From 7908741e3a765bc68e9c955dfccc58e4b3f72da2 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 12:00:52 +0530 Subject: [PATCH] fix: veracode log realted issue fix --- .../config/ApplicationConfig.java | 3 ++- .../service/CommonService.java | 3 ++- .../service/HoldersCredentialService.java | 5 +++-- .../service/IssuersCredentialService.java | 17 +++++++++-------- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java index 6f53eb811..3cc57dcda 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java @@ -28,6 +28,7 @@ import com.smartsensesolutions.java.commons.specification.SpecificationUtil; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.springdoc.core.properties.SwaggerUiConfigProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -67,7 +68,7 @@ public SpecificationUtil specificationUtil() { @Override public void addViewControllers(ViewControllerRegistry registry) { String redirectUri = properties.getPath(); - log.info("Set landing page to path {}", redirectUri); + log.info("Set landing page to path {}", StringEscapeUtils.escapeJava(redirectUri)); registry.addRedirectViewController("/", redirectUri); } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java index e11928839..0d643468c 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java @@ -23,6 +23,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; @@ -53,7 +54,7 @@ public Wallet getWalletByIdentifier(String identifier) { try { wallet = walletRepository.getByDid(identifier); } catch (DidParseException e) { - log.error("Error while parsing did {}", identifier, e); + log.error("Error while parsing did {}", StringEscapeUtils.escapeJava(identifier), e); throw new WalletNotFoundProblem("Error while parsing did " + identifier); } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java index 664cff8dc..3944bd6e9 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java @@ -31,6 +31,7 @@ import com.smartsensesolutions.java.commons.specification.SpecificationUtil; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential; import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; @@ -164,7 +165,7 @@ public VerifiableCredential issueCredential(Map data, String cal //Store Credential in holder table credential = create(credential); - log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), callerBpn); + log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(callerBpn)); // Return VC return credential.getData(); } @@ -185,7 +186,7 @@ public void deleteCredential(String credentialId, String bpnFromToken) { //remove credential holdersCredentialRepository.deleteByCredentialId(credentialId); - log.debug("VC deleted with id ->{} of bpn ->{}", credentialId, holderWallet.getBpn()); + log.debug("VC deleted with id ->{} of bpn ->{}", StringEscapeUtils.escapeJava(credentialId), StringEscapeUtils.escapeJava(holderWallet.getBpn())); } private void isCredentialExistWithId(String holderDid, String credentialId) { diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index d7d4f45e6..234ade832 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -30,6 +30,7 @@ import com.smartsensesolutions.java.commons.sort.SortType; import com.smartsensesolutions.java.commons.specification.SpecificationUtil; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings; import org.eclipse.tractusx.managedidentitywallets.constant.MIWVerifiableCredentialType; import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; @@ -207,7 +208,7 @@ public VerifiableCredential issueBpnCredential(Wallet baseWallet, Wallet holderW //update summery VC updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.BPN_CREDENTIAL); - log.debug("BPN credential issued for bpn -{}", holderWallet.getBpn()); + log.debug("BPN credential issued for bpn -{}", StringEscapeUtils.escapeJava(holderWallet.getBpn())); return issuersCredential.getData(); } @@ -256,7 +257,7 @@ public VerifiableCredential issueFrameworkCredential(IssueFrameworkCredentialReq //update summery cred updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), request.getType()); - log.debug("Framework VC of type ->{} issued to bpn ->{}", request.getType(), holderWallet.getBpn()); + log.debug("Framework VC of type ->{} issued to bpn ->{}", StringEscapeUtils.escapeJava(request.getType()), StringEscapeUtils.escapeJava(holderWallet.getBpn())); // Return VC return issuersCredential.getData(); @@ -307,7 +308,7 @@ public VerifiableCredential issueDismantlerCredential(IssueDismantlerCredentialR //update summery VC updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.DISMANTLER_CREDENTIAL); - log.debug("Dismantler VC issued to bpn -> {}", request.getBpn()); + log.debug("Dismantler VC issued to bpn -> {}", StringEscapeUtils.escapeJava(request.getBpn())); // Return VC return issuersCredential.getData(); @@ -361,7 +362,7 @@ public VerifiableCredential issueMembershipCredential(IssueMembershipCredentialR //update summery VC updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), VerifiableCredentialType.MEMBERSHIP_CREDENTIAL); - log.debug("Membership VC issued to bpn ->{}", issueMembershipCredentialRequest.getBpn()); + log.debug("Membership VC issued to bpn ->{}", StringEscapeUtils.escapeJava(issueMembershipCredentialRequest.getBpn())); // Return VC return issuersCredential.getData(); @@ -410,7 +411,7 @@ public VerifiableCredential issueCredentialUsingBaseWallet(String holderDid, Map IssuersCredential issuersCredential = IssuersCredential.of(holdersCredential); issuersCredential = create(issuersCredential); - log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), holderWallet.getBpn()); + log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(holderWallet.getBpn())); // Return VC return issuersCredential.getData(); @@ -528,12 +529,12 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu } else { items = List.of(type); } - log.debug("Issuing summary VC with items ->{}", items); + log.debug("Issuing summary VC with items ->{}", StringEscapeUtils.escapeJava(items.toString())); //get summery VC of holder List vcs = holdersCredentialRepository.getByHolderDidAndIssuerDidAndTypeAndStored(holderDid, issuerDid, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, false); //deleted only not stored VC if (CollectionUtils.isEmpty(vcs)) { - log.debug("No summery VC found for did ->{}, checking in issuer", holderDid); + log.debug("No summery VC found for did ->{}, checking in issuer", StringEscapeUtils.escapeJava(holderDid)); } else { //delete old summery VC from holder table, delete only not stored VC holdersCredentialRepository.deleteAll(vcs); @@ -561,7 +562,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu //Store Credential in issuers table issuersCredentialRepository.save(IssuersCredential.of(holdersCredential)); - log.info("Summery VC updated for holder did -> {}", holderDid); + log.info("Summery VC updated for holder did -> {}", StringEscapeUtils.escapeJava(holderDid)); } private Page getLastIssuedSummaryCredential(String issuerDid, String holderDid) {