Closes #2289 - fix Sonarcloud vulnerabilities and bugs

Taskana · Aug 29, 2023 · f7c7ad2 · f7c7ad2
1 parent 208ee77
commit f7c7ad2
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 32 deletions.
diff --git a/...ana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java b/...ana-core/src/main/java/pro/taskana/classification/internal/ClassificationServiceImpl.java
@@ -179,11 +179,8 @@ public void deleteClassification(String classificationKey, String domain)
 
   @Override
   public Classification createClassification(Classification classification)
-      throws ClassificationAlreadyExistException,
-          DomainNotFoundException,
-          InvalidArgumentException,
-          MalformedServiceLevelException,
-          NotAuthorizedException {
+      throws ClassificationAlreadyExistException, DomainNotFoundException, InvalidArgumentException,
+          MalformedServiceLevelException, NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     if (!taskanaEngine.domainExists(classification.getDomain())
         && !MASTER_DOMAIN.equals(classification.getDomain())) {
@@ -222,7 +219,9 @@ public Classification createClassification(Classification classification)
       }
 
       if (LOGGER.isDebugEnabled()) {
-        LOGGER.debug("Method createClassification created classification {}.", classificationImpl);
+        LOGGER.debug(
+            "Method createClassification created classification {}.",
+            LogSanitizer.stripLineBreakingChars(classificationImpl));
       }
 
       if (!classification.getDomain().isEmpty()) {
@@ -236,11 +235,8 @@ public Classification createClassification(Classification classification)
 
   @Override
   public Classification updateClassification(Classification classification)
-      throws ConcurrencyException,
-          ClassificationNotFoundException,
-          InvalidArgumentException,
-          MalformedServiceLevelException,
-          NotAuthorizedException {
+      throws ConcurrencyException, ClassificationNotFoundException, InvalidArgumentException,
+          MalformedServiceLevelException, NotAuthorizedException {
     taskanaEngine.getEngine().checkRoleMembership(TaskanaRole.BUSINESS_ADMIN, TaskanaRole.ADMIN);
     ClassificationImpl classificationImpl;
     try {
@@ -283,7 +279,8 @@ public Classification updateClassification(Classification classification)
       }
       if (LOGGER.isDebugEnabled()) {
         LOGGER.debug(
-            "Method updateClassification() updated the classification {}.", classificationImpl);
+            "Method updateClassification() updated the classification {}.",
+            LogSanitizer.stripLineBreakingChars(classificationImpl));
       }
       return classification;
     } finally {

diff --git a/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/user/internal/UserServiceImpl.java
@@ -16,6 +16,7 @@
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.NotAuthorizedException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
+import pro.taskana.common.internal.util.LogSanitizer;
 import pro.taskana.user.api.UserService;
 import pro.taskana.user.api.exceptions.UserAlreadyExistException;
 import pro.taskana.user.api.exceptions.UserNotFoundException;
@@ -103,7 +104,9 @@ public User createUser(User userToCreate)
     ((UserImpl) userToCreate).setDomains(determineDomains(userToCreate));
 
     if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Method createUser() created User '{}'.", userToCreate);
+      LOGGER.debug(
+          "Method createUser() created User '{}'.",
+          LogSanitizer.stripLineBreakingChars(userToCreate));
     }
     return userToCreate;
   }
@@ -127,7 +130,9 @@ public User updateUser(User userToUpdate)
     ((UserImpl) userToUpdate).setDomains(determineDomains(userToUpdate));
 
     if (LOGGER.isDebugEnabled()) {
-      LOGGER.debug("Method updateUser() updated User '{}'.", userToUpdate);
+      LOGGER.debug(
+          "Method updateUser() updated User '{}'.",
+          LogSanitizer.stripLineBreakingChars(userToUpdate));
     }
 
     return userToUpdate;

diff --git a/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/workbasket/internal/WorkbasketServiceImpl.java
@@ -24,6 +24,7 @@
 import pro.taskana.common.api.exceptions.TaskanaException;
 import pro.taskana.common.internal.InternalTaskanaEngine;
 import pro.taskana.common.internal.util.IdGenerator;
+import pro.taskana.common.internal.util.LogSanitizer;
 import pro.taskana.common.internal.util.ObjectAttributeChangeDetector;
 import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemCreatedEvent;
 import pro.taskana.spi.history.api.events.workbasket.WorkbasketAccessItemDeletedEvent;
@@ -644,8 +645,8 @@ public void setDistributionTargets(String sourceWorkbasketId, List<String> targe
             LOGGER.debug(
                 "Method setDistributionTargets() created distribution target "
                     + "for source '{}' and target {}",
-                sourceWorkbasketId,
-                targetId);
+                LogSanitizer.stripLineBreakingChars(sourceWorkbasketId),
+                LogSanitizer.stripLineBreakingChars(targetId));
           }
         }
 

diff --git a/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java b/lib/taskana-spring-example/src/main/java/pro/taskana/example/TaskanaTestController.java
@@ -56,7 +56,7 @@ public class TaskanaTestController {
           NotAuthorizedException {
     taskanaEngine.getWorkbasketService().createWorkbasket(createWorkBasket("key", "workbasket"));
 
-    int workbaskets = getWorkbaskets();
+    Integer workbaskets = getWorkbaskets();
     if (Boolean.parseBoolean(rollback)) {
       throw new RuntimeException();
     } else {
@@ -113,12 +113,12 @@ public class TaskanaTestController {
     return "cleaned workbasket and test tables";
   }
 
-  private int getWorkbaskets() {
+  private Integer getWorkbaskets() {
     // return taskanaEngine.getWorkbasketService().getWorkbaskets().size();
     return jdbcTemplate.queryForObject("SELECT COUNT(*) FROM WORKBASKET", Integer.class);
   }
 
-  private int getCustomdbTests() {
+  private Integer getCustomdbTests() {
     return jdbcTemplate.queryForObject("SELECT COUNT(*) FROM CUSTOMDB.TEST", Integer.class);
   }
 

diff --git a/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html b/rest/taskana-rest-spring-example-common/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
+<html xmlns:th="http://www.thymeleaf.org" lang="en">
 <head>
 	<link rel="icon" type="image/x-icon" th:href="@{/img/logo.png}">
     <title>Taskana login</title>

diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html b/rest/taskana-rest-spring-example-wildfly/src/main/resources/templates/login.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
+<html xmlns:th="http://www.thymeleaf.org" lang="en">
 <head>
 	<link rel="icon" type="image/x-icon" th:href="@{/img/logo.png}">
     <title>Taskana login</title>

diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java
@@ -31,6 +31,7 @@
 import pro.taskana.common.api.TaskanaRole;
 import pro.taskana.common.api.exceptions.InvalidArgumentException;
 import pro.taskana.common.api.exceptions.SystemException;
+import pro.taskana.common.internal.util.LogSanitizer;
 import pro.taskana.common.rest.models.AccessIdRepresentationModel;
 import pro.taskana.user.api.models.User;
 import pro.taskana.user.internal.models.UserImpl;
@@ -92,7 +93,7 @@ public List<AccessIdRepresentationModel> searchUsersByNameOrAccessIdInUserRole(
 
     LOGGER.debug(
         "entry to searchUsersByNameOrAccessIdInUserRoleGroups(nameOrAccessId = {}).",
-        nameOrAccessId);
+        LogSanitizer.stripLineBreakingChars(nameOrAccessId));
 
     isInitOrFail();
     testMinSearchForLength(nameOrAccessId);
@@ -261,11 +262,12 @@ public List<AccessIdRepresentationModel> searchGroupsAccessIdIsMemberOf(final St
     andFilter.and(orFilter);
 
     String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()};
-
-    LOGGER.debug(
-        "Using filter '{}' for LDAP query with group search base {}.",
-        andFilter,
-        getGroupSearchBase());
+    if (LOGGER.isDebugEnabled()) {
+      LOGGER.debug(
+          "Using filter '{}' for LDAP query with group search base {}.",
+          andFilter,
+          getGroupSearchBase());
+    }
 
     return ldapTemplate.search(
         getGroupSearchBase(),

diff --git a/.../src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java b/.../src/main/java/pro/taskana/monitor/rest/assembler/ReportRepresentationModelAssembler.java
@@ -138,11 +138,11 @@ public ReportRepresentationModel toModel(
 
   @NonNull
   public ReportRepresentationModel toModel(
-      @NonNull TaskStatusReport report,
-      @NonNull List<String> domain,
-      @NonNull List<TaskState> state,
-      @NonNull List<String> workbasketIds,
-      @NonNull Integer priorityMinimum)
+      TaskStatusReport report,
+      List<String> domain,
+      List<TaskState> state,
+      List<String> workbasketIds,
+      Integer priorityMinimum)
       throws NotAuthorizedException {
     ReportRepresentationModel resource = toReportResource(report);
     resource.add(