diff options
author | Frank Kimmlingen <frank.kimmlingen@telekom.de> | 2024-01-16 16:30:56 +0100 |
---|---|---|
committer | Frank Kimmlingen <frank.kimmlingen@telekom.de> | 2024-01-18 16:49:35 +0100 |
commit | bffa7655e2fbd73a3975b650a9ec955c8a9d7d2f (patch) | |
tree | 29f61549509e1ec4a2efbbb094fb7e9153514200 | |
parent | 5b924a33f2b7cd936aab934d706c8f735f7570d6 (diff) |
reduce CDS java security vulnerabilities
upgrade to spring-boot 2.7.18 (Last spring-boot 2.x version)
upgrade the additional versions inside the cds
Issue-ID: CCSDK-3981
Signed-off-by: Frank Kimmlingen <frank.kimmlingen@telekom.de>
Change-Id: I239fbdb8b6f58095d805399c6f9ed3af6e7b42fe
13 files changed, 44 insertions, 36 deletions
diff --git a/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml b/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml index df8b1c205..74d89bdf2 100644 --- a/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml +++ b/components/model-catalog/blueprint-model/test-blueprint-kotlin-parent/pom.xml @@ -81,7 +81,7 @@ <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> - <version>4.12</version> + <version>4.13.1</version> <scope>test</scope> </dependency> <dependency> @@ -93,7 +93,7 @@ <dependency> <groupId>com.squareup.okhttp3</groupId> <artifactId>okhttp</artifactId> - <version>4.9.3</version> + <version>4.10.0</version> </dependency> </dependencies> @@ -289,7 +289,7 @@ <dependency> <groupId>com.squareup.okhttp3</groupId> <artifactId>okhttp</artifactId> - <version>3.14.0</version> + <version>4.10.0</version> </dependency> <dependency> <groupId>commons-io</groupId> diff --git a/ms/blueprintsprocessor/application/pom.xml b/ms/blueprintsprocessor/application/pom.xml index f4250ed54..1feed00ff 100755 --- a/ms/blueprintsprocessor/application/pom.xml +++ b/ms/blueprintsprocessor/application/pom.xml @@ -189,7 +189,7 @@ <dependency> <groupId>com.github.tomakehurst</groupId> <artifactId>wiremock-jre8</artifactId> - <version>2.25.0</version> + <version>2.35.1</version> <scope>test</scope> </dependency> <!-- END UAT --> diff --git a/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt b/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt index 7aefbb0d6..31d90fdcb 100644 --- a/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt +++ b/ms/blueprintsprocessor/functions/netconf-executor/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImpl.kt @@ -21,7 +21,7 @@ import com.google.common.collect.ImmutableSet import org.apache.sshd.client.SshClient import org.apache.sshd.client.channel.ClientChannel import org.apache.sshd.client.session.ClientSession -import org.apache.sshd.common.FactoryManager +import org.apache.sshd.core.CoreModuleProperties import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.DeviceInfo import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.NetconfException import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.NetconfRpcService @@ -204,8 +204,8 @@ class NetconfSessionImpl(private val deviceInfo: DeviceInfo, private val rpcServ private fun startClient() { setupNewSSHClient() - client.properties.putIfAbsent(FactoryManager.IDLE_TIMEOUT, TimeUnit.SECONDS.toMillis(idleTimeout.toLong())) - client.properties.putIfAbsent(FactoryManager.NIO2_READ_TIMEOUT, TimeUnit.SECONDS.toMillis(idleTimeout + 15L)) + client.properties.putIfAbsent(CoreModuleProperties.IDLE_TIMEOUT.name, TimeUnit.SECONDS.toMillis(idleTimeout.toLong())) + client.properties.putIfAbsent(CoreModuleProperties.NIO2_READ_TIMEOUT.name, TimeUnit.SECONDS.toMillis(idleTimeout + 15L)) client.start() startSession() diff --git a/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt b/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt index 41e4f8290..22c68f182 100644 --- a/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt +++ b/ms/blueprintsprocessor/functions/netconf-executor/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/netconf/executor/core/NetconfSessionImplTest.kt @@ -30,7 +30,7 @@ import org.apache.sshd.client.future.DefaultAuthFuture import org.apache.sshd.client.future.DefaultConnectFuture import org.apache.sshd.client.future.DefaultOpenFuture import org.apache.sshd.client.session.ClientSession -import org.apache.sshd.common.FactoryManager +import org.apache.sshd.core.CoreModuleProperties import org.junit.Before import org.junit.Test import org.onap.ccsdk.cds.blueprintsprocessor.functions.netconf.executor.api.DeviceInfo @@ -385,8 +385,8 @@ class NetconfSessionImplTest { netconfSessionSpy.setClient(mockSshClient) netconfSessionSpy.connect() verify { mockSshClient.start() } - assertTrue { propertiesMap.containsKey(FactoryManager.IDLE_TIMEOUT) } - assertTrue { propertiesMap.containsKey(FactoryManager.NIO2_READ_TIMEOUT) } + assertTrue { propertiesMap.containsKey(CoreModuleProperties.IDLE_TIMEOUT.name) } + assertTrue { propertiesMap.containsKey(CoreModuleProperties.NIO2_READ_TIMEOUT.name) } } @Test @@ -429,7 +429,7 @@ class NetconfSessionImplTest { val succeededSessionFuture = DefaultConnectFuture(Any(), Any()) succeededSessionFuture.value = mockClientSession every { mockSshClient.connect(deviceInfo.username, deviceInfo.ipAddress, deviceInfo.port) } returns succeededSessionFuture - every { mockClientSession.waitFor(any(), any()) } returns + every { mockClientSession.waitFor(any(), any<Long>()) } returns setOf(ClientSession.ClientSessionEvent.WAIT_AUTH, ClientSession.ClientSessionEvent.CLOSED) val netconfSessionSpy = spyk(netconfSession, recordPrivateCalls = true) every { netconfSessionSpy["setupNewSSHClient"]() as Unit } just Runs @@ -451,7 +451,7 @@ class NetconfSessionImplTest { val succeededSessionFuture = DefaultConnectFuture(Any(), Any()) succeededSessionFuture.value = mockClientSession every { mockSshClient.connect(deviceInfo.username, deviceInfo.ipAddress, deviceInfo.port) } returns succeededSessionFuture - every { mockClientSession.waitFor(any(), any()) } returns + every { mockClientSession.waitFor(any(), any<Long>()) } returns setOf( ClientSession.ClientSessionEvent.WAIT_AUTH, ClientSession.ClientSessionEvent.CLOSED, diff --git a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt index b97492dc8..b0e0d70b3 100644 --- a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt +++ b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/service/ResourceAssignmentValidationService.kt @@ -17,7 +17,7 @@ package org.onap.ccsdk.cds.controllerblueprints.resource.dict.service -import org.apache.commons.collections.CollectionUtils +import org.apache.commons.collections4.CollectionUtils import org.apache.commons.lang3.StringUtils import org.apache.commons.lang3.text.StrBuilder import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintException diff --git a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt index 5117c4388..c2ad4de85 100644 --- a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt +++ b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/BulkResourceSequencingUtils.kt @@ -16,7 +16,7 @@ package org.onap.ccsdk.cds.controllerblueprints.resource.dict.utils -import org.apache.commons.collections.CollectionUtils +import org.apache.commons.collections4.CollectionUtils import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException import org.onap.ccsdk.cds.controllerblueprints.core.asListOfString import org.onap.ccsdk.cds.controllerblueprints.core.utils.TopologicalSortingUtils diff --git a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt index c09474a2b..d6a5f7f82 100644 --- a/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt +++ b/ms/blueprintsprocessor/modules/blueprints/resource-dict/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/resource/dict/utils/ResourceDictionaryUtils.kt @@ -18,7 +18,7 @@ package org.onap.ccsdk.cds.controllerblueprints.resource.dict.utils import com.fasterxml.jackson.databind.JsonNode import com.fasterxml.jackson.databind.node.NullNode -import org.apache.commons.collections.MapUtils +import org.apache.commons.collections4.MapUtils import org.apache.commons.lang3.StringUtils import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintConstants import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException diff --git a/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt b/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt index 6e9d1968f..41cf607ee 100644 --- a/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt +++ b/ms/blueprintsprocessor/modules/commons/ssh-lib/src/test/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/ssh/service/echoShell/EchoShellFactory.kt @@ -19,7 +19,9 @@ package org.onap.ccsdk.cds.blueprintsprocessor.ssh.service.echoShell import org.apache.sshd.common.Factory import org.apache.sshd.server.Environment import org.apache.sshd.server.ExitCallback +import org.apache.sshd.server.channel.ChannelSession import org.apache.sshd.server.command.Command +import org.apache.sshd.server.shell.ShellFactory import java.io.BufferedReader import java.io.IOException import java.io.InputStream @@ -27,12 +29,16 @@ import java.io.InputStreamReader import java.io.InterruptedIOException import java.io.OutputStream -class EchoShellFactory : Factory<Command> { +class EchoShellFactory : Factory<Command>, ShellFactory { override fun create(): Command { return EchoShell() } + override fun createShell(channel: ChannelSession?): Command { + return EchoShell() + } + companion object { val INSTANCE = EchoShellFactory() @@ -69,14 +75,14 @@ class EchoShell : Command, Runnable { } @Throws(IOException::class) - override fun start(env: Environment) { + override fun start(channel: ChannelSession?, env: Environment?) { environment = env thread = Thread(this, "EchoShell") thread!!.isDaemon = true thread!!.start() } - override fun destroy() { + override fun destroy(channel: ChannelSession?) { thread!!.interrupt() } diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt index 0af1e1586..066d34664 100644 --- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt +++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/handler/ResourceDictionaryHandler.kt @@ -18,7 +18,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.handler import com.google.common.base.Preconditions -import org.apache.commons.collections.CollectionUtils +import org.apache.commons.collections4.CollectionUtils import org.apache.commons.lang3.StringUtils import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.DesignerApiDomains import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.domain.ResourceDictionary diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt index db2e06eb5..59a80cc02 100644 --- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt +++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/service/ApplicationRegistrationService.kt @@ -16,7 +16,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.service -import org.apache.commons.collections.CollectionUtils +import org.apache.commons.collections4.CollectionUtils import org.onap.ccsdk.cds.controllerblueprints.resource.dict.factory.ResourceSourceMappingFactory import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Value diff --git a/ms/blueprintsprocessor/parent/pom.xml b/ms/blueprintsprocessor/parent/pom.xml index 8e29e06bb..3a888ab35 100755 --- a/ms/blueprintsprocessor/parent/pom.xml +++ b/ms/blueprintsprocessor/parent/pom.xml @@ -40,22 +40,22 @@ <h2database.version>1.4.197</h2database.version> <powermock.version>1.7.4</powermock.version> - <mockkserver.version>5.5.1</mockkserver.version> + <mockkserver.version>5.13.0</mockkserver.version> <json.unit.version>2.8.0</json.unit.version> <xmlunit.version>2.6.3</xmlunit.version> - <sshd.version>2.2.0</sshd.version> + <sshd.version>2.10.0</sshd.version> <jsch.version>0.1.55</jsch.version> <jslt.version>0.1.8</jslt.version> <jython.version>2.7.2</jython.version> <jinja.version>2.7.0</jinja.version> - <guava.version>27.0.1-jre</guava.version> + <guava.version>33.0.0-jre</guava.version> <json-patch.version>1.9</json-patch.version> - <json-smart.version>2.4.6</json-smart.version> + <json-smart.version>2.4.9</json-smart.version> <commons-io-version>2.8.0</commons-io-version> <commons-compress-version>1.21</commons-compress-version> - <commons-collections-version>3.2.2</commons-collections-version> + <commons-collections-version>4.4</commons-collections-version> </properties> <dependencyManagement> @@ -89,8 +89,8 @@ <!-- Common Utils Dependencies --> <dependency> - <groupId>commons-collections</groupId> - <artifactId>commons-collections</artifactId> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> <version>${commons-collections-version}</version> </dependency> <dependency> @@ -565,8 +565,9 @@ <artifactId>commons-lang3</artifactId> </dependency> <dependency> - <groupId>commons-collections</groupId> - <artifactId>commons-collections</artifactId> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + <version>${commons-collections-version}</version> </dependency> <dependency> <groupId>commons-io</groupId> @@ -658,6 +659,7 @@ <dependency> <groupId>com.google.protobuf</groupId> <artifactId>protobuf-java</artifactId> + <version>${protobuff.java.utils.version}</version> </dependency> <dependency> <groupId>com.google.protobuf</groupId> diff --git a/ms/sdclistener/parent/pom.xml b/ms/sdclistener/parent/pom.xml index 973d05eea..f0abd1f5e 100755 --- a/ms/sdclistener/parent/pom.xml +++ b/ms/sdclistener/parent/pom.xml @@ -33,7 +33,7 @@ <properties> <eelf.version>1.0.0</eelf.version> - <guava.version>27.0.1-jre</guava.version> + <guava.version>33.0.0-jre</guava.version> <onap.logger.slf4j>1.2.2</onap.logger.slf4j> <powermock.version>1.7.4</powermock.version> <mockk.version>1.12.8</mockk.version> @@ -63,9 +63,9 @@ <version>3.2.1</version> </dependency> <dependency> - <groupId>commons-collections</groupId> - <artifactId>commons-collections</artifactId> - <version>3.2.2</version> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + <version>4.4</version> </dependency> <dependency> <groupId>commons-io</groupId> @@ -21,7 +21,7 @@ limitations under the License. <parent> <groupId>org.onap.ccsdk.parent</groupId> - <artifactId>spring-boot-26-starter-parent</artifactId> + <artifactId>spring-boot-27-starter-parent</artifactId> <version>2.6.1</version> <relativePath/> </parent> @@ -76,7 +76,7 @@ limitations under the License. <ccsdk.sli.version>1.5.2</ccsdk.sli.version> <ccsdk.cds.version>${project.version}</ccsdk.cds.version> - <kotlin.version>1.6.21</kotlin.version> + <kotlin.version>1.7.0</kotlin.version> <kotlin.maven.version>1.6.21</kotlin.maven.version> <kotlin.couroutines.version>1.6.4</kotlin.couroutines.version> <kotlinpoet.version>1.11.0</kotlinpoet.version> @@ -85,7 +85,7 @@ limitations under the License. <grpc.version>1.29.0</grpc.version> <netty-ssl>2.0.50.Final</netty-ssl> <protobuff.java.version>3.10.0</protobuff.java.version> - <protobuff.java.utils.version>3.10.0</protobuff.java.utils.version> + <protobuff.java.utils.version>3.16.3</protobuff.java.utils.version> <mockk.version>1.12.8</mockk.version> </properties> |