Skip to content

Commit

Permalink
Fixing Fixed CWE582,CWE607 issues in account and infrastructure modules
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThisuraThejith
ThisuraThejith committed Apr 29, 2017
1 parent 8baf9f4 commit c72d2e0
Show file tree
Hide file tree
Showing 23 changed files with 136 additions and 93 deletions.
1 change: 1 addition & 0 deletions .../org/apache/fineract/accounting/accrual/serialization/AccrualAccountingDataValidator.java
View file
Expand Up @@ -28,6 +28,7 @@
import java.util.Map;

import org.apache.commons.lang.StringUtils;
import org.apache.fineract.accounting.accrual.api.AccrualAccountingConstants;
import org.apache.fineract.infrastructure.core.data.ApiParameterError;
import org.apache.fineract.infrastructure.core.data.DataValidatorBuilder;
import org.apache.fineract.infrastructure.core.exception.InvalidJsonException;
Expand Down
12 changes: 8 additions & 4 deletions .../fineract/accounting/financialactivityaccount/api/FinancialActivityAccountsConstants.java
View file
Expand Up @@ -23,9 +23,13 @@
import java.util.Set;

public class FinancialActivityAccountsConstants {

public static final Set<String> RESPONSE_DATA_PARAMETERS = new HashSet<>(Arrays.asList("id", "financialActivityData",
"glAccountData", "glAccountOptions", "financialActivityOptions"));

private static final String idParamName = "id";
private static final String factivityDataParamName = "financialActivityData";
private static final String glAccountDataParamName = "glAccountData";
private static final String glAccountOptionsParamName = "glAccountOptions";
private static final String financialActivityOptionsParamName = "financialActivityOptions";
public static final String resourceNameForPermission = "FINANCIALACTIVITYACCOUNT";
protected static final Set<String> RESPONSE_DATA_PARAMETERS = new HashSet<>(
Arrays.asList(idParamName, factivityDataParamName, glAccountDataParamName, glAccountOptionsParamName,
financialActivityOptionsParamName));
}
2 changes: 1 addition & 1 deletion ...main/java/org/apache/fineract/accounting/journalentry/data/JournalEntryDataValidator.java
View file
Expand Up @@ -42,7 +42,7 @@ public class JournalEntryDataValidator {

private final FromJsonHelper fromApiJsonHelper;

public static final Set<String> RUNNING_BALANCE_UPDATE_REQUEST_DATA_PARAMETERS = new HashSet<>(
private final Set<String> RUNNING_BALANCE_UPDATE_REQUEST_DATA_PARAMETERS = new HashSet<>(
Arrays.asList(JournalEntryJsonInputParams.OFFICE_ID.getValue()));

@Autowired
Expand Down
12 changes: 8 additions & 4 deletions ...org/apache/fineract/accounting/provisioning/constant/ProvisioningEntriesApiConstants.java
View file
Expand Up @@ -31,12 +31,16 @@ public interface ProvisioningEntriesApiConstants {
public final static String JSON_LOCALE_PARAM = "locale" ;

public final static String JSON_CREATEJOURNALENTRIES_PARAM = "createjournalentries" ;

public final static String PROVISIONINGENTRY_PARAM = "provisioningentry";

public final static String ENTRIES_PARAM = "entries";

Set<String> supportedParameters = new HashSet<>(Arrays.asList(JSON_DATE_PARAM, JSON_DATEFORMAT_PARAM,JSON_LOCALE_PARAM,
JSON_CREATEJOURNALENTRIES_PARAM));
Set<String> supportedParameters = new HashSet<>(
Arrays.asList(JSON_DATE_PARAM, JSON_DATEFORMAT_PARAM, JSON_LOCALE_PARAM, JSON_CREATEJOURNALENTRIES_PARAM));

Set<String> PROVISIONING_ENTRY_PARAMETERS = new HashSet<>(Arrays.asList("provisioningentry", "entries"));
Set<String> PROVISIONING_ENTRY_PARAMETERS = new HashSet<>(Arrays.asList(PROVISIONINGENTRY_PARAM, ENTRIES_PARAM));

Set<String> ALL_PROVISIONING_ENTRIES = new HashSet<>(Arrays.asList("provisioningentry"));
Set<String> ALL_PROVISIONING_ENTRIES = new HashSet<>(Arrays.asList(PROVISIONINGENTRY_PARAM));

}
14 changes: 9 additions & 5 deletions .../org/apache/fineract/infrastructure/campaigns/sms/serialization/SmsCampaignValidator.java
View file
Expand Up @@ -70,22 +70,26 @@ public class SmsCampaignValidator {

private final FromJsonHelper fromApiJsonHelper;

public static final Set<String> supportedParams = new HashSet<>(Arrays.asList(campaignName, campaignType, localeParamName,
protected static final Set<String> supportedParams = new HashSet<>(Arrays.asList(campaignName, campaignType,
localeParamName,
dateFormatParamName, runReportId, paramValue, message, recurrenceStartDate, activationDateParamName, submittedOnDateParamName,
closureDateParamName, recurrenceParamName, providerId, triggerType, frequencyParamName, intervalParamName,
repeatsOnDayParamName, triggerEntityType, triggerActionType, dateTimeFormat));

public static final Set<String> supportedParamsForUpdate = new HashSet<>(Arrays.asList(campaignName, campaignType, localeParamName,
protected static final Set<String> supportedParamsForUpdate = new HashSet<>(Arrays.asList(campaignName, campaignType,
localeParamName,
dateFormatParamName, runReportId, paramValue, message, recurrenceStartDate, activationDateParamName, recurrenceParamName,
providerId, triggerType, triggerEntityType, triggerActionType, dateTimeFormat));

public static final Set<String> ACTIVATION_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(localeParamName, dateFormatParamName,
protected static final Set<String> ACTIVATION_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(localeParamName,
dateFormatParamName,
activationDateParamName));

public static final Set<String> CLOSE_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(localeParamName, dateFormatParamName,
protected static final Set<String> CLOSE_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(localeParamName,
dateFormatParamName,
closureDateParamName));

public static final Set<String> PREVIEW_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(paramValue, message));
protected static final Set<String> PREVIEW_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(paramValue, message));

@Autowired
public SmsCampaignValidator(FromJsonHelper fromApiJsonHelper) {
Expand Down
3 changes: 2 additions & 1 deletion ...he/fineract/infrastructure/configuration/api/ExternalServiceConfigurationApiConstant.java
View file
Expand Up @@ -28,5 +28,6 @@ public class ExternalServiceConfigurationApiConstant {
public static final String VALUE = "value";
public static final String EXTERNAL_SERVICE_RESOURCE_NAME = "externalServiceConfiguration";

public static final Set<String> EXTERNAL_SERVICE_CONFIGURATION_DATA_PARAMETERS = new HashSet<>(Arrays.asList(NAME, VALUE));
protected static final Set<String> EXTERNAL_SERVICE_CONFIGURATION_DATA_PARAMETERS = new HashSet<>(Arrays.asList
(NAME, VALUE));
}
3 changes: 0 additions & 3 deletions .../org/apache/fineract/infrastructure/configuration/api/GlobalConfigurationApiConstant.java
View file
Expand Up @@ -32,7 +32,4 @@ public class GlobalConfigurationApiConstant {
public static final String localeParamName = "locale";
public static final String dateFormatParamName = "dateFormat";

public static final Set<String> UPDATE_CONFIGURATION_DATA_PARAMETERS = new HashSet<>(Arrays.asList(localeParamName, dateFormatParamName,
ENABLED, VALUE, DATE_VALUE));

}
46 changes: 27 additions & 19 deletions ...g/apache/fineract/infrastructure/configuration/data/GlobalConfigurationDataValidator.java
View file
Expand Up @@ -18,16 +18,13 @@
*/
package org.apache.fineract.infrastructure.configuration.data;

import static org.apache.fineract.infrastructure.configuration.api.GlobalConfigurationApiConstant.CONFIGURATION_RESOURCE_NAME;
import static org.apache.fineract.infrastructure.configuration.api.GlobalConfigurationApiConstant.ENABLED;
import static org.apache.fineract.infrastructure.configuration.api.GlobalConfigurationApiConstant.UPDATE_CONFIGURATION_DATA_PARAMETERS;
import static org.apache.fineract.infrastructure.configuration.api.GlobalConfigurationApiConstant.VALUE;
import static org.apache.fineract.infrastructure.configuration.api.GlobalConfigurationApiConstant.DATE_VALUE;

import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.commons.lang.StringUtils;
import org.joda.time.LocalDate;
Expand All @@ -36,6 +33,7 @@
import org.apache.fineract.infrastructure.core.data.DataValidatorBuilder;
import org.apache.fineract.infrastructure.core.exception.InvalidJsonException;
import org.apache.fineract.infrastructure.core.exception.PlatformApiDataValidationException;
import org.apache.fineract.infrastructure.configuration.api.GlobalConfigurationApiConstant;
import org.apache.fineract.infrastructure.core.serialization.FromJsonHelper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
Expand All @@ -47,6 +45,10 @@
public class GlobalConfigurationDataValidator {

private final FromJsonHelper fromApiJsonHelper;
private static final Set<String> UPDATE_CONFIGURATION_DATA_PARAMETERS = new HashSet<>(
Arrays.asList(GlobalConfigurationApiConstant.localeParamName,
GlobalConfigurationApiConstant.dateFormatParamName, GlobalConfigurationApiConstant.ENABLED,
GlobalConfigurationApiConstant.VALUE, GlobalConfigurationApiConstant.DATE_VALUE));

@Autowired
public GlobalConfigurationDataValidator(final FromJsonHelper fromApiJsonHelper) {
Expand All @@ -61,23 +63,29 @@ public void validateForUpdate(final JsonCommand command) {
this.fromApiJsonHelper.checkForUnsupportedParameters(typeOfMap, json, UPDATE_CONFIGURATION_DATA_PARAMETERS);

final List<ApiParameterError> dataValidationErrors = new ArrayList<>();
final DataValidatorBuilder baseDataValidator = new DataValidatorBuilder(dataValidationErrors).resource(CONFIGURATION_RESOURCE_NAME);
final DataValidatorBuilder baseDataValidator = new DataValidatorBuilder(dataValidationErrors)
.resource(GlobalConfigurationApiConstant.CONFIGURATION_RESOURCE_NAME);
final JsonElement element = this.fromApiJsonHelper.parse(json);

if (this.fromApiJsonHelper.parameterExists(ENABLED, element)) {
final boolean enabledBool = this.fromApiJsonHelper.extractBooleanNamed(ENABLED, element);
baseDataValidator.reset().parameter(ENABLED).value(enabledBool).validateForBooleanValue();
}
if (this.fromApiJsonHelper.parameterExists(GlobalConfigurationApiConstant.ENABLED, element)) {
final boolean enabledBool = this.fromApiJsonHelper
.extractBooleanNamed(GlobalConfigurationApiConstant.ENABLED, element);
baseDataValidator.reset().parameter(GlobalConfigurationApiConstant.ENABLED).value(enabledBool)
.validateForBooleanValue();
}

if (this.fromApiJsonHelper.parameterExists(VALUE, element)) {
final Long valueStr = this.fromApiJsonHelper.extractLongNamed(VALUE, element);
baseDataValidator.reset().parameter(ENABLED).value(valueStr).zeroOrPositiveAmount();
}
if (this.fromApiJsonHelper.parameterExists(GlobalConfigurationApiConstant.VALUE, element)) {
final Long valueStr = this.fromApiJsonHelper.extractLongNamed(GlobalConfigurationApiConstant.VALUE,
element);
baseDataValidator.reset().parameter(GlobalConfigurationApiConstant.ENABLED).value(valueStr)
.zeroOrPositiveAmount();
}

if (this.fromApiJsonHelper.parameterExists(DATE_VALUE, element)) {
final LocalDate dateValue = this.fromApiJsonHelper.extractLocalDateNamed(DATE_VALUE, element);
baseDataValidator.reset().parameter(DATE_VALUE).value(dateValue).notNull();
}
if (this.fromApiJsonHelper.parameterExists(GlobalConfigurationApiConstant.DATE_VALUE, element)) {
final LocalDate dateValue = this.fromApiJsonHelper
.extractLocalDateNamed(GlobalConfigurationApiConstant.DATE_VALUE, element);
baseDataValidator.reset().parameter(GlobalConfigurationApiConstant.DATE_VALUE).value(dateValue).notNull();
}

if (!dataValidationErrors.isEmpty()) { throw new PlatformApiDataValidationException(dataValidationErrors); }

Expand Down
2 changes: 1 addition & 1 deletion .../java/org/apache/fineract/infrastructure/core/data/PaginationParametersDataValidator.java
View file
Expand Up @@ -30,7 +30,7 @@
@Component
public class PaginationParametersDataValidator {

public static Set<String> sortOrderValues = new HashSet<>(Arrays.asList("ASC", "DESC"));
private final Set<String> sortOrderValues = new HashSet<>(Arrays.asList("ASC", "DESC"));

public void validateParameterValues(PaginationParameters parameters, final Set<String> supportedOrdeByValues, final String resourceName) {

Expand Down
2 changes: 0 additions & 2 deletions ...rc/main/java/org/apache/fineract/infrastructure/dataqueries/api/DataTableApiConstant.java
View file
Expand Up @@ -32,8 +32,6 @@ public class DataTableApiConstant {

public static final String categoryParamName ="category";
public static final String localParamName = "locale";
public static final Set<String> REGISTER_PARAMS = new HashSet<>(Arrays.asList(categoryParamName,localParamName));

public static final String DATATABLE_RESOURCE_NAME ="dataTables";

}
22 changes: 11 additions & 11 deletions ...src/main/java/org/apache/fineract/infrastructure/dataqueries/data/DataTableValidator.java
View file
Expand Up @@ -18,20 +18,18 @@
*/
package org.apache.fineract.infrastructure.dataqueries.data;

import static org.apache.fineract.infrastructure.dataqueries.api.DataTableApiConstant.CATEGORY_DEFAULT;
import static org.apache.fineract.infrastructure.dataqueries.api.DataTableApiConstant.CATEGORY_PPI;
import static org.apache.fineract.infrastructure.dataqueries.api.DataTableApiConstant.DATATABLE_RESOURCE_NAME;
import static org.apache.fineract.infrastructure.dataqueries.api.DataTableApiConstant.REGISTER_PARAMS;
import static org.apache.fineract.infrastructure.dataqueries.api.DataTableApiConstant.categoryParamName;

import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.fineract.infrastructure.core.data.ApiParameterError;
import org.apache.fineract.infrastructure.core.data.DataValidatorBuilder;
import org.apache.fineract.infrastructure.core.exception.PlatformApiDataValidationException;
import org.apache.fineract.infrastructure.dataqueries.api.DataTableApiConstant;
import org.apache.fineract.infrastructure.core.serialization.FromJsonHelper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
Expand All @@ -43,6 +41,8 @@
public class DataTableValidator {

private final FromJsonHelper fromApiJsonHelper;
private final Set<String> REGISTER_PARAMS = new HashSet<>(
Arrays.asList(DataTableApiConstant.categoryParamName, DataTableApiConstant.localParamName));

@Autowired
public DataTableValidator(final FromJsonHelper fromApiJsonHelper) {
Expand All @@ -55,14 +55,14 @@ public void validateDataTableRegistration(final String json) {
this.fromApiJsonHelper.checkForUnsupportedParameters(typeOfMap, json, REGISTER_PARAMS);

final List<ApiParameterError> dataValidationErrors = new ArrayList<>();
final DataValidatorBuilder baseDataValidator = new DataValidatorBuilder(dataValidationErrors).resource(DATATABLE_RESOURCE_NAME);
final DataValidatorBuilder baseDataValidator = new DataValidatorBuilder(dataValidationErrors).resource(DataTableApiConstant.DATATABLE_RESOURCE_NAME);
final JsonElement element = this.fromApiJsonHelper.parse(json);

if (this.fromApiJsonHelper.parameterExists(categoryParamName, element)) {
if (this.fromApiJsonHelper.parameterExists(DataTableApiConstant.categoryParamName, element)) {

final Integer category = this.fromApiJsonHelper.extractIntegerWithLocaleNamed(categoryParamName, element);
Object[] objectArray = new Integer[] { CATEGORY_PPI, CATEGORY_DEFAULT };
baseDataValidator.reset().parameter(categoryParamName).value(category).isOneOfTheseValues(objectArray);
final Integer category = this.fromApiJsonHelper.extractIntegerWithLocaleNamed(DataTableApiConstant.categoryParamName, element);
Object[] objectArray = new Integer[] { DataTableApiConstant.CATEGORY_PPI, DataTableApiConstant.CATEGORY_DEFAULT };
baseDataValidator.reset().parameter(DataTableApiConstant.categoryParamName).value(category).isOneOfTheseValues(objectArray);
}

if (!dataValidationErrors.isEmpty()) { throw new PlatformApiDataValidationException(dataValidationErrors); }
Expand Down
2 changes: 1 addition & 1 deletion .../fineract/infrastructure/documentmanagement/contentrepository/ContentRepositoryUtils.java
View file
Expand Up @@ -32,7 +32,7 @@

public class ContentRepositoryUtils {

public static Random random = new Random();
private static final Random random = new Random();

public static enum IMAGE_MIME_TYPE {
GIF("image/gif"), JPEG("image/jpeg"), PNG("image/png");
Expand Down
11 changes: 3 additions & 8 deletions ...g/apache/fineract/infrastructure/entityaccess/api/FineractEntityApiResourceConstants.java
View file
Expand Up @@ -41,14 +41,9 @@ public class FineractEntityApiResourceConstants {
public static final String ROLE_ACCESS_TO_LOAN_PRODUCTS = " role_access_to_loan_products ";
public static final String ROLE_ACCESS_TO_SAVINGS_PRODUCTS = " role_access_to_savings_products ";

public static final Set<String> RESPONSE_DATA_PARAMETERS = new HashSet<>(Arrays.asList(mappingTypes));
protected static final Set<String> RESPONSE_DATA_PARAMETERS = new HashSet<>(Arrays.asList(mappingTypes));

public static final Set<String> FETCH_ENTITY_TO_ENTITY_MAPPINGS = new HashSet<>(Arrays.asList(mapId,relId,fromEnityType, toEntityType));

public static final Set<String> CREATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(fromEnityType,
toEntityType, startDate, LOCALE, DATE_FORMAT, endDate));

public static final Set<String> UPDATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(relId,fromEnityType,
toEntityType, startDate,LOCALE, DATE_FORMAT, endDate));
protected static final Set<String> FETCH_ENTITY_TO_ENTITY_MAPPINGS = new HashSet<>(Arrays.asList(mapId,relId,
fromEnityType, toEntityType));

}
24 changes: 20 additions & 4 deletions ...ava/org/apache/fineract/infrastructure/entityaccess/data/FineractEntityDataValidator.java
View file
Expand Up @@ -20,8 +20,11 @@

import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import org.apache.commons.lang.StringUtils;
import org.apache.fineract.infrastructure.core.data.ApiParameterError;
Expand All @@ -41,13 +44,16 @@
import org.apache.fineract.useradministration.domain.Role;
import org.apache.fineract.useradministration.domain.RoleRepository;
import org.apache.fineract.useradministration.exception.RoleNotFoundException;
import org.apache.fineract.infrastructure.entityaccess.api.FineractEntityApiResourceConstants;
import org.joda.time.LocalDate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.google.gson.JsonElement;
import com.google.gson.reflect.TypeToken;



@Component
public class FineractEntityDataValidator {

Expand All @@ -57,6 +63,16 @@ public class FineractEntityDataValidator {
private final SavingsProductRepository savingsProductRepository;
private final ChargeRepositoryWrapper chargeRepositoryWrapper;
private final RoleRepository roleRepository;
private static final Set<String> CREATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS = new HashSet<>(Arrays.asList(
FineractEntityApiResourceConstants.fromEnityType, FineractEntityApiResourceConstants.toEntityType,
FineractEntityApiResourceConstants.startDate, FineractEntityApiResourceConstants.LOCALE,
FineractEntityApiResourceConstants.DATE_FORMAT, FineractEntityApiResourceConstants.endDate));

private static final Set<String> UPDATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS = new HashSet<>(
Arrays.asList(FineractEntityApiResourceConstants.relId, FineractEntityApiResourceConstants.fromEnityType,
FineractEntityApiResourceConstants.toEntityType, FineractEntityApiResourceConstants.startDate,
FineractEntityApiResourceConstants.LOCALE, FineractEntityApiResourceConstants.DATE_FORMAT,
FineractEntityApiResourceConstants.endDate));

@Autowired
public FineractEntityDataValidator(final FromJsonHelper fromApiJsonHelper, final OfficeRepositoryWrapper officeRepositoryWrapper,
Expand All @@ -75,8 +91,8 @@ public void validateForCreate(final String json) {
if (StringUtils.isBlank(json)) { throw new InvalidJsonException(); }

final Type typeOfMap = new TypeToken<Map<String, Object>>() {}.getType();
this.fromApiJsonHelper.checkForUnsupportedParameters(typeOfMap, json,
FineractEntityApiResourceConstants.CREATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS);
this.fromApiJsonHelper.checkForUnsupportedParameters(typeOfMap, json,
CREATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS);
final JsonElement element = this.fromApiJsonHelper.parse(json);

final List<ApiParameterError> dataValidationErrors = new ArrayList<>();
Expand Down Expand Up @@ -172,8 +188,8 @@ public void validateForUpdate(final String json) {
if (StringUtils.isBlank(json)) { throw new InvalidJsonException(); }

final Type typeOfMap = new TypeToken<Map<String, Object>>() {}.getType();
this.fromApiJsonHelper.checkForUnsupportedParameters(typeOfMap, json,
FineractEntityApiResourceConstants.UPDATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS);
this.fromApiJsonHelper.checkForUnsupportedParameters(typeOfMap, json,
UPDATE_ENTITY_MAPPING_REQUEST_DATA_PARAMETERS);
final JsonElement element = this.fromApiJsonHelper.parse(json);

final List<ApiParameterError> dataValidationErrors = new ArrayList<>();
Expand Down

0 comments on commit c72d2e0

Please sign in to comment.