summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorputhuparambil.aditya <aditya.puthuparambil@bell.ca>2021-03-10 11:55:33 +0000
committerToine Siebelink <toine.siebelink@est.tech>2021-03-11 14:18:19 +0000
commit2555da9a1a946920d7e42469874e94a71f40dc6d (patch)
treea11defe12c128822ab46d5327148fd4a90a5fe01
parent65816190e45f25a78b4c1498cb81c6d23d52e72e (diff)
Fix for security hotspot related to wek cyptography
https://sonarcloud.io/project/security_hotspots?id=onap_cps&hotspots=AXfObcurA2pnU4Plp4-j Issue-ID: CPS-286 Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca> Change-Id: I31012f81797396682dbccae0e4992a33bac806c7
-rwxr-xr-xcps-dependencies/pom.xml1
-rw-r--r--cps-ri/pom.xml4
-rwxr-xr-xcps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java5
-rw-r--r--cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv6
-rw-r--r--cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy4
-rw-r--r--cps-ri/src/test/resources/data/schemaset.sql8
6 files changed, 17 insertions, 11 deletions
diff --git a/cps-dependencies/pom.xml b/cps-dependencies/pom.xml
index d88d257b79..63f86157ad 100755
--- a/cps-dependencies/pom.xml
+++ b/cps-dependencies/pom.xml
@@ -14,6 +14,7 @@
<properties>
<cglib-nodep.version>3.1</cglib-nodep.version>
+ <commons-codec.version>1.15</commons-codec.version>
<commons-lang3.version>3.11</commons-lang3.version>
<groovy.version>3.0.6</groovy.version>
<hibernate-types.version>2.10.0</hibernate-types.version>
diff --git a/cps-ri/pom.xml b/cps-ri/pom.xml
index 72b95b8983..94d2fa19b0 100644
--- a/cps-ri/pom.xml
+++ b/cps-ri/pom.xml
@@ -45,6 +45,10 @@
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
</dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </dependency>
<!-- T E S T D E P E N D E N C I E S -->
<dependency>
<groupId>org.codehaus.groovy</groupId>
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
index b28beb42c9..9a8ea6af49 100755
--- a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
@@ -28,6 +28,7 @@ import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.transaction.Transactional;
+import org.apache.commons.codec.digest.DigestUtils;
import org.onap.cps.spi.CascadeDeleteAllowed;
import org.onap.cps.spi.CpsAdminPersistenceService;
import org.onap.cps.spi.CpsModulePersistenceService;
@@ -46,7 +47,7 @@ import org.onap.cps.spi.repository.YangResourceRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.stereotype.Component;
-import org.springframework.util.DigestUtils;
+
@Component
public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceService {
@@ -90,7 +91,7 @@ public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceServ
private Set<YangResourceEntity> synchronizeYangResources(final Map<String, String> yangResourcesNameToContentMap) {
final Map<String, YangResourceEntity> checksumToEntityMap = yangResourcesNameToContentMap.entrySet().stream()
.map(entry -> {
- final String checksum = DigestUtils.md5DigestAsHex(entry.getValue().getBytes(StandardCharsets.UTF_8));
+ final String checksum = DigestUtils.sha256Hex(entry.getValue().getBytes(StandardCharsets.UTF_8));
final YangResourceEntity yangResourceEntity = new YangResourceEntity();
yangResourceEntity.setName(entry.getKey());
yangResourceEntity.setContent(entry.getValue());
diff --git a/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv b/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv
index 4dd3127458..93db7df789 100644
--- a/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv
+++ b/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv
@@ -455,7 +455,7 @@ ietf-inet-types.yang|"module ietf-inet-types {
Identifiers (URIs)\";
}
-}"|fd06e465f26f1e7d0253bbf77e7e55e1
+}"|417a7b14944f6236ad0e2b1ef956158c050cff9b74e3561ca80af32d11be240b
cps-ran-schema-model2021-01-28.yang|"module cps-ran-schema-model {
yang-version 1.1;
namespace \"org:onap:ccsdk:features:sdnr:northbound:cps-ran-schema-model\";
@@ -1753,7 +1753,7 @@ cps-ran-schema-model2021-01-28.yang|"module cps-ran-schema-model {
\"Target NR Cell Identifier. It consists of NR Cell
Identifier (NCI) and Physical Cell Identifier of the target NR cell
(nRPCI).\";
- "|0337045143fa2e592243243f82699b93
+ "|436fef591eba7f38d1a0c5e3cbd3c122f01ab41dfab37cc5a9cbca1ed53b29fb
ietf-yang-types.yang|"module ietf-yang-types {
namespace \"urn:ietf:params:xml:ns:yang:ietf-yang-types\";
@@ -2233,4 +2233,4 @@ ietf-yang-types.yang|"module ietf-yang-types {
notation, i.e., four octets written as decimal numbers
and separated with the ''.'' (full stop) character.\";
}
-}"|57d603ee9ab0c49355ad0695c0709c93
+}"|25516798613f862ad20831e59ba02b75ecdc9c6f5547ed5d90bda76143bf0112
diff --git a/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy b/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy
index b0c13af3df..d3d3768c9f 100644
--- a/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy
+++ b/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy
@@ -57,7 +57,7 @@ class CpsModulePersistenceServiceSpec extends CpsPersistenceSpecBase {
static final Long NEW_RESOURCE_ABSTRACT_ID = 0L
static final String NEW_RESOURCE_NAME = 'some new resource'
static final String NEW_RESOURCE_CONTENT = 'some resource content'
- static final String NEW_RESOURCE_CHECKSUM = '8185b09f11e262f18043f0ea08803f46'
+ static final String NEW_RESOURCE_CHECKSUM = '09002da02ee2683898d2c81c67f9e22cdbf8577d8c2de16c84d724e4ae44a0a6'
def newYangResourcesNameToContentMap = [(NEW_RESOURCE_NAME):NEW_RESOURCE_CONTENT]
def dataspaceEntity
@@ -110,7 +110,7 @@ class CpsModulePersistenceServiceSpec extends CpsPersistenceSpecBase {
then: 'the schema persisted (re)uses the existing id, name and has the same checksum'
def existingResourceId = 3001L
def existingResourceName = 'module1@2020-02-02.yang'
- def existingResourceChecksum = '877e65a9f36d54e7702c3f073f6bc42b'
+ def existingResourceChecksum = 'e8bdda931099310de66532e08c3fafec391db29f55c81927b168f6aa8f81b73b'
assertSchemaSetPersisted(DATASPACE_NAME, SCHEMA_SET_NAME_NEW,
existingResourceId, existingResourceName, existingResourceContent, existingResourceChecksum)
}
diff --git a/cps-ri/src/test/resources/data/schemaset.sql b/cps-ri/src/test/resources/data/schemaset.sql
index 0ec1ec3a0d..e6306d0d0f 100644
--- a/cps-ri/src/test/resources/data/schemaset.sql
+++ b/cps-ri/src/test/resources/data/schemaset.sql
@@ -7,10 +7,10 @@ INSERT INTO SCHEMA_SET (ID, NAME, DATASPACE_ID) VALUES
(2101, 'SCHEMA-SET-101', 1001); -- for removal, having anchor and data associated
INSERT INTO YANG_RESOURCE (ID, NAME, CONTENT, CHECKSUM) VALUES
- (3001, 'module1@2020-02-02.yang', 'CONTENT-001', '877e65a9f36d54e7702c3f073f6bc42b'),
- (3002, 'module2@2020-02-02.yang', 'CONTENT-002', '88892586b1f23fe8c1595759784a18f8'),
- (3003, 'module3@2020-02-02.yang', 'CONTENT-003', 'fc5740499a09a48e0c95d6fc45d4bde8'),
- (3004, 'module4@2020-02-02.yang', 'CONTENT-004', '3801280fe532f5cbf535695cf6122026'),
+ (3001, 'module1@2020-02-02.yang', 'CONTENT-001', 'e8bdda931099310de66532e08c3fafec391db29f55c81927b168f6aa8f81b73b'),
+ (3002, 'module2@2020-02-02.yang', 'CONTENT-002', '7e7d48afbe066ed0a890a09081859046d3dde52300dfcdb13be5b20780353a11'),
+ (3003, 'module3@2020-02-02.yang', 'CONTENT-003', 'ca20c45fec8547633f05ff8905c48ffa7b02b94ec3ad4ed79922e6ba40779df3'),
+ (3004, 'module4@2020-02-02.yang', 'CONTENT-004', 'f6ed09d343562e4d4ae5140f3c6a55df9c53f6da8e30dda8cbd9eaf9cd449be0'),
(3100, 'orphan@2020-02-02.yang', 'ORPHAN', 'checksum'); -- for auto-removal as orphan
INSERT INTO SCHEMA_SET_YANG_RESOURCES (SCHEMA_SET_ID, YANG_RESOURCE_ID) VALUES