Skip to content

Commit 436d788

Browse files
committed
chore: Fix sonarqube violations
1 parent 1fe7a4d commit 436d788

File tree

5 files changed

+48
-52
lines changed

5 files changed

+48
-52
lines changed

src/main/java/com/endava/cats/fuzzer/fields/LdapInjectionInStringFieldsFuzzer.java

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
@Singleton
2121
@FieldFuzzer
2222
public class LdapInjectionInStringFieldsFuzzer extends BaseSecurityInjectionFuzzer {
23-
private final static List<String> FIELDS = List.of("user", "name", "login", "username", "email", "mail", "dn", "cn", "uid", "filter",
23+
private static final List<String> FIELDS = List.of("user", "name", "login", "username", "email", "mail", "dn", "cn", "uid", "filter",
2424
"search", "query", "account", "member", "group", "ou", "organization", "dept", "department");
2525

2626
private static final List<String> TOP_PAYLOADS = List.of(
@@ -255,13 +255,11 @@ protected InjectionDetectionResult detectInjectionEvidence(CatsResponse response
255255
String responseLower = responseBody.toLowerCase(Locale.ROOT);
256256

257257
for (String keyword : LDAP_ERROR_KEYWORDS) {
258-
if (responseLower.contains(keyword)) {
259-
if (appearsInErrorContext(responseBody, keyword)) {
260-
return InjectionDetectionResult.vulnerable(
261-
"LDAP injection vulnerability detected",
262-
"Response contains LDAP error message: '" + keyword + "'"
263-
);
264-
}
258+
if (responseLower.contains(keyword) && appearsInErrorContext(responseBody, keyword)) {
259+
return InjectionDetectionResult.vulnerable(
260+
"LDAP injection vulnerability detected",
261+
"Response contains LDAP error message: '" + keyword + "'"
262+
);
265263
}
266264
}
267265

src/main/java/com/endava/cats/fuzzer/fields/XxeInjectionInStringFieldsFuzzer.java

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -175,13 +175,11 @@ protected InjectionDetectionResult detectInjectionEvidence(CatsResponse response
175175
}
176176
}
177177

178-
if (responseBody.length() > 100000) {
179-
if (containsRepeatedPatterns(responseBody)) {
180-
return InjectionDetectionResult.vulnerable(
181-
"Potential XXE DoS vulnerability detected",
182-
"Response is unusually large with repeated patterns, suggesting entity expansion attack succeeded"
183-
);
184-
}
178+
if (responseBody.length() > 100000 && containsRepeatedPatterns(responseBody)) {
179+
return InjectionDetectionResult.vulnerable(
180+
"Potential XXE DoS vulnerability detected",
181+
"Response is unusually large with repeated patterns, suggesting entity expansion attack succeeded"
182+
);
185183
}
186184

187185
return InjectionDetectionResult.notVulnerable();

src/main/java/com/endava/cats/fuzzer/fields/base/BaseSecurityInjectionFuzzer.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ private Set<String> getStringFields(FuzzingData data) {
8383
var schema = data.getRequestPropertyTypes().get(field);
8484
return CatsModelUtils.isStringSchema(schema);
8585
})
86-
.filter(field -> shouldFuzzField(field))
86+
.filter(this::shouldFuzzField)
8787
.collect(Collectors.toSet());
8888
}
8989

src/main/java/com/endava/cats/openapi/OpenAPIModelGeneratorV2.java

Lines changed: 34 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -329,24 +329,7 @@ private List<Map<String, Object>> generateExamplesForSchema(String name, Schema
329329
}
330330

331331
if (hasOneOfOrAnyOf) {
332-
List<Map<String, Object>> oneOfAnyOfExamples = resolveAnyOfOneOfSchemaProperties(name, schema);
333-
334-
if (!parentPropertyExamples.isEmpty()) {
335-
List<Map<String, Object>> mergedExamples = new ArrayList<>();
336-
for (Map<String, Object> oneOfExample : oneOfAnyOfExamples) {
337-
for (Map<String, Object> parentExample : parentPropertyExamples) {
338-
Map<String, Object> merged = new HashMap<>(oneOfExample);
339-
340-
for (Map.Entry<String, Object> entry : parentExample.entrySet()) {
341-
merged.putIfAbsent(entry.getKey(), entry.getValue());
342-
}
343-
mergedExamples.add(merged);
344-
}
345-
}
346-
examples = combineExampleLists(examples, mergedExamples);
347-
} else {
348-
examples = combineExampleLists(examples, oneOfAnyOfExamples);
349-
}
332+
examples = handleAnyOrOneOf(name, schema, parentPropertyExamples, examples);
350333
}
351334

352335
if (CatsModelUtils.isArraySchema(schema)) {
@@ -369,6 +352,28 @@ private List<Map<String, Object>> generateExamplesForSchema(String name, Schema
369352
return examples;
370353
}
371354

355+
private List<Map<String, Object>> handleAnyOrOneOf(String name, Schema schema, List<Map<String, Object>> parentPropertyExamples, List<Map<String, Object>> examples) {
356+
List<Map<String, Object>> oneOfAnyOfExamples = resolveAnyOfOneOfSchemaProperties(name, schema);
357+
358+
if (!parentPropertyExamples.isEmpty()) {
359+
List<Map<String, Object>> mergedExamples = new ArrayList<>();
360+
for (Map<String, Object> oneOfExample : oneOfAnyOfExamples) {
361+
for (Map<String, Object> parentExample : parentPropertyExamples) {
362+
Map<String, Object> merged = new HashMap<>(oneOfExample);
363+
364+
for (Map.Entry<String, Object> entry : parentExample.entrySet()) {
365+
merged.putIfAbsent(entry.getKey(), entry.getValue());
366+
}
367+
mergedExamples.add(merged);
368+
}
369+
}
370+
examples = combineExampleLists(examples, mergedExamples);
371+
} else {
372+
examples = combineExampleLists(examples, oneOfAnyOfExamples);
373+
}
374+
return examples;
375+
}
376+
372377
private Map formatExampleAsMap(Object fromExample) {
373378
if (!(fromExample instanceof Map)) {
374379
Map<String, Object> example = new HashMap<>();
@@ -662,18 +667,17 @@ private Object matchToEnumOrEmpty(String name, Schema innerSchema, String proper
662667
.stream()
663668
.filter(discriminator -> discriminator.getPropertyName().equalsIgnoreCase(propertyName) && discriminator.getMapping() != null)
664669
.findFirst()
665-
.map(discriminator -> {
666-
// Find the enum value that maps to this schema name
667-
return discriminator.getMapping().entrySet().stream()
668-
.filter(entry -> {
669-
String schemaRef = entry.getValue();
670-
String schemaName = CatsModelUtils.getSimpleRef(schemaRef);
671-
return schemaName.equalsIgnoreCase(name);
672-
})
673-
.map(Map.Entry::getKey)
674-
.findFirst()
675-
.orElse("");
676-
})
670+
.map(discriminator ->
671+
// Find the enum value that maps to this schema name
672+
discriminator.getMapping().entrySet().stream()
673+
.filter(entry -> {
674+
String schemaRef = entry.getValue();
675+
String schemaName = CatsModelUtils.getSimpleRef(schemaRef);
676+
return schemaName.equalsIgnoreCase(name);
677+
})
678+
.map(Map.Entry::getKey)
679+
.findFirst()
680+
.orElse(""))
677681
.orElse("");
678682

679683
if (!resultFromMapping.isEmpty()) {

src/test/java/com/endava/cats/openapi/OpenAPIModelGeneratorV2Test.java

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -196,9 +196,7 @@ void shouldGenerateOneOfWithParentPropertiesAndDiscriminator() throws Exception
196196
Assertions.assertThat(examples).hasSize(2);
197197

198198
String firstExample = examples.getFirst();
199-
Assertions.assertThat(firstExample).contains("\"kind\"");
200-
Assertions.assertThat(firstExample).contains("\"value\"");
201-
Assertions.assertThat(firstExample).contains("\"bubulel\"");
199+
Assertions.assertThat(firstExample).contains("\"kind\"").contains("\"value\"").contains("\"bubulel\"");
202200

203201
String kindValue = JsonUtils.getVariableFromJson(firstExample, "$.kind").toString();
204202
Assertions.assertThat(kindValue).isNotEmpty().isNotEqualTo("");
@@ -207,9 +205,7 @@ void shouldGenerateOneOfWithParentPropertiesAndDiscriminator() throws Exception
207205
Assertions.assertThat(bubulel1).isNotEmpty();
208206

209207
String secondExample = examples.get(1);
210-
Assertions.assertThat(secondExample).contains("\"kind\"");
211-
Assertions.assertThat(secondExample).contains("\"value\"");
212-
Assertions.assertThat(secondExample).contains("\"bubulel\"");
208+
Assertions.assertThat(secondExample).contains("\"kind\"").contains("\"value\"").contains("\"bubulel\"");
213209

214210
String kindValue2 = JsonUtils.getVariableFromJson(secondExample, "$.kind").toString();
215211
Assertions.assertThat(kindValue2).isNotEmpty().isNotEqualTo("");

0 commit comments

Comments
 (0)