diff options
author | wasala <przemyslaw.wasala@nokia.com> | 2018-04-17 12:25:54 +0200 |
---|---|---|
committer | wasala <przemyslaw.wasala@nokia.com> | 2018-04-17 12:25:54 +0200 |
commit | b196f93758edabf10174da160e8b74e7eec8ef72 (patch) | |
tree | f1b7dba8b49d4ea15f07eeb577545ace76a4e7fb | |
parent | 58a67d37441b8af808b792418e07448e30556bbd (diff) |
Fixed the rest of the Security Issues
*Introduce Gson Against Jackson library
*Delete posix library with strong copyleft licenses
Change-Id: I37ec6a359912481d1546293a8a8aeeedd6c907e2
Issue-ID: DCAEGEN2-426
Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
9 files changed, 81 insertions, 69 deletions
@@ -405,6 +405,11 @@ <scope>provided</scope> </dependency> <dependency> + <groupId>org.immutables</groupId> + <artifactId>gson</artifactId> + <version>${immutable.version}</version> + </dependency> + <dependency> <groupId>com.spotify</groupId> <artifactId>docker-maven-plugin</artifactId> <version>${docker.maven.version}</version> @@ -425,11 +430,6 @@ <version>3.1.0</version> </dependency> <dependency> - <groupId>com.github.jnr</groupId> - <artifactId>jnr-posix</artifactId> - <version>3.0.44</version> - </dependency> - <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.4</version> @@ -455,11 +455,6 @@ <version>5.0.5.RELEASE</version> </dependency> <dependency> - <groupId>com.fasterxml.jackson.datatype</groupId> - <artifactId>jackson-datatype-jdk8</artifactId> - <version>2.9.5</version> - </dependency> - <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-core</artifactId> <version>${tomcat.version}</version> diff --git a/prh-aai-client/pom.xml b/prh-aai-client/pom.xml index 390e053e..49f0dcec 100644 --- a/prh-aai-client/pom.xml +++ b/prh-aai-client/pom.xml @@ -47,6 +47,10 @@ <artifactId>value</artifactId> </dependency> <dependency> + <groupId>org.immutables</groupId> + <artifactId>gson</artifactId> + </dependency> + <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> </dependency> @@ -66,10 +70,6 @@ <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> </dependency> - <dependency> - <groupId>com.fasterxml.jackson.datatype</groupId> - <artifactId>jackson-datatype-jdk8</artifactId> - </dependency> <!-- LOGGING DEPENDENCIES--> <dependency> diff --git a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java index 4b17b4b6..f9cbeb19 100644 --- a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java +++ b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java @@ -20,16 +20,16 @@ package org.onap.dcaegen2.services.config; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import org.immutables.value.Value; import java.io.Serializable; +import org.immutables.gson.Gson; +import org.immutables.value.Value; import org.springframework.stereotype.Component; @Component @Value.Immutable(prehash = true) @Value.Style(builder = "new") -@JsonDeserialize(builder = ImmutableAAIHttpClientConfiguration.Builder.class) +@Gson.TypeAdapters public abstract class AAIHttpClientConfiguration implements Serializable { private static final long serialVersionUID = 1L; diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml index 1b5ed131..e5f2c8c4 100644 --- a/prh-app-server/pom.xml +++ b/prh-app-server/pom.xml @@ -107,10 +107,22 @@ <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> + <exclusions> + <exclusion> + <artifactId>jackson-databind</artifactId> + <groupId>com.fasterxml.jackson.core</groupId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-webflux</artifactId> + <exclusions> + <exclusion> + <artifactId>jackson-databind</artifactId> + <groupId>com.fasterxml.jackson.core</groupId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.spotify</groupId> @@ -129,14 +141,6 @@ <artifactId>plexus-utils</artifactId> </dependency> <dependency> - <groupId>com.github.jnr</groupId> - <artifactId>jnr-posix</artifactId> - </dependency> - <dependency> - <groupId>com.fasterxml.jackson.datatype</groupId> - <artifactId>jackson-datatype-jdk8</artifactId> - </dependency> - <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-core</artifactId> </dependency> @@ -223,6 +227,12 @@ <version>2.0.1.RELEASE</version> <type>pom</type> <scope>import</scope> + <exclusions> + <exclusion> + <artifactId>jackson-databind</artifactId> + <groupId>com.fasterxml.jackson.core</groupId> + </exclusion> + </exclusions> </dependency> </dependencies> </dependencyManagement> diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java index 2671669a..fd864483 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java @@ -20,7 +20,9 @@ package org.onap.dcaegen2.services.prh; import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; @@ -35,6 +37,7 @@ import org.springframework.scheduling.concurrent.ConcurrentTaskScheduler; @Configuration @ComponentScan @EnableScheduling +@EnableAutoConfiguration(exclude = {JacksonAutoConfiguration.class}) public class MainApp { public static void main(String[] args) { diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java index 37b17f61..6f077a36 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java @@ -19,28 +19,29 @@ */ package org.onap.dcaegen2.services.prh.configuration; -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.NullNode; -import com.fasterxml.jackson.databind.node.ObjectNode; -import com.fasterxml.jackson.datatype.jdk8.Jdk8Module; +import static org.apache.tomcat.util.file.ConfigFileLoader.getInputStream; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; +import com.google.gson.TypeAdapterFactory; import java.io.BufferedInputStream; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; -import java.util.Optional; +import java.util.ServiceLoader; import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; import org.onap.dcaegen2.services.config.AAIHttpClientConfiguration; import org.onap.dcaegen2.services.config.DmaapConsumerConfiguration; import org.onap.dcaegen2.services.config.DmaapPublisherConfiguration; -import org.onap.dcaegen2.services.config.ImmutableAAIHttpClientConfiguration; -import org.onap.dcaegen2.services.config.ImmutableDmaapConsumerConfiguration; -import org.onap.dcaegen2.services.config.ImmutableDmaapPublisherConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.context.properties.ConfigurationProperties; @@ -76,49 +77,54 @@ public class PrhAppConfig implements AppConfig { public void initFileStreamReader() { - ObjectMapper jsonObjectMapper = new ObjectMapper().registerModule(new Jdk8Module()); - JsonNode jsonNode; + GsonBuilder gsonBuilder = new GsonBuilder(); + ServiceLoader.load(TypeAdapterFactory.class).forEach(gsonBuilder::registerTypeAdapterFactory); + JsonParser parser = new JsonParser(); + JsonObject jsonObject; try (InputStream inputStream = getInputStream(filepath)) { - ObjectNode root = (ObjectNode) jsonObjectMapper.readTree(inputStream); - jsonNode = Optional.ofNullable(root.get(CONFIG).get(AAI).get(AAI_CONFIG)).orElse(NullNode.getInstance()); - aaiHttpClientConfiguration = jsonObjectMapper - .treeToValue(jsonNode, ImmutableAAIHttpClientConfiguration.class); - jsonNode = Optional.ofNullable(root.get(CONFIG).get(DMAAP).get(DMAAP_CONSUMER)) - .orElse(NullNode.getInstance()); - dmaapConsumerConfiguration = jsonObjectMapper - .treeToValue(jsonNode, ImmutableDmaapConsumerConfiguration.class); - jsonNode = Optional.ofNullable(root.get(CONFIG).get(DMAAP).get(DMAAP_PRODUCER)) - .orElse(NullNode.getInstance()); - dmaapPublisherConfiguration = jsonObjectMapper - .treeToValue(jsonNode, ImmutableDmaapPublisherConfiguration.class); + JsonElement rootElement = parser.parse(new InputStreamReader(inputStream)); + if (rootElement.isJsonObject()) { + jsonObject = rootElement.getAsJsonObject(); + aaiHttpClientConfiguration = deserializeType(gsonBuilder, + jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(AAI).getAsJsonObject(AAI_CONFIG), + AAIHttpClientConfiguration.class); + + dmaapConsumerConfiguration = deserializeType(gsonBuilder, + jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_CONSUMER), + DmaapConsumerConfiguration.class); + + dmaapPublisherConfiguration = deserializeType(gsonBuilder, + jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_PRODUCER), + DmaapPublisherConfiguration.class); + } + } catch (FileNotFoundException e) { logger .error( "Configuration PrhAppConfig initFileStreamReader()::FileNotFoundException :: Execution Time - {}:{}", dateTimeFormatter.format( LocalDateTime.now()), e); - } catch (JsonParseException e) { - logger - .error( - "Configuration PrhAppConfig initFileStreamReader()::JsonParseException :: Execution Time - {}:{}", - dateTimeFormatter.format( - LocalDateTime.now()), e); - } catch (JsonMappingException e) { + } catch (IOException e) { logger .error( - "Configuration PrhAppConfig initFileStreamReader()::JsonMappingException :: Execution Time - {}:{}", + "Configuration PrhAppConfig initFileStreamReader()::IOException :: Execution Time - {}:{}", dateTimeFormatter.format( LocalDateTime.now()), e); - } catch (IOException e) { + } catch (JsonSyntaxException e) { logger .error( - "Configuration PrhAppConfig initFileStreamReader()::IOException :: Execution Time - {}:{}", + "Configuration PrhAppConfig initFileStreamReader()::JsonSyntaxException :: Execution Time - {}:{}", dateTimeFormatter.format( LocalDateTime.now()), e); } } - InputStream getInputStream(String filepath) throws FileNotFoundException { + private <T> T deserializeType(@NotNull GsonBuilder gsonBuilder, @NotNull JsonObject jsonObject, + @NotNull Class<T> type) { + return gsonBuilder.create().fromJson(jsonObject, type); + } + + InputStream getInputStream(@NotNull String filepath) throws FileNotFoundException { return new BufferedInputStream(new FileInputStream(filepath)); } diff --git a/prh-dmaap-client/pom.xml b/prh-dmaap-client/pom.xml index 4d93831b..63543740 100644 --- a/prh-dmaap-client/pom.xml +++ b/prh-dmaap-client/pom.xml @@ -45,8 +45,8 @@ <artifactId>value</artifactId> </dependency> <dependency> - <groupId>com.fasterxml.jackson.datatype</groupId> - <artifactId>jackson-datatype-jdk8</artifactId> + <groupId>org.immutables</groupId> + <artifactId>gson</artifactId> </dependency> <!-- LOGGING DEPENDENCIES --> diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java index 9b322c9c..de24caec 100644 --- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java +++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java @@ -19,7 +19,7 @@ */ package org.onap.dcaegen2.services.config; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.immutables.gson.Gson; import org.immutables.value.Value; import org.springframework.stereotype.Component; @@ -29,7 +29,7 @@ import org.springframework.stereotype.Component; @Component @Value.Immutable(prehash = true) @Value.Style(builder = "new") -@JsonDeserialize(builder = ImmutableDmaapConsumerConfiguration.Builder.class) +@Gson.TypeAdapters public abstract class DmaapConsumerConfiguration implements DmaapCustomConfig { private static final long serialVersionUID = 1L; diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java index 6607853e..50a79dd6 100644 --- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java +++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java @@ -19,7 +19,7 @@ */ package org.onap.dcaegen2.services.config; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.immutables.gson.Gson; import org.immutables.value.Value; import org.springframework.stereotype.Component; @@ -29,7 +29,7 @@ import org.springframework.stereotype.Component; @Component @Value.Immutable(prehash = true) @Value.Style(builder = "new") -@JsonDeserialize(builder = ImmutableDmaapPublisherConfiguration.Builder.class) +@Gson.TypeAdapters public abstract class DmaapPublisherConfiguration implements DmaapCustomConfig { private static final long serialVersionUID = 1L; @@ -42,6 +42,4 @@ public abstract class DmaapPublisherConfiguration implements DmaapCustomConfig { public static DmaapPublisherConfiguration.Builder builder() { return ImmutableDmaapPublisherConfiguration.builder(); } - - } |