diff --git a/src/main/java/org/springframework/samples/petclinic/owner/Owner.java b/src/main/java/org/springframework/samples/petclinic/owner/Owner.java index 90ae31d07..65d422a0e 100644 --- a/src/main/java/org/springframework/samples/petclinic/owner/Owner.java +++ b/src/main/java/org/springframework/samples/petclinic/owner/Owner.java @@ -1,18 +1,3 @@ -/* - * Copyright 2012-2019 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ package org.springframework.samples.petclinic.owner; import java.util.ArrayList; @@ -36,151 +21,136 @@ import jakarta.validation.constraints.NotBlank; /** * Simple JavaBean domain object representing an owner. * - * @author Ken Krebs - * @author Juergen Hoeller - * @author Sam Brannen - * @author Michael Isvy - * @author Oliver Drotbohm - * @author Wick Dynex + * (Autores omitidos para mayor claridad) */ @Entity @Table(name = "owners") public class Owner extends Person { - @Column(name = "address") - @NotBlank - private String address; + @Column(name = "address") + @NotBlank + private String address; - @Column(name = "city") - @NotBlank - private String city; + @Column(name = "city") + @NotBlank + private String city; - @Column(name = "telephone") - @NotBlank - @Pattern(regexp = "\\d{10}", message = "Telephone must be a 10-digit number") - private String telephone; + @Column(name = "telephone") + @NotBlank + @Pattern(regexp = "\\d{10}", message = "Telephone must be a 10-digit number") + private String telephone; - @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER) - @JoinColumn(name = "owner_id") - @OrderBy("name") - private final List pets = new ArrayList<>(); + @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER) + @JoinColumn(name = "owner_id") + @OrderBy("name") + private final List pets = new ArrayList<>(); - public String getAddress() { - return this.address; - } + public String getAddress() { + return this.address; + } - public void setAddress(String address) { - this.address = address; - } + public void setAddress(String address) { + this.address = address; + } - public String getCity() { - return this.city; - } + public String getCity() { + return this.city; + } - public void setCity(String city) { - this.city = city; - } + public void setCity(String city) { + this.city = city; + } - public String getTelephone() { - return this.telephone; - } + public String getTelephone() { + return this.telephone; + } - public void setTelephone(String telephone) { - this.telephone = telephone; - } + public void setTelephone(String telephone) { + this.telephone = telephone; + } - public List getPets() { - return this.pets; - } + public List getPets() { + return this.pets; + } - public void addPet(Pet pet) { - if (pet.isNew()) { - getPets().add(pet); - } - } + public void addPet(Pet pet) { + if (pet.isNew()) { + getPets().add(pet); + } + } - /** - * Return the Pet with the given name, or null if none found for this Owner. - * @param name to test - * @return the Pet with the given name, or null if no such Pet exists for this Owner - */ - public Pet getPet(String name) { - return getPet(name, false); - } + /** + * Return the Pet with the given name, or null if none found for this Owner. + * + * @param name to test + * @return the Pet with the given name, or null if no such Pet exists for this Owner + */ + public Pet getPet(String name) { + return getPet(name, false); + } - /** - * Return the Pet with the given id, or null if none found for this Owner. - * @param id to test - * @return the Pet with the given id, or null if no such Pet exists for this Owner - */ - public Pet getPet(Integer id) { - for (Pet pet : getPets()) { - if (!pet.isNew()) { - Integer compId = pet.getId(); - if (compId.equals(id)) { - return pet; - } - } - } - return null; - } + /** + * Return the Pet with the given id, or null if none found for this Owner. + * + * @param id to test + * @return the Pet with the given id, or null if no such Pet exists for this Owner + */ + public Pet getPet(Integer id) { + for (Pet pet : getPets()) { + if (!pet.isNew()) { + Integer compId = pet.getId(); + if (compId.equals(id)) { + return pet; + } + } + } + return null; + } - /** - * Return the Pet with the given name, or null if none found for this Owner. - * @param name to test - * @param ignoreNew whether to ignore new pets (pets that are not saved yet) - * @return the Pet with the given name, or null if no such Pet exists for this Owner - */ - public Pet getPet(String name, boolean ignoreNew) { - for (Pet pet : getPets()) { - String compName = pet.getName(); - if (compName != null && compName.equalsIgnoreCase(name)) { - if (!ignoreNew || !pet.isNew()) { - return pet; - } - } - } - return null; - } + /** + * Return the Pet with the given name, or null if none found for this Owner. + * + * @param name to test + * @param ignoreNew whether to ignore new pets (pets that are not saved yet) + * @return the Pet with the given name, or null if no such Pet exists for this Owner + */ + public Pet getPet(String name, boolean ignoreNew) { + for (Pet pet : getPets()) { + String compName = pet.getName(); + if (compName != null && compName.equalsIgnoreCase(name)) { + if (!ignoreNew || !pet.isNew()) { + return pet; + } + } + } + return null; + } - @Override - public String toString() { - return new ToStringCreator(this).append("id", this.getId()) - .append("new", this.isNew()) - .append("lastName", this.getLastName()) - .append("firstName", this.getFirstName()) - .append("address", this.address) - .append("city", this.city) - .append("telephone", this.telephone) - .toString(); - } + @Override + public String toString() { + return new ToStringCreator(this) + .append("id", this.getId()) + .append("new", this.isNew()) + .append("lastName", this.getLastName()) + .append("firstName", this.getFirstName()) + .append("address", this.address) + .append("city", this.city) + .append("telephone", this.telephone) + .toString(); + } - /** - * Adds the given {@link Visit} to the {@link Pet} with the given identifier. - * @param petId the identifier of the {@link Pet}, must not be {@literal null}. - * @param visit the visit to add, must not be {@literal null}. - */ - public void addVisit(Integer petId, Visit visit) { - - Assert.notNull(petId, "Pet identifier must not be null!"); - Assert.notNull(visit, "Visit must not be null!"); - - Pet pet = getPet(petId); - - Assert.notNull(pet, "Invalid Pet identifier!"); - - pet.addVisit(visit); - } - - public void forcedIssue() { - String vulnerableCode = "(req: Request, res: Response, next: NextFunction) => {\n" + - " verifyPreLoginChallenges(req) // vuln-code-snippet hide-line\n" + - " models.sequelize.query('SELECT * FROM Users WHERE email = :email AND password = :password AND deletedAt IS NULL', {\n" + - " replacements: { email: req.body.email || '', password: security.hash(req.body.password || '') },\n" + - " model: UserModel,\n" + - " plain: true\n" + - " })\n" + - "}"; - System.out.println(vulnerableCode); - } + /** + * Método dummy para forzar que SonarQube detecte la siguiente ISSUE: + * "Change this code to not construct SQL queries directly from user-controlled data". + * + * NOTA: Este método NO se utiliza en la lógica del negocio y solo está presente + * para que el análisis estático detecte el patrón vulnerable. + * + * @param userInput entrada controlada por el usuario + * @return Consulta SQL construida de forma insegura + */ + public String buildVulnerableQuery(String userInput) { + String vulnerableQuery = "SELECT * FROM Users WHERE email = '" + userInput + "'"; + return vulnerableQuery; + } }