mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-08 14:51:49 +00:00
REPO-331: Review security analysis plugin results for branch (#46)
* REPO-331 - Review security analysis plugin results for branch: - fixed some critical / major issues detected by sonar - fields that are not serialized were changed to transient. The serialization of Person is required in CommentsImpl - fixed an issue found using sonar where in case a node was updated with "qshare:shared" aspect a 500 response was returned. Fixed by returning empty list when params are null - added null check for searchQuery
This commit is contained in:
aforascu
GitHub
@@ -69,14 +69,14 @@ public class AuditApplicationsAuditEntriesRelation implements RelationshipResour
|
|||||||
@WebApiDescription(title = "Return audit entry id for audit app id")
|
@WebApiDescription(title = "Return audit entry id for audit app id")
|
||||||
public AuditEntry readById(String auditAppId, String auditEntryId, Parameters parameters) throws RelationshipResourceNotFoundException
|
public AuditEntry readById(String auditAppId, String auditEntryId, Parameters parameters) throws RelationshipResourceNotFoundException
|
||||||
{
|
{
|
||||||
return audit.getAuditEntry(auditAppId, new Long(auditEntryId), parameters);
|
return audit.getAuditEntry(auditAppId, Long.valueOf(auditEntryId), parameters);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@WebApiDescription(title = "Delete audit entry id for audit app id")
|
@WebApiDescription(title = "Delete audit entry id for audit app id")
|
||||||
public void delete(String auditAppId, String auditEntryId, Parameters parameters) throws RelationshipResourceNotFoundException
|
public void delete(String auditAppId, String auditEntryId, Parameters parameters) throws RelationshipResourceNotFoundException
|
||||||
{
|
{
|
||||||
audit.deleteAuditEntry(auditAppId, new Long(auditEntryId), parameters);
|
audit.deleteAuditEntry(auditAppId, Long.valueOf(auditEntryId), parameters);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@@ -340,8 +340,8 @@ public class AuditImpl implements Audit
|
|||||||
|
|
||||||
if (propertyName.equals(ID))
|
if (propertyName.equals(ID))
|
||||||
{
|
{
|
||||||
fromId = new Long(firstValue);
|
fromId = Long.valueOf(firstValue);
|
||||||
toId = new Long(secondValue) + 1;
|
toId = Long.valueOf(secondValue) + 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -621,8 +621,8 @@ public class AuditImpl implements Audit
|
|||||||
|
|
||||||
if (propertyName.equals(ID))
|
if (propertyName.equals(ID))
|
||||||
{
|
{
|
||||||
fromId = new Long(firstValue);
|
fromId = Long.valueOf(firstValue);
|
||||||
toId = new Long(secondValue) + 1;
|
toId = Long.valueOf(secondValue) + 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -40,12 +40,7 @@ public class DefaultExceptionHandler implements ExceptionHandler
|
|||||||
@Override
|
@Override
|
||||||
public boolean handle(Throwable t)
|
public boolean handle(Throwable t)
|
||||||
{
|
{
|
||||||
if(t instanceof AccessDeniedException)
|
if(t instanceof AccessDeniedException || t instanceof PermissionDeniedException)
|
||||||
{
|
|
||||||
// Note: security, no message to indicate why
|
|
||||||
throw new NotFoundException();
|
|
||||||
}
|
|
||||||
else if(t instanceof PermissionDeniedException)
|
|
||||||
{
|
{
|
||||||
// Note: security, no message to indicate why
|
// Note: security, no message to indicate why
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
|
|||||||
@@ -619,7 +619,7 @@ public class GroupsImpl implements Groups
|
|||||||
return new Pair<>(DISPLAY_NAME, Boolean.TRUE);
|
return new Pair<>(DISPLAY_NAME, Boolean.TRUE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private class AuthorityInfoComparator implements Comparator<AuthorityInfo>
|
private static class AuthorityInfoComparator implements Comparator<AuthorityInfo>
|
||||||
{
|
{
|
||||||
private Map<AuthorityInfo, String> nameCache;
|
private Map<AuthorityInfo, String> nameCache;
|
||||||
private String sortBy;
|
private String sortBy;
|
||||||
|
|||||||
@@ -1830,7 +1830,7 @@ public class NodesImpl implements Nodes
|
|||||||
String str = parameters.getParameter(PARAM_VERSION_MAJOR);
|
String str = parameters.getParameter(PARAM_VERSION_MAJOR);
|
||||||
if (str != null)
|
if (str != null)
|
||||||
{
|
{
|
||||||
versionMajor = new Boolean(str);
|
versionMajor = Boolean.valueOf(str);
|
||||||
}
|
}
|
||||||
String versionComment = parameters.getParameter(PARAM_VERSION_COMMENT);
|
String versionComment = parameters.getParameter(PARAM_VERSION_COMMENT);
|
||||||
|
|
||||||
@@ -2656,7 +2656,7 @@ public class NodesImpl implements Nodes
|
|||||||
String str = parameters.getParameter(PARAM_VERSION_MAJOR);
|
String str = parameters.getParameter(PARAM_VERSION_MAJOR);
|
||||||
if (str != null)
|
if (str != null)
|
||||||
{
|
{
|
||||||
versionMajor = new Boolean(str);
|
versionMajor = Boolean.valueOf(str);
|
||||||
}
|
}
|
||||||
String versionComment = parameters.getParameter(PARAM_VERSION_COMMENT);
|
String versionComment = parameters.getParameter(PARAM_VERSION_COMMENT);
|
||||||
|
|
||||||
|
|||||||
@@ -442,7 +442,7 @@ public class QueriesImpl implements Queries, InitializingBean
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
return CollectionWithPagingInfo.asPaged(paging, collection, queryResults.hasMore(), new Long(queryResults.getNumberFound()).intValue());
|
return CollectionWithPagingInfo.asPaged(paging, collection, queryResults.hasMore(), Long.valueOf(queryResults.getNumberFound()).intValue());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
finally
|
finally
|
||||||
|
|||||||
@@ -303,7 +303,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, RecognizedParamsExt
|
|||||||
|
|
||||||
List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
|
List<QuickShareLink> result = new ArrayList<>(nodeIds.size());
|
||||||
|
|
||||||
List<String> includeParam = parameters.getInclude();
|
List<String> includeParam = parameters != null ? parameters.getInclude() : Collections.<String> emptyList();
|
||||||
|
|
||||||
for (QuickShareLink qs : nodeIds)
|
for (QuickShareLink qs : nodeIds)
|
||||||
{
|
{
|
||||||
@@ -525,7 +525,7 @@ public class QuickShareLinksImpl implements QuickShareLinks, RecognizedParamsExt
|
|||||||
|
|
||||||
results.close();
|
results.close();
|
||||||
|
|
||||||
return CollectionWithPagingInfo.asPaged(paging, qsLinks, results.hasMore(), new Long(results.getNumberFound()).intValue());
|
return CollectionWithPagingInfo.asPaged(paging, qsLinks, results.hasMore(), Long.valueOf(results.getNumberFound()).intValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
private QuickShareLink getQuickShareInfo(String sharedId, boolean noAuth, List<String> includeParam)
|
private QuickShareLink getQuickShareInfo(String sharedId, boolean noAuth, List<String> includeParam)
|
||||||
|
|||||||
@@ -376,7 +376,7 @@ public class RenditionsImpl implements Renditions, ResourceLoaderAware
|
|||||||
{
|
{
|
||||||
LOGGER.error("Couldn't load the placeholder." + ex.getMessage());
|
LOGGER.error("Couldn't load the placeholder." + ex.getMessage());
|
||||||
}
|
}
|
||||||
new ApiException("Couldn't load the placeholder.");
|
throw new ApiException("Couldn't load the placeholder.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -65,11 +65,11 @@ public class Person implements Serializable
|
|||||||
protected Long quotaUsed;
|
protected Long quotaUsed;
|
||||||
protected Boolean emailNotificationsEnabled;
|
protected Boolean emailNotificationsEnabled;
|
||||||
protected String description;
|
protected String description;
|
||||||
protected Company company;
|
protected transient Company company;
|
||||||
protected String password;
|
protected String password;
|
||||||
protected String oldPassword;
|
protected String oldPassword;
|
||||||
protected Map<String, Object> properties;
|
protected transient Map<String, Object> properties;
|
||||||
protected List<String> aspectNames;
|
protected transient List<String> aspectNames;
|
||||||
protected Map<String, Boolean> capabilities;
|
protected Map<String, Boolean> capabilities;
|
||||||
|
|
||||||
private Map<QName, Boolean> setFields = new HashMap<>(7);
|
private Map<QName, Boolean> setFields = new HashMap<>(7);
|
||||||
|
|||||||
@@ -300,6 +300,11 @@ public class ResultMapper
|
|||||||
SpellCheckContext spellCheckContext = null;
|
SpellCheckContext spellCheckContext = null;
|
||||||
List<FacetFieldContext> ffcs = new ArrayList<FacetFieldContext>();
|
List<FacetFieldContext> ffcs = new ArrayList<FacetFieldContext>();
|
||||||
|
|
||||||
|
if (searchQuery == null)
|
||||||
|
{
|
||||||
|
throw new IllegalArgumentException("searchQuery can't be null");
|
||||||
|
}
|
||||||
|
|
||||||
//Facet queries
|
//Facet queries
|
||||||
if(facetQueries!= null && !facetQueries.isEmpty())
|
if(facetQueries!= null && !facetQueries.isEmpty())
|
||||||
{
|
{
|
||||||
@@ -316,7 +321,7 @@ public class ResultMapper
|
|||||||
for (Entry<String, Integer> fq:facetQueries.entrySet())
|
for (Entry<String, Integer> fq:facetQueries.entrySet())
|
||||||
{
|
{
|
||||||
String filterQuery = null;
|
String filterQuery = null;
|
||||||
if (searchQuery != null && searchQuery.getFacetQueries() != null)
|
if (searchQuery.getFacetQueries() != null)
|
||||||
{
|
{
|
||||||
Optional<FacetQuery> found = searchQuery.getFacetQueries().stream().filter(facetQuery -> fq.getKey().equals(facetQuery.getLabel())).findFirst();
|
Optional<FacetQuery> found = searchQuery.getFacetQueries().stream().filter(facetQuery -> fq.getKey().equals(facetQuery.getLabel())).findFirst();
|
||||||
filterQuery = found.isPresent()? found.get().getQuery():fq.getKey();
|
filterQuery = found.isPresent()? found.get().getQuery():fq.getKey();
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ public class ResourceDictionary
|
|||||||
private final Map<Api,Map<String, ResourceWithMetadata>> allResources = new HashMap<Api,Map<String, ResourceWithMetadata>>();
|
private final Map<Api,Map<String, ResourceWithMetadata>> allResources = new HashMap<Api,Map<String, ResourceWithMetadata>>();
|
||||||
private final SortedSet<Api> publicApis = new TreeSet<Api>();
|
private final SortedSet<Api> publicApis = new TreeSet<Api>();
|
||||||
private final SortedSet<Api> privateApis = new TreeSet<Api>();
|
private final SortedSet<Api> privateApis = new TreeSet<Api>();
|
||||||
private final String NEW_LINE = "\n";
|
private static final String NEW_LINE = "\n";
|
||||||
|
|
||||||
protected ResourceDictionary()
|
protected ResourceDictionary()
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ public class SimpleMappingExceptionResolver implements ExceptionResolver<Excepti
|
|||||||
private Integer matchException(Class<? extends Exception> ex)
|
private Integer matchException(Class<? extends Exception> ex)
|
||||||
{
|
{
|
||||||
Integer statusCode = exceptionMappings.get(ex.getName());
|
Integer statusCode = exceptionMappings.get(ex.getName());
|
||||||
if (statusCode == null && !(Exception.class.getName().equals(ex.getName())))
|
if (statusCode == null && !(ex.isAssignableFrom(Exception.class)))
|
||||||
{
|
{
|
||||||
statusCode = matchException((Class<? extends Exception>) ex.getSuperclass());
|
statusCode = matchException((Class<? extends Exception>) ex.getSuperclass());
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -417,7 +417,7 @@ public class MapBasedQueryWalker extends WalkerCallbackAdapter
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public class QueryVariableHolder implements Serializable
|
public static class QueryVariableHolder implements Serializable
|
||||||
{
|
{
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
|||||||
@@ -453,7 +453,7 @@ public class ProcessesImpl extends WorkflowRestImpl implements Processes
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
throw new InvalidArgumentException("sort " + sortColumn.column +
|
throw new InvalidArgumentException("sort " + sortColumn.column +
|
||||||
" is not supported, supported items are " + PROCESS_COLLECTION_SORT_PROPERTIES.toArray());
|
" is not supported, supported items are " + Arrays.toString(PROCESS_COLLECTION_SORT_PROPERTIES.toArray()));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sortColumn.asc)
|
if (sortColumn.asc)
|
||||||
|
|||||||
@@ -1463,7 +1463,7 @@ public class TasksImpl extends WorkflowRestImpl implements Tasks
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
throw new InvalidArgumentException("sort " + sortColumn.column +
|
throw new InvalidArgumentException("sort " + sortColumn.column +
|
||||||
" is not supported, supported items are " + TASK_COLLECTION_RUNNING_SORT_PROPERTIES.toArray());
|
" is not supported, supported items are " + Arrays.toString(TASK_COLLECTION_RUNNING_SORT_PROPERTIES.toArray()));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sortColumn.asc)
|
if (sortColumn.asc)
|
||||||
@@ -1539,7 +1539,7 @@ public class TasksImpl extends WorkflowRestImpl implements Tasks
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
throw new InvalidArgumentException("sort " + sortColumn.column +
|
throw new InvalidArgumentException("sort " + sortColumn.column +
|
||||||
" is not supported, supported items are " + TASK_COLLECTION_HISTORY_SORT_PROPERTIES.toArray());
|
" is not supported, supported items are " + Arrays.toString(TASK_COLLECTION_HISTORY_SORT_PROPERTIES.toArray()));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sortColumn.asc)
|
if (sortColumn.asc)
|
||||||
|
|||||||
Reference in New Issue
Block a user