Fixing contrast security issues (#172)

* Fixing contrast security issues Signed-off-by: Arun Venmany <[email protected]> * correcting message per review comments Signed-off-by: Arun Venmany <[email protected]> --------- Signed-off-by: Arun Venmany <[email protected]>
OpenLiberty · Sep 13, 2024 · adc0402 · adc0402
1 parent 696f7d1
commit adc0402
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 15 deletions.
diff --git a/src/main/java/io/openliberty/tools/ant/AbstractTask.java b/src/main/java/io/openliberty/tools/ant/AbstractTask.java
@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corporation 2014, 2023.
+ * (C) Copyright IBM Corporation 2014, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -136,7 +136,8 @@ protected void initTask() {
             log(MessageFormat.format(messages.getString("info.variable"), "server.output.dir", serverOutputDir.getCanonicalPath()),
                     Project.MSG_VERBOSE);
         } catch (IOException e) {
-            throw new BuildException(e);
+            log(e,Project.MSG_ERR);
+            throw new BuildException("Exception while configuring liberty installation directories. See previous messages for information on the issue(s).");
         }
 
         // Check for windows..
@@ -312,7 +313,8 @@ public void run() {
                 }
             } catch (IOException ex) {
                 sb.setLength(0);
-                throw new BuildException(ex);
+                log(ex,Project.MSG_ERR);
+                throw new BuildException("Exception received while checking for the return code in the output of the invoked command. See previous messages for more information on the issues().");
             } finally {
                 if (isWindows) {
                     synchronized (this) {

diff --git a/src/main/java/io/openliberty/tools/ant/RegexRepository.java b/src/main/java/io/openliberty/tools/ant/RegexRepository.java
@@ -0,0 +1,38 @@
+/**
+ * (C) Copyright IBM Corporation 2024.
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.openliberty.tools.ant;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class RegexRepository {
+
+    private static final Map<String, String> regexMap;
+
+    static {
+        regexMap = new HashMap<>();
+        regexMap.put("ArchiveInstaller", "D/N:\\s*(.*)\\s*");
+        regexMap.put("WasDevInstaller", "D/N:\\s*(.*?)\\s*\\<");
+    }
+
+    private RegexRepository() {
+    }
+
+    public static String getRegex(String key) {
+        return regexMap.get(key);
+    }
+
+}
diff --git a/src/main/java/io/openliberty/tools/ant/install/ArchiveInstaller.java b/src/main/java/io/openliberty/tools/ant/install/ArchiveInstaller.java
@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corporation 2014.
+ * (C) Copyright IBM Corporation 2014, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,12 +21,11 @@
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 
+import io.openliberty.tools.ant.RegexRepository;
 import org.apache.tools.ant.BuildException;
 
 public class ArchiveInstaller implements Installer {
 
-    private static final String LICENSE_REGEX = "D/N:\\s*(.*)\\s*";
-
     private String runtimeUrl;
     private String extendedUrl;
     private String licenseCode;
@@ -107,7 +106,7 @@ private String getLicenseCode(File jarFile) throws Exception {
                 throw new BuildException("Unable to find license file in " + jarFile);
             }
             in = jar.getInputStream(entry);
-            return InstallUtils.getLicenseCode(in, "UTF-16", LICENSE_REGEX);
+            return InstallUtils.getLicenseCode(in, "UTF-16", RegexRepository.getRegex(ArchiveInstaller.class.getName()));
         } finally {
             InstallUtils.close(in);
             jar.close();

diff --git a/src/main/java/io/openliberty/tools/ant/install/OpenLibertyInstaller.java b/src/main/java/io/openliberty/tools/ant/install/OpenLibertyInstaller.java
@@ -1,10 +1,10 @@
 package io.openliberty.tools.ant.install;
 
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.InputStream;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.util.List;
 
 import org.apache.commons.io.IOUtils;
@@ -32,7 +32,7 @@ public void install(InstallLibertyTask task) throws Exception {
         task.downloadFile(versionInfoUrl, versionInfoFile);
 
         // Parse JSON
-        InputStream versionInfoIs =  new FileInputStream(versionInfoFile);
+        InputStream versionInfoIs = Files.newInputStream(versionInfoFile.toPath());
         String versionInfoTxt = IOUtils.toString(versionInfoIs, StandardCharsets.UTF_8);
         JSONObject versionInfoJson = new JSONObject(versionInfoTxt);
 
@@ -56,7 +56,7 @@ public void install(InstallLibertyTask task) throws Exception {
         task.downloadFile(runtimeInfoUrl, runtimeInfoFile, true);
 
         // Parse JSON
-        InputStream runtimeInfoIs =  new FileInputStream(runtimeInfoFile);
+        InputStream runtimeInfoIs = Files.newInputStream(runtimeInfoFile.toPath());
         String runtimeInfoTxt = IOUtils.toString(runtimeInfoIs, StandardCharsets.UTF_8);
         JSONObject runtimeInfoJson = new JSONObject(runtimeInfoTxt);
 

diff --git a/src/main/java/io/openliberty/tools/ant/install/WasDevInstaller.java b/src/main/java/io/openliberty/tools/ant/install/WasDevInstaller.java
@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corporation 2014.
+ * (C) Copyright IBM Corporation 2014, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,11 +20,10 @@
 import java.util.Iterator;
 import java.util.List;
 
+import io.openliberty.tools.ant.RegexRepository;
 import org.apache.tools.ant.BuildException;
 
 public class WasDevInstaller implements Installer {
-
-    private static final String LICENSE_REGEX = "D/N:\\s*(.*?)\\s*\\<";
 
     private String licenseCode;
     private String version;
@@ -106,7 +105,7 @@ public void install(InstallLibertyTask task) throws Exception {
             task.downloadFile(licenseURL, licenseFile, true);
 
             // do license check
-            task.checkLicense(InstallUtils.getLicenseCode(licenseFile, LICENSE_REGEX));
+            task.checkLicense(InstallUtils.getLicenseCode(licenseFile, RegexRepository.getRegex(WasDevInstaller.class.getName())));
 
             // download Liberty jar
             URL libertyURL = new URL(uri);

diff --git a/src/main/java/io/openliberty/tools/ant/jsp/CompileJSPs.java b/src/main/java/io/openliberty/tools/ant/jsp/CompileJSPs.java
@@ -126,7 +126,8 @@ public void execute() {
                 }
             }
         } catch (IOException e) {
-            throw new BuildException("A failure occurred: " + e.toString(), e);
+            log(e,Project.MSG_ERR);
+            throw new BuildException("A failure occurred: " + e.getLocalizedMessage());
         }
 
     }