aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormeriem zidane <meriem.zidane@bell.ca>2021-09-10 12:46:02 -0400
committermeriem zidane <meriem.zidane@bell.ca>2021-09-10 16:05:17 -0400
commit5fc962a529abb1cf927c1ade784ffd8464516232 (patch)
treea5bc6394beddee2a7771fb5c8a775046b340b021
parentd929b3be347ccc3265af9b787ee0f3822efbfb0b (diff)
Upgrading velocity version to v2.3 due to some vulnerabilities in previous version
Issue-ID: CCSDK-3430 Signed-off-by: Meriem Zidane <meriem.zidane@bell.ca> Change-Id: I82dad1c2dd7f8e4cc5712e9fddde5b1bb5429b7f
Diffstat
-rw-r--r--ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml3
-rw-r--r--ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt2
-rw-r--r--ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt17
-rw-r--r--ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt2
-rw-r--r--ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt2
5 files changed, 21 insertions, 5 deletions
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
index ed4d96b13..5c8b4bb52 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
@@ -57,7 +57,8 @@
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
+ <version>2.3</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
index c818b0a44..ee35736e0 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
@@ -17,7 +17,7 @@
package org.onap.ccsdk.cds.controllerblueprints.core
-import org.apache.commons.lang.exception.ExceptionUtils
+import org.apache.commons.lang3.exception.ExceptionUtils
import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogException
import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogExceptionFluent
import org.onap.ccsdk.cds.error.catalog.core.ErrorMessage
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
index 43e27d047..0eb9656d5 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
@@ -28,9 +28,24 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintJsonNodeFactory
import org.onap.ccsdk.cds.controllerblueprints.core.removeNullNode
import java.io.StringWriter
+import java.util.Properties
object BluePrintVelocityTemplateService {
+ private val properties = Properties().apply {
+ this.putAll(
+ mutableMapOf(
+ "introspector.conversion_handler.class" to "none",
+ "parser.space_gobbling" to "bc",
+ "directive.if.empty_check" to "false",
+ "parser.allow_hyphen_in_identifiers" to "true",
+ "velocimacro.enable_bc_mode" to "true",
+ "event_handler.invalid_references.quiet" to "true",
+ "event_handler.invalid_references.null" to "true",
+ "event_handler.invalid_references.tested" to "true"
+ )
+ )
+ }
/**
* Generate Content from Velocity Template and JSON Content with injected API
*/
@@ -73,7 +88,7 @@ object BluePrintVelocityTemplateService {
/*
* initialize the engine
*/
- velocity.init()
+ velocity.init(properties)
val velocityContext = VelocityContext()
velocityContext.put("StringUtils", StringUtils::class.java)
diff --git a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
index d40067f4e..cccc61f40 100644
--- a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
+++ b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
@@ -19,7 +19,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.message.service
import com.fasterxml.jackson.databind.node.ObjectNode
import io.micrometer.core.instrument.MeterRegistry
-import org.apache.commons.lang.builder.ToStringBuilder
+import org.apache.commons.lang3.builder.ToStringBuilder
import org.apache.kafka.clients.producer.Callback
import org.apache.kafka.clients.producer.KafkaProducer
import org.apache.kafka.clients.producer.ProducerRecord
diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
index 8d209449c..ceeeb05ba 100644
--- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
+++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
@@ -20,7 +20,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.load
import kotlinx.coroutines.Deferred
import kotlinx.coroutines.async
import kotlinx.coroutines.runBlocking
-import org.apache.commons.lang.text.StrBuilder
+import org.apache.commons.lang3.text.StrBuilder
import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintCatalogService
import org.slf4j.LoggerFactory
import org.springframework.stereotype.Service