inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed major issues (Malicious code vulnerability - Field is a mutable array) reported in Sonar

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@89720 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tuna Aksoy
2014-11-01 20:12:17 +00:00
parent 1a9bedb0e5
commit abc76025fb
2 changed files with 55 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/record/RecordServiceImpl.java
View File

@@ -20,6 +20,7 @@ package org.alfresco.module.org_alfresco_module_rm.record;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
@@ -138,14 +139,14 @@ public class RecordServiceImpl extends BaseBehaviourBean
};
/** record model URI's */
public static final String[] RECORD_MODEL_URIS = new String[]
{
RM_URI,
RM_CUSTOM_URI,
ReportModel.RMR_URI,
RecordableVersionModel.RMV_URI,
DOD5015Model.DOD_URI
};
public static final List<String> RECORD_MODEL_URIS = Collections.unmodifiableList(
Arrays.asList(
RM_URI,
RM_CUSTOM_URI,
ReportModel.RMR_URI,
RecordableVersionModel.RMV_URI,
DOD5015Model.DOD_URI
));
/** non-record model URI's */
private static final String[] NON_RECORD_MODEL_URIS = new String[]
@@ -1363,7 +1364,7 @@ public class RecordServiceImpl extends BaseBehaviourBean
else
{
// check the URI's
result = ArrayUtils.contains(RECORD_MODEL_URIS, property.getNamespaceURI());
result = RECORD_MODEL_URIS.contains(property.getNamespaceURI());
// check the custom model
if (!result && !ArrayUtils.contains(NON_RECORD_MODEL_URIS, property.getNamespaceURI()))

14
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/version/RecordableVersionNodeServiceImpl.java
View File

@@ -18,6 +18,8 @@
*/
package org.alfresco.module.org_alfresco_module_rm.version;
import static org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl.RECORD_MODEL_URIS;
import java.io.Serializable;
import java.util.Date;
import java.util.HashMap;
@@ -28,14 +30,12 @@ import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
import org.alfresco.module.org_alfresco_module_rm.record.RecordService;
import org.alfresco.module.org_alfresco_module_rm.record.RecordServiceImpl;
import org.alfresco.repo.version.Node2ServiceImpl;
import org.alfresco.repo.version.Version2Model;
import org.alfresco.repo.version.common.VersionUtil;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.apache.commons.lang.ArrayUtils;
/**
* Extended version node service implementation that supports the retrieval of
@@ -96,9 +96,9 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
for (QName property : cloneProperties.keySet())
{
if (!PROP_RECORDABLE_VERSION_POLICY.equals(property) &&
!PROP_FILE_PLAN.equals(property) &&
(recordService.isRecordMetadataProperty(property) ||
ArrayUtils.contains(RecordServiceImpl.RECORD_MODEL_URIS, property.getNamespaceURI())))
!PROP_FILE_PLAN.equals(property) &&
(recordService.isRecordMetadataProperty(property) ||
RECORD_MODEL_URIS.contains(property.getNamespaceURI())))
{
properties.remove(property);
}
@@ -217,8 +217,8 @@ public class RecordableVersionNodeServiceImpl extends Node2ServiceImpl
for (QName aspect : aspects)
{
if (!ASPECT_VERSIONABLE.equals(aspect) &&
(recordService.isRecordMetadataAspect(aspect) ||
ArrayUtils.contains(RecordServiceImpl.RECORD_MODEL_URIS, aspect.getNamespaceURI())))
(recordService.isRecordMetadataAspect(aspect) ||
RECORD_MODEL_URIS.contains(aspect.getNamespaceURI())))
{
result.remove(aspect);
}