Fix critical security issues

-change pom dependencies version Change-Id: I8ea5410575f95e7054ca2d93a1c712a12607893a Issue-ID: EXTAPI-126 Signed-off-by: romaingimbert <romain.gimbert@orange.com>
author: romaingimbert <romain.gimbert@orange.com> 2018-09-03 14:41:17 +0200
committer: romaingimbert <romain.gimbert@orange.com> 2018-09-03 14:41:17 +0200
commit: 6041103fc59c2d2c7461d2844582aee23086758f (patch)
tree: bf769beadd77837979e93f7f60a74d5b5407bf78
parent: 83d3d0b7511bce0a4dce7724e1e4a6b54d3b3dc4 (diff)
4 files changed, 15 insertions, 11 deletions
diff --git a/pom.xml b/pom.xml
index e7768ff..ddd06a9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,13 +113,17 @@
 					<groupId>org.apache.tomcat.embed</groupId>
 					<artifactId>tomcat-embed-core</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>com.fasterxml.jackson.core</groupId>
+					<artifactId>jackson-databind</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 
 		<dependency>
 			<groupId>org.apache.tomcat.embed</groupId>
 			<artifactId>tomcat-embed-core</artifactId>
-			<version>8.5.33</version>
+			<version>8.5.32</version>
 		</dependency>
 
 		<dependency>
@@ -159,7 +163,7 @@
 		<dependency>
 			<groupId>commons-beanutils</groupId>
 			<artifactId>commons-beanutils</artifactId>
-			<version>1.9.0</version>
+			<version>1.7.0</version>
 		</dependency>
 
 		<dependency>
diff --git a/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java b/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java
index 69e4a51..228e12d 100644
--- a/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java
+++ b/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java
@@ -19,7 +19,6 @@ import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import org.apache.commons.collections.CollectionUtils;
 import org.onap.nbi.apis.servicecatalog.jolt.FindServiceSpecJsonTransformer;
 import org.onap.nbi.apis.servicecatalog.jolt.GetServiceSpecJsonTransformer;
 import org.onap.nbi.apis.serviceorder.ServiceCatalogUrl;
@@ -27,6 +26,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.MultiValueMap;
 
 @Service
@@ -67,7 +67,7 @@ public class ServiceSpecificationService {
     public List<LinkedHashMap> find(MultiValueMap<String, String> parametersMap) {
         List<LinkedHashMap> sdcResponse = sdcClient.callFind(parametersMap);
         List<LinkedHashMap> serviceCatalogResponse = new ArrayList<>();
-        if(CollectionUtils.isNotEmpty(sdcResponse)){
+        if(!CollectionUtils.isEmpty(sdcResponse)){
             serviceCatalogResponse =
                 findServiceSpecJsonTransformer.transform(sdcResponse);
         }
diff --git a/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java b/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java
index 6b70a18..54b5486 100644
--- a/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java
+++ b/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java
@@ -13,6 +13,8 @@
  */
 package org.onap.nbi.apis.servicecatalog;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -26,15 +28,13 @@ import java.util.Map.Entry;
 import java.util.Set;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
-import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.io.FileUtils;
 import org.onap.nbi.exceptions.TechnicalException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import org.springframework.util.CollectionUtils;
 
 @Service
 public class ToscaInfosProcessor {
@@ -96,7 +96,7 @@ public class ToscaInfosProcessor {
             Object aDefault = parameter.get("default");
             if (parameter.get("entry_schema") != null) {
                 ArrayList entrySchema = (ArrayList) parameter.get("entry_schema");
-                if (CollectionUtils.isNotEmpty(entrySchema)) {
+                if (!CollectionUtils.isEmpty(entrySchema)) {
                     buildCharacteristicValuesFormShema(parameterType, serviceSpecCharacteristicValues, aDefault,
                             entrySchema);
                 }
@@ -110,7 +110,7 @@ public class ToscaInfosProcessor {
         LinkedHashMap constraints = (LinkedHashMap) entrySchema.get(0);
         if (constraints != null) {
             ArrayList constraintsList = (ArrayList) constraints.get("constraints");
-            if (CollectionUtils.isNotEmpty(constraintsList)) {
+            if (!CollectionUtils.isEmpty(constraintsList)) {
                 LinkedHashMap valuesMap = (LinkedHashMap) constraintsList.get(0);
                 if (valuesMap != null) {
                     List<Object> values = (List<Object>) valuesMap.get("valid_values");
diff --git a/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java b/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java
index d38d012..1564e9c 100644
--- a/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java
+++ b/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java
@@ -16,7 +16,6 @@ import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-import org.apache.commons.collections.CollectionUtils;
 import org.onap.nbi.apis.serviceinventory.jolt.FindServiceInventoryJsonTransformer;
 import org.onap.nbi.apis.serviceinventory.jolt.GetServiceInventoryJsonTransformer;
 import org.onap.nbi.exceptions.BackendFunctionalException;
@@ -25,6 +24,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 
@@ -137,7 +137,7 @@ public class ServiceInventoryService {
             buildServiceInstances(serviceInstances, customerId, serviceName);
         }
         List<LinkedHashMap> serviceInventoryResponse = new ArrayList<>();
-        if(CollectionUtils.isNotEmpty(serviceInstances)){
+        if(!CollectionUtils.isEmpty(serviceInstances)){
             serviceInventoryResponse =
                 findServiceInventoryJsonTransformer.transform(serviceInstances);
             for (LinkedHashMap serviceInventory : serviceInventoryResponse) {
author	romaingimbert <romain.gimbert@orange.com>	2018-09-03 14:41:17 +0200
committer	romaingimbert <romain.gimbert@orange.com>	2018-09-03 14:41:17 +0200
commit	6041103fc59c2d2c7461d2844582aee23086758f (patch)
tree	bf769beadd77837979e93f7f60a74d5b5407bf78
parent	83d3d0b7511bce0a4dce7724e1e4a6b54d3b3dc4 (diff)