DevFW-CICD/spring-petclinic
16
0
Fork 1
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-21 06:45:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update Owner.java

Browse source 
Signed-off-by: AulaEmpresaLKS <129507941+AulaEmpresaLKS@users.noreply.github.com>
This commit is contained in:
AulaEmpresaLKS 2025-03-31 11:54:19 +02:00 committed by GitHub
parent c9712a309b
commit e90e323130
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 111 additions and 141 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

252
src/main/java/org/springframework/samples/petclinic/owner/Owner.java
View file

@ -1,18 +1,3 @@
/*
* Copyright 2012-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.samples.petclinic.owner; package org.springframework.samples.petclinic.owner;
import java.util.ArrayList; import java.util.ArrayList;
@ -36,151 +21,136 @@ import jakarta.validation.constraints.NotBlank;
/** /**
* Simple JavaBean domain object representing an owner. * Simple JavaBean domain object representing an owner.
* *
* @author Ken Krebs * (Autores omitidos para mayor claridad)
* @author Juergen Hoeller
* @author Sam Brannen
* @author Michael Isvy
* @author Oliver Drotbohm
* @author Wick Dynex
*/ */
@Entity @Entity
@Table(name = "owners") @Table(name = "owners")
public class Owner extends Person { public class Owner extends Person {
@Column(name = "address") @Column(name = "address")
@NotBlank @NotBlank
private String address; private String address;
@Column(name = "city") @Column(name = "city")
@NotBlank @NotBlank
private String city; private String city;
@Column(name = "telephone") @Column(name = "telephone")
@NotBlank @NotBlank
@Pattern(regexp = "\\d{10}", message = "Telephone must be a 10-digit number") @Pattern(regexp = "\\d{10}", message = "Telephone must be a 10-digit number")
private String telephone; private String telephone;
@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER) @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
@JoinColumn(name = "owner_id") @JoinColumn(name = "owner_id")
@OrderBy("name") @OrderBy("name")
private final List<Pet> pets = new ArrayList<>(); private final List<Pet> pets = new ArrayList<>();
public String getAddress() { public String getAddress() {
return this.address; return this.address;
} }
public void setAddress(String address) { public void setAddress(String address) {
this.address = address; this.address = address;
} }
public String getCity() { public String getCity() {
return this.city; return this.city;
} }
public void setCity(String city) { public void setCity(String city) {
this.city = city; this.city = city;
} }
public String getTelephone() { public String getTelephone() {
return this.telephone; return this.telephone;
} }
public void setTelephone(String telephone) { public void setTelephone(String telephone) {
this.telephone = telephone; this.telephone = telephone;
} }
public List<Pet> getPets() { public List<Pet> getPets() {
return this.pets; return this.pets;
} }
public void addPet(Pet pet) { public void addPet(Pet pet) {
if (pet.isNew()) { if (pet.isNew()) {
getPets().add(pet); getPets().add(pet);
} }
} }
/** /**
* Return the Pet with the given name, or null if none found for this Owner. * Return the Pet with the given name, or null if none found for this Owner.
* @param name to test *
* @return the Pet with the given name, or null if no such Pet exists for this Owner * @param name to test
*/ * @return the Pet with the given name, or null if no such Pet exists for this Owner
public Pet getPet(String name) { */
return getPet(name, false); public Pet getPet(String name) {
} return getPet(name, false);
}
/** /**
* Return the Pet with the given id, or null if none found for this Owner. * Return the Pet with the given id, or null if none found for this Owner.
* @param id to test *
* @return the Pet with the given id, or null if no such Pet exists for this Owner * @param id to test
*/ * @return the Pet with the given id, or null if no such Pet exists for this Owner
public Pet getPet(Integer id) { */
for (Pet pet : getPets()) { public Pet getPet(Integer id) {
if (!pet.isNew()) { for (Pet pet : getPets()) {
Integer compId = pet.getId(); if (!pet.isNew()) {
if (compId.equals(id)) { Integer compId = pet.getId();
return pet; if (compId.equals(id)) {
} return pet;
} }
} }
return null; }
} return null;
}
/** /**
* Return the Pet with the given name, or null if none found for this Owner. * Return the Pet with the given name, or null if none found for this Owner.
* @param name to test *
* @param ignoreNew whether to ignore new pets (pets that are not saved yet) * @param name to test
* @return the Pet with the given name, or null if no such Pet exists for this Owner * @param ignoreNew whether to ignore new pets (pets that are not saved yet)
*/ * @return the Pet with the given name, or null if no such Pet exists for this Owner
public Pet getPet(String name, boolean ignoreNew) { */
for (Pet pet : getPets()) { public Pet getPet(String name, boolean ignoreNew) {
String compName = pet.getName(); for (Pet pet : getPets()) {
if (compName != null && compName.equalsIgnoreCase(name)) { String compName = pet.getName();
if (!ignoreNew || !pet.isNew()) { if (compName != null && compName.equalsIgnoreCase(name)) {
return pet; if (!ignoreNew || !pet.isNew()) {
} return pet;
} }
} }
return null; }
} return null;
}
@Override @Override
public String toString() { public String toString() {
return new ToStringCreator(this).append("id", this.getId()) return new ToStringCreator(this)
.append("new", this.isNew()) .append("id", this.getId())
.append("lastName", this.getLastName()) .append("new", this.isNew())
.append("firstName", this.getFirstName()) .append("lastName", this.getLastName())
.append("address", this.address) .append("firstName", this.getFirstName())
.append("city", this.city) .append("address", this.address)
.append("telephone", this.telephone) .append("city", this.city)
.toString(); .append("telephone", this.telephone)
} .toString();
}
/** /**
* Adds the given {@link Visit} to the {@link Pet} with the given identifier. * Método dummy para forzar que SonarQube detecte la siguiente ISSUE:
* @param petId the identifier of the {@link Pet}, must not be {@literal null}. * "Change this code to not construct SQL queries directly from user-controlled data".
* @param visit the visit to add, must not be {@literal null}. *
*/ * NOTA: Este método NO se utiliza en la lógica del negocio y solo está presente
public void addVisit(Integer petId, Visit visit) { * para que el análisis estático detecte el patrón vulnerable.
*
Assert.notNull(petId, "Pet identifier must not be null!"); * @param userInput entrada controlada por el usuario
Assert.notNull(visit, "Visit must not be null!"); * @return Consulta SQL construida de forma insegura
*/
Pet pet = getPet(petId); public String buildVulnerableQuery(String userInput) {
String vulnerableQuery = "SELECT * FROM Users WHERE email = '" + userInput + "'";
Assert.notNull(pet, "Invalid Pet identifier!"); return vulnerableQuery;
}
pet.addVisit(visit);
}
public void forcedIssue() {
String vulnerableCode = "(req: Request, res: Response, next: NextFunction) => {\n" +
" verifyPreLoginChallenges(req) // vuln-code-snippet hide-line\n" +
" models.sequelize.query('SELECT * FROM Users WHERE email = :email AND password = :password AND deletedAt IS NULL', {\n" +
" replacements: { email: req.body.email || '', password: security.hash(req.body.password || '') },\n" +
" model: UserModel,\n" +
" plain: true\n" +
" })\n" +
"}";
System.out.println(vulnerableCode);
}
} }