Skip to content

Commit

Permalink
Merge pull request #3860 from Bhashinee/vulnerability
Browse files Browse the repository at this point in the history
Port the fixes done to eliminate vulnerabilities found in Static and SCA scans
  • Loading branch information
Bhashinee authored Jan 8, 2025
2 parents 3ea7fed + ef901c9 commit 9657c42
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 30 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1683,16 +1683,24 @@ private void setClobValue(int queryType, String paramName,
if (value == null) {
sqlQuery.setNull(i + 1, Types.CLOB);
} else {
sqlQuery.setClob(i + 1, new BufferedReader(new StringReader(value)),
value.length());
try (BufferedReader reader = new BufferedReader(new StringReader(value))) {
sqlQuery.setClob(i + 1, reader, value.length());
} catch (IOException e) {
throw new DataServiceFault(e, "Error processing parameter: " + paramName
+ ", Error: " + e.getMessage());
}
}
} else if ("INOUT".equals(paramType)) {
if (value == null) {
((CallableStatement) sqlQuery).setNull(i + 1,
Types.CLOB);
} else {
((CallableStatement) sqlQuery).setClob(i + 1,
new BufferedReader(new StringReader(value)), value.length());
try (BufferedReader reader = new BufferedReader(new StringReader(value))) {
((CallableStatement) sqlQuery).setClob(i + 1, reader, value.length());
} catch (IOException e) {
throw new DataServiceFault(e, "Error processing parameter: " + paramName + ", Error: "
+ e.getMessage());
}
}
((CallableStatement) sqlQuery).registerOutParameter(i + 1,
Types.CLOB);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,9 @@ public void sendBack(MessageContext messageContext) {
log.debug("Message content type retrieved in the message is: " + contentType);
}
if (contentType.equalsIgnoreCase(InboundGRPCConstants.CONTENT_TYPE_JSON_MIME_TYPE)) {
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(JsonUtil.getJsonPayload(msgContext)));
StringBuilder stringBuilder = new StringBuilder();
String line;
try {
try (BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(JsonUtil.getJsonPayload(msgContext)))) {
StringBuilder stringBuilder = new StringBuilder();
String line;
while ((line = bufferedReader.readLine()) != null) {
stringBuilder.append(line);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -300,23 +300,23 @@ public static Map<String, String> getAllServices(Map<String, String> apimConfigs

int responseCode = connection.getResponseCode();
if (responseCode == HttpURLConnection.HTTP_OK) {
BufferedReader in = new BufferedReader(new InputStreamReader(
connection.getInputStream()));
String inputLine;
StringBuilder response = new StringBuilder();
try (BufferedReader in = new BufferedReader(new InputStreamReader(
connection.getInputStream()))) {
String inputLine;
StringBuilder response = new StringBuilder();

while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();

JsonParser parser = new JsonParser();
JsonObject rootObject = parser.parse(response.toString()).getAsJsonObject();
JsonArray serviceList = rootObject.getAsJsonArray(LIST_STRING);
for (JsonElement service : serviceList) {
String serviceKey = ((JsonObject) service).get(SERVICE_KEY).getAsString();
String md5 = ((JsonObject) service).get(MD5).getAsString();
md5Map.put(serviceKey, md5);
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}

JsonParser parser = new JsonParser();
JsonObject rootObject = parser.parse(response.toString()).getAsJsonObject();
JsonArray serviceList = rootObject.getAsJsonArray(LIST_STRING);
for (JsonElement service : serviceList) {
String serviceKey = ((JsonObject) service).get(SERVICE_KEY).getAsString();
String md5 = ((JsonObject) service).get(MD5).getAsString();
md5Map.put(serviceKey, md5);
}
}
return md5Map;
} else {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,13 @@ public static String readInput() throws IOException {
}

public static String readPassword(String prompt) throws IOException {
PrintWriter out = new PrintWriter(new OutputStreamWriter(System.out), true);
BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
String password = null;
while (password == null || password.length() == 0) {
password = new PasswordPrompt(prompt, out).getPassword(in);
try (PrintWriter out = new PrintWriter(new OutputStreamWriter(System.out), true);
BufferedReader in = new BufferedReader(new InputStreamReader(System.in))) {
String password = null;
while (password == null || password.length() == 0) {
password = new PasswordPrompt(prompt, out).getPassword(in);
}
return password;
}
return password;
}
}

0 comments on commit 9657c42

Please sign in to comment.