fix: veracode log realted issue fix

DominikPinsel · Jul 14, 2023 · 7908741 · 7908741
1 parent f30c4d8
commit 7908741
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 12 deletions.
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
@@ -28,6 +28,7 @@
 import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
 import org.springdoc.core.properties.SwaggerUiConfigProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -67,7 +68,7 @@ public SpecificationUtil specificationUtil() {
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
         String redirectUri = properties.getPath();
-        log.info("Set landing page to path {}", redirectUri);
+        log.info("Set landing page to path {}", StringEscapeUtils.escapeJava(redirectUri));
         registry.addRedirectViewController("/", redirectUri);
     }
 }
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
@@ -23,6 +23,7 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
@@ -53,7 +54,7 @@ public Wallet getWalletByIdentifier(String identifier) {
             try {
                 wallet = walletRepository.getByDid(identifier);
             } catch (DidParseException e) {
-                log.error("Error while parsing did {}", identifier, e);
+                log.error("Error while parsing did {}", StringEscapeUtils.escapeJava(identifier), e);
                 throw new WalletNotFoundProblem("Error while parsing did " + identifier);
             }
         }

diff --git a/...in/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/...in/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
@@ -31,6 +31,7 @@
 import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -164,7 +165,7 @@ public VerifiableCredential issueCredential(Map<String, Object> data, String cal
         //Store Credential in holder table
         credential = create(credential);
 
-        log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), callerBpn);
+        log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(callerBpn));
         // Return VC
         return credential.getData();
     }
@@ -185,7 +186,7 @@ public void deleteCredential(String credentialId, String bpnFromToken) {
 
         //remove credential
         holdersCredentialRepository.deleteByCredentialId(credentialId);
-        log.debug("VC deleted with id ->{} of bpn ->{}", credentialId, holderWallet.getBpn());
+        log.debug("VC deleted with id ->{} of bpn ->{}", StringEscapeUtils.escapeJava(credentialId), StringEscapeUtils.escapeJava(holderWallet.getBpn()));
     }
 
     private void isCredentialExistWithId(String holderDid, String credentialId) {

diff --git a/...in/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/...in/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
@@ -30,6 +30,7 @@
 import com.smartsensesolutions.java.commons.sort.SortType;
 import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.constant.MIWVerifiableCredentialType;
 import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
@@ -207,7 +208,7 @@ public VerifiableCredential issueBpnCredential(Wallet baseWallet, Wallet holderW
         //update summery VC
         updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.BPN_CREDENTIAL);
 
-        log.debug("BPN credential issued for bpn -{}", holderWallet.getBpn());
+        log.debug("BPN credential issued for bpn -{}", StringEscapeUtils.escapeJava(holderWallet.getBpn()));
 
         return issuersCredential.getData();
     }
@@ -256,7 +257,7 @@ public VerifiableCredential issueFrameworkCredential(IssueFrameworkCredentialReq
         //update summery cred
         updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), request.getType());
 
-        log.debug("Framework VC of type ->{} issued to bpn ->{}", request.getType(), holderWallet.getBpn());
+        log.debug("Framework VC of type ->{} issued to bpn ->{}", StringEscapeUtils.escapeJava(request.getType()), StringEscapeUtils.escapeJava(holderWallet.getBpn()));
 
         // Return VC
         return issuersCredential.getData();
@@ -307,7 +308,7 @@ public VerifiableCredential issueDismantlerCredential(IssueDismantlerCredentialR
         //update summery VC
         updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.DISMANTLER_CREDENTIAL);
 
-        log.debug("Dismantler VC issued to bpn -> {}", request.getBpn());
+        log.debug("Dismantler VC issued to bpn -> {}", StringEscapeUtils.escapeJava(request.getBpn()));
 
         // Return VC
         return issuersCredential.getData();
@@ -361,7 +362,7 @@ public VerifiableCredential issueMembershipCredential(IssueMembershipCredentialR
         //update summery VC
         updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), VerifiableCredentialType.MEMBERSHIP_CREDENTIAL);
 
-        log.debug("Membership VC issued to bpn ->{}", issueMembershipCredentialRequest.getBpn());
+        log.debug("Membership VC issued to bpn ->{}", StringEscapeUtils.escapeJava(issueMembershipCredentialRequest.getBpn()));
 
         // Return VC
         return issuersCredential.getData();
@@ -410,7 +411,7 @@ public VerifiableCredential issueCredentialUsingBaseWallet(String holderDid, Map
         IssuersCredential issuersCredential = IssuersCredential.of(holdersCredential);
         issuersCredential = create(issuersCredential);
 
-        log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), holderWallet.getBpn());
+        log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(holderWallet.getBpn()));
 
         // Return VC
         return issuersCredential.getData();
@@ -528,12 +529,12 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu
         } else {
             items = List.of(type);
         }
-        log.debug("Issuing summary VC with items ->{}", items);
+        log.debug("Issuing summary VC with items ->{}", StringEscapeUtils.escapeJava(items.toString()));
 
         //get summery VC of holder
         List<HoldersCredential> vcs = holdersCredentialRepository.getByHolderDidAndIssuerDidAndTypeAndStored(holderDid, issuerDid, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, false); //deleted only not stored VC
         if (CollectionUtils.isEmpty(vcs)) {
-            log.debug("No summery VC found for did ->{}, checking in issuer", holderDid);
+            log.debug("No summery VC found for did ->{}, checking in issuer", StringEscapeUtils.escapeJava(holderDid));
         } else {
             //delete old summery VC from holder table, delete only not stored VC
             holdersCredentialRepository.deleteAll(vcs);
@@ -561,7 +562,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu
         //Store Credential in issuers table
         issuersCredentialRepository.save(IssuersCredential.of(holdersCredential));
 
-        log.info("Summery VC updated for holder did -> {}", holderDid);
+        log.info("Summery VC updated for holder did -> {}", StringEscapeUtils.escapeJava(holderDid));
     }
 
     private Page<IssuersCredential> getLastIssuedSummaryCredential(String issuerDid, String holderDid) {