Merge pull request #2103 from sswguo/sonar-report

sswguo · web-flow · commit 61e2449f64b1 · 2022-07-18T15:17:47.000+08:00
[ESS] fix the medium security hotspots
diff --git a/addons/httprox/ftests/src/main/java/org/commonjava/indy/httprox/NPMStyleSuccessiveRetrievalTest.java b/addons/httprox/ftests/src/main/java/org/commonjava/indy/httprox/NPMStyleSuccessiveRetrievalTest.java
@@ -29,6 +29,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.SecureRandom;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -64,7 +65,7 @@ public void run()
         byte[] pkg = IOUtils.toByteArray( is );
 
         byte[] tgz = new byte[32];
-        new Random().nextBytes( tgz );
+        new SecureRandom().nextBytes( tgz );
 
         final String pkgUrl = server.formatUrl( testRepo, pkgPath );
         final String tgzUrl = server.formatUrl( testRepo, tgzPath );
diff --git a/addons/httprox/ftests/src/main/java/org/commonjava/indy/httprox/RetrievedContentMatchesContentLength_SlowClient_Test.java b/addons/httprox/ftests/src/main/java/org/commonjava/indy/httprox/RetrievedContentMatchesContentLength_SlowClient_Test.java
@@ -24,6 +24,7 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
+import java.security.SecureRandom;
 import java.util.*;
 
 import static org.hamcrest.CoreMatchers.equalTo;
@@ -46,7 +47,7 @@ public class RetrievedContentMatchesContentLength_SlowClient_Test
 
     private static final String PASS = "password";
 
-    private Random rand = new Random();
+    private SecureRandom rand = new SecureRandom();
 
     @Test
     public void run()
diff --git a/addons/pkg-npm/ftests/src/main/java/org/commonjava/indy/pkg/npm/content/NPMHostedRetrieveFileTest.java b/addons/pkg-npm/ftests/src/main/java/org/commonjava/indy/pkg/npm/content/NPMHostedRetrieveFileTest.java
@@ -27,6 +27,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.SecureRandom;
 import java.util.Random;
 
 import static org.commonjava.indy.pkg.npm.model.NPMPackageTypeDescriptor.NPM_PKG_KEY;
@@ -60,7 +61,7 @@ public void test() throws Exception
         final String versionContent = "{\"name\": \"jquery\",\n" + "\"url\": \"jquery.com\",\n" + "\"version\": \"2.1.0\"}";
 
         byte[] tgz = new byte[32];
-        new Random().nextBytes( tgz );
+        new SecureRandom().nextBytes( tgz );
 
         final String packagePath = "jquery";
         final String versionPath = "jquery/2.1.0";
diff --git a/addons/pkg-npm/ftests/src/main/java/org/commonjava/indy/pkg/npm/content/NPMRemotePackageContentRetrieveTest.java b/addons/pkg-npm/ftests/src/main/java/org/commonjava/indy/pkg/npm/content/NPMRemotePackageContentRetrieveTest.java
@@ -23,6 +23,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.SecureRandom;
 import java.util.Random;
 
 import static org.commonjava.indy.pkg.npm.model.NPMPackageTypeDescriptor.NPM_PKG_KEY;
@@ -49,7 +50,7 @@ public class NPMRemotePackageContentRetrieveTest
     public void test() throws Exception
     {
         byte[] tgz = new byte[32];
-        new Random().nextBytes( tgz );
+        new SecureRandom().nextBytes( tgz );
 
         final String tarballPath = "jquery/-/jquery-1.1.0.tgz";
 
diff --git a/addons/promote/common/src/main/java/org/commonjava/indy/promote/validate/PromotionValidationTools.java b/addons/promote/common/src/main/java/org/commonjava/indy/promote/validate/PromotionValidationTools.java
@@ -207,7 +207,8 @@ public StoreKey[] getValidationStoreKeys( final ValidationRequest request, final
         }
         else
         {
-            List<StoreKey> extras = Stream.of( verifyStores.split( "\\s*,\\s*" ) )
+            List<StoreKey> extras = Stream.of( verifyStores.split( "," ) )
+                                          .map( String::trim )
                                           .map( StoreKey::fromString )
                                           .filter( item -> item != null )
                                           .collect( Collectors.toList() );
diff --git a/addons/promote/common/src/test/java/org/commonjava/indy/promote/data/PromotionManagerTest.java b/addons/promote/common/src/test/java/org/commonjava/indy/promote/data/PromotionManagerTest.java
@@ -76,6 +76,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.SecureRandom;
 import java.util.Random;
 import java.util.Set;
 import java.util.concurrent.CountDownLatch;
@@ -291,7 +292,7 @@ public void promoteAllByPath_CollidingPaths_VerifySecondSkipped()
     public void promoteAllByPath_RaceToPromote_FirstLocksTargetStore()
             throws Exception
     {
-        Random rand = new Random();
+        SecureRandom rand = new SecureRandom();
         final HostedRepository[] sources = { new HostedRepository( MAVEN_PKG_KEY,  "source1" ), new HostedRepository( MAVEN_PKG_KEY,  "source2" ) };
         final String[] paths = { "/path/path1", "/path/path2", "/path3", "/path/path/4" };
         Stream.of( sources ).forEach( ( source ) ->
diff --git a/api/src/main/java/org/commonjava/indy/CustomJsonLayout.java b/api/src/main/java/org/commonjava/indy/CustomJsonLayout.java
@@ -48,10 +48,10 @@ public void setEnvironmentMappings( final String environmentMappings )
     {
         this.environmentMappings = environmentMappings;
 
-        String[] mappings = environmentMappings == null ? new String[0] : environmentMappings.split( "\\s*,\\s*" );
+        String[] mappings = environmentMappings == null ? new String[0] : environmentMappings.split( "," );
         envars = new HashMap<>();
         Stream.of(mappings).forEach( kv ->{
-            String[] keyAlias = kv.split( "\\s*=\\s*" );
+            String[] keyAlias = kv.trim().split( "=" );
             if ( keyAlias.length > 1 )
             {
                 String value = System.getenv( keyAlias[0].trim() );
diff --git a/api/src/main/java/org/commonjava/indy/util/AcceptInfoParser.java b/api/src/main/java/org/commonjava/indy/util/AcceptInfoParser.java
@@ -52,7 +52,7 @@ public List<AcceptInfo> parse( final Collection<String> accepts )
         final List<String> raw = new ArrayList<String>();
         for ( final String accept : accepts )
         {
-            final String[] parts = accept.split( "\\s*,\\s*" );
+            final String[] parts = accept.split( "," );
             if ( parts.length == 1 )
             {
                 logger.trace( "adding atomic addMetadata header: '{}'", accept );
diff --git a/clients/core-java/src/main/java/org/commonjava/indy/client/core/module/IndySchedulerClientModule.java b/clients/core-java/src/main/java/org/commonjava/indy/client/core/module/IndySchedulerClientModule.java
@@ -81,16 +81,16 @@ public Map<StoreKey, Date> getDisabledStoreTimeouts()
         Map<StoreKey, Date> result = new HashMap<>();
         expSet.forEach( ( exp ) -> {
             logger.debug( "Mapping expiration for group: {} (parts: {})", exp.getGroup(),
-                          Arrays.asList( exp.getGroup().split( "\\s*#\\s*" ) ) );
+                          Arrays.asList( exp.getGroup().split( "#" ) ) );
 
-            String[] parts = exp.getGroup().split( "\\s*#\\s*" );
+            String[] parts = exp.getGroup().split( "#" );
             if ( parts.length < 2 )
             {
                 logger.warn( "Skipping invalid store-disabled timeout group: '{}'", exp.getGroup() );
             }
             else
             {
-                StoreKey key = StoreKey.fromString( parts[0] );
+                StoreKey key = StoreKey.fromString( parts[0].trim() );
                 logger.debug( "{} -> {}", key, exp.getExpiration() );
 
                 result.put( key, exp.getExpiration() );
diff --git a/ftests/common/src/main/java/org/commonjava/indy/ftest/core/AbstractIndyFunctionalTest.java b/ftests/common/src/main/java/org/commonjava/indy/ftest/core/AbstractIndyFunctionalTest.java
@@ -45,6 +45,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.SecureRandom;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Collection;
@@ -399,7 +400,7 @@ protected Collection<IndyClientModule> getAdditionalClientModules()
 
     protected String newName()
     {
-        final Random rand = new Random();
+        final SecureRandom rand = new SecureRandom();
         final StringBuilder sb = new StringBuilder();
         for ( int i = 0; i < NAME_LEN; i++ )
         {
diff --git a/subsys/cpool/src/main/java/org/commonjava/indy/subsys/cpool/ConnectionPoolConfig.java b/subsys/cpool/src/main/java/org/commonjava/indy/subsys/cpool/ConnectionPoolConfig.java
@@ -96,15 +96,15 @@ private Properties toProperties( final Map<String,String> valueMap )
     private Map<String,String> toMap( final String value )
     {
         Map<String, String> result = new HashMap<>();
-        Stream.of( value.split( "\\s*,\\s*" ) ).forEach( (s)->{
-            String[] parts = s.split( "\\s*=\\s*" );
+        Stream.of( value.split( "," ) ).forEach( (s)->{
+            String[] parts = s.trim().split( "=" );
             if ( parts.length < 1 )
             {
-                result.put( parts[0], Boolean.toString( TRUE ) );
+                result.put( parts[0].trim(), Boolean.toString( TRUE ) );
             }
             else
             {
-                result.put( parts[0], parts[1] );
+                result.put( parts[0].trim(), parts[1].trim() );
             }
         } );
 
diff --git a/subsys/infinispan/src/main/java/org/commonjava/indy/subsys/infinispan/metrics/IspnRegistrySetProvider.java b/subsys/infinispan/src/main/java/org/commonjava/indy/subsys/infinispan/metrics/IspnRegistrySetProvider.java
@@ -55,7 +55,7 @@ public MetricSet getMetricSet()
         List<String> list = null;
         if ( gauges != null )
         {
-            list = Arrays.asList( gauges.trim().split( "\\s*,\\s*" ) );
+            list = Arrays.asList( gauges.trim().split( "," ) );
         }
 
         for ( IspnCacheRegistry cacheRegistry : cacheRegistrySet )
diff --git a/subsys/metrics/src/main/java/org/commonjava/indy/subsys/metrics/conf/IndyMetricsConfig.java b/subsys/metrics/src/main/java/org/commonjava/indy/subsys/metrics/conf/IndyMetricsConfig.java
@@ -384,7 +384,7 @@ public PrometheusConfig getPrometheusConfig()
         ret.setNodeLabel( prometheusNodeLabel );
         if ( prometheusExpressedMetrics != null )
         {
-            ret.setExpressedMetrics( Arrays.asList( prometheusExpressedMetrics.split( "\\s*,\\s*" ) ) );
+            ret.setExpressedMetrics( Arrays.asList( prometheusExpressedMetrics.split( "," ) ) );
         }
 
         return ret;
diff --git a/subsys/trace/src/main/java/org/commonjava/indy/subsys/honeycomb/config/IndyTraceConfiguration.java b/subsys/trace/src/main/java/org/commonjava/indy/subsys/honeycomb/config/IndyTraceConfiguration.java
@@ -161,7 +161,7 @@ public void parameter( final String name, final String value ) throws Configurat
                 break;
             case FIELDS:
                 this.fields = Collections.unmodifiableSet(
-                                new HashSet<>( Arrays.asList( value.trim().split( "\\s*,\\s*" ) ) ) );
+                                new HashSet<>( Arrays.asList( value.trim().split( "," ) ) ) );
                 break;
             case CONSOLE_TRANSPORT:
                 this.consoleTransport = Boolean.parseBoolean( value.trim() );
@@ -170,11 +170,11 @@ public void parameter( final String name, final String value ) throws Configurat
                 this.grpcUri = value.trim();
                 break;
             case OTEL_GRPC_HEADERS:
-                String[] kvs = value.trim().split( "\\s*,\\s*" );
+                String[] kvs = value.trim().split( "," );
                 Stream.of( kvs )
-                      .map( kv -> kv.split( "\\s*=\\s*" ) )
+                      .map( kv -> kv.trim().split( "=" ) )
                       .filter( kv -> kv.length > 1 )
-                      .forEach( kv -> grpcHeaders.put( kv[0], kv[1] ) );
+                      .forEach( kv -> grpcHeaders.put( kv[0].trim(), kv[1].trim() ) );
                 break;
             default:
                 if ( name.startsWith( SAMPLE_PREFIX ) && name.length() > SAMPLE_PREFIX.length() )

Original file line number	Diff line number	Diff line change
`@@ -207,7 +207,8 @@ public StoreKey[] getValidationStoreKeys( final ValidationRequest request, final`
`207`	`207`	`}`
`208`	`208`	`else`
`209`	`209`	`{`
`210`		`- List<StoreKey> extras = Stream.of( verifyStores.split( "\\s,\\s" ) )`
	`210`	`+ List<StoreKey> extras = Stream.of( verifyStores.split( "," ) )`
	`211`	`+ .map( String::trim )`
`211`	`212`	`.map( StoreKey::fromString )`
`212`	`213`	`.filter( item -> item != null )`
`213`	`214`	`.collect( Collectors.toList() );`
Original file line number	Diff line number	Diff line change
`@@ -48,10 +48,10 @@ public void setEnvironmentMappings( final String environmentMappings )`
`48`	`48`	`{`
`49`	`49`	`this.environmentMappings = environmentMappings;`
`50`	`50`
`51`		`- String[] mappings = environmentMappings == null ? new String[0] : environmentMappings.split( "\\s,\\s" );`
	`51`	`+ String[] mappings = environmentMappings == null ? new String[0] : environmentMappings.split( "," );`
`52`	`52`	`envars = new HashMap<>();`
`53`	`53`	`Stream.of(mappings).forEach( kv ->{`
`54`		`- String[] keyAlias = kv.split( "\\s=\\s" );`
	`54`	`+ String[] keyAlias = kv.trim().split( "=" );`
`55`	`55`	`if ( keyAlias.length > 1 )`
`56`	`56`	`{`
`57`	`57`	`String value = System.getenv( keyAlias[0].trim() );`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public List<AcceptInfo> parse( final Collection<String> accepts )`
`52`	`52`	`final List<String> raw = new ArrayList<String>();`
`53`	`53`	`for ( final String accept : accepts )`
`54`	`54`	`{`
`55`		`- final String[] parts = accept.split( "\\s,\\s" );`
	`55`	`+ final String[] parts = accept.split( "," );`
`56`	`56`	`if ( parts.length == 1 )`
`57`	`57`	`{`
`58`	`58`	`logger.trace( "adding atomic addMetadata header: '{}'", accept );`
Original file line number	Diff line number	Diff line change
`@@ -81,16 +81,16 @@ public Map<StoreKey, Date> getDisabledStoreTimeouts()`
`81`	`81`	`Map<StoreKey, Date> result = new HashMap<>();`
`82`	`82`	`expSet.forEach( ( exp ) -> {`
`83`	`83`	`logger.debug( "Mapping expiration for group: {} (parts: {})", exp.getGroup(),`
`84`		`- Arrays.asList( exp.getGroup().split( "\\s#\\s" ) ) );`
	`84`	`+ Arrays.asList( exp.getGroup().split( "#" ) ) );`
`85`	`85`
`86`		`- String[] parts = exp.getGroup().split( "\\s#\\s" );`
	`86`	`+ String[] parts = exp.getGroup().split( "#" );`
`87`	`87`	`if ( parts.length < 2 )`
`88`	`88`	`{`
`89`	`89`	`logger.warn( "Skipping invalid store-disabled timeout group: '{}'", exp.getGroup() );`
`90`	`90`	`}`
`91`	`91`	`else`
`92`	`92`	`{`
`93`		`- StoreKey key = StoreKey.fromString( parts[0] );`
	`93`	`+ StoreKey key = StoreKey.fromString( parts[0].trim() );`
`94`	`94`	`logger.debug( "{} -> {}", key, exp.getExpiration() );`
`95`	`95`
`96`	`96`	`result.put( key, exp.getExpiration() );`