mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-01 14:41:46 +00:00
REPO-331: Review security analysis plugin results for branch (#46)
* REPO-331 - Review security analysis plugin results for branch: - fixed some critical / major issues detected by sonar - fields that are not serialized were changed to transient. The serialization of Person is required in CommentsImpl - fixed an issue found using sonar where in case a node was updated with "qshare:shared" aspect a 500 response was returned. Fixed by returning empty list when params are null - added null check for searchQuery
This commit is contained in:
aforascu
GitHub
@@ -69,14 +69,14 @@ public class AuditApplicationsAuditEntriesRelation implements RelationshipResour
|
||||
@WebApiDescription(title = "Return audit entry id for audit app id")
|
||||
public AuditEntry readById(String auditAppId, String auditEntryId, Parameters parameters) throws RelationshipResourceNotFoundException
|
||||
{
|
||||
return audit.getAuditEntry(auditAppId, new Long(auditEntryId), parameters);
|
||||
return audit.getAuditEntry(auditAppId, Long.valueOf(auditEntryId), parameters);
|
||||
}
|
||||
|
||||
@Override
|
||||
@WebApiDescription(title = "Delete audit entry id for audit app id")
|
||||
public void delete(String auditAppId, String auditEntryId, Parameters parameters) throws RelationshipResourceNotFoundException
|
||||
{
|
||||
audit.deleteAuditEntry(auditAppId, new Long(auditEntryId), parameters);
|
||||
audit.deleteAuditEntry(auditAppId, Long.valueOf(auditEntryId), parameters);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -340,8 +340,8 @@ public class AuditImpl implements Audit
|
||||
|
||||
if (propertyName.equals(ID))
|
||||
{
|
||||
fromId = new Long(firstValue);
|
||||
toId = new Long(secondValue) + 1;
|
||||
fromId = Long.valueOf(firstValue);
|
||||
toId = Long.valueOf(secondValue) + 1;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -621,8 +621,8 @@ public class AuditImpl implements Audit
|
||||
|
||||
if (propertyName.equals(ID))
|
||||
{
|
||||
fromId = new Long(firstValue);
|
||||
toId = new Long(secondValue) + 1;
|
||||
fromId = Long.valueOf(firstValue);
|
||||
toId = Long.valueOf(secondValue) + 1;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -40,12 +40,7 @@ public class DefaultExceptionHandler implements ExceptionHandler
|
||||
@Override
|
||||
public boolean handle(Throwable t)
|
||||
{
|
||||
if(t instanceof AccessDeniedException)
|
||||
{
|
||||
// Note: security, no message to indicate why
|
||||
throw new NotFoundException();
|
||||
}
|
||||
else if(t instanceof PermissionDeniedException)
|
||||
if(t instanceof AccessDeniedException || t instanceof PermissionDeniedException)
|
||||
{
|
||||
// Note: security, no message to indicate why
|
||||
throw new NotFoundException();
|
||||
|
||||
@@ -619,7 +619,7 @@ public class GroupsImpl implements Groups
|
||||
return new Pair<>(DISPLAY_NAME, Boolean.TRUE);
|
||||
}
|
||||
|
||||
private class AuthorityInfoComparator implements Comparator<AuthorityInfo>
|
||||
private static class AuthorityInfoComparator implements Comparator<AuthorityInfo>
|
||||
{
|
||||
private Map<AuthorityInfo, String> nameCache;
|
||||
private String sortBy;
|
||||
|
||||
@@ -1830,7 +1830,7 @@ public class NodesImpl implements Nodes
|
||||
String str = parameters.getParameter(PARAM_VERSION_MAJOR);
|
||||
if (str != null)
|
||||
{
|
||||
versionMajor = new Boolean(str);
|
||||
versionMajor = Boolean.valueOf(str);
|
||||
}
|
||||
String versionComment = parameters.getParameter(PARAM_VERSION_COMMENT);
|
||||
|
||||
@@ -2656,7 +2656,7 @@ public class NodesImpl implements Nodes
|
||||
String str = parameters.getParameter(PARAM_VERSION_MAJOR);
|
||||
if (str != null)
|
||||
{
|
||||
versionMajor = new Boolean(str);
|
||||
versionMajor = Boolean.valueOf(str);
|
||||
}
|
||||
String versionComment = parameters.getParameter(PARAM_VERSION_COMMENT);
|
||||
|
||||
|
||||
@@ -442,7 +442,7 @@ public class QueriesImpl implements Queries, InitializingBean
|
||||
}
|
||||
else
|
||||
{
|
||||
return CollectionWithPagingInfo.asPaged(paging, collection, queryResults.hasMore(), new Long(queryResults.getNumberFound()).intValue());
|
||||
return CollectionWithPagingInfo.asPaged(paging, collection, queryResults.hasMore(), Long.valueOf(queryResults.getNumberFound()).intValue());
|
||||
}
|
||||
}
|
||||
finally
|
||||
|
||||
@@ -303,7 +303,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, RecognizedParamsExt
|
||||
|
||||
List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
|
||||
|
||||
List<String> includeParam = parameters.getInclude();
|
||||
List<String> includeParam = parameters != null ? parameters.getInclude() : Collections.<String> emptyList();
|
||||
|
||||
for (QuickShareLink qs : nodeIds)
|
||||
{
|
||||
@@ -525,7 +525,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, RecognizedParamsExt
|
||||
|
||||
results.close();
|
||||
|
||||
return CollectionWithPagingInfo.asPaged(paging, qsLinks, results.hasMore(), new Long(results.getNumberFound()).intValue());
|
||||
return CollectionWithPagingInfo.asPaged(paging, qsLinks, results.hasMore(), Long.valueOf(results.getNumberFound()).intValue());
|
||||
}
|
||||
|
||||
private QuickShareLink getQuickShareInfo(String sharedId, boolean noAuth, List<String> includeParam)
|
||||
|
||||
@@ -376,7 +376,7 @@ public class RenditionsImpl implements Renditions, ResourceLoaderAware
|
||||
{
|
||||
LOGGER.error("Couldn't load the placeholder." + ex.getMessage());
|
||||
}
|
||||
new ApiException("Couldn't load the placeholder.");
|
||||
throw new ApiException("Couldn't load the placeholder.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,11 +65,11 @@ public class Person implements Serializable
|
||||
protected Long quotaUsed;
|
||||
protected Boolean emailNotificationsEnabled;
|
||||
protected String description;
|
||||
protected Company company;
|
||||
protected transient Company company;
|
||||
protected String password;
|
||||
protected String oldPassword;
|
||||
protected Map<String, Object> properties;
|
||||
protected List<String> aspectNames;
|
||||
protected transient Map<String, Object> properties;
|
||||
protected transient List<String> aspectNames;
|
||||
protected Map<String, Boolean> capabilities;
|
||||
|
||||
private Map<QName, Boolean> setFields = new HashMap<>(7);
|
||||
|
||||
@@ -300,6 +300,11 @@ public class ResultMapper
|
||||
SpellCheckContext spellCheckContext = null;
|
||||
List<FacetFieldContext> ffcs = new ArrayList<FacetFieldContext>();
|
||||
|
||||
if (searchQuery == null)
|
||||
{
|
||||
throw new IllegalArgumentException("searchQuery can't be null");
|
||||
}
|
||||
|
||||
//Facet queries
|
||||
if(facetQueries!= null && !facetQueries.isEmpty())
|
||||
{
|
||||
@@ -316,7 +321,7 @@ public class ResultMapper
|
||||
for (Entry<String, Integer> fq:facetQueries.entrySet())
|
||||
{
|
||||
String filterQuery = null;
|
||||
if (searchQuery != null && searchQuery.getFacetQueries() != null)
|
||||
if (searchQuery.getFacetQueries() != null)
|
||||
{
|
||||
Optional<FacetQuery> found = searchQuery.getFacetQueries().stream().filter(facetQuery -> fq.getKey().equals(facetQuery.getLabel())).findFirst();
|
||||
filterQuery = found.isPresent()? found.get().getQuery():fq.getKey();
|
||||
|
||||
@@ -44,7 +44,7 @@ public class ResourceDictionary
|
||||
private final Map<Api,Map<String, ResourceWithMetadata>> allResources = new HashMap<Api,Map<String, ResourceWithMetadata>>();
|
||||
private final SortedSet<Api> publicApis = new TreeSet<Api>();
|
||||
private final SortedSet<Api> privateApis = new TreeSet<Api>();
|
||||
private final String NEW_LINE = "\n";
|
||||
private static final String NEW_LINE = "\n";
|
||||
|
||||
protected ResourceDictionary()
|
||||
{
|
||||
|
||||
@@ -70,7 +70,7 @@ public class SimpleMappingExceptionResolver implements ExceptionResolver<Excepti
|
||||
private Integer matchException(Class<? extends Exception> ex)
|
||||
{
|
||||
Integer statusCode = exceptionMappings.get(ex.getName());
|
||||
if (statusCode == null && !(Exception.class.getName().equals(ex.getName())))
|
||||
if (statusCode == null && !(ex.isAssignableFrom(Exception.class)))
|
||||
{
|
||||
statusCode = matchException((Class<? extends Exception>) ex.getSuperclass());
|
||||
}
|
||||
|
||||
@@ -417,7 +417,7 @@ public class MapBasedQueryWalker extends WalkerCallbackAdapter
|
||||
return false;
|
||||
}
|
||||
|
||||
public class QueryVariableHolder implements Serializable
|
||||
public static class QueryVariableHolder implements Serializable
|
||||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
|
||||
@@ -453,7 +453,7 @@ public class ProcessesImpl extends WorkflowRestImpl implements Processes
|
||||
else
|
||||
{
|
||||
throw new InvalidArgumentException("sort " + sortColumn.column +
|
||||
" is not supported, supported items are " + PROCESS_COLLECTION_SORT_PROPERTIES.toArray());
|
||||
" is not supported, supported items are " + Arrays.toString(PROCESS_COLLECTION_SORT_PROPERTIES.toArray()));
|
||||
}
|
||||
|
||||
if (sortColumn.asc)
|
||||
|
||||
@@ -1463,7 +1463,7 @@ public class TasksImpl extends WorkflowRestImpl implements Tasks
|
||||
else
|
||||
{
|
||||
throw new InvalidArgumentException("sort " + sortColumn.column +
|
||||
" is not supported, supported items are " + TASK_COLLECTION_RUNNING_SORT_PROPERTIES.toArray());
|
||||
" is not supported, supported items are " + Arrays.toString(TASK_COLLECTION_RUNNING_SORT_PROPERTIES.toArray()));
|
||||
}
|
||||
|
||||
if (sortColumn.asc)
|
||||
@@ -1539,7 +1539,7 @@ public class TasksImpl extends WorkflowRestImpl implements Tasks
|
||||
else
|
||||
{
|
||||
throw new InvalidArgumentException("sort " + sortColumn.column +
|
||||
" is not supported, supported items are " + TASK_COLLECTION_HISTORY_SORT_PROPERTIES.toArray());
|
||||
" is not supported, supported items are " + Arrays.toString(TASK_COLLECTION_HISTORY_SORT_PROPERTIES.toArray()));
|
||||
}
|
||||
|
||||
if (sortColumn.asc)
|
||||
|
||||
Reference in New Issue
Block a user