fix: Fix issues detected by Svace code analyzer (#465)

Signed-off-by: Oleg Kopysov <o.kopysov@samsung.com>
Samsung · Mar 11, 2024 · 33a6e36 · 33a6e36
1 parent 5ab9ae9
commit 33a6e36
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 38 deletions.
diff --git a/src/main/java/com/lpvs/controller/GitHubController.java b/src/main/java/com/lpvs/controller/GitHubController.java
@@ -220,13 +220,6 @@ public ResponseEntity<LPVSResponseWrapper> gitHubSingleScan(
         GHRepository repository = gitHub.getRepository(gitHubOrg + "/" + gitHubRepo);
         GHPullRequest pullRequest = repository.getPullRequest(prNumber);
         LPVSQueue scanConfig = LPVSWebhookUtil.getGitHubWebhookConfig(repository, pullRequest);
-
-        if (scanConfig == null) {
-            log.error("Error with connection to GitHub.");
-            return ResponseEntity.status(HttpStatus.FORBIDDEN)
-                    .headers(LPVSWebhookUtil.generateSecurityHeaders())
-                    .body(new LPVSResponseWrapper(ERROR));
-        }
         scanConfig.setAction(LPVSPullRequestAction.SINGLE_SCAN);
         scanConfig.setAttempts(0);
         scanConfig.setDate(new Date());

diff --git a/src/main/java/com/lpvs/service/LPVSGitHubService.java b/src/main/java/com/lpvs/service/LPVSGitHubService.java
@@ -409,7 +409,7 @@ public LPVSQueue getInternalQueueByPullRequest(String pullRequest) {
                                             pullRequestSplit.length - 4,
                                             pullRequestSplit.length - 2));
             int pullRequestNum = Integer.parseInt(pullRequestSplit[pullRequestSplit.length - 1]);
-            GitHub gitHub = gitHubConnectionService.connectToGitHubApi();
+            gitHub = gitHubConnectionService.connectToGitHubApi();
             GHRepository repo = gitHub.getRepository(pullRequestRepo);
             GHPullRequest pR = repo.getPullRequest(pullRequestNum);
             return LPVSWebhookUtil.getGitHubWebhookConfig(repo, pR);

diff --git a/src/main/java/com/lpvs/service/LPVSStatisticsService.java b/src/main/java/com/lpvs/service/LPVSStatisticsService.java
@@ -93,7 +93,7 @@ public List<LPVSPullRequest> pathCheck(
         String findNickName = findMember.getNickname();
         String findOrganization = findMember.getOrganization();
 
-        List<LPVSPullRequest> prList = new ArrayList<>();
+        List<LPVSPullRequest> prList;
 
         if ((type.equals("own") && findNickName.equals(name))
                 || (type.equals("org") && findOrganization.equals(name))) {
@@ -152,13 +152,12 @@ public Dashboard getDashboardEntity(String type, String name, Authentication aut
         }
         totalSenderSet.remove(null);
 
-        for (LocalDate localDate : datePrMap.keySet()) {
+        for (Map.Entry<LocalDate, List<LPVSPullRequest>> entry : datePrMap.entrySet()) {
             Map<Grade, Integer> riskGradeMap = new HashMap<>();
             riskGradeMap = putDefaultriskGradeMap(riskGradeMap);
 
             Set<String> senderSet = new HashSet<>();
-            List<LPVSPullRequest> prByDate = datePrMap.get(localDate);
-            for (LPVSPullRequest pr : prByDate) {
+            for (LPVSPullRequest pr : entry.getValue()) {
                 List<LPVSDetectedLicense> dlList =
                         lpvsDetectedLicenseRepository.findNotNullDLByPR(pr);
                 if (!(pr.getRepositoryName() == null || pr.getRepositoryName().isEmpty())) {
@@ -189,7 +188,10 @@ public Dashboard getDashboardEntity(String type, String name, Authentication aut
             senderSet.remove(null);
             dashboardByDates.add(
                     new DashboardElementsByDate(
-                            localDate, senderSet.size(), prByDate.size(), riskGradeMap));
+                            entry.getKey(),
+                            senderSet.size(),
+                            entry.getValue().size(),
+                            riskGradeMap));
         }
 
         for (String s : totalSenderSet) {

diff --git a/src/main/java/com/lpvs/service/scanner/scanoss/LPVSScanossDetectService.java b/src/main/java/com/lpvs/service/scanner/scanoss/LPVSScanossDetectService.java
@@ -99,7 +99,7 @@ protected BufferedReader createBufferReader(InputStreamReader inputStreamReader)
      */
     public void runScan(LPVSQueue webhookConfig, String path) throws Exception {
         log.debug("Starting Scanoss scanning");
-
+        Process process = null;
         try {
             File resultsDir = new File(getScanResultsDirectoryPath(webhookConfig));
             if (resultsDir.mkdirs()) {
@@ -124,7 +124,7 @@ public void runScan(LPVSQueue webhookConfig, String path) throws Exception {
                             getScanResultsJsonFilePath(webhookConfig),
                             path);
 
-            Process process = processBuilder.inheritIO().start();
+            process = processBuilder.inheritIO().start();
 
             int status = process.waitFor();
 
@@ -143,8 +143,11 @@ public void runScan(LPVSQueue webhookConfig, String path) throws Exception {
         } catch (IOException | InterruptedException ex) {
             log.error("Scanoss scanner terminated with non-zero code. Terminating.");
             throw ex;
+        } finally {
+            if (process != null) {
+                process.destroy();
+            }
         }
-
         log.debug("Scanoss scan done");
     }
 

diff --git a/src/main/java/com/lpvs/util/LPVSCommentUtil.java b/src/main/java/com/lpvs/util/LPVSCommentUtil.java
@@ -7,8 +7,10 @@
 package com.lpvs.util;
 
 import java.io.BufferedWriter;
+import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.List;
 
 import com.lpvs.entity.LPVSDetectedLicense;
@@ -91,31 +93,34 @@ public static String reportCommentBuilder(
             LPVSQueue webhookConfig,
             List<LPVSFile> scanResults,
             List<LPVSLicenseService.Conflict<String, String>> conflicts) {
-        String commitComment = "";
+
+        StringBuilder commitCommentBuilder = new StringBuilder();
 
         if (scanResults != null && scanResults.size() != 0) {
-            commitComment = "**Detected licenses:**\n\n\n";
+            commitCommentBuilder.append("**Detected licenses:**\n\n\n");
             for (LPVSFile file : scanResults) {
-                commitComment += "**File:** " + file.getFilePath() + "\n";
-                commitComment +=
-                        "**License(s):** " + file.convertLicensesToString(LPVSVcs.GITHUB) + "\n";
-                commitComment +=
-                        "**Component:** "
-                                + file.getComponentName()
-                                + " ("
-                                + file.getComponentFilePath()
-                                + ")\n";
-                commitComment +=
-                        "**Matched Lines:** "
-                                + LPVSCommentUtil.getMatchedLinesAsLink(
-                                        webhookConfig, file, LPVSVcs.GITHUB)
-                                + "\n";
-                commitComment += "**Snippet Match:** " + file.getSnippetMatch() + "\n\n\n\n";
+                commitCommentBuilder.append("**File:** ");
+                commitCommentBuilder.append(file.getFilePath());
+                commitCommentBuilder.append("\n");
+                commitCommentBuilder.append("**License(s):** ");
+                commitCommentBuilder.append(file.convertLicensesToString(LPVSVcs.GITHUB));
+                commitCommentBuilder.append("\n");
+                commitCommentBuilder.append("**Component:** ");
+                commitCommentBuilder.append(file.getComponentName());
+                commitCommentBuilder.append(" (");
+                commitCommentBuilder.append(file.getComponentFilePath());
+                commitCommentBuilder.append(")\n");
+                commitCommentBuilder.append("**Matched Lines:** ");
+                commitCommentBuilder.append(
+                        LPVSCommentUtil.getMatchedLinesAsLink(webhookConfig, file, LPVSVcs.GITHUB));
+                commitCommentBuilder.append("\n");
+                commitCommentBuilder.append("**Snippet Match:** ");
+                commitCommentBuilder.append(file.getSnippetMatch());
+                commitCommentBuilder.append("\n\n\n\n");
             }
         }
 
         if (conflicts != null && conflicts.size() > 0) {
-            StringBuilder commitCommentBuilder = new StringBuilder();
             commitCommentBuilder.append("**Detected license conflicts:**\n\n\n");
             commitCommentBuilder.append("<ul>");
             for (LPVSLicenseService.Conflict<String, String> conflict : conflicts) {
@@ -129,10 +134,9 @@ public static String reportCommentBuilder(
                 commitCommentBuilder.append(webhookConfig.getHubLink());
                 commitCommentBuilder.append(")");
             }
-            commitComment += commitCommentBuilder.toString();
         }
 
-        return commitComment;
+        return commitCommentBuilder.toString();
     }
 
     /**
@@ -211,11 +215,13 @@ public static String buildHTMLComment(
      * @param filePath      The path to expected html report file.
      */
     public static void saveHTMLToFile(String htmlContent, String filePath) {
-        try (BufferedWriter writer = new BufferedWriter(new FileWriter(filePath))) {
+        File file = new File(filePath);
+        try (BufferedWriter writer =
+                new BufferedWriter(new FileWriter(file, StandardCharsets.UTF_8))) {
             writer.write(htmlContent);
             log.info("LPVS report saved to: " + filePath);
         } catch (IOException ex) {
-            log.error("error during saving HTML report: " + ex);
+            log.error("error during saving HTML report: " + ex.getMessage());
         }
     }
 }