Sonarcloud action

.github/workflows/sonarcloud.yml

@@ -0,0 +1,54 @@
+name: Sonarcloud analysis
+
+on:
+  push:
+    branches:
+    - master
+    paths:
+      - 'java/**.java'
+      - 'java/**.xml'
+      - '**.py'
+      - 'web/html/src/**.ts'
+      - 'web/html/src/**.tsx'
+  pull_request:
+    paths:
+      - 'java/**.java'
+      - 'java/**.xml'
+      - '**.py'
+      - 'web/html/src/**.ts'
+      - 'web/html/src/**.tsx'
+
+jobs:
+  sonarcloud:
+    runs-on: ubuntu-latest
+    container: registry.opensuse.org/systemsmanagement/uyuni/master/docker/containers/uyuni-master-pgsql:latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Cache dependencies
+      id: cache-dependencies
+      uses: actions/cache@v3
+      with:
+        path: java/lib
+        key: ${{ runner.os }}-java-lib-${{ hashFiles('java/buildconf/ivy/*.*') }}
+
+    - name: Resolve dependencies
+      if: steps.cache-dependencies.outputs.cache-hit != 'true'
+      run: |
+        ant -f java/manager-build.xml ivy
+
+    - name: Compile Java
+      run: ant -f java/manager-build.xml compile
+
+    - name: SonarCloud Scan
+      uses: sonarsource/sonarcloud-github-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONARQUBE_AUTH_UYUNI }}
+        args: >
+          -Dsonar.junit.reportPaths=""
+          -Dsonar.coverage.jacoco.xmlReportPaths=""
+          -Dsonar.pullrequest.key=${{ github.event.number }}
+          -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
+          -Dsonar.pullrequest.base=${{ github.base_ref }}

java/code/src/com/redhat/rhn/common/security/acl/Acl.java

@@ -163,7 +163,7 @@ public class Acl {
     private static final String ACL_SPLIT_REGEX = "\\s*;\\s*";
 
     /** RegEx to split expressions into multiple statements */
-    private static final String EXPR_SPLIT_REGEX = "\\s++or\\s++";
+    private static final String EXPR_SPLIT_REGEX = "\\sor\\s";
 
     /** RegEx to parse statement to grab negation, function call, params */
     private static final String STMT_PARSE_REGEX = "^(not +)?(.*)\\((.*)\\)$";
@@ -393,7 +393,7 @@ public boolean evalAcl(Map<String, Object> context, String acl) {
             int statementLen = statements.length;
 
             for (int stmtIdx = 0; stmtIdx < statementLen; ++stmtIdx) {
-                String statement = statements[stmtIdx];
+                String statement = statements[stmtIdx].trim();
                 log.debug("statement[{}]: {}", stmtIdx, statement);
 
                 result = evalAclStatement(statement, context);

java/code/src/com/redhat/rhn/frontend/action/CSVDownloadAction.java

@@ -185,8 +185,7 @@ protected StreamInfo getStreamInfo(ActionMapping mapping, ActionForm form,
         // Read the CSV separator from user preferences
         User user = new RequestContext(request).getCurrentUser();
         CSVWriter csvWriter = new CSVWriter(new StringWriter(), user.getCsvSeparator());
-        String[] columns = exportColumns.split("\\s*+,\\s*+");
-        csvWriter.setColumns(Arrays.asList(columns));
+        csvWriter.setColumns(Arrays.stream(exportColumns.split(",")).map(c -> c.trim()).collect(Collectors.toList()));
 
         String header = getHeaderText(request, session);
         if (header != null) {

java/code/src/com/redhat/rhn/frontend/action/channel/manage/SyncRepositoriesAction.java

@@ -220,7 +220,7 @@ private Map<String, Map<String, Object>> parseSyncLog(
 
             String lastLine = lines[lines.length - 1];
             // Downloading packages
-            if (lastLine.matches(".*\\d+/\\d+ : .+")) {
+            if (lastLine.matches("\\D*\\d+/\\d+ : .+")) {
                 // Example:
                 // 2016/09/07 14:41:14 +02:00 22/22 : spacewalk-oscap-2.5.3-1.fc24.noarch
                 String[] lineParts = lastLine.split(" ");

java/code/src/com/redhat/rhn/frontend/action/kickstart/PowerManagementAction.java

@@ -45,6 +45,7 @@
 import java.util.List;
 import java.util.SortedMap;
 import java.util.TreeMap;
+import java.util.stream.Collectors;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -240,7 +241,8 @@ public static SortedMap<String, String> setUpPowerTypes(HttpServletRequest reque
         SortedMap<String, String> types = new TreeMap<>();
         String typeString = ConfigDefaults.get().getCobblerPowerTypes();
         if (typeString != null) {
-            List<String> typeNames = Arrays.asList(typeString.split(" *+, *+"));
+            List<String> typeNames = Arrays.stream(typeString.split(","))
+                    .map(c -> c.trim()).collect(Collectors.toList());
             for (String typeName : typeNames) {
                 types.put(
                     LocalizationService.getInstance().getPlainText(

java/code/src/com/redhat/rhn/taskomatic/task/repomd/PrimaryXmlWriter.java

@@ -33,6 +33,7 @@
 import java.io.Writer;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -348,14 +349,14 @@ private static Map<String, String> parseEvr(String evr) {
      */
     private void addEssentialPackageFiles(long pkgId,
             SimpleContentHandler hndlr) throws SAXException {
-        String regex = ".*bin/.*|^/etc/.*|^/usr/lib.sendmail$|^/lib/cpp$";
+        List<String> fullPaths = List.of("/usr/lib.sendmail", "/lib/cpp");
         Collection<PackageCapabilityDto> files = TaskManager
                 .getPackageCapabilityDtos(
                         pkgId,
                         TaskConstants.TASK_QUERY_REPOMD_GENERATOR_CAPABILITY_FILES);
         for (PackageCapabilityDto file : files) {
             String path = sanitize(pkgId, file.getName());
-            if (path.matches(regex)) {
+            if (path.contains("bin/") || path.startsWith("/etc/") || fullPaths.contains(path)) {
                 hndlr.addElementWithCharacters("file", path);
             }
         }

java/code/src/com/suse/manager/reactor/utils/RhelUtils.java

@@ -37,11 +37,11 @@ public class RhelUtils {
     private RhelUtils() { }
 
     private static final Pattern RHEL_RELEASE_MATCHER =
-            Pattern.compile("(.+)\\srelease\\s([\\d.]+)\\s*+\\(([^)]++)\\).*+", Pattern.DOTALL);
+            Pattern.compile("([\\d.]+)\\s*+\\(([^)]++)\\).*+", Pattern.DOTALL);
     private static final Pattern ORACLE_RELEASE_MATCHER =
-            Pattern.compile("(.+)\\srelease\\s([\\d.]+).*", Pattern.DOTALL);
+            Pattern.compile("([\\d.]+).*", Pattern.DOTALL);
     private static final Pattern ALIBABA_RELEASE_MATCHER =
-            Pattern.compile("(.+)\\srelease\\s([\\d.]+)\\s*+LTS\\s*+\\(([^)]++)\\).*+", Pattern.DOTALL);
+            Pattern.compile("([\\d.]+)\\s*+LTS\\s*+\\(([^)]++)\\).*+", Pattern.DOTALL);
 
     /**
      * Information about RHEL based OSes.
@@ -170,40 +170,42 @@ public String getRelease() {
      * @return the parsed content of the release file
      */
     public static Optional<ReleaseFile> parseReleaseFile(String releaseFile) {
+        String[] parts = releaseFile.split("\\srelease\\s", 2);
+        if (parts.length != 2) {
+            return Optional.empty();
+        }
+
         // We match here data from the system and try to find the product
         // how it is named in SCC or sumatoolbox. This requires sometimes
         // some changes on the string we parse.
         //
         // AlmaLinux and AmazonLinux are also matched by the RHEL matcher
-        Matcher matcher = RHEL_RELEASE_MATCHER.matcher(releaseFile);
+        Matcher matcher = RHEL_RELEASE_MATCHER.matcher(parts[1]);
         if (matcher.matches()) {
-            String name =
-                    matcher.group(1).replaceAll("(?i)linux", "").replace(" ", "");
+            String name = parts[0].replaceAll("(?i)linux", "").replace(" ", "");
             if (name.startsWith("Alma") || name.startsWith("Amazon") || name.startsWith("Rocky")) {
-                name = matcher.group(1).replace(" ", "");
+                name = parts[0].replace(" ", "");
             }
-            String majorVersion = StringUtils.substringBefore(matcher.group(2), ".");
-            String minorVersion = StringUtils.substringAfter(matcher.group(2), ".");
-            String release = matcher.group(3);
+            String majorVersion = StringUtils.substringBefore(matcher.group(1), ".");
+            String minorVersion = StringUtils.substringAfter(matcher.group(1), ".");
+            String release = matcher.group(2);
             return Optional.of(new ReleaseFile(name, majorVersion, minorVersion, release));
         }
         else {
-            Matcher amatcher = ALIBABA_RELEASE_MATCHER.matcher(releaseFile);
+            Matcher amatcher = ALIBABA_RELEASE_MATCHER.matcher(parts[1]);
             if (amatcher.matches()) {
-                String name =
-                        amatcher.group(1).replaceAll("(?i)linux", "").replace(" ", "");
-                String majorVersion = StringUtils.substringBefore(amatcher.group(2), ".");
-                String minorVersion = StringUtils.substringAfter(amatcher.group(2), ".");
-                String release = amatcher.group(3);
+                String name = parts[0].replaceAll("(?i)linux", "").replace(" ", "");
+                String majorVersion = StringUtils.substringBefore(amatcher.group(1), ".");
+                String minorVersion = StringUtils.substringAfter(amatcher.group(1), ".");
+                String release = amatcher.group(2);
                 return Optional.of(new ReleaseFile(name, majorVersion, minorVersion, release));
             }
             else {
-                Matcher omatcher = ORACLE_RELEASE_MATCHER.matcher(releaseFile);
+                Matcher omatcher = ORACLE_RELEASE_MATCHER.matcher(parts[1]);
                 if (omatcher.matches()) {
-                    String name =
-                            omatcher.group(1).replaceAll("(?i)server", "").replace(" ", "");
-                    String majorVersion = StringUtils.substringBefore(omatcher.group(2), ".");
-                    String minorVersion = StringUtils.substringAfter(omatcher.group(2), ".");
+                    String name = parts[0].replaceAll("(?i)server", "").replace(" ", "");
+                    String majorVersion = StringUtils.substringBefore(omatcher.group(1), ".");
+                    String minorVersion = StringUtils.substringAfter(omatcher.group(1), ".");
                     return Optional.of(new ReleaseFile(name, majorVersion, minorVersion, ""));
                 }
             }

java/code/src/com/suse/manager/reactor/utils/test/RhelUtilsTest.java

@@ -43,10 +43,10 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
+import java.security.SecureRandom;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Optional;
-import java.util.Random;
 import java.util.UUID;
 import java.util.function.Consumer;
 
@@ -442,7 +442,7 @@ public static Channel createExpandedSupportChannel(
                     suseProd.setRelease(null);
                     suseProd.setReleaseStage(ReleaseStage.released);
                     suseProd.setFriendlyName(friendlyName + "  " + version);
-                    suseProd.setProductId(new Random().nextInt(999999));
+                    suseProd.setProductId(new SecureRandom().nextInt(999999));
                     suseProd.setArch(null); // RES products can contain channels with different archs
                     SUSEProductFactory.save(suseProd);
                     SUSEProductFactory.getSession().flush();

java/code/src/com/suse/manager/webui/services/SaltServerActionService.java

@@ -1698,7 +1698,8 @@ private Map<LocalCall<?>, List<MinionSummary>> scapXccdfEvalAction(
 
         pillar.put("xccdffile", scapActionDetails.getPath());
         if (scapActionDetails.getOvalfiles() != null) {
-            pillar.put("ovalfiles", Arrays.asList(scapActionDetails.getOvalfiles().split("\\s*,\\s*")));
+            pillar.put("ovalfiles", Arrays.stream(scapActionDetails.getOvalfiles().split(","))
+                    .map(c -> c.trim()).collect(toList()));
         }
         if (profileMatcher.find()) {
             pillar.put("profile", profileMatcher.group(1));

java/code/src/com/suse/scc/client/SCCClientUtils.java

@@ -38,8 +38,6 @@
 import java.nio.file.attribute.UserPrincipal;
 import java.nio.file.attribute.UserPrincipalLookupService;
 import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import java.util.zip.GZIPInputStream;
 
 /**
@@ -147,10 +145,9 @@ public static BufferedReader getLoggingReader(URI requestUri, HttpResponse respo
      * @return the filename
      */
     public static String getLogFilename(URI uri, String user) {
-        Pattern pattern = Pattern.compile(".*/(connect|suma)/(.*)");
-        Matcher matcher = pattern.matcher(uri.toString());
-        matcher.matches();
-        String urlFragment = matcher.group(2);
+        String[] parts = uri.toString().split("/(connect|suma)/");
+
+        String urlFragment = parts[1];
         String name = user + "_" + urlFragment + (urlFragment.endsWith(".json") ? "" : ".json");
 
         return name.replaceAll("[^a-zA-Z0-9\\._]+", "_");