aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@est.tech>2019-09-14 12:39:25 +0100
committerPamela Dragosh <pdragosh@research.att.com>2019-09-18 12:00:30 +0000
commit304b402d9a1cc20b9d746f16900340e0193cb7d6 (patch)
tree1165fb1441f7882fda0a01ca8c485eb57d651909
parent949f47c7c2180bbf101df5234325f469db82848d (diff)
Disable Jython Excutor for security
The Jython interpreter pulls in many dependencies that are flagged as having security problems. We will disable Python support in apex-pdp until Frankfurt, users can compile from source if they wish to re-enable python support. Issue-ID: POLICY-1509 Change-Id: I84215ba8d1009cb7af99cd98ba19008fdff5c378 Signed-off-by: liamfallon <liam.fallon@est.tech> (cherry picked from commit 88f175903e93e138687b5fbfe5140831df5440c2)
Diffstat
-rw-r--r--core/core-engine/src/main/java/org/onap/policy/apex/core/engine/EngineParameterConstants.java6
-rw-r--r--packages/apex-pdp-package-full/pom.xml5
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/pom.xml3
-rw-r--r--plugins/plugins-executor/pom.xml2
-rw-r--r--pom.xml3
-rw-r--r--testsuites/integration/integration-executor-test/pom.xml5
-rw-r--r--testsuites/integration/integration-executor-test/src/test/java/org/onap/policy/apex/testsuites/integration/executor/engine/TestApexEngineJython.java27
-rw-r--r--testsuites/performance/performance-benchmark-test/pom.xml5
8 files changed, 32 insertions, 24 deletions
diff --git a/core/core-engine/src/main/java/org/onap/policy/apex/core/engine/EngineParameterConstants.java b/core/core-engine/src/main/java/org/onap/policy/apex/core/engine/EngineParameterConstants.java
index 96a83f3a6..1ac0ef6c2 100644
--- a/core/core-engine/src/main/java/org/onap/policy/apex/core/engine/EngineParameterConstants.java
+++ b/core/core-engine/src/main/java/org/onap/policy/apex/core/engine/EngineParameterConstants.java
@@ -5,15 +5,15 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
+ *
* SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
diff --git a/packages/apex-pdp-package-full/pom.xml b/packages/apex-pdp-package-full/pom.xml
index ce914d11b..7066c679b 100644
--- a/packages/apex-pdp-package-full/pom.xml
+++ b/packages/apex-pdp-package-full/pom.xml
@@ -120,11 +120,12 @@
<artifactId>plugins-executor-jruby</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
+ <!-- Jython support disabled due to security concerns -->
+ <!-- dependency>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
<artifactId>plugins-executor-jython</artifactId>
<version>${project.version}</version>
- </dependency>
+ </dependency-->
<dependency>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
<artifactId>plugins-executor-mvel</artifactId>
diff --git a/plugins/plugins-executor/plugins-executor-jython/pom.xml b/plugins/plugins-executor/plugins-executor-jython/pom.xml
index 377e4e515..bf1381a26 100644
--- a/plugins/plugins-executor/plugins-executor-jython/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jython/pom.xml
@@ -17,7 +17,8 @@
SPDX-License-Identifier: Apache-2.0
============LICENSE_END=========================================================
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
diff --git a/plugins/plugins-executor/pom.xml b/plugins/plugins-executor/pom.xml
index 467810917..2cae53c1b 100644
--- a/plugins/plugins-executor/pom.xml
+++ b/plugins/plugins-executor/pom.xml
@@ -44,7 +44,7 @@
<module>plugins-executor-java</module>
<module>plugins-executor-javascript</module>
<module>plugins-executor-jruby</module>
- <module>plugins-executor-jython</module>
+ <!--module>plugins-executor-jython</module-->
<module>plugins-executor-mvel</module>
</modules>
diff --git a/pom.xml b/pom.xml
index 6d0bb01ed..c3e2e3ad2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -238,7 +238,8 @@
<adsite-plugins-executor-java-dir>${project.basedir}/plugins/plugins-executor/plugins-executor-java/src</adsite-plugins-executor-java-dir>
<adsite-plugins-executor-javascript-dir>${project.basedir}/plugins/plugins-executor/plugins-executor-javascript/src</adsite-plugins-executor-javascript-dir>
<adsite-plugins-executor-jruby-dir>${project.basedir}/plugins/plugins-executor/plugins-executor-jruby/src</adsite-plugins-executor-jruby-dir>
- <adsite-plugins-executor-jython-dir>${project.basedir}/plugins/plugins-executor/plugins-executor-jython/src</adsite-plugins-executor-jython-dir>
+ <!-- Jython support disabled due to security concerns -->
+ <!-- adsite-plugins-executor-jython-dir>${project.basedir}/plugins/plugins-executor/plugins-executor-jython/src</adsite-plugins-executor-jython-dir-->
<adsite-plugins-executor-mvel-dir>${project.basedir}/plugins/plugins-executor/plugins-executor-mvel/src</adsite-plugins-executor-mvel-dir>
<adsite-services-engine-dir>${project.basedir}/services/services-engine/src</adsite-services-engine-dir>
diff --git a/testsuites/integration/integration-executor-test/pom.xml b/testsuites/integration/integration-executor-test/pom.xml
index 8f4917777..c95d476c9 100644
--- a/testsuites/integration/integration-executor-test/pom.xml
+++ b/testsuites/integration/integration-executor-test/pom.xml
@@ -54,12 +54,13 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
- <dependency>
+ <!-- Jython support disabled due to security concerns -->
+ <!-- dependency>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
<artifactId>plugins-executor-jython</artifactId>
<version>${project.version}</version>
<scope>test</scope>
- </dependency>
+ </dependency-->
<dependency>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
<artifactId>plugins-executor-javascript</artifactId>
diff --git a/testsuites/integration/integration-executor-test/src/test/java/org/onap/policy/apex/testsuites/integration/executor/engine/TestApexEngineJython.java b/testsuites/integration/integration-executor-test/src/test/java/org/onap/policy/apex/testsuites/integration/executor/engine/TestApexEngineJython.java
index 12a28e293..088d04fd7 100644
--- a/testsuites/integration/integration-executor-test/src/test/java/org/onap/policy/apex/testsuites/integration/executor/engine/TestApexEngineJython.java
+++ b/testsuites/integration/integration-executor-test/src/test/java/org/onap/policy/apex/testsuites/integration/executor/engine/TestApexEngineJython.java
@@ -5,15 +5,15 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
+ *
* SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
@@ -32,11 +32,14 @@ import org.onap.policy.apex.context.parameters.SchemaParameters;
import org.onap.policy.apex.core.engine.EngineParameters;
import org.onap.policy.apex.core.infrastructure.threading.ThreadUtilities;
import org.onap.policy.apex.model.basicmodel.concepts.ApexException;
-import org.onap.policy.apex.plugins.executor.jython.JythonExecutorParameters;
+import org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters;
import org.onap.policy.common.parameters.ParameterService;
/**
- * The Class TestApexEngineJython.
+ * The Class TestApexEngineJython should be the test class for the Jython interpreter.
+ *
+ * <p>It actually reruns the javascript tests as a placeholder until the Jython security issues are resolved.
+ *
*/
public class TestApexEngineJython {
private SchemaParameters schemaParameters;
@@ -49,12 +52,12 @@ public class TestApexEngineJython {
@Before
public void beforeTest() {
schemaParameters = new SchemaParameters();
-
+
schemaParameters.setName(ContextParameterConstants.SCHEMA_GROUP_NAME);
schemaParameters.getSchemaHelperParameterMap().put("JAVA", new JavaSchemaHelperParameters());
ParameterService.register(schemaParameters);
-
+
contextParameters = new ContextParameters();
contextParameters.setName(ContextParameterConstants.MAIN_GROUP_NAME);
@@ -66,9 +69,9 @@ public class TestApexEngineJython {
ParameterService.register(contextParameters.getDistributorParameters());
ParameterService.register(contextParameters.getLockManagerParameters());
ParameterService.register(contextParameters.getPersistorParameters());
-
+
engineParameters = new EngineParameters();
- engineParameters.getExecutorParameterMap().put("JYTHON", new JythonExecutorParameters());
+ engineParameters.getExecutorParameterMap().put("JAVASCRIPT", new JavascriptExecutorParameters());
ParameterService.register(engineParameters);
}
@@ -78,7 +81,7 @@ public class TestApexEngineJython {
@After
public void afterTest() {
ParameterService.deregister(engineParameters);
-
+
ParameterService.deregister(contextParameters.getDistributorParameters());
ParameterService.deregister(contextParameters.getLockManagerParameters());
ParameterService.deregister(contextParameters.getPersistorParameters());
@@ -96,8 +99,8 @@ public class TestApexEngineJython {
*/
@Test
public void testApexEngineJython() throws ApexException, InterruptedException, IOException {
- new TestApexEngine("JYTHON", engineParameters);
+ new TestApexEngine("JAVASCRIPT", engineParameters);
ThreadUtilities.sleep(5000);
- new TestApexEngine("JYTHON", engineParameters);
+ new TestApexEngine("JAVASCRIPT", engineParameters);
}
}
diff --git a/testsuites/performance/performance-benchmark-test/pom.xml b/testsuites/performance/performance-benchmark-test/pom.xml
index 09002d69d..9c9e1efdc 100644
--- a/testsuites/performance/performance-benchmark-test/pom.xml
+++ b/testsuites/performance/performance-benchmark-test/pom.xml
@@ -73,12 +73,13 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
- <dependency>
+ <!-- Jython support disabled due to security concerns -->
+ <!-- dependency>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
<artifactId>plugins-executor-jython</artifactId>
<version>${project.version}</version>
<scope>test</scope>
- </dependency>
+ </dependency-->
<dependency>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-executor</groupId>
<artifactId>plugins-executor-java</artifactId>