Fortify Scan Fixes

o-liver · May 25, 2017 · adbd3b5 · adbd3b5
1 parent 822f9f2
commit adbd3b5
Show file tree

Hide file tree

Showing 15 changed files with 161 additions and 123 deletions.
diff --git a/espm-cloud-jpa/src/main/java/com/sap/espm/model/Customer.java b/espm-cloud-jpa/src/main/java/com/sap/espm/model/Customer.java
@@ -149,6 +149,7 @@ public Map<String, String> getCustomerReportData() {
 		Map<String, String> customerMapData = new LinkedHashMap<String, String>(7);
 		customerMapData.put("firstName", firstName);
 		customerMapData.put("lastName", lastName);
+		customerMapData.put("houseNumber", houseNumber);
 		customerMapData.put("emailAddress", emailAddress);
 		customerMapData.put("phoneNumber", phoneNumber);
 		customerMapData.put("city", city);

diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/documentservice/CMISSessionHelper.java b/espm-cloud-web/src/main/java/com/sap/espm/model/documentservice/CMISSessionHelper.java
@@ -31,7 +31,7 @@ public final class CMISSessionHelper {
 	/**
 	 * The {@link CMISSessionHelper} used for the Singleton.
 	 */
-	private static CMISSessionHelper helper;
+	private static volatile CMISSessionHelper helper;
 
 	/**
 	 * The static instance of the {@link Session} that will be used to connect

diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerProcessor.java b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerProcessor.java
@@ -27,10 +27,10 @@
  * <p>
  * https://olingo.apache.org/doc/odata2/tutorials/jpafunctionimport.html
  * <p>
- * http://olingo.apache.org/doc/odata2/ 
+ * http://olingo.apache.org/doc/odata2/
  * <p>
- * This class is used to define custom OData
- * functions for {@link Customer} entity.
+ * This class is used to define custom OData functions for {@link Customer}
+ * entity.
  * 
  * 
  */
@@ -47,27 +47,23 @@ public class CustomerProcessor {
 	@SuppressWarnings("unchecked")
 	@EdmFunctionImport(name = "GetCustomerByEmailAddress", entitySet = "Customers", returnType = @ReturnType(type = Type.ENTITY, isCollection = true))
 	public List<Customer> getCustomerByEmailAddress(
-			@EdmFunctionImportParameter(name = "EmailAddress") String emailAddress)
-			throws ODataException {
+			@EdmFunctionImportParameter(name = "EmailAddress") String emailAddress) throws ODataException {
 		EntityManagerFactory emf = Utility.getEntityManagerFactory();
 		EntityManager em = emf.createEntityManager();
 		List<Customer> custList = null;
 		try {
 
-			Query query = em
-					.createQuery("SELECT c FROM Customer c WHERE c.emailAddress ='"
-							+ emailAddress + "'");
+			Query query = em.createQuery("SELECT c FROM Customer c WHERE c.emailAddress = :emailAddress");
+			query.setParameter("emailAddress", emailAddress);
 
 			try {
 
 				custList = query.getResultList();
 				return custList;
 
 			} catch (NoResultException e) {
-				throw new ODataApplicationException(
-						"No matching customer with Email Address:"
-								+ emailAddress, Locale.ENGLISH,
-						HttpStatusCodes.BAD_REQUEST, e);
+				throw new ODataApplicationException("No matching customer with Email Address:" + emailAddress,
+						Locale.ENGLISH, HttpStatusCodes.BAD_REQUEST, e);
 			}
 		} finally {
 			em.close();

diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerReviewProcessor.java b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerReviewProcessor.java
@@ -39,29 +39,38 @@ public class CustomerReviewProcessor {
 	/**
 	 * Function Import implementation for getting customer reviews created
 	 * 
-	 * @param productId productId of the reviewed product
-	 * @param firstName firstname of the reviewer
-	 * @param lastName lastname of the reviewer
-	 * @param rating rating for the product
-	 * @param creationDate date of creation of the review
-	 * @param comment comments for the review
+	 * @param productId
+	 *            productId of the reviewed product
+	 * @param firstName
+	 *            firstname of the reviewer
+	 * @param lastName
+	 *            lastname of the reviewer
+	 * @param rating
+	 *            rating for the product
+	 * @param creationDate
+	 *            date of creation of the review
+	 * @param comment
+	 *            comments for the review
 	 * @return customer entity.
 	 * @throws ODataException
-	 * @throws ParseException 
+	 * @throws ParseException
 	 */
 	@SuppressWarnings("unchecked")
 	@EdmFunctionImport(name = "CreateCustomerReview", entitySet = "CustomerReviews", returnType = @ReturnType(type = Type.ENTITY, isCollection = false))
-	public CustomerReview createCustomerReview(
-			@EdmFunctionImportParameter(name = "ProductId") String productId, @EdmFunctionImportParameter(name = "FirstName") String firstName, @EdmFunctionImportParameter(name = "LastName") String lastName, @EdmFunctionImportParameter(name = "Rating") String rating, @EdmFunctionImportParameter(name = "CreationDate") String creationDate, @EdmFunctionImportParameter(name = "Comment") String comment)
-			throws ODataException, ParseException {
+	public CustomerReview createCustomerReview(@EdmFunctionImportParameter(name = "ProductId") String productId,
+			@EdmFunctionImportParameter(name = "FirstName") String firstName,
+			@EdmFunctionImportParameter(name = "LastName") String lastName,
+			@EdmFunctionImportParameter(name = "Rating") String rating,
+			@EdmFunctionImportParameter(name = "CreationDate") String creationDate,
+			@EdmFunctionImportParameter(name = "Comment") String comment) throws ODataException, ParseException {
 		EntityManagerFactory emf = Utility.getEntityManagerFactory();
 		EntityManager em = emf.createEntityManager();
 		Product prod = null;
 		CustomerReview customerReview = null;
 		try {
-				em.getTransaction().begin();
-				prod = em.find(Product.class, productId);
-			try {				
+			em.getTransaction().begin();
+			prod = em.find(Product.class, productId);
+			try {
 				customerReview = new CustomerReview();
 				customerReview.setComment(comment);
 				Calendar cal = Calendar.getInstance();
@@ -73,18 +82,18 @@ public CustomerReview createCustomerReview(
 				customerReview.setProductId(productId);
 				customerReview.setProduct(prod);
 				em.persist(customerReview);
-				prod.addReview(customerReview);
+				if (prod != null) {
+					prod.addReview(customerReview);
+				}
 				em.getTransaction().commit();
 				return customerReview;
 
 			} catch (NoResultException e) {
-				throw new ODataApplicationException(
-						"Error creating customer review:" , Locale.ENGLISH,
+				throw new ODataApplicationException("Error creating customer review:", Locale.ENGLISH,
 						HttpStatusCodes.BAD_REQUEST, e);
 			}
 		} finally {
 			em.close();
 		}
 	}
 }
-
diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/SalesOrderProcessor.java b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/SalesOrderProcessor.java
@@ -62,7 +62,8 @@ public List<SalesOrderHeader> confirmSalesOrder(
 		EntityManager em = emf.createEntityManager();
 		try {
 
-			Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId =" + salesOrderId);
+			Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId");
+			query.setParameter("salesOrderId", salesOrderId);
 			try {
 				SalesOrderHeader so = (SalesOrderHeader) query.getSingleResult();
 				em.getTransaction().begin();
@@ -72,7 +73,8 @@ public List<SalesOrderHeader> confirmSalesOrder(
 				em.getTransaction().commit();
 				List<SalesOrderHeader> salesorderlist = null;
 
-				query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId ='" + salesOrderId + "'");
+				query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId");
+				query.setParameter("salesOrderId", salesOrderId);
 				salesorderlist = query.getResultList();
 				return salesorderlist;
 
@@ -101,7 +103,9 @@ public List<SalesOrderHeader> cancelSalesOrder(
 		EntityManager em = emf.createEntityManager();
 		try {
 
-			Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId =" + salesOrderId);
+			Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId");
+			query.setParameter("salesOrderId", salesOrderId);
+
 			try {
 				SalesOrderHeader so = (SalesOrderHeader) query.getSingleResult();
 				em.getTransaction().begin();
@@ -110,7 +114,8 @@ public List<SalesOrderHeader> cancelSalesOrder(
 				em.persist(so);
 				em.getTransaction().commit();
 				List<SalesOrderHeader> salesOrderList = null;
-				query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId ='" + salesOrderId + "'");
+				query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId");
+				query.setParameter("salesOrderId", salesOrderId);
 				salesOrderList = query.getResultList();
 				return salesOrderList;
 			} catch (NoResultException e) {
@@ -271,4 +276,4 @@ public List<SalesOrderHeader> getSalesOrderInvoiceByEmail(
 
 	}
 
-}
+}
diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/pdf/generator/CmisRead.java b/espm-cloud-web/src/main/java/com/sap/espm/model/pdf/generator/CmisRead.java
@@ -100,7 +100,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
 			}
 
 		} catch (Exception exception) {
-			exception.printStackTrace();
+			LOGGER.error(exception.getMessage());
 		}
 
 	}

diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/web/EspmServiceFactoryFilter.java b/espm-cloud-web/src/main/java/com/sap/espm/model/web/EspmServiceFactoryFilter.java
@@ -17,14 +17,14 @@
 
 /**
  * 
- * Servlet {@link Filter} to block access to secure entities via non secure servlet
- * (/espm.svc/)
+ * Servlet {@link Filter} to block access to secure entities via non secure
+ * servlet (/espm.svc/)
  * <p>
  * Refer to the web.xml file on the declaration of the Filter.
  * 
  */
 public class EspmServiceFactoryFilter implements Filter {
-	
+
 	/**
 	 * {@link Logger} implementation for logging.
 	 */
@@ -36,8 +36,7 @@ public void init(FilterConfig filterConfig) throws ServletException {
 	}
 
 	@Override
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain chain) throws IOException, ServletException {
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
 		try {
 
 			if (request instanceof HttpServletRequest) {
@@ -57,9 +56,9 @@ public void doFilter(ServletRequest request, ServletResponse response,
 				}
 			}
 
-		} catch (Exception e) {
+		} catch (IOException | ServletException | ODataException e) {
 			LOGGER.error(e.getMessage());
-		}
+		} 
 
 	}
 
@@ -76,28 +75,22 @@ public void destroy() {
 	 * @return true if path is restricted else false
 	 * @throws ODataException
 	 */
-	private boolean isPathRestricted(HttpServletRequest oCntxt)
-			throws ODataException {
+	private boolean isPathRestricted(HttpServletRequest oCntxt) throws ODataException {
 
 		boolean status;
 		String path = oCntxt.getRequestURI().toString();
-		if ((path.contains("/SalesOrderHeaders") || path.contains("/Customers") || path
-				.contains("/SalesOrderItems"))
-				&& (oCntxt.getMethod().equals("GET") || oCntxt.getMethod()
-						.equals("DELETE"))) {
+		if ((path.contains("/SalesOrderHeaders") || path.contains("/Customers") || path.contains("/SalesOrderItems"))
+				&& (oCntxt.getMethod().equals("GET") || oCntxt.getMethod().equals("DELETE"))) {
 			status = true;
-		} else if (path.contains("/PurchaseOrderHeaders")
-				|| path.contains("/PurchaseOrderItems")
+		}
+		else if (path.contains("/PurchaseOrderHeaders") || path.contains("/PurchaseOrderItems")
 				|| path.contains("/Suppliers") || path.contains("/Stocks")) {
 			status = true;
-		} else if ((path.contains("/Products") || path
-				.contains("/ProductCategories"))
-				&& (oCntxt.getMethod().equals("POST")
-						|| oCntxt.getMethod().equals("PUT") || oCntxt
-						.getMethod().equals("DELETE"))) {
+		} else if ((path.contains("/Products") || path.contains("/ProductCategories"))
+				&& (oCntxt.getMethod().equals("POST") || oCntxt.getMethod().equals("PUT")
+						|| oCntxt.getMethod().equals("DELETE"))) {
 			status = true;
-		} else if ((path.contains("/ConfirmSalesOrder") || path
-				.contains("/CancelSalesOrder"))) {
+		} else if ((path.contains("/ConfirmSalesOrder") || path.contains("/CancelSalesOrder"))) {
 			status = true;
 		} else {
 			status = false;

diff --git a/espm-cloud-web/src/main/webapp/WEB-INF/web.xml b/espm-cloud-web/src/main/webapp/WEB-INF/web.xml
@@ -109,4 +109,4 @@
 		<servlet-name>CmisRead</servlet-name>
 		<url-pattern>/CmisRead</url-pattern>
 	</servlet-mapping>
-</web-app>
+</web-app>
-Original file line number
+Diff line change
@@ Expand Up @@
     			}
     		} catch (Exception exception) {
-    			exception.printStackTrace();
+    			LOGGER.error(exception.getMessage());
     		}
     	}
@@ Expand Down @@