From adbd3b59e14ae79d49d4f62f6f455a0f6972208f Mon Sep 17 00:00:00 2001 From: i332371 Date: Thu, 25 May 2017 15:44:01 +0530 Subject: [PATCH] Fortify Scan Fixes --- .../java/com/sap/espm/model/Customer.java | 1 + .../documentservice/CMISSessionHelper.java | 2 +- .../function/impl/CustomerProcessor.java | 20 ++--- .../impl/CustomerReviewProcessor.java | 43 ++++++----- .../function/impl/SalesOrderProcessor.java | 15 ++-- .../espm/model/pdf/generator/CmisRead.java | 2 +- .../model/web/EspmServiceFactoryFilter.java | 37 ++++----- .../src/main/webapp/WEB-INF/web.xml | 2 +- .../webshop/controller/Checkout.controller.js | 76 ++++++++++--------- .../controller/SalesOrder.controller.js | 2 +- .../webapp/webshop/view/SalesOrder.view.xml | 2 +- .../view/fragment/ReviewPage.fragment.xml | 4 +- .../sap/espm/model/web/util/HttpResponse.java | 13 +++- .../sap/espm/model/web/util/StreamHelper.java | 48 ++++++++---- .../sap/espm/model/web/util/XMLParser.java | 17 +++-- 15 files changed, 161 insertions(+), 123 deletions(-) diff --git a/espm-cloud-jpa/src/main/java/com/sap/espm/model/Customer.java b/espm-cloud-jpa/src/main/java/com/sap/espm/model/Customer.java index 2454f33..6c5c753 100644 --- a/espm-cloud-jpa/src/main/java/com/sap/espm/model/Customer.java +++ b/espm-cloud-jpa/src/main/java/com/sap/espm/model/Customer.java @@ -149,6 +149,7 @@ public Map getCustomerReportData() { Map customerMapData = new LinkedHashMap(7); customerMapData.put("firstName", firstName); customerMapData.put("lastName", lastName); + customerMapData.put("houseNumber", houseNumber); customerMapData.put("emailAddress", emailAddress); customerMapData.put("phoneNumber", phoneNumber); customerMapData.put("city", city); diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/documentservice/CMISSessionHelper.java b/espm-cloud-web/src/main/java/com/sap/espm/model/documentservice/CMISSessionHelper.java index bc97594..0f735f8 100644 --- a/espm-cloud-web/src/main/java/com/sap/espm/model/documentservice/CMISSessionHelper.java +++ b/espm-cloud-web/src/main/java/com/sap/espm/model/documentservice/CMISSessionHelper.java @@ -31,7 +31,7 @@ public final class CMISSessionHelper { /** * The {@link CMISSessionHelper} used for the Singleton. */ - private static CMISSessionHelper helper; + private static volatile CMISSessionHelper helper; /** * The static instance of the {@link Session} that will be used to connect diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerProcessor.java b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerProcessor.java index cbcb802..b6a6d2a 100644 --- a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerProcessor.java +++ b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerProcessor.java @@ -27,10 +27,10 @@ *

* https://olingo.apache.org/doc/odata2/tutorials/jpafunctionimport.html *

- * http://olingo.apache.org/doc/odata2/ + * http://olingo.apache.org/doc/odata2/ *

- * This class is used to define custom OData - * functions for {@link Customer} entity. + * This class is used to define custom OData functions for {@link Customer} + * entity. * * */ @@ -47,16 +47,14 @@ public class CustomerProcessor { @SuppressWarnings("unchecked") @EdmFunctionImport(name = "GetCustomerByEmailAddress", entitySet = "Customers", returnType = @ReturnType(type = Type.ENTITY, isCollection = true)) public List getCustomerByEmailAddress( - @EdmFunctionImportParameter(name = "EmailAddress") String emailAddress) - throws ODataException { + @EdmFunctionImportParameter(name = "EmailAddress") String emailAddress) throws ODataException { EntityManagerFactory emf = Utility.getEntityManagerFactory(); EntityManager em = emf.createEntityManager(); List custList = null; try { - Query query = em - .createQuery("SELECT c FROM Customer c WHERE c.emailAddress ='" - + emailAddress + "'"); + Query query = em.createQuery("SELECT c FROM Customer c WHERE c.emailAddress = :emailAddress"); + query.setParameter("emailAddress", emailAddress); try { @@ -64,10 +62,8 @@ public List getCustomerByEmailAddress( return custList; } catch (NoResultException e) { - throw new ODataApplicationException( - "No matching customer with Email Address:" - + emailAddress, Locale.ENGLISH, - HttpStatusCodes.BAD_REQUEST, e); + throw new ODataApplicationException("No matching customer with Email Address:" + emailAddress, + Locale.ENGLISH, HttpStatusCodes.BAD_REQUEST, e); } } finally { em.close(); diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerReviewProcessor.java b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerReviewProcessor.java index 1fdf765..71b7968 100644 --- a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerReviewProcessor.java +++ b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/CustomerReviewProcessor.java @@ -39,29 +39,38 @@ public class CustomerReviewProcessor { /** * Function Import implementation for getting customer reviews created * - * @param productId productId of the reviewed product - * @param firstName firstname of the reviewer - * @param lastName lastname of the reviewer - * @param rating rating for the product - * @param creationDate date of creation of the review - * @param comment comments for the review + * @param productId + * productId of the reviewed product + * @param firstName + * firstname of the reviewer + * @param lastName + * lastname of the reviewer + * @param rating + * rating for the product + * @param creationDate + * date of creation of the review + * @param comment + * comments for the review * @return customer entity. * @throws ODataException - * @throws ParseException + * @throws ParseException */ @SuppressWarnings("unchecked") @EdmFunctionImport(name = "CreateCustomerReview", entitySet = "CustomerReviews", returnType = @ReturnType(type = Type.ENTITY, isCollection = false)) - public CustomerReview createCustomerReview( - @EdmFunctionImportParameter(name = "ProductId") String productId, @EdmFunctionImportParameter(name = "FirstName") String firstName, @EdmFunctionImportParameter(name = "LastName") String lastName, @EdmFunctionImportParameter(name = "Rating") String rating, @EdmFunctionImportParameter(name = "CreationDate") String creationDate, @EdmFunctionImportParameter(name = "Comment") String comment) - throws ODataException, ParseException { + public CustomerReview createCustomerReview(@EdmFunctionImportParameter(name = "ProductId") String productId, + @EdmFunctionImportParameter(name = "FirstName") String firstName, + @EdmFunctionImportParameter(name = "LastName") String lastName, + @EdmFunctionImportParameter(name = "Rating") String rating, + @EdmFunctionImportParameter(name = "CreationDate") String creationDate, + @EdmFunctionImportParameter(name = "Comment") String comment) throws ODataException, ParseException { EntityManagerFactory emf = Utility.getEntityManagerFactory(); EntityManager em = emf.createEntityManager(); Product prod = null; CustomerReview customerReview = null; try { - em.getTransaction().begin(); - prod = em.find(Product.class, productId); - try { + em.getTransaction().begin(); + prod = em.find(Product.class, productId); + try { customerReview = new CustomerReview(); customerReview.setComment(comment); Calendar cal = Calendar.getInstance(); @@ -73,13 +82,14 @@ public CustomerReview createCustomerReview( customerReview.setProductId(productId); customerReview.setProduct(prod); em.persist(customerReview); - prod.addReview(customerReview); + if (prod != null) { + prod.addReview(customerReview); + } em.getTransaction().commit(); return customerReview; } catch (NoResultException e) { - throw new ODataApplicationException( - "Error creating customer review:" , Locale.ENGLISH, + throw new ODataApplicationException("Error creating customer review:", Locale.ENGLISH, HttpStatusCodes.BAD_REQUEST, e); } } finally { @@ -87,4 +97,3 @@ public CustomerReview createCustomerReview( } } } - diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/SalesOrderProcessor.java b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/SalesOrderProcessor.java index 3c100e2..e86b9c9 100644 --- a/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/SalesOrderProcessor.java +++ b/espm-cloud-web/src/main/java/com/sap/espm/model/function/impl/SalesOrderProcessor.java @@ -62,7 +62,8 @@ public List confirmSalesOrder( EntityManager em = emf.createEntityManager(); try { - Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId =" + salesOrderId); + Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId"); + query.setParameter("salesOrderId", salesOrderId); try { SalesOrderHeader so = (SalesOrderHeader) query.getSingleResult(); em.getTransaction().begin(); @@ -72,7 +73,8 @@ public List confirmSalesOrder( em.getTransaction().commit(); List salesorderlist = null; - query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId ='" + salesOrderId + "'"); + query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId"); + query.setParameter("salesOrderId", salesOrderId); salesorderlist = query.getResultList(); return salesorderlist; @@ -101,7 +103,9 @@ public List cancelSalesOrder( EntityManager em = emf.createEntityManager(); try { - Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId =" + salesOrderId); + Query query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId"); + query.setParameter("salesOrderId", salesOrderId); + try { SalesOrderHeader so = (SalesOrderHeader) query.getSingleResult(); em.getTransaction().begin(); @@ -110,7 +114,8 @@ public List cancelSalesOrder( em.persist(so); em.getTransaction().commit(); List salesOrderList = null; - query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId ='" + salesOrderId + "'"); + query = em.createQuery("SELECT s FROM SalesOrderHeader s WHERE s.salesOrderId = :salesOrderId"); + query.setParameter("salesOrderId", salesOrderId); salesOrderList = query.getResultList(); return salesOrderList; } catch (NoResultException e) { @@ -271,4 +276,4 @@ public List getSalesOrderInvoiceByEmail( } -} +} \ No newline at end of file diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/pdf/generator/CmisRead.java b/espm-cloud-web/src/main/java/com/sap/espm/model/pdf/generator/CmisRead.java index ce46066..1a199a4 100644 --- a/espm-cloud-web/src/main/java/com/sap/espm/model/pdf/generator/CmisRead.java +++ b/espm-cloud-web/src/main/java/com/sap/espm/model/pdf/generator/CmisRead.java @@ -100,7 +100,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) } } catch (Exception exception) { - exception.printStackTrace(); + LOGGER.error(exception.getMessage()); } } diff --git a/espm-cloud-web/src/main/java/com/sap/espm/model/web/EspmServiceFactoryFilter.java b/espm-cloud-web/src/main/java/com/sap/espm/model/web/EspmServiceFactoryFilter.java index ea61bbe..2db16c8 100644 --- a/espm-cloud-web/src/main/java/com/sap/espm/model/web/EspmServiceFactoryFilter.java +++ b/espm-cloud-web/src/main/java/com/sap/espm/model/web/EspmServiceFactoryFilter.java @@ -17,14 +17,14 @@ /** * - * Servlet {@link Filter} to block access to secure entities via non secure servlet - * (/espm.svc/) + * Servlet {@link Filter} to block access to secure entities via non secure + * servlet (/espm.svc/) *

* Refer to the web.xml file on the declaration of the Filter. * */ public class EspmServiceFactoryFilter implements Filter { - + /** * {@link Logger} implementation for logging. */ @@ -36,8 +36,7 @@ public void init(FilterConfig filterConfig) throws ServletException { } @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { try { if (request instanceof HttpServletRequest) { @@ -57,9 +56,9 @@ public void doFilter(ServletRequest request, ServletResponse response, } } - } catch (Exception e) { + } catch (IOException | ServletException | ODataException e) { LOGGER.error(e.getMessage()); - } + } } @@ -76,28 +75,22 @@ public void destroy() { * @return true if path is restricted else false * @throws ODataException */ - private boolean isPathRestricted(HttpServletRequest oCntxt) - throws ODataException { + private boolean isPathRestricted(HttpServletRequest oCntxt) throws ODataException { boolean status; String path = oCntxt.getRequestURI().toString(); - if ((path.contains("/SalesOrderHeaders") || path.contains("/Customers") || path - .contains("/SalesOrderItems")) - && (oCntxt.getMethod().equals("GET") || oCntxt.getMethod() - .equals("DELETE"))) { + if ((path.contains("/SalesOrderHeaders") || path.contains("/Customers") || path.contains("/SalesOrderItems")) + && (oCntxt.getMethod().equals("GET") || oCntxt.getMethod().equals("DELETE"))) { status = true; - } else if (path.contains("/PurchaseOrderHeaders") - || path.contains("/PurchaseOrderItems") + } + else if (path.contains("/PurchaseOrderHeaders") || path.contains("/PurchaseOrderItems") || path.contains("/Suppliers") || path.contains("/Stocks")) { status = true; - } else if ((path.contains("/Products") || path - .contains("/ProductCategories")) - && (oCntxt.getMethod().equals("POST") - || oCntxt.getMethod().equals("PUT") || oCntxt - .getMethod().equals("DELETE"))) { + } else if ((path.contains("/Products") || path.contains("/ProductCategories")) + && (oCntxt.getMethod().equals("POST") || oCntxt.getMethod().equals("PUT") + || oCntxt.getMethod().equals("DELETE"))) { status = true; - } else if ((path.contains("/ConfirmSalesOrder") || path - .contains("/CancelSalesOrder"))) { + } else if ((path.contains("/ConfirmSalesOrder") || path.contains("/CancelSalesOrder"))) { status = true; } else { status = false; diff --git a/espm-cloud-web/src/main/webapp/WEB-INF/web.xml b/espm-cloud-web/src/main/webapp/WEB-INF/web.xml index d8001e1..1dba0c2 100644 --- a/espm-cloud-web/src/main/webapp/WEB-INF/web.xml +++ b/espm-cloud-web/src/main/webapp/WEB-INF/web.xml @@ -109,4 +109,4 @@ CmisRead /CmisRead - \ No newline at end of file + diff --git a/espm-cloud-web/src/main/webapp/webshop/controller/Checkout.controller.js b/espm-cloud-web/src/main/webapp/webshop/controller/Checkout.controller.js index 73c1b2a..fde103d 100644 --- a/espm-cloud-web/src/main/webapp/webshop/controller/Checkout.controller.js +++ b/espm-cloud-web/src/main/webapp/webshop/controller/Checkout.controller.js @@ -195,27 +195,27 @@ sap.ui.define([ validationFlag = false; } - if(validationFlag === false || - firstName.length === 0 || - lastName.length === 0 || - birthDate.length === 0 || - eMail.length === 0 || - street.length === 0 || - city.length === 0 || - postalCode.length === 0 || - country.length === 0 || - name.length === 0 || - cardNumber.length === 0 || - secNumber.length === 0 || - (!houseNumber.match(myInteger)) === true || - (!postalCode.match(myInteger)) === true || - (name.match(myInteger)) === true || - (!cardNumber.match(myInteger)) === true || - firstName.match(myInteger) === true || - lastName.match(myInteger) === true || - street.match(myInteger) === true || - city.match(myInteger) === true || - country.match(myInteger) === true) + if(validationFlag === false || + firstName.length === 0 || + lastName.length === 0 || + birthDate.length === 0 || + eMail.length === 0 || + street.length === 0 || + city.length === 0 || + postalCode.length === 0 || + country.length === 0 || + name.length === 0 || + cardNumber.length === 0 || + secNumber.length === 0 || + (!houseNumber.match(myInteger)) === true || + (!postalCode.match(myInteger)) === true || + (name.match(myInteger)) === true || + (!cardNumber.match(myInteger)) === true || + firstName.match(myInteger) === true || + lastName.match(myInteger) === true || + street.match(myInteger) === true || + city.match(myInteger) === true || + country.match(myInteger) === true) { sap.m.MessageToast.show(oBundle.getText("soPopup.errorMessage")); } @@ -223,9 +223,9 @@ sap.ui.define([ sap.ui.getCore().byId("firstname").setText(this.byId("firstNameId").getValue()); sap.ui.getCore().byId("lastName").setText(this.byId("lastnameId").getValue()); sap.ui.getCore().byId("dateBirth").setText(this.byId("birthId").getValue()); + sap.ui.getCore().byId("houseNumber").setText(this.byId("houseNumberId").getValue()); sap.ui.getCore().byId("emailAddress").setText(this.byId("newEmailId").getValue()); sap.ui.getCore().byId("street").setText(this.byId("streetId").getValue()); - sap.ui.getCore().byId("houseNumber").setText(this.byId("houseNumberId").getValue()); sap.ui.getCore().byId("city").setText(this.byId("cityId").getValue()); sap.ui.getCore().byId("postalCode").setText(this.byId("postalId").getValue()); sap.ui.getCore().byId("country").setText(this.byId("countryListId").getSelectedKey()); @@ -273,12 +273,13 @@ sap.ui.define([ "EmailAddress":this.byId("newEmailId").getValue().toLowerCase(), "LastName":this.byId("lastnameId").getValue(), "FirstName":this.byId("firstNameId").getValue(), + "HouseNumber":this.byId("houseNumberId").getValue(), "DateOfBirth":date, "PostalCode":this.byId("postalId").getValue(), "City":this.byId("cityId").getValue(), - "HouseNumber":this.byId("houseNumberId").getValue(), "Street":this.byId("streetId").getValue(), "Country":this.byId("countryListId").getSelectedKey() + }; $.ajax({ @@ -504,11 +505,11 @@ sap.ui.define([ that._wizard.validateStep(that.getView().byId("creditCardStep")); that.byId("newEmailId").setValue(that.byId("existingEmailId").getValue()); that.byId("firstNameId").setValue(""); + that.byId("houseNumberId").setValue(""); that.byId("lastnameId").setValue(""); that.byId("newEmailId").setValue(""); that.byId("birthId").setValue(""); that.byId("streetId").setValue(""); - that.byId("houseNumberId").setValue(""); that.byId("cityId").setValue(""); that.byId("countryListId").setSelectedKey(""); that.byId("postalId").setValue(""); @@ -520,11 +521,12 @@ sap.ui.define([ else{ var result = data.results; that.byId("firstNameId").setValue(result[0].FirstName); + that.byId("houseNumberId").setValue(result[0].HouseNumber); that.byId("lastnameId").setValue(result[0].LastName); + that.byId("newEmailId").setValue(result[0].EmailAddress); that.byId("birthId").setDateValue(new Date(result[0].DateOfBirth)); that.byId("streetId").setValue(result[0].Street); - that.byId("houseNumberId").setValue(result[0].HouseNumber); that.byId("cityId").setValue(result[0].City); that.byId("countryListId").setSelectedKey(result[0].Country); that.byId("postalId").setValue(result[0].PostalCode); @@ -592,16 +594,17 @@ sap.ui.define([ }, checkCustomerInformation: function(){ - if( this.byId("firstNameId").getValue().length === 0 || - this.byId("lastnameId").getValue().length === 0 || - this.byId("birthId").getValue().length === 0 || - this.byId("newEmailId").getValue().length === 0 || - this.byId("streetId").getValue().length === 0 || - this.byId("houseNumberId").getValue().length === 0 || - this.byId("cityId").getValue().length === 0 || - this.byId("postalId").getValue().length === 0 || - this.byId("countryListId").getSelectedKey().length === 0){ - + if(this.byId("firstNameId").getValue().length === 0 || this.byId("lastnameId").getValue().length === 0 || this.byId("birthId").getValue().length === 0 || this.byId("newEmailId").getValue().length === 0 || + this.byId("streetId").getValue().length === 0 || this.byId("cityId").getValue().length === 0 || this.byId("postalId").getValue().length === 0 || this.byId("countryListId").getSelectedKey().length === 0){ + if( this.byId("firstNameId").getValue().length === 0 || + this.byId("lastnameId").getValue().length === 0 || + this.byId("birthId").getValue().length === 0 || + this.byId("newEmailId").getValue().length === 0 || + this.byId("streetId").getValue().length === 0 || + this.byId("houseNumberId").getValue().length === 0 || + this.byId("cityId").getValue().length === 0 || + this.byId("postalId").getValue().length === 0 || + this.byId("countryListId").getSelectedKey().length === 0) this._wizard.invalidateStep(this.getView().byId("creditCardStep")); } else{ @@ -623,10 +626,9 @@ sap.ui.define([ this.byId("newEmailId").setValue(""); this.byId("firstNameId").setValue(""); this.byId("lastnameId").setValue(""); - this.byId("newEmailId").setValue(""); + this.byId("houseNumberId").setValue(""); this.byId("birthId").setValue(""); this.byId("streetId").setValue(""); - this.byId("houseNumberId").setValue(""); this.byId("cityId").setValue(""); this.byId("countryListId").setSelectedKey(""); this.byId("postalId").setValue(""); diff --git a/espm-cloud-web/src/main/webapp/webshop/controller/SalesOrder.controller.js b/espm-cloud-web/src/main/webapp/webshop/controller/SalesOrder.controller.js index 2a3f1a6..dd9020c 100644 --- a/espm-cloud-web/src/main/webapp/webshop/controller/SalesOrder.controller.js +++ b/espm-cloud-web/src/main/webapp/webshop/controller/SalesOrder.controller.js @@ -235,4 +235,4 @@ sap.ui.define([ }); -}); \ No newline at end of file +}); diff --git a/espm-cloud-web/src/main/webapp/webshop/view/SalesOrder.view.xml b/espm-cloud-web/src/main/webapp/webshop/view/SalesOrder.view.xml index 8e1c8a7..aaa0af7 100644 --- a/espm-cloud-web/src/main/webapp/webshop/view/SalesOrder.view.xml +++ b/espm-cloud-web/src/main/webapp/webshop/view/SalesOrder.view.xml @@ -83,7 +83,7 @@ - +