summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwasala <przemyslaw.wasala@nokia.com>2018-09-18 14:17:19 +0200
committerwasala <przemyslaw.wasala@nokia.com>2018-09-18 14:17:19 +0200
commit93adeb4a2503fbdb4d8e06d777a4aa836b28d720 (patch)
tree50d3ebaf9fcafb3d83213aeefbd1ee519295fc0d
parentf394594ec70aaf1eefa4f23b80226c3426dbc17a (diff)
Security vulnerabilities corrections
*Improved imported libraries *Fixed imported libraries in connection of risk security Change-Id: I28e6b22f8088f70cae431e6e99936cdb67e4cc0d Issue-ID: DCAEGEN2-764 Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
Diffstat
-rw-r--r--datafile-app-server/pom.xml28
-rw-r--r--datafile-commons/pom.xml21
-rw-r--r--datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java6
-rw-r--r--datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java20
-rw-r--r--datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java7
-rw-r--r--datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java5
-rw-r--r--datafile-dmaap-client/pom.xml15
-rw-r--r--pom.xml83
8 files changed, 56 insertions, 129 deletions
diff --git a/datafile-app-server/pom.xml b/datafile-app-server/pom.xml
index 339daeb4..64dd2bc5 100644
--- a/datafile-app-server/pom.xml
+++ b/datafile-app-server/pom.xml
@@ -154,16 +154,6 @@
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
- <groupId>com.spotify</groupId>
- <artifactId>docker-maven-plugin</artifactId>
- <exclusions>
- <exclusion>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
</dependency>
@@ -228,6 +218,11 @@
<artifactId>fake-sftp-server-rule</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.jcraft</groupId>
+ <artifactId>jsch</artifactId>
+ <version>0.1.53</version>
+ </dependency>
<!--REQUIRED TO GENERATE DOCUMENTATION -->
<dependency>
@@ -238,18 +233,5 @@
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
</dependency>
-
</dependencies>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <!-- IMPORT DEPENDENCY MANAGEMENT FROM SPRING BOOT -->
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-dependencies</artifactId>
- <version>2.0.4.RELEASE</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
</project>
diff --git a/datafile-commons/pom.xml b/datafile-commons/pom.xml
index 3f551542..d018ff79 100644
--- a/datafile-commons/pom.xml
+++ b/datafile-commons/pom.xml
@@ -31,10 +31,6 @@
<artifactId>datafile-commons</artifactId>
<packaging>jar</packaging>
- <properties>
- <main.basedir>${project.parent.basedir}</main.basedir>
- </properties>
-
<dependencies>
<dependency>
<groupId>org.immutables</groupId>
@@ -45,16 +41,6 @@
<artifactId>gson</artifactId>
</dependency>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- </dependency>
-
- <!-- TEST DEPENDENCIES -->
- <dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
<scope>test</scope>
@@ -69,8 +55,6 @@
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
-
- <!-- LOGGING DEPENDENCIES -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
@@ -83,5 +67,10 @@
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-web</artifactId>
+ <version>5.0.5.RELEASE</version>
+ </dependency>
</dependencies>
</project>
diff --git a/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java b/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java
index af41b356..91cc3c69 100644
--- a/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java
+++ b/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java
@@ -18,13 +18,13 @@
package org.onap.dcaegen2.collectors.datafile.model.utils;
-import org.apache.http.HttpStatus;
+import org.springframework.http.HttpStatus;
-public final class HttpUtils implements HttpStatus {
+public final class HttpUtils {
private HttpUtils() {}
public static boolean isSuccessfulResponseCode(Integer statusCode) {
- return statusCode >= 200 && statusCode < 300;
+ return statusCode >= HttpStatus.OK.value() && statusCode < HttpStatus.MULTIPLE_CHOICES.value();
}
}
diff --git a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java
index 675589fb..062724e7 100644
--- a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java
+++ b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java
@@ -17,31 +17,15 @@
package org.onap.dcaegen2.collectors.datafile.model;
import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.StatusLine;
-import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
class CommonFunctionsTest {
// Given
private ConsumerDmaapModel model = new ConsumerDmaapModelForUnitTest();
private static final String EXPECTED_RESULT =
- "{\"location\":\"target/A20161224.1030-1045.bin.gz\",\"compression\":\"gzip\","
- + "\"fileFormatType\":\"org.3GPP.32.435#measCollec\",\"fileFormatVersion\":\"V10\"}";
-
- private static final HttpResponse httpResponseMock = mock(HttpResponse.class);
- private static final HttpEntity httpEntityMock = mock(HttpEntity.class);
- private static final StatusLine statusLineMock = mock(StatusLine.class);
-
- @BeforeAll
- static void setup() {
- when(httpResponseMock.getEntity()).thenReturn(httpEntityMock);
- when(httpResponseMock.getStatusLine()).thenReturn(statusLineMock);
- }
+ "{\"location\":\"target/A20161224.1030-1045.bin.gz\",\"compression\":\"gzip\","
+ + "\"fileFormatType\":\"org.3GPP.32.435#measCollec\",\"fileFormatVersion\":\"V10\"}";
@Test
void createJsonBody_shouldReturnJsonInString() {
diff --git a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java
index dcccd5f5..5b028973 100644
--- a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java
+++ b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java
@@ -21,8 +21,6 @@ import org.junit.jupiter.api.Test;
public class ConsumerDmaapModelTest {
- // Given
- private ConsumerDmaapModel consumerDmaapModel;
private static final String LOCATION = "target/A20161224.1030-1045.bin.gz";
private static final String COMPRESSION = "gzip";
private static final String FILE_FORMAT_TYPE = "org.3GPP.32.435#measCollec";
@@ -32,8 +30,9 @@ public class ConsumerDmaapModelTest {
public void consumerDmaapModelBuilder_shouldBuildAnObject() {
// When
- consumerDmaapModel = ImmutableConsumerDmaapModel.builder().location(LOCATION).compression(COMPRESSION)
- .fileFormatType(FILE_FORMAT_TYPE).fileFormatVersion(FILE_FORMAT_VERSION).build();
+ // Given
+ ConsumerDmaapModel consumerDmaapModel = ImmutableConsumerDmaapModel.builder().location(LOCATION).compression(COMPRESSION)
+ .fileFormatType(FILE_FORMAT_TYPE).fileFormatVersion(FILE_FORMAT_VERSION).build();
// Then
Assertions.assertNotNull(consumerDmaapModel);
diff --git a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java
index 83fe14a7..8effcbb8 100644
--- a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java
+++ b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java
@@ -21,7 +21,6 @@ package org.onap.dcaegen2.collectors.datafile.model.utils;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
-import org.apache.http.HttpStatus;
import org.junit.jupiter.api.Test;
@@ -29,11 +28,11 @@ public class HttpUtilsTest {
@Test
public void isSuccessfulResponseCode_shouldReturnTrue() {
- assertTrue(HttpUtils.isSuccessfulResponseCode(HttpUtils.SC_ACCEPTED));
+ assertTrue(HttpUtils.isSuccessfulResponseCode(202));
}
@Test
public void isSuccessfulResponseCode_shouldReturnFalse() {
- assertFalse(HttpUtils.isSuccessfulResponseCode(HttpStatus.SC_BAD_GATEWAY));
+ assertFalse(HttpUtils.isSuccessfulResponseCode(502));
}
}
diff --git a/datafile-dmaap-client/pom.xml b/datafile-dmaap-client/pom.xml
index d458eca3..96e0988c 100644
--- a/datafile-dmaap-client/pom.xml
+++ b/datafile-dmaap-client/pom.xml
@@ -49,11 +49,10 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webflux</artifactId>
- <scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-reactor-netty</artifactId>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
@@ -64,8 +63,10 @@
<artifactId>datafile-commons</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
-
- <!-- TEST DEPENDENCIES -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-reactor-netty</artifactId>
+ </dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
@@ -87,10 +88,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- </dependency>
- <dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
diff --git a/pom.xml b/pom.xml
index 190c62a9..42448f45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,6 +29,7 @@
<groupId>org.onap.dcaegen2.collectors</groupId>
<artifactId>datafile</artifactId>
<version>1.0.0-SNAPSHOT</version>
+
<name>dcaegen2-collectors.datafile</name>
<description>datafile collector</description>
<packaging>pom</packaging>
@@ -40,20 +41,14 @@
</license>
</licenses>
-
<properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-
- <!-- JAVA VERSION -->
<java.version>8</java.version>
- <compiler.plugin.version>3.7.0</compiler.plugin.version>
- <tomcat.version>8.5.28</tomcat.version>
+ <immutable.version>2.7.1</immutable.version>
+ <spring.version>5.0.5.RELEASE</spring.version>
<spring-boot.version>2.0.4.RELEASE</spring-boot.version>
+ <tomcat.version>8.5.32</tomcat.version>
<docker.maven.version>1.0.0</docker.maven.version>
<resource.maven.plugin.version>3.1.0</resource.maven.plugin.version>
- <!-- DEVELOPMENT SETTINGS -->
- <immutable.version>2.7.1</immutable.version>
<!-- LOGGING SETTINGS -->
<slf4j.version>1.7.25</slf4j.version>
@@ -138,8 +133,20 @@
<dependencyManagement>
<dependencies>
-
- <!-- DEVELOPMENT TOOLS DEPENDENCIES -->
+ <dependency>
+ <groupId>io.projectreactor</groupId>
+ <artifactId>reactor-bom</artifactId>
+ <version>Bismuth-SR10</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
<dependency>
<groupId>org.immutables</groupId>
<artifactId>value</artifactId>
@@ -152,16 +159,19 @@
<version>${immutable.version}</version>
</dependency>
<dependency>
- <groupId>io.projectreactor</groupId>
- <artifactId>reactor-bom</artifactId>
- <version>Bismuth-RELEASE</version>
- <type>pom</type>
- <scope>import</scope>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ <version>${spring.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
+ <version>${spring.version}</version>
</dependency>
<dependency>
- <groupId>com.spotify</groupId>
- <artifactId>docker-maven-plugin</artifactId>
- <version>${docker.maven.version}</version>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-webflux</artifactId>
+ <version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugins</groupId>
@@ -169,16 +179,6 @@
<version>${resource.maven.plugin.version}</version>
</dependency>
<dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
- <version>1.59</version>
- </dependency>
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <version>1.59</version>
- </dependency>
- <dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>3.1.0</version>
@@ -204,27 +204,6 @@
<version>1.3.2</version>
</dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-beans</artifactId>
- <version>5.0.5.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- <version>5.0.5.RELEASE</version>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-webflux</artifactId>
- <version>5.0.5.RELEASE</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-reactor-netty</artifactId>
- <version>2.0.4.RELEASE</version>
- </dependency>
- <dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat.version}</version>
@@ -240,7 +219,6 @@
<version>${tomcat.version}</version>
</dependency>
- <!-- LOGGING dependencies> -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
@@ -258,7 +236,6 @@
<version>1.7.25</version>
</dependency>
- <!-- TESTING TOOLS DEPENDENCIES -->
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
@@ -286,7 +263,7 @@
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
- <version>5.0.4.RELEASE</version>
+ <version>${spring.version}</version>
<scope>test</scope>
</dependency>
<dependency>