summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwasala <przemyslaw.wasala@nokia.com>2018-04-17 12:25:54 +0200
committerwasala <przemyslaw.wasala@nokia.com>2018-04-17 12:25:54 +0200
commitb196f93758edabf10174da160e8b74e7eec8ef72 (patch)
treef1b7dba8b49d4ea15f07eeb577545ace76a4e7fb
parent58a67d37441b8af808b792418e07448e30556bbd (diff)
Fixed the rest of the Security Issues
*Introduce Gson Against Jackson library *Delete posix library with strong copyleft licenses Change-Id: I37ec6a359912481d1546293a8a8aeeedd6c907e2 Issue-ID: DCAEGEN2-426 Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
-rw-r--r--pom.xml15
-rw-r--r--prh-aai-client/pom.xml8
-rw-r--r--prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java6
-rw-r--r--prh-app-server/pom.xml26
-rw-r--r--prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java3
-rw-r--r--prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java78
-rw-r--r--prh-dmaap-client/pom.xml4
-rw-r--r--prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java4
-rw-r--r--prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java6
9 files changed, 81 insertions, 69 deletions
diff --git a/pom.xml b/pom.xml
index ccaa9888..8c652d46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -405,6 +405,11 @@
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>org.immutables</groupId>
+ <artifactId>gson</artifactId>
+ <version>${immutable.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>${docker.maven.version}</version>
@@ -425,11 +430,6 @@
<version>3.1.0</version>
</dependency>
<dependency>
- <groupId>com.github.jnr</groupId>
- <artifactId>jnr-posix</artifactId>
- <version>3.0.44</version>
- </dependency>
- <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.4</version>
@@ -455,11 +455,6 @@
<version>5.0.5.RELEASE</version>
</dependency>
<dependency>
- <groupId>com.fasterxml.jackson.datatype</groupId>
- <artifactId>jackson-datatype-jdk8</artifactId>
- <version>2.9.5</version>
- </dependency>
- <dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>${tomcat.version}</version>
diff --git a/prh-aai-client/pom.xml b/prh-aai-client/pom.xml
index 390e053e..49f0dcec 100644
--- a/prh-aai-client/pom.xml
+++ b/prh-aai-client/pom.xml
@@ -47,6 +47,10 @@
<artifactId>value</artifactId>
</dependency>
<dependency>
+ <groupId>org.immutables</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
@@ -66,10 +70,6 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.datatype</groupId>
- <artifactId>jackson-datatype-jdk8</artifactId>
- </dependency>
<!-- LOGGING DEPENDENCIES-->
<dependency>
diff --git a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java
index 4b17b4b6..f9cbeb19 100644
--- a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java
+++ b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/config/AAIHttpClientConfiguration.java
@@ -20,16 +20,16 @@
package org.onap.dcaegen2.services.config;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import org.immutables.value.Value;
import java.io.Serializable;
+import org.immutables.gson.Gson;
+import org.immutables.value.Value;
import org.springframework.stereotype.Component;
@Component
@Value.Immutable(prehash = true)
@Value.Style(builder = "new")
-@JsonDeserialize(builder = ImmutableAAIHttpClientConfiguration.Builder.class)
+@Gson.TypeAdapters
public abstract class AAIHttpClientConfiguration implements Serializable {
private static final long serialVersionUID = 1L;
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml
index 1b5ed131..e5f2c8c4 100644
--- a/prh-app-server/pom.xml
+++ b/prh-app-server/pom.xml
@@ -107,10 +107,22 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>jackson-databind</artifactId>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>jackson-databind</artifactId>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.spotify</groupId>
@@ -129,14 +141,6 @@
<artifactId>plexus-utils</artifactId>
</dependency>
<dependency>
- <groupId>com.github.jnr</groupId>
- <artifactId>jnr-posix</artifactId>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.datatype</groupId>
- <artifactId>jackson-datatype-jdk8</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
</dependency>
@@ -223,6 +227,12 @@
<version>2.0.1.RELEASE</version>
<type>pom</type>
<scope>import</scope>
+ <exclusions>
+ <exclusion>
+ <artifactId>jackson-databind</artifactId>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java
index 2671669a..fd864483 100644
--- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java
+++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java
@@ -20,7 +20,9 @@
package org.onap.dcaegen2.services.prh;
import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
@@ -35,6 +37,7 @@ import org.springframework.scheduling.concurrent.ConcurrentTaskScheduler;
@Configuration
@ComponentScan
@EnableScheduling
+@EnableAutoConfiguration(exclude = {JacksonAutoConfiguration.class})
public class MainApp {
public static void main(String[] args) {
diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java
index 37b17f61..6f077a36 100644
--- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java
+++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java
@@ -19,28 +19,29 @@
*/
package org.onap.dcaegen2.services.prh.configuration;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.node.NullNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
-import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
+import static org.apache.tomcat.util.file.ConfigFileLoader.getInputStream;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonSyntaxException;
+import com.google.gson.TypeAdapterFactory;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.io.InputStreamReader;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
-import java.util.Optional;
+import java.util.ServiceLoader;
import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
import org.onap.dcaegen2.services.config.AAIHttpClientConfiguration;
import org.onap.dcaegen2.services.config.DmaapConsumerConfiguration;
import org.onap.dcaegen2.services.config.DmaapPublisherConfiguration;
-import org.onap.dcaegen2.services.config.ImmutableAAIHttpClientConfiguration;
-import org.onap.dcaegen2.services.config.ImmutableDmaapConsumerConfiguration;
-import org.onap.dcaegen2.services.config.ImmutableDmaapPublisherConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -76,49 +77,54 @@ public class PrhAppConfig implements AppConfig {
public void initFileStreamReader() {
- ObjectMapper jsonObjectMapper = new ObjectMapper().registerModule(new Jdk8Module());
- JsonNode jsonNode;
+ GsonBuilder gsonBuilder = new GsonBuilder();
+ ServiceLoader.load(TypeAdapterFactory.class).forEach(gsonBuilder::registerTypeAdapterFactory);
+ JsonParser parser = new JsonParser();
+ JsonObject jsonObject;
try (InputStream inputStream = getInputStream(filepath)) {
- ObjectNode root = (ObjectNode) jsonObjectMapper.readTree(inputStream);
- jsonNode = Optional.ofNullable(root.get(CONFIG).get(AAI).get(AAI_CONFIG)).orElse(NullNode.getInstance());
- aaiHttpClientConfiguration = jsonObjectMapper
- .treeToValue(jsonNode, ImmutableAAIHttpClientConfiguration.class);
- jsonNode = Optional.ofNullable(root.get(CONFIG).get(DMAAP).get(DMAAP_CONSUMER))
- .orElse(NullNode.getInstance());
- dmaapConsumerConfiguration = jsonObjectMapper
- .treeToValue(jsonNode, ImmutableDmaapConsumerConfiguration.class);
- jsonNode = Optional.ofNullable(root.get(CONFIG).get(DMAAP).get(DMAAP_PRODUCER))
- .orElse(NullNode.getInstance());
- dmaapPublisherConfiguration = jsonObjectMapper
- .treeToValue(jsonNode, ImmutableDmaapPublisherConfiguration.class);
+ JsonElement rootElement = parser.parse(new InputStreamReader(inputStream));
+ if (rootElement.isJsonObject()) {
+ jsonObject = rootElement.getAsJsonObject();
+ aaiHttpClientConfiguration = deserializeType(gsonBuilder,
+ jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(AAI).getAsJsonObject(AAI_CONFIG),
+ AAIHttpClientConfiguration.class);
+
+ dmaapConsumerConfiguration = deserializeType(gsonBuilder,
+ jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_CONSUMER),
+ DmaapConsumerConfiguration.class);
+
+ dmaapPublisherConfiguration = deserializeType(gsonBuilder,
+ jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_PRODUCER),
+ DmaapPublisherConfiguration.class);
+ }
+
} catch (FileNotFoundException e) {
logger
.error(
"Configuration PrhAppConfig initFileStreamReader()::FileNotFoundException :: Execution Time - {}:{}",
dateTimeFormatter.format(
LocalDateTime.now()), e);
- } catch (JsonParseException e) {
- logger
- .error(
- "Configuration PrhAppConfig initFileStreamReader()::JsonParseException :: Execution Time - {}:{}",
- dateTimeFormatter.format(
- LocalDateTime.now()), e);
- } catch (JsonMappingException e) {
+ } catch (IOException e) {
logger
.error(
- "Configuration PrhAppConfig initFileStreamReader()::JsonMappingException :: Execution Time - {}:{}",
+ "Configuration PrhAppConfig initFileStreamReader()::IOException :: Execution Time - {}:{}",
dateTimeFormatter.format(
LocalDateTime.now()), e);
- } catch (IOException e) {
+ } catch (JsonSyntaxException e) {
logger
.error(
- "Configuration PrhAppConfig initFileStreamReader()::IOException :: Execution Time - {}:{}",
+ "Configuration PrhAppConfig initFileStreamReader()::JsonSyntaxException :: Execution Time - {}:{}",
dateTimeFormatter.format(
LocalDateTime.now()), e);
}
}
- InputStream getInputStream(String filepath) throws FileNotFoundException {
+ private <T> T deserializeType(@NotNull GsonBuilder gsonBuilder, @NotNull JsonObject jsonObject,
+ @NotNull Class<T> type) {
+ return gsonBuilder.create().fromJson(jsonObject, type);
+ }
+
+ InputStream getInputStream(@NotNull String filepath) throws FileNotFoundException {
return new BufferedInputStream(new FileInputStream(filepath));
}
diff --git a/prh-dmaap-client/pom.xml b/prh-dmaap-client/pom.xml
index 4d93831b..63543740 100644
--- a/prh-dmaap-client/pom.xml
+++ b/prh-dmaap-client/pom.xml
@@ -45,8 +45,8 @@
<artifactId>value</artifactId>
</dependency>
<dependency>
- <groupId>com.fasterxml.jackson.datatype</groupId>
- <artifactId>jackson-datatype-jdk8</artifactId>
+ <groupId>org.immutables</groupId>
+ <artifactId>gson</artifactId>
</dependency>
<!-- LOGGING DEPENDENCIES -->
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java
index 9b322c9c..de24caec 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapConsumerConfiguration.java
@@ -19,7 +19,7 @@
*/
package org.onap.dcaegen2.services.config;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.immutables.gson.Gson;
import org.immutables.value.Value;
import org.springframework.stereotype.Component;
@@ -29,7 +29,7 @@ import org.springframework.stereotype.Component;
@Component
@Value.Immutable(prehash = true)
@Value.Style(builder = "new")
-@JsonDeserialize(builder = ImmutableDmaapConsumerConfiguration.Builder.class)
+@Gson.TypeAdapters
public abstract class DmaapConsumerConfiguration implements DmaapCustomConfig {
private static final long serialVersionUID = 1L;
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java
index 6607853e..50a79dd6 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/config/DmaapPublisherConfiguration.java
@@ -19,7 +19,7 @@
*/
package org.onap.dcaegen2.services.config;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.immutables.gson.Gson;
import org.immutables.value.Value;
import org.springframework.stereotype.Component;
@@ -29,7 +29,7 @@ import org.springframework.stereotype.Component;
@Component
@Value.Immutable(prehash = true)
@Value.Style(builder = "new")
-@JsonDeserialize(builder = ImmutableDmaapPublisherConfiguration.Builder.class)
+@Gson.TypeAdapters
public abstract class DmaapPublisherConfiguration implements DmaapCustomConfig {
private static final long serialVersionUID = 1L;
@@ -42,6 +42,4 @@ public abstract class DmaapPublisherConfiguration implements DmaapCustomConfig {
public static DmaapPublisherConfiguration.Builder builder() {
return ImmutableDmaapPublisherConfiguration.builder();
}
-
-
}