From ccf10e681044664888d7e0e0b50623bdbe92de5a Mon Sep 17 00:00:00 2001
From: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Date: Mon, 11 Nov 2024 14:58:58 +0100
Subject: Update vulnerable dependencies in schema-service

- update freemarker (2.3.21 -> 2.3.33)
- update snakeyaml (1.29 -> 2.3)
- remove duplicate declarations of dependencies in pom
- remove aai-aaf-auth dependency

Issue-ID: AAI-4052
Change-Id: Ice8a520f024c024ae7118378176df6fe1242f1bb
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
---
 aai-annotations/pom.xml.versionsBackup             | 78 ----------------------
 aai-queries/pom.xml                                |  6 ++
 .../onap/aai/queries/GremlinServerSingleton.java   | 22 ------
 aai-schema-gen/pom.xml                             |  4 +-
 .../dbedgerules/EdgeDescriptionRules_test.json     | 39 +++++++++++
 aai-schema-service/pom.xml                         | 34 +++-------
 .../config/AuthorizationConfiguration.java         | 40 -----------
 aai-schema/pom.xml                                 | 13 ++--
 8 files changed, 62 insertions(+), 174 deletions(-)
 delete mode 100644 aai-annotations/pom.xml.versionsBackup
 create mode 100644 aai-schema-gen/src/test/resources/dbedgerules/EdgeDescriptionRules_test.json
 delete mode 100644 aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/AuthorizationConfiguration.java

diff --git a/aai-annotations/pom.xml.versionsBackup b/aai-annotations/pom.xml.versionsBackup
deleted file mode 100644
index 1e03e0e..0000000
--- a/aai-annotations/pom.xml.versionsBackup
+++ /dev/null
@@ -1,78 +0,0 @@
-<?xml version="1.0"?>
-<!--
-
-    ============LICENSE_START=======================================================
-    org.onap.aai
-    ================================================================================
-    Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
-    ================================================================================
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
-    ============LICENSE_END=========================================================
-
--->
-<project
-        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
-        xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>org.onap.aai.aai-common</groupId>
-        <artifactId>aai-common</artifactId>
-        <version>1.3.1-SNAPSHOT</version>
-    </parent>
-    <artifactId>aai-annotations</artifactId>
-    <name>aai-annotations</name>
-    <packaging>jar</packaging>
-    <version>1.3.1-SNAPSHOT</version>
-    <properties>
-        <onap.nexus.url>https://nexus.onap.org</onap.nexus.url>
-    </properties>
-    <dependencies>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>3.8.1</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-source-plugin</artifactId>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-deploy-plugin</artifactId>
-            </plugin>
-            <plugin>
-                <groupId>org.sonatype.plugins</groupId>
-                <artifactId>nexus-staging-maven-plugin</artifactId>
-            </plugin>
-        </plugins>
-    </build>
-
-    <!-- Plugins and repositories -->
-    <pluginRepositories>
-        <pluginRepository>
-            <id>central</id>
-            <url>http://repo1.maven.org/maven2</url>
-        </pluginRepository>
-        <pluginRepository>
-            <id>EvoSuite</id>
-            <name>EvoSuite Repository</name>
-            <url>http://www.evosuite.org/m2</url>
-        </pluginRepository>
-    </pluginRepositories>
-
-</project>
diff --git a/aai-queries/pom.xml b/aai-queries/pom.xml
index 82381eb..32906e9 100644
--- a/aai-queries/pom.xml
+++ b/aai-queries/pom.xml
@@ -104,6 +104,12 @@
             <groupId>org.onap.aai.aai-common</groupId>
             <artifactId>aai-core</artifactId>
             <scope>compile</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.onap.aai.aai-common</groupId>
+                    <artifactId>aai-aaf-auth</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.hamcrest</groupId>
diff --git a/aai-queries/src/main/java/org/onap/aai/queries/GremlinServerSingleton.java b/aai-queries/src/main/java/org/onap/aai/queries/GremlinServerSingleton.java
index 2387f04..57cdf4d 100644
--- a/aai-queries/src/main/java/org/onap/aai/queries/GremlinServerSingleton.java
+++ b/aai-queries/src/main/java/org/onap/aai/queries/GremlinServerSingleton.java
@@ -31,7 +31,6 @@ import java.util.TimerTask;
 
 import javax.annotation.PostConstruct;
 
-import org.onap.aai.aaf.auth.FileWatcher;
 import org.onap.aai.logging.LogFormatTools;
 import org.onap.aai.util.AAIConstants;
 import org.slf4j.Logger;
@@ -74,27 +73,6 @@ public class GremlinServerSingleton {
                 + LogFormatTools.getStackTop(e));
         }
 
-        TimerTask task = new FileWatcher(new File(storedQueriesLocation)) {
-            @Override
-            protected void onChange(File file) {
-                try {
-                    String filepath = storedQueriesLocation;
-                    Path path = Paths.get(filepath);
-                    String customQueryConfigJson = new String(Files.readAllBytes(path));
-                    queryConfig = new GetCustomQueryConfig(customQueryConfigJson);
-                } catch (IOException e) {
-                    logger.error("Error occurred during the processing of query json file: "
-                        + LogFormatTools.getStackTop(e));
-                }
-            }
-        };
-
-        if (!timerSet) {
-            timerSet = true;
-            timer = new Timer();
-            timer.schedule(task, new Date(), 10000);
-        }
-
     }
 
     /**
diff --git a/aai-schema-gen/pom.xml b/aai-schema-gen/pom.xml
index 3fc0b86..ceb0a86 100644
--- a/aai-schema-gen/pom.xml
+++ b/aai-schema-gen/pom.xml
@@ -654,7 +654,7 @@
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
-            <version>1.29</version>
+            <version>2.3</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -688,7 +688,7 @@
         <dependency>
             <groupId>org.freemarker</groupId>
             <artifactId>freemarker</artifactId>
-            <version>2.3.21</version>
+            <version>2.3.33</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
diff --git a/aai-schema-gen/src/test/resources/dbedgerules/EdgeDescriptionRules_test.json b/aai-schema-gen/src/test/resources/dbedgerules/EdgeDescriptionRules_test.json
new file mode 100644
index 0000000..c69b741
--- /dev/null
+++ b/aai-schema-gen/src/test/resources/dbedgerules/EdgeDescriptionRules_test.json
@@ -0,0 +1,39 @@
+{
+  "rules": [
+    {
+      "from": "service-subscription",
+      "to": "customer",
+      "label": "org.onap.relationships.inventory.BelongsTo",
+      "direction": "OUT",
+      "multiplicity": "MANY2ONE",
+      "contains-other-v": "!${direction}",
+      "delete-other-v": "!${direction}",
+      "prevent-delete": "NONE",
+      "default": "true",
+      "description":""
+    },
+    {
+      "from": "service-instance",
+      "to": "service-subscription",
+      "label": "org.onap.relationships.inventory.BelongsTo",
+      "direction": "OUT",
+      "multiplicity": "MANY2ONE",
+      "contains-other-v": "!${direction}",
+      "delete-other-v": "!${direction}",
+      "prevent-delete": "NONE",
+      "default": "true",
+      "description":""
+    },
+    {
+      "from": "service-subscription",
+      "to": "tenant",
+      "label": "org.onap.relationships.inventory.Uses",
+      "direction": "OUT",
+      "multiplicity": "MANY2MANY",
+      "contains-other-v": "NONE",
+      "delete-other-v": "NONE",
+      "prevent-delete": "NONE",
+      "default": "true",
+      "description":""
+    }  ]
+}
diff --git a/aai-schema-service/pom.xml b/aai-schema-service/pom.xml
index d0d6627..a5ef621 100644
--- a/aai-schema-service/pom.xml
+++ b/aai-schema-service/pom.xml
@@ -339,11 +339,6 @@
             <groupId>com.fasterxml.jackson.jaxrs</groupId>
             <artifactId>jackson-jaxrs-json-provider</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-all</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>javax.xml.bind</groupId>
             <artifactId>jaxb-api</artifactId>
@@ -384,8 +379,16 @@
                     <groupId>org.onap.aai.aai-common</groupId>
                     <artifactId>aai-schema-ingest</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.onap.aai.aai-common</groupId>
+                    <artifactId>aai-aaf-auth</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.onap.aai.aai-common</groupId>
+            <artifactId>aai-els-onap-logging</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-test</artifactId>
@@ -508,10 +511,6 @@
             </plugins>
         </pluginManagement>
         <plugins>
-            <plugin>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-maven-plugin</artifactId>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-clean-plugin</artifactId>
@@ -693,7 +692,6 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
             </plugin>
-
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
@@ -710,22 +708,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-clean-plugin</artifactId>
-                <version>3.2.0</version>
-                <configuration>
-                    <filesets>
-                        <fileset>
-                            <directory>${project.basedir}/src/main/resources/schema</directory>
-                            <includes>
-                                <include>**/*</include>
-                            </includes>
-                            <followSymlinks>false</followSymlinks>
-                        </fileset>
-                    </filesets>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
     <reporting>
diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/AuthorizationConfiguration.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/AuthorizationConfiguration.java
deleted file mode 100644
index 971fb2b..0000000
--- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/config/AuthorizationConfiguration.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aai.schemaservice.config;
-
-import org.onap.aai.aaf.auth.AAIAuthCore;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-
-@Profile("two-way-ssl")
-@Configuration
-public class AuthorizationConfiguration {
-
-    @Value("${schema.uri.base.path}")
-    private String basePath;
-
-    @Bean
-    public AAIAuthCore aaiAuthCore() {
-        return new AAIAuthCore(basePath);
-    }
-}
diff --git a/aai-schema/pom.xml b/aai-schema/pom.xml
index edc2d2f..a078d38 100644
--- a/aai-schema/pom.xml
+++ b/aai-schema/pom.xml
@@ -59,12 +59,12 @@
             <groupId>org.jvnet.jaxb2_commons</groupId>
             <artifactId>jaxb2-basics</artifactId>
             <version>0.11.1</version>
-	    <exclusions>
-               <exclusion>
-		 <groupId>commons-beanutils</groupId>
-		 <artifactId>commons-beanutils</artifactId>
-               </exclusion>
-	     </exclusions>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-beanutils</groupId>
+                    <artifactId>commons-beanutils</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.googlecode.json-simple</groupId>
@@ -145,6 +145,7 @@
             <plugin>
                 <groupId>org.sonatype.plugins</groupId>
                 <artifactId>nexus-staging-maven-plugin</artifactId>
+                <version>1.6.13</version>
             </plugin>
         </plugins>
         <resources>
-- 
cgit 1.2.3-korg