Merge branch 'sonar-fix' into 'dev'

Fixed very severe security vulnerability (Use logger instead of System.out in SensorSocketEndpoint)

See merge request sa4-2020/the-sanmarinoes/backend!122
This commit is contained in:
Claudio Maggioni 2020-05-09 13:18:50 +02:00
commit 7ab70976c9

View file

@ -13,6 +13,8 @@ import com.google.gson.Gson;
import java.io.IOException; import java.io.IOException;
import java.util.*; import java.util.*;
import javax.websocket.*; import javax.websocket.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -20,6 +22,8 @@ import org.springframework.stereotype.Component;
@Component @Component
public class SensorSocketEndpoint extends Endpoint { public class SensorSocketEndpoint extends Endpoint {
private static final Logger logger = LoggerFactory.getLogger(SensorSocketEndpoint.class);
private final Gson gson = GsonConfig.socketGson(); private final Gson gson = GsonConfig.socketGson();
@Autowired private DevicePopulationService deviceService; @Autowired private DevicePopulationService deviceService;
@ -98,7 +102,7 @@ public class SensorSocketEndpoint extends Endpoint {
authorizedClients.remove(u, s); authorizedClients.remove(u, s);
} }
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); logger.warn(e.getLocalizedMessage(), e);
} }
} }
} }