Security vulnerabilities identified in CLM scan

Mapper: security vulnerabilities identified in CLM scan Change-Id: I2b977e99e4ad6d1aae24e0d441da6002c28ab0ac Issue-ID: DCAEGEN2-769 Signed-off-by: amshegokar <AS00500801@techmahindra.com>
author: amshegokar <AS00500801@techmahindra.com> 2018-09-11 20:20:27 +0530
committer: amshegokar <AS00500801@techmahindra.com> 2018-09-11 20:20:27 +0530
commit: f67bc2db9676c54192a019852594a29f33816534 (patch)
tree: 2d69c0e8997c691d774ae9b97a3460b0cc29392e
parent: 1b2bb4255e73f7b2f98035724aa243b825b8162d (diff)
9 files changed, 94 insertions, 23 deletions
diff --git a/UniversalVesAdapter/.classpath b/UniversalVesAdapter/.classpath
index 6d7587a..c77b3a1 100644
--- a/UniversalVesAdapter/.classpath
+++ b/UniversalVesAdapter/.classpath
@@ -27,5 +27,16 @@
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
+	<classpathentry kind="src" output="target/classes" path="src/gen/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" path=".apt_generated">
+		<attributes>
+			<attribute name="optional" value="true"/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
diff --git a/UniversalVesAdapter/.project b/UniversalVesAdapter/.project
index 473a65c..1123cab 100644
--- a/UniversalVesAdapter/.project
+++ b/UniversalVesAdapter/.project
@@ -21,12 +21,23 @@
 			</arguments>
 		</buildCommand>
 		<buildCommand>
+			<name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.springframework.ide.eclipse.boot.validation.springbootbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
 			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
 	</buildSpec>
 	<natures>
+		<nature>net.sf.eclipsecs.core.CheckstyleNature</nature>
 		<nature>org.springframework.ide.eclipse.core.springnature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
diff --git a/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs b/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs
index 714351a..78b2bfc 100644
--- a/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs
+++ b/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs
@@ -2,4 +2,5 @@ eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.processAnnotations=enabled
 org.eclipse.jdt.core.compiler.source=1.8
diff --git a/UniversalVesAdapter/pom.xml b/UniversalVesAdapter/pom.xml
index cd5e489..1342ec3 100644
--- a/UniversalVesAdapter/pom.xml
+++ b/UniversalVesAdapter/pom.xml
@@ -84,7 +84,7 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<version>2.0.3.RELEASE</version>
+			<version>2.0.4.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -95,9 +95,13 @@
 		<dependency>
 			<groupId>org.springframework.data</groupId>
 			<artifactId>spring-data-commons</artifactId>
-			<version>2.0.6.RELEASE</version>
+			<version>2.0.8.RELEASE</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.codehaus.groovy</groupId>
+		    <artifactId>groovy-all</artifactId>
+		    <version>2.4.14</version>
 		</dependency>
-
 		<dependency>
 			<groupId>com.jayway.jsonpath</groupId>
 			<artifactId>json-path</artifactId>
@@ -108,7 +112,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.9.5</version>
+			<version>2.9.6</version>
 		</dependency>
 
 
@@ -130,7 +134,7 @@
 		<dependency>
 			<groupId>xerces</groupId>
 			<artifactId>xercesImpl</artifactId>
-			<version>2.11.0-atlassian-01</version>
+			<version>2.12.0</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream -->
diff --git a/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java b/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java
index f92511e..ca1bcc9 100644
--- a/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java
+++ b/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java
@@ -79,11 +79,40 @@ public class VESAdapterInitializer implements CommandLineRunner, Ordered {
 
 		} else {
 		
-		 
-
 			LOGGER.info(">>>Static configuration to be used");
-			
+			final String url = "http://localhost:8085/start";
+			final String USER_AGENT = "Mozilla/5.0";
+
+			try {
+				URL obj = new URL(url);
+				HttpURLConnection httpURLConnection = (HttpURLConnection) obj.openConnection();
+
+				// optional default is GET
+				httpURLConnection.setRequestMethod("GET");
+
+				// add request header
+				httpURLConnection.setRequestProperty("User-Agent", USER_AGENT);
 
+				int responseCode = httpURLConnection.getResponseCode();
+				LOGGER.info("Sending 'GET' request to URL : " + url);
+				LOGGER.info("Response Code : " + responseCode);
+				BufferedReader in = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
+				String inputLine;
+				StringBuffer response = new StringBuffer();
+
+				while ((inputLine = in.readLine()) != null) {
+					response.append(inputLine);
+				}
+				in.close();
+
+				// print result
+				LOGGER.info("The result is :" + response.toString());
+
+			} catch (Exception e) {
+				LOGGER.error("Error occured due to :" + e.getMessage());
+				e.printStackTrace();
+			}
+			
 		}
 
 	}
diff --git a/UniversalVesAdapter/src/main/resources/application.properties b/UniversalVesAdapter/src/main/resources/application.properties
index c2dec51..c940da4 100644
--- a/UniversalVesAdapter/src/main/resources/application.properties
+++ b/UniversalVesAdapter/src/main/resources/application.properties
@@ -8,11 +8,11 @@ mapperConfig.file=../UniversalVesAdapter/src/main/resources/MapperConfig.json
 dmaap.mr_props=DMaapMR.properties
 
 #DEV Machine DB Details
-spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
-spring.datasource.username=postgres
-spring.datasource.password=root
+#spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
+#spring.datasource.username=postgres
+#spring.datasource.password=root
 
 #Lab Details
-#spring.datasource.url=jdbc:postgresql://10.53.172.129:5432/dummy
-#spring.datasource.username=ngpuser
-#spring.datasource.password=root
-\ No newline at end of file
+spring.datasource.url=jdbc:postgresql://10.53.172.129:5432/dummy
+spring.datasource.username=ngpuser
+spring.datasource.password=root
+\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index f2c805f..7342310 100644
--- a/pom.xml
+++ b/pom.xml
@@ -67,7 +67,7 @@
 
         <json.path.version>2.2.0</json.path.version>
         <quartz.version>2.2.0</quartz.version>
-        <httpclient.version>4.5.2</httpclient.version>
+        <httpclient.version>4.5.6</httpclient.version>
         <commons.lang3.version>3.5</commons.lang3.version>
 
         <docker.maven.version>1.0.0</docker.maven.version>
diff --git a/snmpmapper/pom.xml b/snmpmapper/pom.xml
index 4306ae3..0180e6a 100644
--- a/snmpmapper/pom.xml
+++ b/snmpmapper/pom.xml
@@ -25,20 +25,20 @@
 
 	<dependencies>
 	<dependency>
-    <groupId>org.springframework.webflow</groupId>
-    <artifactId>spring-webflow</artifactId>
-    <version>2.5.0.RELEASE</version>
-</dependency>
+    	<groupId>org.springframework.webflow</groupId>
+    	<artifactId>spring-webflow</artifactId>
+    	<version>2.5.0.RELEASE</version>
+	</dependency>
 	
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
-			<version>2.0.3.RELEASE</version>
+			<version>2.0.4.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<version>2.0.3.RELEASE</version>
+			<version>2.0.4.RELEASE</version>
 		</dependency>
 
 		<dependency>
@@ -53,6 +53,16 @@
 			<version>2.0.3.RELEASE</version>
 		</dependency>
 		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-core</artifactId>
+			<version>5.0.5.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-expression</artifactId>
+			<version>5.0.9.RELEASE</version>
+		</dependency>
+		<dependency>
 			<groupId>org.postgresql</groupId>
 			<artifactId>postgresql</artifactId>
 			<scope>runtime</scope>
diff --git a/snmpmapper/src/main/resources/application.properties b/snmpmapper/src/main/resources/application.properties
index cf4f33c..2121542 100644
--- a/snmpmapper/src/main/resources/application.properties
+++ b/snmpmapper/src/main/resources/application.properties
@@ -1,7 +1,12 @@
 server.port=9090
-spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
-spring.datasource.username=postgres
+#spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
+#spring.datasource.username=postgres
+#spring.datasource.password=root
+
+spring.datasource.url=jdbc:postgresql://10.53.172.129:5432/dummy
+spring.datasource.username=ngpuser
 spring.datasource.password=root
+
 spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
 spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults=false
 spring.servlet.multipart.enabled=true
author	amshegokar <AS00500801@techmahindra.com>	2018-09-11 20:20:27 +0530
committer	amshegokar <AS00500801@techmahindra.com>	2018-09-11 20:20:27 +0530
commit	f67bc2db9676c54192a019852594a29f33816534 (patch)
tree	2d69c0e8997c691d774ae9b97a3460b0cc29392e
parent	1b2bb4255e73f7b2f98035724aa243b825b8162d (diff)