From 2555da9a1a946920d7e42469874e94a71f40dc6d Mon Sep 17 00:00:00 2001 From: "puthuparambil.aditya" Date: Wed, 10 Mar 2021 11:55:33 +0000 Subject: Fix for security hotspot related to wek cyptography https://sonarcloud.io/project/security_hotspots?id=onap_cps&hotspots=AXfObcurA2pnU4Plp4-j Issue-ID: CPS-286 Signed-off-by: puthuparambil.aditya Change-Id: I31012f81797396682dbccae0e4992a33bac806c7 --- .../java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'cps-ri/src/main/java') diff --git a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java index b28beb42c9..9a8ea6af49 100755 --- a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java +++ b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java @@ -28,6 +28,7 @@ import java.util.Map; import java.util.Set; import java.util.stream.Collectors; import javax.transaction.Transactional; +import org.apache.commons.codec.digest.DigestUtils; import org.onap.cps.spi.CascadeDeleteAllowed; import org.onap.cps.spi.CpsAdminPersistenceService; import org.onap.cps.spi.CpsModulePersistenceService; @@ -46,7 +47,7 @@ import org.onap.cps.spi.repository.YangResourceRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.DataIntegrityViolationException; import org.springframework.stereotype.Component; -import org.springframework.util.DigestUtils; + @Component public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceService { @@ -90,7 +91,7 @@ public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceServ private Set synchronizeYangResources(final Map yangResourcesNameToContentMap) { final Map checksumToEntityMap = yangResourcesNameToContentMap.entrySet().stream() .map(entry -> { - final String checksum = DigestUtils.md5DigestAsHex(entry.getValue().getBytes(StandardCharsets.UTF_8)); + final String checksum = DigestUtils.sha256Hex(entry.getValue().getBytes(StandardCharsets.UTF_8)); final YangResourceEntity yangResourceEntity = new YangResourceEntity(); yangResourceEntity.setName(entry.getKey()); yangResourceEntity.setContent(entry.getValue()); -- cgit 1.2.3-korg