From 2555da9a1a946920d7e42469874e94a71f40dc6d Mon Sep 17 00:00:00 2001 From: "puthuparambil.aditya" Date: Wed, 10 Mar 2021 11:55:33 +0000 Subject: Fix for security hotspot related to wek cyptography https://sonarcloud.io/project/security_hotspots?id=onap_cps&hotspots=AXfObcurA2pnU4Plp4-j Issue-ID: CPS-286 Signed-off-by: puthuparambil.aditya Change-Id: I31012f81797396682dbccae0e4992a33bac806c7 --- cps-dependencies/pom.xml | 1 + cps-ri/pom.xml | 4 ++++ .../org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java | 5 +++-- .../main/resources/changelog/db/changes/data/yang_resource.csv | 6 +++--- .../org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy | 4 ++-- cps-ri/src/test/resources/data/schemaset.sql | 8 ++++---- 6 files changed, 17 insertions(+), 11 deletions(-) diff --git a/cps-dependencies/pom.xml b/cps-dependencies/pom.xml index d88d257b79..63f86157ad 100755 --- a/cps-dependencies/pom.xml +++ b/cps-dependencies/pom.xml @@ -14,6 +14,7 @@ 3.1 + 1.15 3.11 3.0.6 2.10.0 diff --git a/cps-ri/pom.xml b/cps-ri/pom.xml index 72b95b8983..94d2fa19b0 100644 --- a/cps-ri/pom.xml +++ b/cps-ri/pom.xml @@ -45,6 +45,10 @@ org.liquibase liquibase-core + + commons-codec + commons-codec + org.codehaus.groovy diff --git a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java index b28beb42c9..9a8ea6af49 100755 --- a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java +++ b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java @@ -28,6 +28,7 @@ import java.util.Map; import java.util.Set; import java.util.stream.Collectors; import javax.transaction.Transactional; +import org.apache.commons.codec.digest.DigestUtils; import org.onap.cps.spi.CascadeDeleteAllowed; import org.onap.cps.spi.CpsAdminPersistenceService; import org.onap.cps.spi.CpsModulePersistenceService; @@ -46,7 +47,7 @@ import org.onap.cps.spi.repository.YangResourceRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.DataIntegrityViolationException; import org.springframework.stereotype.Component; -import org.springframework.util.DigestUtils; + @Component public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceService { @@ -90,7 +91,7 @@ public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceServ private Set synchronizeYangResources(final Map yangResourcesNameToContentMap) { final Map checksumToEntityMap = yangResourcesNameToContentMap.entrySet().stream() .map(entry -> { - final String checksum = DigestUtils.md5DigestAsHex(entry.getValue().getBytes(StandardCharsets.UTF_8)); + final String checksum = DigestUtils.sha256Hex(entry.getValue().getBytes(StandardCharsets.UTF_8)); final YangResourceEntity yangResourceEntity = new YangResourceEntity(); yangResourceEntity.setName(entry.getKey()); yangResourceEntity.setContent(entry.getValue()); diff --git a/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv b/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv index 4dd3127458..93db7df789 100644 --- a/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv +++ b/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv @@ -455,7 +455,7 @@ ietf-inet-types.yang|"module ietf-inet-types { Identifiers (URIs)\"; } -}"|fd06e465f26f1e7d0253bbf77e7e55e1 +}"|417a7b14944f6236ad0e2b1ef956158c050cff9b74e3561ca80af32d11be240b cps-ran-schema-model2021-01-28.yang|"module cps-ran-schema-model { yang-version 1.1; namespace \"org:onap:ccsdk:features:sdnr:northbound:cps-ran-schema-model\"; @@ -1753,7 +1753,7 @@ cps-ran-schema-model2021-01-28.yang|"module cps-ran-schema-model { \"Target NR Cell Identifier. It consists of NR Cell Identifier (NCI) and Physical Cell Identifier of the target NR cell (nRPCI).\"; - "|0337045143fa2e592243243f82699b93 + "|436fef591eba7f38d1a0c5e3cbd3c122f01ab41dfab37cc5a9cbca1ed53b29fb ietf-yang-types.yang|"module ietf-yang-types { namespace \"urn:ietf:params:xml:ns:yang:ietf-yang-types\"; @@ -2233,4 +2233,4 @@ ietf-yang-types.yang|"module ietf-yang-types { notation, i.e., four octets written as decimal numbers and separated with the ''.'' (full stop) character.\"; } -}"|57d603ee9ab0c49355ad0695c0709c93 +}"|25516798613f862ad20831e59ba02b75ecdc9c6f5547ed5d90bda76143bf0112 diff --git a/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy b/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy index b0c13af3df..d3d3768c9f 100644 --- a/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy +++ b/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy @@ -57,7 +57,7 @@ class CpsModulePersistenceServiceSpec extends CpsPersistenceSpecBase { static final Long NEW_RESOURCE_ABSTRACT_ID = 0L static final String NEW_RESOURCE_NAME = 'some new resource' static final String NEW_RESOURCE_CONTENT = 'some resource content' - static final String NEW_RESOURCE_CHECKSUM = '8185b09f11e262f18043f0ea08803f46' + static final String NEW_RESOURCE_CHECKSUM = '09002da02ee2683898d2c81c67f9e22cdbf8577d8c2de16c84d724e4ae44a0a6' def newYangResourcesNameToContentMap = [(NEW_RESOURCE_NAME):NEW_RESOURCE_CONTENT] def dataspaceEntity @@ -110,7 +110,7 @@ class CpsModulePersistenceServiceSpec extends CpsPersistenceSpecBase { then: 'the schema persisted (re)uses the existing id, name and has the same checksum' def existingResourceId = 3001L def existingResourceName = 'module1@2020-02-02.yang' - def existingResourceChecksum = '877e65a9f36d54e7702c3f073f6bc42b' + def existingResourceChecksum = 'e8bdda931099310de66532e08c3fafec391db29f55c81927b168f6aa8f81b73b' assertSchemaSetPersisted(DATASPACE_NAME, SCHEMA_SET_NAME_NEW, existingResourceId, existingResourceName, existingResourceContent, existingResourceChecksum) } diff --git a/cps-ri/src/test/resources/data/schemaset.sql b/cps-ri/src/test/resources/data/schemaset.sql index 0ec1ec3a0d..e6306d0d0f 100644 --- a/cps-ri/src/test/resources/data/schemaset.sql +++ b/cps-ri/src/test/resources/data/schemaset.sql @@ -7,10 +7,10 @@ INSERT INTO SCHEMA_SET (ID, NAME, DATASPACE_ID) VALUES (2101, 'SCHEMA-SET-101', 1001); -- for removal, having anchor and data associated INSERT INTO YANG_RESOURCE (ID, NAME, CONTENT, CHECKSUM) VALUES - (3001, 'module1@2020-02-02.yang', 'CONTENT-001', '877e65a9f36d54e7702c3f073f6bc42b'), - (3002, 'module2@2020-02-02.yang', 'CONTENT-002', '88892586b1f23fe8c1595759784a18f8'), - (3003, 'module3@2020-02-02.yang', 'CONTENT-003', 'fc5740499a09a48e0c95d6fc45d4bde8'), - (3004, 'module4@2020-02-02.yang', 'CONTENT-004', '3801280fe532f5cbf535695cf6122026'), + (3001, 'module1@2020-02-02.yang', 'CONTENT-001', 'e8bdda931099310de66532e08c3fafec391db29f55c81927b168f6aa8f81b73b'), + (3002, 'module2@2020-02-02.yang', 'CONTENT-002', '7e7d48afbe066ed0a890a09081859046d3dde52300dfcdb13be5b20780353a11'), + (3003, 'module3@2020-02-02.yang', 'CONTENT-003', 'ca20c45fec8547633f05ff8905c48ffa7b02b94ec3ad4ed79922e6ba40779df3'), + (3004, 'module4@2020-02-02.yang', 'CONTENT-004', 'f6ed09d343562e4d4ae5140f3c6a55df9c53f6da8e30dda8cbd9eaf9cd449be0'), (3100, 'orphan@2020-02-02.yang', 'ORPHAN', 'checksum'); -- for auto-removal as orphan INSERT INTO SCHEMA_SET_YANG_RESOURCES (SCHEMA_SET_ID, YANG_RESOURCE_ID) VALUES -- cgit 1.2.3-korg