From 5fc962a529abb1cf927c1ade784ffd8464516232 Mon Sep 17 00:00:00 2001
From: meriem zidane <meriem.zidane@bell.ca>
Date: Fri, 10 Sep 2021 12:46:02 -0400
Subject: Upgrading velocity version to v2.3 due to some vulnerabilities in
 previous version

Issue-ID: CCSDK-3430
Signed-off-by: Meriem Zidane <meriem.zidane@bell.ca>
Change-Id: I82dad1c2dd7f8e4cc5712e9fddde5b1bb5429b7f
---
 .../modules/blueprints/blueprint-core/pom.xml           |  3 ++-
 .../core/BluePrintProcessorException.kt                 |  2 +-
 .../core/service/BluePrintVelocityTemplateService.kt    | 17 ++++++++++++++++-
 .../message/service/KafkaMessageProducerService.kt      |  2 +-
 .../designer/api/load/BluePrintCatalogLoadService.kt    |  2 +-
 5 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
index ed4d96b13..5c8b4bb52 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
@@ -57,7 +57,8 @@
         </dependency>
         <dependency>
             <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity</artifactId>
+            <artifactId>velocity-engine-core</artifactId>
+            <version>2.3</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.slf4j</groupId>
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
index c818b0a44..ee35736e0 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
@@ -17,7 +17,7 @@
 
 package org.onap.ccsdk.cds.controllerblueprints.core
 
-import org.apache.commons.lang.exception.ExceptionUtils
+import org.apache.commons.lang3.exception.ExceptionUtils
 import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogException
 import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogExceptionFluent
 import org.onap.ccsdk.cds.error.catalog.core.ErrorMessage
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
index 43e27d047..0eb9656d5 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
@@ -28,9 +28,24 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
 import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintJsonNodeFactory
 import org.onap.ccsdk.cds.controllerblueprints.core.removeNullNode
 import java.io.StringWriter
+import java.util.Properties
 
 object BluePrintVelocityTemplateService {
 
+    private val properties = Properties().apply {
+        this.putAll(
+            mutableMapOf(
+                "introspector.conversion_handler.class" to "none",
+                "parser.space_gobbling" to "bc",
+                "directive.if.empty_check" to "false",
+                "parser.allow_hyphen_in_identifiers" to "true",
+                "velocimacro.enable_bc_mode" to "true",
+                "event_handler.invalid_references.quiet" to "true",
+                "event_handler.invalid_references.null" to "true",
+                "event_handler.invalid_references.tested" to "true"
+            )
+        )
+    }
     /**
      * Generate Content from Velocity Template and JSON Content with injected API
      */
@@ -73,7 +88,7 @@ object BluePrintVelocityTemplateService {
         /*
          *  initialize the engine
          */
-        velocity.init()
+        velocity.init(properties)
 
         val velocityContext = VelocityContext()
         velocityContext.put("StringUtils", StringUtils::class.java)
diff --git a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
index d40067f4e..cccc61f40 100644
--- a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
+++ b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
@@ -19,7 +19,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.message.service
 
 import com.fasterxml.jackson.databind.node.ObjectNode
 import io.micrometer.core.instrument.MeterRegistry
-import org.apache.commons.lang.builder.ToStringBuilder
+import org.apache.commons.lang3.builder.ToStringBuilder
 import org.apache.kafka.clients.producer.Callback
 import org.apache.kafka.clients.producer.KafkaProducer
 import org.apache.kafka.clients.producer.ProducerRecord
diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
index 8d209449c..ceeeb05ba 100644
--- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
+++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
@@ -20,7 +20,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.load
 import kotlinx.coroutines.Deferred
 import kotlinx.coroutines.async
 import kotlinx.coroutines.runBlocking
-import org.apache.commons.lang.text.StrBuilder
+import org.apache.commons.lang3.text.StrBuilder
 import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintCatalogService
 import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Service
-- 
cgit 1.2.3-korg