Upgrading velocity version to v2.3 due to some vulnerabilities in previous version

Issue-ID: CCSDK-3430
Signed-off-by: Meriem Zidane <meriem.zidane@bell.ca>
Change-Id: I82dad1c2dd7f8e4cc5712e9fddde5b1bb5429b7f

3 files changed, 19 insertions, 3 deletions

diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
index ed4d96b13..5c8b4bb52 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
@@ -57,7 +57,8 @@
         </dependency>
         <dependency>
             <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity</artifactId>
+            <artifactId>velocity-engine-core</artifactId>
+            <version>2.3</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.slf4j</groupId>
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
index c818b0a44..ee35736e0 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
@@ -17,7 +17,7 @@
 
 package org.onap.ccsdk.cds.controllerblueprints.core
 
-import org.apache.commons.lang.exception.ExceptionUtils
+import org.apache.commons.lang3.exception.ExceptionUtils
 import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogException
 import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogExceptionFluent
 import org.onap.ccsdk.cds.error.catalog.core.ErrorMessage
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
index 43e27d047..0eb9656d5 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
@@ -28,9 +28,24 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
 import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintJsonNodeFactory
 import org.onap.ccsdk.cds.controllerblueprints.core.removeNullNode
 import java.io.StringWriter
+import java.util.Properties
 
 object BluePrintVelocityTemplateService {
 
+    private val properties = Properties().apply {
+        this.putAll(
+            mutableMapOf(
+                "introspector.conversion_handler.class" to "none",
+                "parser.space_gobbling" to "bc",
+                "directive.if.empty_check" to "false",
+                "parser.allow_hyphen_in_identifiers" to "true",
+                "velocimacro.enable_bc_mode" to "true",
+                "event_handler.invalid_references.quiet" to "true",
+                "event_handler.invalid_references.null" to "true",
+                "event_handler.invalid_references.tested" to "true"
+            )
+        )
+    }
     /**
      * Generate Content from Velocity Template and JSON Content with injected API
      */
@@ -73,7 +88,7 @@ object BluePrintVelocityTemplateService {
         /*
          *  initialize the engine
          */
-        velocity.init()
+        velocity.init(properties)
 
         val velocityContext = VelocityContext()
         velocityContext.put("StringUtils", StringUtils::class.java)