Solve sonar security issue.

Dependabot replaces Renovate Expand javadoc
rabobank · Apr 11, 2023 · dd50275 · dd50275
1 parent 2b83a8d
commit dd50275
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ The findings are reported using log statements.
 1. Build the library locally and add it as a dependency to your project (**We are still working on deploying this to Maven Central**)
 2. In order to see the differences, the library expects the `slf4j-api` library to be provided by the using application.
 3. Optional: To be able to inspect the values of the differences, it is required to set up encryption. Not setting up encryption allows you to see the different keys only, so no values.
-   To begin, an RSA 2048 bit public and private key are required. Generate as follows (for both the public and private key):
+   To begin, an RSA (at least) 2048 bit public and private key are required. Generate as follows (for both the public and private key):
    ```bash
    openssl genrsa -out pair.pem 2048 && openssl rsa -in pair.pem -pubout -out public.key && openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pair.pem -out private.key && rm -rf pair.pem
    ```

diff --git a/src/main/java/io/github/rabobank/shadow_tool/ShadowFlow.java b/src/main/java/io/github/rabobank/shadow_tool/ShadowFlow.java
@@ -21,6 +21,9 @@
 import static java.util.stream.Collectors.joining;
 import static org.javers.core.diff.ListCompareAlgorithm.LEVENSHTEIN_DISTANCE;
 
+/**
+ * @param <T> The model that the current and new flow should be mapped to for comparison.
+ */
 public class ShadowFlow<T> {
 
     private static final int ZERO = 0;
@@ -203,6 +206,9 @@ private boolean shouldCallNewFlow() {
         return ThreadLocalRandom.current().nextInt(HUNDRED) < percentage;
     }
 
+    /**
+     * @param <T> The model that the current and new flow should be mapped to for comparison.
+     */
     public static class ShadowFlowBuilder<T> {
 
         private final Logger logger = LoggerFactory.getLogger(ShadowFlowBuilder.class);
@@ -244,8 +250,7 @@ public ShadowFlowBuilder<T> withExecutorService(final ExecutorService executorSe
          * This configures the shadow flow to log the values of the differences found between the two flows.
          * Since the data is potentially sensitive, encryption is required.
          *
-         * @param keyInHex                  The key used for encryption, should be 32 bytes length formatted as a Hex string.
-         * @param initializationVectorInHex The IV used for encryption, should be 16 bytes length, formatted as a Hex string.
+         * @param publicKey The public RSA key used for encryption, should be at least 2048 bits.
          * @return This builder.
          */
         public ShadowFlowBuilder<T> withEncryption(final PublicKey publicKey) {

diff --git a/src/test/java/io/github/rabobank/shadow_tool/ShadowFlowTest.java b/src/test/java/io/github/rabobank/shadow_tool/ShadowFlowTest.java
@@ -317,12 +317,4 @@ static Stream<Arguments> verifyLogMessageArguments() {
                 Arguments.of(101, "Invalid percentage! Must be within the range of 0 and 100. Got 101. The shadow flow will be effectively disabled by setting it to 0%.")
         );
     }
-
-    static Stream<Arguments> verifyLogMessageArguments() {
-        return Stream.of(
-                Arguments.of(100, "The following differences were found: place, madrigals"),
-                Arguments.of(100, "[instance=default] The following differences were found: place, madrigals"),
-                Arguments.of(101, "Invalid percentage! Must be within the range of 0 and 100. Got 101. The shadow flow will be effectively disabled by setting it to 0%.")
-        );
-    }
 }