From 0d9b3896ad594816b1eb7048949114e6a18c4bd4 Mon Sep 17 00:00:00 2001
From: "Lee, Tian (tl5884)" <TianL@amdocs.com>
Date: Mon, 1 Oct 2018 16:24:47 +0100
Subject: Fix NexusIQ security vulnerabilities

Remove Spring Boot Jackson dependencies and replace with Gson
implementation.

Fix potential source of NullPointerException.

Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d
Issue-ID: AAF-529
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
---
 .../src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java')

diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java b/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java
index b5c000c..55fcdd1 100644
--- a/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java
+++ b/sidecar/rproxy/src/main/java/org/onap/aaf/rproxy/ReverseProxyService.java
@@ -35,7 +35,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.actuate.endpoint.InvalidEndpointRequestException;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -45,6 +44,7 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
 @RestController
@@ -152,8 +152,8 @@ public class ReverseProxyService {
                 restTemplate.postForEntity(forwardProxyURI, credentialCacheData, String.class);
 
         if (!response.getStatusCode().is2xxSuccessful()) {
-            throw new InvalidEndpointRequestException("Error posting to credential cache.",
-                    "Status code: " + response.getStatusCodeValue() + " Message: " + response.getBody());
+            throw new HttpClientErrorException(response.getStatusCode(),
+                    "Error posting to credential cache. Message: " + response.getBody());
         }
     }
 
-- 
cgit 1.2.3-korg