Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/alec 178 #59

Merged
merged 8 commits into from
Sep 23, 2022
Merged

Feature/alec 178 #59

merged 8 commits into from
Sep 23, 2022

Conversation

BenjaminJ
Copy link
Contributor

Sonar Cloud Security Grade A - Figure out What We Need to Fix and Report the List

@BenjaminJ BenjaminJ marked this pull request as ready for review September 8, 2022 14:52
@BenjaminJ
fix sonar security issue
805020b
@BenjaminJ
Sonarcloud - Make sure that expanding this archive file is safe here.
8102e7e 
o Expanding archive files without controlling resource consumption is security-sensitive
https://sonarcloud.io/organizations/opennms/rules?open=java%3AS5042&rule_key=java%3AS5042

ALEC-178
@BenjaminJ
Sonarcloud security
ab25fed 
- Make sure publicly writable directories are used safely here. java:S5443
- Generic exceptions should never be thrown

ALEC-178
@BenjaminJ
fix build
08cb391
@BenjaminJ
Sonarcloud security
75fb018 
- use of System.out intentionally in Karaf shell commands so that they show up in console output. LOGs aren't ideal here.
- avoid adding a new checked exception here. This add a bunch of boilerplate, and can now lead to an NPE in calls to createEngine.
- use java.io.tmpdir to avoid sonar java:S5443 (Make sure publicly writable directories are used safely here.)

ALEC-178
amay94
amay94 previously approved these changes Sep 23, 2022
View reviewed changes
Copy link

@amay94 amay94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me other than a few minor comments

@BenjaminJ
Sonarcloud security
6d26ec1 
o fix comment at wrong line
o filename could be set before the loop
o all the zip entries are retrieved from the jarConnection, the if statement is redundant

ALEC-178
@sonarcloud
Copy link

sonarcloud bot commented Sep 23, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

amay94
amay94 approved these changes Sep 23, 2022
View reviewed changes
Copy link

@amay94 amay94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the updates

@BenjaminJ BenjaminJ merged commit 2a6a36c into develop Sep 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@j-white j-white j-white left review comments

@amay94 amay94 amay94 approved these changes

@geraldhumphries geraldhumphries Awaiting requested review from geraldhumphries

@cgorantla cgorantla Awaiting requested review from cgorantla

@fooker fooker Awaiting requested review from fooker

@christianpape christianpape Awaiting requested review from christianpape

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@BenjaminJ @j-white @amay94