fixed issues reported by sonarqube

app.json

@@ -71,6 +71,14 @@
 		"para_gmaps_api_key": {
 			"description": "Google Maps API key",
 			"value": ""
+		},
+		"para_csp_header_enabled": {
+			"description": "Enable or disable the Content-Security-Policy header.",
+			"value": "true"
+		},
+		"para_csp_header": {
+			"description": "The value of the CSP header (leave blank to use the default value)",
+			"value": ""
 		}
 	},
 	"formation": {

pom.xml

@@ -4,7 +4,7 @@
 
 	<groupId>com.erudika</groupId>
 	<artifactId>scoold</artifactId>
-	<version>1.24.0</version>
+	<version>1.24.1</version>
 
 	<parent>
 		<groupId>org.springframework.boot</groupId>
@@ -80,7 +80,7 @@
 		<dependency>
 			<groupId>com.erudika</groupId>
 			<artifactId>para-client</artifactId>
-			<version>1.24.0</version>
+			<version>1.24.1</version>
 		</dependency>
 		<dependency>
 			<groupId>rome</groupId>

src/main/java/com/erudika/scoold/controllers/ProfileController.java

@@ -106,7 +106,7 @@ public String mods(@PathVariable String id, @RequestParam Boolean makemod, HttpS
 				boolean isShowUserAdmin = User.Groups.ADMINS.toString().equals(showUser.getGroups());
 				boolean isShowUserMod = User.Groups.MODS.toString().equals(showUser.getGroups());
 				if (makemod && utils.isAdmin(authUser) && !isShowUserAdmin) {
-					showUser.setGroups((makemod && !isShowUserMod) ? MODS.toString() : USERS.toString());
+					showUser.setGroups(isShowUserMod ? USERS.toString() : MODS.toString());
 					showUser.update();
 				}
 			}

src/main/java/com/erudika/scoold/controllers/SearchController.java

@@ -79,21 +79,21 @@ public String get(@PathVariable(required = false) String type, @PathVariable(req
 		List<Post> answerlist = new ArrayList<Post>();
 		List<Post> feedbacklist = new ArrayList<Post>();
 		Pager itemcount = utils.getPager("page", req);
-		query = StringUtils.isBlank(q) ? query : q;
+		String queryString = StringUtils.isBlank(q) ? query : q;
 
 		if ("questions".equals(type)) {
-			questionlist = pc.findQuery(Utils.type(Question.class), query, itemcount);
+			questionlist = pc.findQuery(Utils.type(Question.class), queryString, itemcount);
 		} else if ("answers".equals(type)) {
-			answerlist = pc.findQuery(Utils.type(Reply.class), query, itemcount);
+			answerlist = pc.findQuery(Utils.type(Reply.class), queryString, itemcount);
 		} else if ("feedback".equals(type)) {
-			feedbacklist = pc.findQuery(Utils.type(Feedback.class), query, itemcount);
+			feedbacklist = pc.findQuery(Utils.type(Feedback.class), queryString, itemcount);
 		} else if ("people".equals(type)) {
-			userlist = pc.findQuery(Utils.type(Profile.class), query, itemcount);
+			userlist = pc.findQuery(Utils.type(Profile.class), queryString, itemcount);
 		} else {
-			questionlist = pc.findQuery(Utils.type(Question.class), query);
-			answerlist = pc.findQuery(Utils.type(Reply.class), query);
-			feedbacklist = pc.findQuery(Utils.type(Feedback.class), query);
-			userlist = pc.findQuery(Utils.type(Profile.class), query);
+			questionlist = pc.findQuery(Utils.type(Question.class), queryString);
+			answerlist = pc.findQuery(Utils.type(Reply.class), queryString);
+			feedbacklist = pc.findQuery(Utils.type(Feedback.class), queryString);
+			userlist = pc.findQuery(Utils.type(Profile.class), queryString);
 		}
 		ArrayList<Post> list = new ArrayList<Post>();
 		list.addAll(questionlist);
@@ -105,7 +105,7 @@ public String get(@PathVariable(required = false) String type, @PathVariable(req
 		model.addAttribute("title", utils.getLang(req).get("search.title"));
 		model.addAttribute("searchSelected", "navbtn-hover");
 		model.addAttribute("showParam", type);
-		model.addAttribute("searchQuery", query);
+		model.addAttribute("searchQuery", queryString);
 		model.addAttribute("itemcount", itemcount);
 		model.addAttribute("userlist", userlist);
 		model.addAttribute("questionlist", questionlist);

src/main/java/com/erudika/scoold/controllers/TranslateController.java

@@ -77,7 +77,7 @@ public String translate(@PathVariable String locale, @PathVariable(required = fa
 			HttpServletRequest req, Model model) {
 
 		Locale showLocale = utils.getLangutils().getProperLocale(locale);
-		if (showLocale == null || showLocale.getLanguage().equals("en")) {
+		if (showLocale == null || "en".equals(showLocale.getLanguage())) {
 			// can't translate default language
 			return "redirect:" + languageslink;
 		}
@@ -110,7 +110,7 @@ public String translate(@PathVariable String locale, @PathVariable(required = fa
     public String post(@PathVariable String locale, @PathVariable String index, @RequestParam String value,
 			HttpServletRequest req, Model model) {
 		Locale showLocale = utils.getLangutils().getProperLocale(locale);
-		if (utils.isAuthenticated(req) && showLocale != null && !showLocale.getLanguage().equals("en")) {
+		if (utils.isAuthenticated(req) && showLocale != null && !"en".equals(showLocale.getLanguage())) {
 			Set<String> approved = utils.getLangutils().getApprovedTransKeys(showLocale.getLanguage());
 			Profile authUser = utils.getAuthUser(req);
 			String langkey = langkeys.get(getIndex(index, langkeys));
@@ -142,7 +142,7 @@ public String approve(@PathVariable String id, HttpServletRequest req, Model mod
 			} else {
 				trans.setApproved(true);
 				utils.getLangutils().approveTranslation(trans.getLocale(), trans.getThekey(), trans.getValue());
-				utils.addBadge(utils.getAuthUser(req), POLYGLOT, (Profile) pc.read(trans.getCreatorid()), true, true);
+				utils.addBadge((Profile) pc.read(trans.getCreatorid()), POLYGLOT, true, true);
 			}
 			pc.update(trans);
 		}
@@ -168,7 +168,8 @@ public String delete(@PathVariable String id, HttpServletRequest req, Model mode
 		return "base";
 	}
 
-	private int getNextIndex(int start, Set<String> approved, List<String> langkeys) {
+	private int getNextIndex(int fromIndex, Set<String> approved, List<String> langkeys) {
+		int start = fromIndex;
 		if (start < 0) start = 0;
 		if (start >= approved.size()) start = approved.size() - 1;
 		int nexti = (start + 1) >= langkeys.size() ? 0 : (start + 1);

src/main/java/com/erudika/scoold/controllers/VoteController.java

@@ -40,7 +40,7 @@
 import static com.erudika.scoold.core.Profile.Badge.VOTER;
 import com.erudika.scoold.core.Report;
 import com.erudika.scoold.utils.ScooldUtils;
-import java.util.ArrayList;
+import java.util.Arrays;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang3.StringUtils;
@@ -105,15 +105,15 @@ boolean processVoteRequest(boolean isUpvote, String type, String id, HttpServlet
 				votes++;
 				authUser.incrementUpvotes();
 				updateAuthUser = true;
-				int reward = 0;
+				int reward;
 
 				if (votable instanceof Post) {
 					Post p = (Post) votable;
 					if (p.isReply()) {
-						utils.addBadge(authUser, GOODANSWER, author, votes >= GOODANSWER_IFHAS, false);
+						utils.addBadge(author, GOODANSWER, votes >= GOODANSWER_IFHAS, false);
 						reward = ANSWER_VOTEUP_REWARD_AUTHOR;
 					} else if (p.isQuestion()) {
-						utils.addBadge(authUser, GOODQUESTION, author, votes >= GOODQUESTION_IFHAS, false);
+						utils.addBadge(author, GOODQUESTION, votes >= GOODQUESTION_IFHAS, false);
 						reward = QUESTION_VOTEUP_REWARD_AUTHOR;
 					} else {
 						reward = VOTEUP_REWARD_AUTHOR;
@@ -159,15 +159,14 @@ boolean processVoteRequest(boolean isUpvote, String type, String id, HttpServlet
 		utils.addBadgeOnce(authUser, CRITIC, authUser.getDownvotes() >= CRITIC_IFHAS);
 		utils.addBadgeOnce(authUser, VOTER, authUser.getTotalVotes() >= VOTER_IFHAS);
 
-		if (updateAuthUser || updateVoter) {
-			ArrayList<Profile> list = new ArrayList<Profile>(2);
-			if (updateVoter) {
-				list.add(author);
-			}
-			if (updateAuthUser) {
-				list.add(authUser);
-			}
-			pc.updateAll(list);
+		if (updateVoter) {
+			pc.update(author);
+		}
+		if (updateAuthUser) {
+			pc.update(authUser);
+		}
+		if (updateAuthUser && updateVoter) {
+			pc.updateAll(Arrays.asList(author, authUser));
 		}
 		return result;
 	}

src/main/java/com/erudika/scoold/core/Post.java

@@ -165,9 +165,8 @@ public String getTitle() {
 	}
 
 	public void setTitle(String title) {
-		title = StringUtils.trimToEmpty(title);
 		if (!StringUtils.isBlank(title)) {
-			this.title = title;
+			this.title = StringUtils.trimToEmpty(title);
 			setName(title);
 		}
 	}
@@ -337,7 +336,6 @@ public boolean isFeedback() {
 
 	public String getPostLink(boolean plural, boolean noid) {
 		Post p = this;
-		if (p == null) return "/";
 		String ptitle = Utils.noSpaces(Utils.stripAndTrim(p.getTitle()), "-");
 		String pid = (noid ? "" : "/" + p.getId() + "/" + ptitle);
 		if (p.isQuestion()) {

src/main/java/com/erudika/scoold/core/Profile.java

@@ -56,7 +56,7 @@ public class Profile extends Sysprop {
 	private transient Integer newreports;
 	private transient User user;
 
-	public static enum Badge{
+	public static enum Badge {
 		VETERAN(10),		//regular visitor		//TODO: IMPLEMENT!
 
 		NICEPROFILE(10),	//100% profile completed
@@ -82,9 +82,9 @@ public static enum Badge{
 		DISCIPLINED(0),		//each time user deletes own comment
 		POLYGLOT(5);		//for every approved translation
 
-		private int reward;
+		private final int reward;
 
-		Badge(int reward) {
+		Badge (int reward) {
 			this.reward = reward;
 		}
 
@@ -95,7 +95,7 @@ public String toString() {
 		public Integer getReward() {
 			return this.reward;
 		}
-	};
+	}
 
     public Profile () {
 		this(null, null);

src/main/java/com/erudika/scoold/utils/LanguageUtils.java

@@ -110,8 +110,8 @@ public Map<String, String> readLanguage(String langCode) {
 			if (s != null && !s.getProperties().isEmpty()) {
 				Map<String, Object> loaded = s.getProperties();
 				lang = new TreeMap<String, String>();
-				for (String key : loaded.keySet()) {
-					lang.put(key, loaded.get(key).toString());
+				for (Map.Entry<String, Object> entry : loaded.entrySet()) {
+					lang.put(entry.getKey(), String.valueOf(entry.getValue()));
 				}
 			}
 		}
@@ -139,11 +139,12 @@ public void writeLanguage(String langCode, Map<String, String> lang, boolean wri
 			// this will overwrite a saved language map!
 			Sysprop s = new Sysprop(keyPrefix.concat(langCode));
 			Map<String, String> dlang = getDefaultLanguage();
-			for (String key : dlang.keySet()) {
+			for (Map.Entry<String, String> entry : dlang.entrySet()) {
+				String key = entry.getKey();
 				if (lang.containsKey(key)) {
 					s.addProperty(key, lang.get(key));
 				} else {
-					s.addProperty(key, dlang.get(key));
+					s.addProperty(key, entry.getValue());
 				}
 			}
 			pc.create(s);
@@ -156,10 +157,9 @@ public void writeLanguage(String langCode, Map<String, String> lang, boolean wri
 	 * @return a locale. default is English
 	 */
 	public Locale getProperLocale(String langCode) {
-		langCode = StringUtils.substring(langCode, 0, 2);
-		langCode = (StringUtils.isBlank(langCode) || !ALL_LOCALES.containsKey(langCode)) ?
-				"en" : langCode.trim().toLowerCase();
-		return ALL_LOCALES.get(langCode);
+		String lang = StringUtils.substring(langCode, 0, 2);
+		lang = (StringUtils.isBlank(lang) || !ALL_LOCALES.containsKey(lang)) ? "en" : lang.trim().toLowerCase();
+		return ALL_LOCALES.get(lang);
 	}
 
 	/**
@@ -344,7 +344,7 @@ private void updateTranslationProgressMap(String langCode, int value) {
 			approved = defsize;
 		}
 
-		if (defsize == 0) {
+		if (((int) defsize) == 0) {
 			progress.put(langCode, 0);
 		} else {
 			progress.put(langCode, (int) ((approved / defsize) * 100));
@@ -390,7 +390,7 @@ private Map<String, String> readLanguageFromFile(String langCode) {
 					}
 				}
 			} catch (Exception e) {
-				logger.info("Could not read language file " + file + ": {}", e.toString());
+				logger.info("Could not read language file " + file + ": ", e);
 			} finally {
 				try {
 					if (ins != null) ins.close();
@@ -422,7 +422,7 @@ private void writeLanguageToFile(String langCode, Map<String, String> lang) {
 					updateTranslationProgressMap(langCode, progress);
 				}
 			} catch (Exception ex) {
-				logger.error("Could not write language to file: {}", ex.toString());
+				logger.error("Could not write language to file: ", ex);
 			} finally {
 				try {
 					if (fos != null) fos.close();

src/main/java/com/erudika/scoold/utils/ScooldEmailer.java

@@ -30,7 +30,7 @@ public class ScooldEmailer implements Emailer {
 	@Override
 	public boolean sendEmail(List<String> emails, String subject, String body) {
 		// TODO: connect to a real email service
-		LoggerFactory.getLogger(ScooldEmailer.class).info("EMAIL SENT: " + subject);
+		LoggerFactory.getLogger(ScooldEmailer.class).info("EMAIL SENT to {}, {}", emails, subject);
 		return true;
 	}
 

src/main/java/com/erudika/scoold/utils/ScooldRequestInterceptor.java

@@ -169,15 +169,10 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
 				utils.param(request, "page1") || utils.param(request, "page2"))) {
 			modelAndView.setViewName("pagination"); // switch to page fragment view
 		}
-
+		// CSP Header
 		if (Config.getConfigBoolean("csp_header_enabled", true)) {
-			response.addHeader("Content-Security-Policy", "default-src 'self'; base-uri 'self'; "
-					+ "connect-src 'self' scoold.com www.google-analytics.com; "
-					+ "frame-src 'self' accounts.google.com staticxx.facebook.com; "
-					+ "font-src cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com; "
-					+ "script-src 'self' 'unsafe-eval' apis.google.com maps.googleapis.com connect.facebook.net cdnjs.cloudflare.com www.google-analytics.com code.jquery.com static.scoold.com; "
-					+ "style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com static.scoold.com; "
-					+ "img-src 'self' https:; report-uri /reports/cspv");
+			response.addHeader("Content-Security-Policy",
+					Config.getConfigParam("csp_header", utils.getDefaultContentSecurityPolicy()));
 		}
 	}
 }

src/main/java/com/erudika/scoold/utils/ScooldUtils.java

@@ -268,55 +268,28 @@ public void clearSession(HttpServletRequest req, HttpServletResponse res) {
 	}
 
 	public boolean addBadgeOnce(Profile authUser, Profile.Badge b, boolean condition) {
-		return addBadge(authUser, b, authUser, condition && !authUser.hasBadge(b), false);
+		return addBadge(authUser, b, condition && !authUser.hasBadge(b), false);
 	}
 
 	public boolean addBadgeOnceAndUpdate(Profile authUser, Profile.Badge b, boolean condition) {
 		return addBadgeAndUpdate(authUser, b, condition && authUser != null && !authUser.hasBadge(b));
 	}
 
 	public boolean addBadgeAndUpdate(Profile authUser, Profile.Badge b, boolean condition) {
-		return addBadge(authUser, b, null, condition, true);
+		return addBadge(authUser, b, condition, true);
 	}
 
-	public boolean addBadge(Profile authUser, Profile.Badge b, Profile u, boolean condition, boolean update) {
-		if (u == null) {
-			u = authUser;
-		}
-		if (authUser == null || !condition) {
-			return false;
-		}
-
-		String newb = StringUtils.isBlank(u.getNewbadges()) ? "" : u.getNewbadges().concat(",");
-		newb = newb.concat(b.toString());
-
-		u.addBadge(b);
-		u.setNewbadges(newb);
-		if (update) {
-			u.update();
-		}
-		return true;
-	}
+	public boolean addBadge(Profile user, Profile.Badge b, boolean condition, boolean update) {
+		if (user != null && condition) {
+			String newb = StringUtils.isBlank(user.getNewbadges()) ? "" : user.getNewbadges().concat(",");
+			newb = newb.concat(b.toString());
 
-	public boolean removeBadge(Profile authUser, Profile.Badge b, Profile u, boolean condition) {
-		if (u == null) {
-			u = authUser;
-		}
-		if (authUser == null || !condition) {
-			return false;
-		}
-
-		if (StringUtils.contains(u.getNewbadges(), b.toString())) {
-			String newb = u.getNewbadges();
-			newb = newb.replaceAll(b.toString().concat(","), "");
-			newb = newb.replaceAll(b.toString(), "");
-			newb = newb.replaceFirst(",$", "");
-			u.setNewbadges(newb);
+			user.addBadge(b);
+			user.setNewbadges(newb);
+			if (update) {
+				user.update();
+			}
 		}
-
-		u.removeBadge(b);
-		u.update();
-
 		return true;
 	}
 
@@ -340,4 +313,15 @@ public List<String> checkForBadges(Profile authUser, HttpServletRequest req) {
 		}
 		return badgelist;
 	}
+
+	public String getDefaultContentSecurityPolicy() {
+		return "default-src 'self'; base-uri 'self'; "
+				+ "connect-src 'self' scoold.com www.google-analytics.com; "
+				+ "frame-src 'self' accounts.google.com staticxx.facebook.com; "
+				+ "font-src cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com; "
+				+ "script-src 'self' 'unsafe-eval' apis.google.com maps.googleapis.com connect.facebook.net "
+					+ "cdnjs.cloudflare.com www.google-analytics.com code.jquery.com static.scoold.com; "
+				+ "style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com static.scoold.com; "
+				+ "img-src 'self' https:; report-uri /reports/cspv";
+	}
 }