diff options
author | meriem zidane <meriem.zidane@bell.ca> | 2021-09-10 12:46:02 -0400 |
---|---|---|
committer | meriem zidane <meriem.zidane@bell.ca> | 2021-09-10 16:05:17 -0400 |
commit | 5fc962a529abb1cf927c1ade784ffd8464516232 (patch) | |
tree | a5bc6394beddee2a7771fb5c8a775046b340b021 /ms | |
parent | d929b3be347ccc3265af9b787ee0f3822efbfb0b (diff) |
Upgrading velocity version to v2.3 due to some vulnerabilities in previous version
Issue-ID: CCSDK-3430
Signed-off-by: Meriem Zidane <meriem.zidane@bell.ca>
Change-Id: I82dad1c2dd7f8e4cc5712e9fddde5b1bb5429b7f
Diffstat (limited to 'ms')
5 files changed, 21 insertions, 5 deletions
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml index ed4d96b13..5c8b4bb52 100644 --- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml @@ -57,7 +57,8 @@ </dependency> <dependency> <groupId>org.apache.velocity</groupId> - <artifactId>velocity</artifactId> + <artifactId>velocity-engine-core</artifactId> + <version>2.3</version> <exclusions> <exclusion> <groupId>org.slf4j</groupId> diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt index c818b0a44..ee35736e0 100644 --- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt @@ -17,7 +17,7 @@ package org.onap.ccsdk.cds.controllerblueprints.core -import org.apache.commons.lang.exception.ExceptionUtils +import org.apache.commons.lang3.exception.ExceptionUtils import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogException import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogExceptionFluent import org.onap.ccsdk.cds.error.catalog.core.ErrorMessage diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt index 43e27d047..0eb9656d5 100644 --- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt @@ -28,9 +28,24 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintJsonNodeFactory import org.onap.ccsdk.cds.controllerblueprints.core.removeNullNode import java.io.StringWriter +import java.util.Properties object BluePrintVelocityTemplateService { + private val properties = Properties().apply { + this.putAll( + mutableMapOf( + "introspector.conversion_handler.class" to "none", + "parser.space_gobbling" to "bc", + "directive.if.empty_check" to "false", + "parser.allow_hyphen_in_identifiers" to "true", + "velocimacro.enable_bc_mode" to "true", + "event_handler.invalid_references.quiet" to "true", + "event_handler.invalid_references.null" to "true", + "event_handler.invalid_references.tested" to "true" + ) + ) + } /** * Generate Content from Velocity Template and JSON Content with injected API */ @@ -73,7 +88,7 @@ object BluePrintVelocityTemplateService { /* * initialize the engine */ - velocity.init() + velocity.init(properties) val velocityContext = VelocityContext() velocityContext.put("StringUtils", StringUtils::class.java) diff --git a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt index d40067f4e..cccc61f40 100644 --- a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt +++ b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt @@ -19,7 +19,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.message.service import com.fasterxml.jackson.databind.node.ObjectNode import io.micrometer.core.instrument.MeterRegistry -import org.apache.commons.lang.builder.ToStringBuilder +import org.apache.commons.lang3.builder.ToStringBuilder import org.apache.kafka.clients.producer.Callback import org.apache.kafka.clients.producer.KafkaProducer import org.apache.kafka.clients.producer.ProducerRecord diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt index 8d209449c..ceeeb05ba 100644 --- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt +++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt @@ -20,7 +20,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.load import kotlinx.coroutines.Deferred import kotlinx.coroutines.async import kotlinx.coroutines.runBlocking -import org.apache.commons.lang.text.StrBuilder +import org.apache.commons.lang3.text.StrBuilder import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintCatalogService import org.slf4j.LoggerFactory import org.springframework.stereotype.Service |