Merge pull request #35 from cuioss/feature/fix-code-findings

Fix code findings

SECURITY.md

@@ -3,28 +3,29 @@
 This document outlines security procedures and general policies for the
 CUI Open Source projects as found on [https://github.com/cuioss/cui-portal-ui](https://github.com/cuioss/cui-portal-ui).
 
-  * [Reporting a Vulnerability](#reporting-a-vulnerability)
-  * [Disclosure Policy](#disclosure-policy)
+* [Reporting a Vulnerability](#reporting-a-vulnerability)
+* [Disclosure Policy](#disclosure-policy)
 
-## Reporting a Vulnerability 
+## Reporting a Vulnerability
 
 The CUI Open Source team and community take all security vulnerabilities
-seriously. Thank you for improving the security of our open source 
+seriously. Thank you for improving the security of our open source
 software. We appreciate your efforts and responsible disclosure and will
 make every effort to acknowledge your contributions.
 
-Report security vulnerabilities by using the github security reporting mechanism:
+Report security vulnerabilities by using the GitHub security reporting mechanism:
+
 * https://github.com/cuioss/cui-portal-ui/security
 * -> "Private vulnerability reporting"
 * -> "Report a vulnerability"
 
 The lead maintainer will acknowledge your report within 24 hours, and will
-send a more detailed response within 48 hours indicating the next steps in 
+send a more detailed response within 48 hours indicating the next steps in
 handling your report. After the initial reply to your report, the security
 team will endeavor to keep you informed of the progress towards a fix and
 full announcement, and may ask for additional information or guidance.
 
-Report security vulnerabilities in third-party modules to the person or 
+Report security vulnerabilities in third-party modules to the person or
 team maintaining the module.
 
 ## Disclosure Policy
@@ -33,7 +34,7 @@ When the security team receives a security bug report, they will assign it
 to a primary handler. This person will coordinate the fix and release
 process, involving the following steps:
 
-  * Confirm the problem and determine the affected versions.
-  * Audit code to find any potential similar problems.
-  * Prepare fixes for all releases still under maintenance. These fixes
-    will be released as fast as possible to NPM.
+* Confirm the problem and determine the affected versions.
+* Audit code to find any potential similar problems.
+* Prepare fixes for all releases still under maintenance. These fixes
+  will be released as fast as possible to NPM.

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/configuration/types/ConfigAsViewMatcher.java

@@ -32,7 +32,7 @@
 import de.cuioss.portal.configuration.PortalConfigurationKeys;
 
 /**
- * Injects a config property as a {@link ViewMatcher}. In case the the property
+ * Injects a config property as a {@link ViewMatcher}. In case the property
  * is null or empty it will be an {@link EmptyViewMatcher}. The default
  * splitting character for the individual paths is
  * {@value PortalConfigurationKeys#CONTEXT_PARAM_SEPARATOR}

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/exception/PortalExceptionHandler.java

@@ -16,8 +16,8 @@
 package de.cuioss.portal.ui.api.exception;
 
 /**
- * A Successor of deltaspikes ExcpetionHandler. Not that elegant but works
- * anyway. In essence it defines a handler for specific / single exception;
+ * A Successor of deltaspikes ExceptionHandler. Not that elegant but works
+ * anyway. In essence, it defines a handler for specific / single exception;
  */
 public interface PortalExceptionHandler {
 

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/exception/package-info.java

@@ -10,7 +10,7 @@
  * corresponding {@link java.lang.Throwable} as payload</li>
  * <li>Provide an instance of
  * {@link de.cuioss.portal.ui.api.exception.PortalExceptionHandler} as a
- * {@link javax.enterprise.context.RequestScoped} bean</li>
+ * {@link jakarta.enterprise.context.RequestScoped} bean</li>
  * <li>The rest will be done by the framework. For examples see implementations
  * within 'portal-ui-runtime', e.g.
  * 'de.cuioss.portal.ui.runtime.exception.ViewRelatedExceptionHandler' or

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/history/HistoryManager.java

@@ -52,7 +52,7 @@ public interface HistoryManager extends Serializable, Iterable<ViewIdentifier> {
     void addCurrentUriToHistory(ViewDescriptor viewId);
 
     /**
-     * This methods checks whether a page was reloaded using f5 or the corresponding
+     * This method checks whether a page was reloaded using f5 or the corresponding
      * link.
      * <h3>Assumptions</h3>
      * <ul>
@@ -91,7 +91,7 @@ public interface HistoryManager extends Serializable, Iterable<ViewIdentifier> {
 
     /**
      * @return the previous page. If there is none found it returns the default
-     * page. The found ViewIdentifer, if it is not the fallback, will be
+     * page. The found ViewIdentifier, if it is not the fallback, will be
      * <em>kept</em> from the history
      */
     ViewIdentifier peekPrevious();

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/locale/LocaleResolverService.java

@@ -19,8 +19,8 @@
 import java.util.Locale;
 
 /**
- * Provides methods like access on configured locales and changing the locale on
- * per user basis.
+ * Provides methods like access on configured locales and changing the locale on a
+ * per-user basis.
  *
  * @author Oliver Wolff
  */
@@ -36,13 +36,12 @@ public interface LocaleResolverService {
      * Saves the locale changed by user interaction
      *
      * @param locale to be updated. Must be one of {@link #getAvailableLocales()}.
-     *               Otherwise it will throws an {@link IllegalArgumentException}
+     *               Otherwise, it will throw an {@link IllegalArgumentException}.
      */
     void saveUserLocale(Locale locale);
 
     /**
-     * @return The currently acitve user-locale
-     *
+     * @return The currently active user-locale
      */
     Locale resolveUserLocale();
 }

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/message/StickyMessageProducer.java

@@ -29,31 +29,31 @@ public interface StickyMessageProducer {
     /**
      * Convenience Method for setting sticky info messages
      *
-     * @param messageKey must no be null
+     * @param messageKey must not be null
      * @param parameter  Ellipses of Object Parameter for MessageFormat
      */
     void setInfoMessage(String messageKey, Object... parameter);
 
     /**
      * Convenience Method for setting sticky error messages
      *
-     * @param messageKey must no be null
+     * @param messageKey must not be null
      * @param parameter  Ellipses of Object Parameter for MessageFormat
      */
     void setErrorMessage(String messageKey, Object... parameter);
 
     /**
      * Convenience Method for setting sticky warning messages
      *
-     * @param messageKey must no be null
+     * @param messageKey must not be null
      * @param parameter  Ellipses of Object Parameter for MessageFormat
      */
     void setWarningMessage(String messageKey, Object... parameter);
 
     /**
      * Stores and displays a sticky message with given severity and messageKey.
      *
-     * @param messageKey must no be null
+     * @param messageKey must not be null
      * @param severity   The Severity level of the Message, must not be null.
      * @param parameter  Ellipses of Object Parameter for MessageFormat
      */
@@ -62,7 +62,7 @@ public interface StickyMessageProducer {
     /**
      * Stores and displays a sticky message with given severity and messageString.
      *
-     * @param messageString must no be null
+     * @param messageString must not be null
      * @param severity      The Severity level of the Message, must not be null.
      * @param parameter     Ellipses of Object Parameter for MessageFormat
      */

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/pages/LoginPageClientStorage.java

@@ -45,7 +45,7 @@ public interface LoginPageClientStorage {
      *
      * @param loginCredentials {@linkplain LoginCredentials} must not be
      *                         {@code null}
-     * @throws {@linkplain NullPointerException} if parameter is {@code null}
+     * @throws NullPointerException if parameter is {@code null}
      */
     void updateLocalStored(final LoginCredentials loginCredentials);
 

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/templating/PortalMultiTemplatingMapper.java

@@ -30,17 +30,13 @@
 /**
  * Marker for the portal provided default implementation of
  * {@link MultiTemplatingMapper}. Used for injecting or overriding the portals
- * defaults implementation. It is @ApplicationScoped and
+ * defaults implementation. It is @ApplicationScoped and @Named(PortalCoreBeanNames.MULTI_TEMPLATING_MAPPER_BEAN_NAME)
  *
- * @Named(PortalCoreBeanNames.MULTI_TEMPLATING_MAPPER_BEAN_NAME)
- *
- *                                                               @author Oliver
- *                                                               Wolff
+ * @author Oliver Wolff
  */
 @Qualifier
 @ApplicationScoped
 @Retention(RUNTIME)
 @Target({ TYPE, METHOD, FIELD, PARAMETER })
 public @interface PortalMultiTemplatingMapper {
-
 }

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/templating/PortalMultiViewMapper.java

@@ -30,9 +30,9 @@
 /**
  * Marker for the portal provided default implementation of
  * {@link MultiViewMapper}. Used for injecting or overriding the portals
- * defaults implementation. It is @ApplicationScoped and
+ * defaults implementation. It is @ApplicationScoped and @Named(MultiViewMapper.BEAN_NAME).
  *
- * @Named(MultiViewMapper.BEAN_NAME) @author Oliver Wolff
+ * @author Oliver Wolff
  */
 @Qualifier
 @ApplicationScoped

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/templating/package-info.java

@@ -39,7 +39,7 @@
  * </pre>
  * <p>
  * The <em>/templates</em> part is used for our
- * {@link de.cuioss.portal.ui.api.application.templating.ViewResourceHandler} to
+ * {@link de.cuioss.portal.ui.runtime.application.templating.ViewResourceHandler} to
  * intercept the resolution. The second part identifies the concrete template
  * without the template-directory being part of the path: "Give me that thingy"
  * instead of "Give me the content of that path". This approach let us keep the
@@ -49,7 +49,7 @@
  *
  * <p>
  * While the
- * {@link de.cuioss.portal.ui.api.application.templating.ViewResourceHandler}
+ * {@link de.cuioss.portal.ui.runtime.application.templating.ViewResourceHandler}
  * takes care regarding the delivery of the template the actual logic of which
  * template to choose is implemented within concrete instances of
  * {@link de.cuioss.portal.ui.api.templating.MultiTemplatingMapper} that needs

modules/portal-ui-api/src/main/java/de/cuioss/portal/ui/api/view/ViewRestrictionManager.java

@@ -41,7 +41,7 @@ public interface ViewRestrictionManager extends Serializable {
     Set<String> getRequiredRolesForView(ViewDescriptor descriptor);
 
     /**
-     * Determines whether the currently logged in user is allowed / authorized to
+     * Determines whether the currently logged-in user is allowed / authorized to
      * access the given view.
      *
      * @param descriptor identifying the view to be accessed, must not be null
@@ -51,14 +51,14 @@ public interface ViewRestrictionManager extends Serializable {
     boolean isUserAuthorized(ViewDescriptor descriptor);
 
     /**
-     * Determines whether the currently logged in user is allowed / authorized to
+     * Determines whether the currently logged-in user is allowed / authorized to
      * access the given view, identified by the given outcome.
      *
      * @param viewOutcome String outcome identifying a concrete view that should be
      *                    checked
      * @return a boolean indicating whether the current user is authorized to access
      *         the given view {@code true} or not {@code false}
-     * @throws IllegalStateException signaling, that the view can not not
+     * @throws IllegalStateException signaling, that the view can not be
      *                               determined, e.g.g there is no navigation-rule
      *                               defined for the given outcome
      */

modules/portal-ui-api/src/test/java/de/cuioss/portal/ui/api/lazyloading/BaseLazyLoadingRequestTest.java

@@ -15,8 +15,6 @@
  */
 package de.cuioss.portal.ui.api.lazyloading;
 
-import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
-
 import jakarta.inject.Inject;
 
 import org.jboss.weld.junit5.auto.AddBeanClasses;

modules/portal-ui-api/src/test/java/de/cuioss/portal/ui/api/pages/LoginPageStrategyTest.java

@@ -23,7 +23,7 @@
 class LoginPageStrategyTest {
 
     @Test
-    void shouldReturnStrategyOnExisitingName() {
+    void shouldReturnStrategyOnExistingName() {
         assertEquals(LoginPageStrategy.GOTO_HOME,
                 LoginPageStrategy.getFromString(LoginPageStrategy.GOTO_HOME.getStrategyName()));
         assertEquals(LoginPageStrategy.LOGOUT,

modules/portal-ui-api/src/test/java/de/cuioss/portal/ui/api/test/support/PortalResourceBundleMock.java

@@ -28,8 +28,8 @@
 
 /**
  * Mock variant of {@link ResourceBundleWrapper}. Simulate
- * {@link #getString(String)} (={@link #getObject(String)}) by simply returning
- * the key (like PortalMessageProducerMock ). {@link #getKeys()} will return an
+ * {@link #getString(String)} by simply returning
+ * the key (like PortalMessageProducerMock). Calls to {@link #getKeys()} will return an
  * empty list.
  *
  * @author Oliver Wolff

modules/portal-ui-bootstrap-page-templates/src/main/java/de/cuioss/portal/ui/components/layout/SidebarComponent.java

@@ -58,15 +58,14 @@
  * <h2>Attributes</h2>
  * <ul>
  * <li>Common attributes like style, styleClass, rendered and id</li>
- * <li>{@link HtmlElementProvider}, defaulting to {@value Node#NAV}</li>
+ * <li>{@link HtmlElementProvider}, defaulting to {@link Node#NAV}</li>
  * </ul>
  * <h2>Styling</h2>
  * <ul>
- * <li>The marker css class is '{@value PortalCssClasses#SIDEBAR}'</li>
+ * <li>The marker css class is '{@link PortalCssClasses#SIDEBAR}'</li>
  * </ul>
  *
  * @author Oliver Wolff
- *
  */
 @FacesComponent(PortalFamily.SIDEBAR_COMPONENT)
 @SuppressWarnings("squid:MaximumInheritanceDepth") // Artifact of Jsf-structure

modules/portal-ui-bootstrap-page-templates/src/main/resources/META-INF/portal.taglib.xml

@@ -112,7 +112,7 @@
             <type>java.lang.String</type>
         </attribute>
         <attribute>
-            <description><![CDATA[Flag indicating whether or not this component should be rendered
+            <description><![CDATA[Flag indicating whether this component should be rendered
                 (during Render Response Phase), or processed on any subsequent
                 form submit. The default value for this property is true.]]>
             </description>
@@ -140,7 +140,7 @@
             <type>java.lang.String</type>
         </attribute>
         <attribute>
-            <description><![CDATA[Flag indicating whether or not this component should be rendered
+            <description><![CDATA[Flag indicating whether this component should be rendered
                 (during Render Response Phase), or processed on any subsequent
                 form submit. The default value for this property is true.]]>
             </description>

modules/portal-ui-bootstrap-page-templates/src/main/resources/META-INF/templates/portal/master.xhtml

@@ -74,7 +74,7 @@
 
         <h:panelGroup id="#{GlobalIds.MAIN_CONTENT.id}" layout="block"
                       styleClass="container-fluid">
-            <!-- Display sticky messages. The extension point is an &lt;ui:insert name="stickyMessages" &gt;-->
+            <!-- Display sticky messages. The extension point is a &lt;ui:insert name="stickyMessages" &gt;-->
             <ui:insert name="stickyMessages">
                 <portal:stickyMessages id="stickyMessages"/>
             </ui:insert>

modules/portal-ui-bootstrap-page-templates/src/main/resources/META-INF/templates/portal/master_centered.xhtml

@@ -9,7 +9,7 @@
 <documentation>
 	<body>The master for pages with less content, that can be displayed
 		centered. It provides the container-fluid layout for full screen
-		content. In case you want a layout for for more information to be
+		content. In case you want a layout for more information to be
 		displayed use master.xhtml.
 	</body>
 	<section>
@@ -74,7 +74,7 @@
 
         <h:panelGroup id="#{GlobalIds.MAIN_CONTENT.id}" layout="block"
                       styleClass="container">
-            <!-- Display sticky messages. The extension point is an &lt;ui:insert name="stickyMessages" &gt;-->
+            <!-- Display sticky messages. The extension point is a &lt;ui:insert name="stickyMessages" &gt;-->
             <ui:insert name="stickyMessages">
                 <portal:stickyMessages id="stickyMessages"/>
             </ui:insert>

modules/portal-ui-bootstrap-page-templates/src/main/resources/META-INF/templates/portal/plainView.xhtml

@@ -5,7 +5,7 @@
 	<documentation>
 	<body>
 		Base template for plain views pages without navigation and client timeout.
-        Therefore it is minimal variant of a centered page, disabling the "portal_navigation", "sidebarLeft" and "clientTimeout"
+        Therefore, it is minimal variant of a centered page, disabling the "portal_navigation", "sidebarLeft" and "clientTimeout"
         "Transient" property of the view is not affected, this is controlled via configuration and set for "faces/guest" path as default.
 	</body>
 </documentation>

modules/portal-ui-bootstrap-page-templates/src/main/resources/META-INF/templates/portal/root.xhtml

@@ -9,7 +9,7 @@
 <documentation>
     <body>The root.xhtml extends technical_root.xhtml and creates the basic
         html structure used by all portal
-        pages. In addition it provides
+        pages. In addition, it provides
         standard content elements like a growl for
         global messages, the
         timeout-mechanism, the default ajax-error handling and some more. The
@@ -79,9 +79,9 @@
             var="GlobalIds" />
 
         <!-- Provides a combination of primefaces idle-monitor and some cui specific classes / components.
-          In essence it displays a modal dialog to the user if the current window is idle for longer than the session lives.
+          In essence, it displays a modal dialog to the user if the current window is idle for longer than the session lives.
           On confirm the page will be reloaded. In case of the session being active the page will be displayed again.
-          Otherwise the user will be redirected to the login-screen. It will only be rendered for non-transient views.
+          Otherwise, the user will be redirected to the login-screen. It will only be rendered for non-transient views.
           if you want to exclude it for other pages you can define an empty &lt;ui:insert name="clientTimeout"&gt;
           in your consuming page -->
         <ui:insert name="clientTimeout">
@@ -113,7 +113,7 @@
           This can be overridden via &lt;ui:insert name="portal_home" &gt;.
           To add elements to the navbar between brand element and navigation &lt;ui:insert name="portal_navbar" &gt;
           can be used.
-          The extension point for the actual menu is an &lt;ui:insert name="portal_navigation" &gt;.
+          The extension point for the actual menu is a &lt;ui:insert name="portal_navigation" &gt;.
           The default implementation queries de.cuioss.portal.ui.api.application.menu.NavigationMenuPageBean
           whether to display the navigation elements. For the portal they will be rendered if the user is logged in.
           See de.cuioss.portal.ui.api.menu of CUI-portal-core-spec on details how the dynamic navigation works.
@@ -176,7 +176,7 @@
             </o:cache>
         </nav>
 
-        <!-- Display global messages as a primefaces growl. The extension point is an &lt;ui:insert name="messages" &gt;-->
+        <!-- Display global messages as a primefaces growl. The extension point is a &lt;ui:insert name="messages" &gt;-->
         <ui:insert name="messages">
             <p:growl id="#{GlobalIds.GLOBAL_PAGE_MESSAGES.id}"
                 widgetVar="globalPageMessages" escape="false"