summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrank Kimmlingen <frank.kimmlingen@telekom.de>2024-01-16 16:30:56 +0100
committerFrank Kimmlingen <frank.kimmlingen@telekom.de>2024-01-18 16:49:35 +0100
commitbffa7655e2fbd73a3975b650a9ec955c8a9d7d2f (patch)
tree29f61549509e1ec4a2efbbb094fb7e9153514200
parent5b924a33f2b7cd936aab934d706c8f735f7570d6 (diff)
reduce CDS java security vulnerabilities
upgrade to spring-boot 2.7.18 (Last spring-boot 2.x version) upgrade the additional versions inside the cds Issue-ID: CCSDK-3981 Signed-off-by: Frank Kimmlingen <frank.kimmlingen@telekom.de> Change-Id: I239fbdb8b6f58095d805399c6f9ed3af6e7b42fe
-rw-r--r--components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml6
-rwxr-xr-xms/blueprintsprocessor/application/pom.xml2
-rw-r--r--ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt6
-rw-r--r--ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt10
-rw-r--r--ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt2
-rw-r--r--ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt2
-rw-r--r--ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt2
-rw-r--r--ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt12
-rw-r--r--ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt2
-rw-r--r--ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt2
-rwxr-xr-xms/blueprintsprocessor/parent/pom.xml20
-rwxr-xr-xms/sdclistener/parent/pom.xml8
-rw-r--r--pom.xml6
13 files changed, 44 insertions, 36 deletions
diff --git a/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml b/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml
index df8b1c205..74d89bdf2 100644
--- a/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml
+++ b/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml
@@ -81,7 +81,7 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.12</version>
+ <version>4.13.1</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -93,7 +93,7 @@
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
- <version>4.9.3</version>
+ <version>4.10.0</version>
</dependency>
</dependencies>
@@ -289,7 +289,7 @@
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
- <version>3.14.0</version>
+ <version>4.10.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
diff --git a/ms/blueprintsprocessor/application/pom.xml b/ms/blueprintsprocessor/application/pom.xml
index f4250ed54..1feed00ff 100755
--- a/ms/blueprintsprocessor/application/pom.xml
+++ b/ms/blueprintsprocessor/application/pom.xml
@@ -189,7 +189,7 @@
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock-jre8</artifactId>
- <version>2.25.0</version>
+ <version>2.35.1</version>
<scope>test</scope>
</dependency>
<!-- END UAT -->
diff --git a/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt b/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt
index 7aefbb0d6..31d90fdcb 100644
--- a/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt
+++ b/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt
@@ -21,7 +21,7 @@ import com.google.common.collect.ImmutableSet
import org.apache.sshd.client.SshClient
import org.apache.sshd.client.channel.ClientChannel
import org.apache.sshd.client.session.ClientSession
-import org.apache.sshd.common.FactoryManager
+import org.apache.sshd.core.CoreModuleProperties
import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.DeviceInfo
import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.NetconfException
import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.NetconfRpcService
@@ -204,8 +204,8 @@ class NetconfSessionImpl(private val deviceInfo: DeviceInfo, private val rpcServ
private fun startClient() {
setupNewSSHClient()
- client.properties.putIfAbsent(FactoryManager.IDLE_TIMEOUT, TimeUnit.SECONDS.toMillis(idleTimeout.toLong()))
- client.properties.putIfAbsent(FactoryManager.NIO2_READ_TIMEOUT, TimeUnit.SECONDS.toMillis(idleTimeout + 15L))
+ client.properties.putIfAbsent(CoreModuleProperties.IDLE_TIMEOUT.name, TimeUnit.SECONDS.toMillis(idleTimeout.toLong()))
+ client.properties.putIfAbsent(CoreModuleProperties.NIO2_READ_TIMEOUT.name, TimeUnit.SECONDS.toMillis(idleTimeout + 15L))
client.start()
startSession()
diff --git a/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt b/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt
index 41e4f8290..22c68f182 100644
--- a/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt
+++ b/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt
@@ -30,7 +30,7 @@ import org.apache.sshd.client.future.DefaultAuthFuture
import org.apache.sshd.client.future.DefaultConnectFuture
import org.apache.sshd.client.future.DefaultOpenFuture
import org.apache.sshd.client.session.ClientSession
-import org.apache.sshd.common.FactoryManager
+import org.apache.sshd.core.CoreModuleProperties
import org.junit.Before
import org.junit.Test
import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.DeviceInfo
@@ -385,8 +385,8 @@ class NetconfSessionImplTest {
netconfSessionSpy.setClient(mockSshClient)
netconfSessionSpy.connect()
verify { mockSshClient.start() }
- assertTrue { propertiesMap.containsKey(FactoryManager.IDLE_TIMEOUT) }
- assertTrue { propertiesMap.containsKey(FactoryManager.NIO2_READ_TIMEOUT) }
+ assertTrue { propertiesMap.containsKey(CoreModuleProperties.IDLE_TIMEOUT.name) }
+ assertTrue { propertiesMap.containsKey(CoreModuleProperties.NIO2_READ_TIMEOUT.name) }
}
@Test
@@ -429,7 +429,7 @@ class NetconfSessionImplTest {
val succeededSessionFuture = DefaultConnectFuture(Any(), Any())
succeededSessionFuture.value = mockClientSession
every { mockSshClient.connect(deviceInfo.username, deviceInfo.ipAddress, deviceInfo.port) } returns succeededSessionFuture
- every { mockClientSession.waitFor(any(), any()) } returns
+ every { mockClientSession.waitFor(any(), any<Long>()) } returns
setOf(ClientSession.ClientSessionEvent.WAIT_AUTH, ClientSession.ClientSessionEvent.CLOSED)
val netconfSessionSpy = spyk(netconfSession, recordPrivateCalls = true)
every { netconfSessionSpy["setupNewSSHClient"]() as Unit } just Runs
@@ -451,7 +451,7 @@ class NetconfSessionImplTest {
val succeededSessionFuture = DefaultConnectFuture(Any(), Any())
succeededSessionFuture.value = mockClientSession
every { mockSshClient.connect(deviceInfo.username, deviceInfo.ipAddress, deviceInfo.port) } returns succeededSessionFuture
- every { mockClientSession.waitFor(any(), any()) } returns
+ every { mockClientSession.waitFor(any(), any<Long>()) } returns
setOf(
ClientSession.ClientSessionEvent.WAIT_AUTH,
ClientSession.ClientSessionEvent.CLOSED,
diff --git a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt
index b97492dc8..b0e0d70b3 100644
--- a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt
@@ -17,7 +17,7 @@
package org.onap.ccsdk.cds.controllerblueprints.resource.dict.service
-import org.apache.commons.collections.CollectionUtils
+import org.apache.commons.collections4.CollectionUtils
import org.apache.commons.lang3.StringUtils
import org.apache.commons.lang3.text.StrBuilder
import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintException
diff --git a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt
index 5117c4388..c2ad4de85 100644
--- a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt
@@ -16,7 +16,7 @@
package org.onap.ccsdk.cds.controllerblueprints.resource.dict.utils
-import org.apache.commons.collections.CollectionUtils
+import org.apache.commons.collections4.CollectionUtils
import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
import org.onap.ccsdk.cds.controllerblueprints.core.asListOfString
import org.onap.ccsdk.cds.controllerblueprints.core.utils.TopologicalSortingUtils
diff --git a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt
index c09474a2b..d6a5f7f82 100644
--- a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt
@@ -18,7 +18,7 @@ package org.onap.ccsdk.cds.controllerblueprints.resource.dict.utils
import com.fasterxml.jackson.databind.JsonNode
import com.fasterxml.jackson.databind.node.NullNode
-import org.apache.commons.collections.MapUtils
+import org.apache.commons.collections4.MapUtils
import org.apache.commons.lang3.StringUtils
import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintConstants
import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
diff --git a/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt b/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt
index 6e9d1968f..41cf607ee 100644
--- a/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt
+++ b/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt
@@ -19,7 +19,9 @@ package org.onap.ccsdk.cds.blueprintsprocessor.ssh.service.echoShell
import org.apache.sshd.common.Factory
import org.apache.sshd.server.Environment
import org.apache.sshd.server.ExitCallback
+import org.apache.sshd.server.channel.ChannelSession
import org.apache.sshd.server.command.Command
+import org.apache.sshd.server.shell.ShellFactory
import java.io.BufferedReader
import java.io.IOException
import java.io.InputStream
@@ -27,12 +29,16 @@ import java.io.InputStreamReader
import java.io.InterruptedIOException
import java.io.OutputStream
-class EchoShellFactory : Factory<Command> {
+class EchoShellFactory : Factory<Command>, ShellFactory {
override fun create(): Command {
return EchoShell()
}
+ override fun createShell(channel: ChannelSession?): Command {
+ return EchoShell()
+ }
+
companion object {
val INSTANCE = EchoShellFactory()
@@ -69,14 +75,14 @@ class EchoShell : Command, Runnable {
}
@Throws(IOException::class)
- override fun start(env: Environment) {
+ override fun start(channel: ChannelSession?, env: Environment?) {
environment = env
thread = Thread(this, "EchoShell")
thread!!.isDaemon = true
thread!!.start()
}
- override fun destroy() {
+ override fun destroy(channel: ChannelSession?) {
thread!!.interrupt()
}
diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt
index 0af1e1586..066d34664 100644
--- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt
+++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt
@@ -18,7 +18,7 @@
package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.handler
import com.google.common.base.Preconditions
-import org.apache.commons.collections.CollectionUtils
+import org.apache.commons.collections4.CollectionUtils
import org.apache.commons.lang3.StringUtils
import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.DesignerApiDomains
import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.domain.ResourceDictionary
diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt
index db2e06eb5..59a80cc02 100644
--- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt
+++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt
@@ -16,7 +16,7 @@
package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.service
-import org.apache.commons.collections.CollectionUtils
+import org.apache.commons.collections4.CollectionUtils
import org.onap.ccsdk.cds.controllerblueprints.resource.dict.factory.ResourceSourceMappingFactory
import org.slf4j.LoggerFactory
import org.springframework.beans.factory.annotation.Value
diff --git a/ms/blueprintsprocessor/parent/pom.xml b/ms/blueprintsprocessor/parent/pom.xml
index 8e29e06bb..3a888ab35 100755
--- a/ms/blueprintsprocessor/parent/pom.xml
+++ b/ms/blueprintsprocessor/parent/pom.xml
@@ -40,22 +40,22 @@
<h2database.version>1.4.197</h2database.version>
<powermock.version>1.7.4</powermock.version>
- <mockkserver.version>5.5.1</mockkserver.version>
+ <mockkserver.version>5.13.0</mockkserver.version>
<json.unit.version>2.8.0</json.unit.version>
<xmlunit.version>2.6.3</xmlunit.version>
- <sshd.version>2.2.0</sshd.version>
+ <sshd.version>2.10.0</sshd.version>
<jsch.version>0.1.55</jsch.version>
<jslt.version>0.1.8</jslt.version>
<jython.version>2.7.2</jython.version>
<jinja.version>2.7.0</jinja.version>
- <guava.version>27.0.1-jre</guava.version>
+ <guava.version>33.0.0-jre</guava.version>
<json-patch.version>1.9</json-patch.version>
- <json-smart.version>2.4.6</json-smart.version>
+ <json-smart.version>2.4.9</json-smart.version>
<commons-io-version>2.8.0</commons-io-version>
<commons-compress-version>1.21</commons-compress-version>
- <commons-collections-version>3.2.2</commons-collections-version>
+ <commons-collections-version>4.4</commons-collections-version>
</properties>
<dependencyManagement>
@@ -89,8 +89,8 @@
<!-- Common Utils Dependencies -->
<dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
<version>${commons-collections-version}</version>
</dependency>
<dependency>
@@ -565,8 +565,9 @@
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ <version>${commons-collections-version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
@@ -658,6 +659,7 @@
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
+ <version>${protobuff.java.utils.version}</version>
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
diff --git a/ms/sdclistener/parent/pom.xml b/ms/sdclistener/parent/pom.xml
index 973d05eea..f0abd1f5e 100755
--- a/ms/sdclistener/parent/pom.xml
+++ b/ms/sdclistener/parent/pom.xml
@@ -33,7 +33,7 @@
<properties>
<eelf.version>1.0.0</eelf.version>
- <guava.version>27.0.1-jre</guava.version>
+ <guava.version>33.0.0-jre</guava.version>
<onap.logger.slf4j>1.2.2</onap.logger.slf4j>
<powermock.version>1.7.4</powermock.version>
<mockk.version>1.12.8</mockk.version>
@@ -63,9 +63,9 @@
<version>3.2.1</version>
</dependency>
<dependency>
- <groupId>commons-collections</groupId>
- <artifactId>commons-collections</artifactId>
- <version>3.2.2</version>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ <version>4.4</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
diff --git a/pom.xml b/pom.xml
index 847e12454..bc2bca499 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,7 +21,7 @@ limitations under the License.
<parent>
<groupId>org.onap.ccsdk.parent</groupId>
- <artifactId>spring-boot-26-starter-parent</artifactId>
+ <artifactId>spring-boot-27-starter-parent</artifactId>
<version>2.6.1</version>
<relativePath/>
</parent>
@@ -76,7 +76,7 @@ limitations under the License.
<ccsdk.sli.version>1.5.2</ccsdk.sli.version>
<ccsdk.cds.version>${project.version}</ccsdk.cds.version>
- <kotlin.version>1.6.21</kotlin.version>
+ <kotlin.version>1.7.0</kotlin.version>
<kotlin.maven.version>1.6.21</kotlin.maven.version>
<kotlin.couroutines.version>1.6.4</kotlin.couroutines.version>
<kotlinpoet.version>1.11.0</kotlinpoet.version>
@@ -85,7 +85,7 @@ limitations under the License.
<grpc.version>1.29.0</grpc.version>
<netty-ssl>2.0.50.Final</netty-ssl>
<protobuff.java.version>3.10.0</protobuff.java.version>
- <protobuff.java.utils.version>3.10.0</protobuff.java.utils.version>
+ <protobuff.java.utils.version>3.16.3</protobuff.java.utils.version>
<mockk.version>1.12.8</mockk.version>
</properties>