef converted = VersionUtil.convertNodeRef(nodeRef); NodeRef converted = VersionUtil.convertNodeRef(nodeRef);
if (dbNodeService.hasAspect(converted, ASPECT_RECORDED_VERSION)) if (dbNodeService.hasAspect(converted, ASPECT_RECORDED_VERSION))
{ {
@@ -198,34 +198,34 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
return super.getAspects(nodeRef); return super.getAspects(nodeRef);
} }
} }
/** /**
* Process frozen aspects. * Process frozen aspects.
* *
* @param aspects aspect set * @param aspects aspect set
* @return {@link Set}<{@link QName}> processed aspect set * @return {@link Set}<{@link QName}> processed aspect set
*/ */
protected Set<QName> processAspects(Set<QName> aspects) protected Set<QName> processAspects(Set<QName> aspects)
{ {
Set<QName> result = new HashSet<QName>(aspects); Set<QName> result = new HashSet<QName>(aspects);
// remove version aspects // remove version aspects
result.remove(ASPECT_VERSION); result.remove(ASPECT_VERSION);
result.remove(ASPECT_RECORDED_VERSION); result.remove(ASPECT_RECORDED_VERSION);
// remove rm aspects // remove rm aspects
for (QName aspect : aspects) for (QName aspect : aspects)
{ {
if (!ASPECT_VERSIONABLE.equals(aspect) && if (!ASPECT_VERSIONABLE.equals(aspect) &&
(recordService.isRecordMetadataAspect(aspect) || (recordService.isRecordMetadataAspect(aspect) ||
ArrayUtils.contains(RecordServiceImpl.RECORD_MODEL_URIS, aspect.getNamespaceURI()))) RECORD_MODEL_URIS.contains(aspect.getNamespaceURI())))
{ {
result.remove(aspect); result.remove(aspect);
} }
} }
// remove custom record meta-data aspects // remove custom record meta-data aspects
return result; return result;
} }
} }