summaryrefslogtreecommitdiffstats
path: root/prh-app-server
diff options
context:
space:
mode:
authorTony Hansen <tony@att.com>2018-09-11 21:08:32 +0000
committerGerrit Code Review <gerrit@onap.org>2018-09-11 21:08:32 +0000
commit3cc41a9deb1aa19961670c5bd3a8cbad4d362d3b (patch)
tree418fc5ff93c6a21e1f154c525a125b637edd218b /prh-app-server
parentc055a50794e3933df9910514a58e4ff37ce19607 (diff)
parent4a1457c84c5f3a68ccdfb3e348996e14ccea89e8 (diff)
Merge "PRH:security vulnerabilities fix"
Diffstat (limited to 'prh-app-server')
-rw-r--r--prh-app-server/pom.xml19
-rw-r--r--prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java2
-rw-r--r--prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java36
-rw-r--r--prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java23
-rw-r--r--prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java21
-rw-r--r--prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java4
6 files changed, 42 insertions, 63 deletions
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml
index b04c06b9..f663227c 100644
--- a/prh-app-server/pom.xml
+++ b/prh-app-server/pom.xml
@@ -130,6 +130,12 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@@ -149,10 +155,6 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
- </dependency>
- <dependency>
- <groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
</dependency>
<dependency>
@@ -222,11 +224,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-test</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
@@ -241,6 +238,10 @@
<artifactId>testng</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.assertj</groupId>
+ <artifactId>assertj-core</artifactId>
+ </dependency>
<dependency>
<groupId>io.springfox</groupId>
diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java
index 8b3cdcd9..3967dc0a 100644
--- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java
+++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java
@@ -48,7 +48,7 @@ public class MainApp {
}
@Bean
- Map<String, String> mdcContextMap(){
+ Map<String, String> mdcContextMap() {
MDC.put(REQUEST_ID, "SampleRequestID");
MDC.put(INVOCATION_ID, UUID.randomUUID().toString());
return MDC.getCopyOfContextMap();
diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java
index c80ecfaf..38b060e9 100644
--- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java
+++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java
@@ -22,12 +22,11 @@ package org.onap.dcaegen2.services.prh.service;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
-import java.net.URISyntaxException;
-import org.apache.http.client.utils.URIBuilder;
import org.onap.dcaegen2.services.prh.model.EnvProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
+import org.springframework.web.util.DefaultUriBuilderFactory;
import reactor.core.publisher.Mono;
@@ -57,16 +56,12 @@ public class PrhConfigurationProvider {
private Mono<String> callConsulForConfigBindingServiceEndpoint(EnvProperties envProperties) {
LOGGER.info("Retrieving Config Binding Service endpoint from Consul");
- try {
- return httpGetClient.callHttpGet(getConsulUrl(envProperties), JsonArray.class)
- .flatMap(jsonArray -> this.createConfigBindingServiceUrl(jsonArray, envProperties.appName()));
- } catch (URISyntaxException e) {
- LOGGER.warn("Malformed Consul uri", e);
- return Mono.error(e);
- }
+ return httpGetClient.callHttpGet(getConsulUrl(envProperties), JsonArray.class)
+ .flatMap(jsonArray -> this.createConfigBindingServiceUrl(jsonArray, envProperties.appName()));
+
}
- private String getConsulUrl(EnvProperties envProperties) throws URISyntaxException {
+ private String getConsulUrl(EnvProperties envProperties) {
return getUri(envProperties.consulHost(), envProperties.consulPort(), "/v1/catalog/service",
envProperties.cbsName());
}
@@ -83,13 +78,8 @@ public class PrhConfigurationProvider {
}
private Mono<String> buildConfigBindingServiceUrl(JsonObject jsonObject, String appName) {
- try {
- return Mono.just(getUri(jsonObject.get("ServiceAddress").getAsString(),
- jsonObject.get("ServicePort").getAsInt(), "/service_component", appName));
- } catch (URISyntaxException e) {
- LOGGER.warn("Malformed Config Binding Service uri", e);
- return Mono.error(e);
- }
+ return Mono.just(getUri(jsonObject.get("ServiceAddress").getAsString(),
+ jsonObject.get("ServicePort").getAsInt(), "/service_component", appName));
}
private Mono<JsonObject> getConfigBindingObject(JsonArray jsonArray) {
@@ -105,12 +95,12 @@ public class PrhConfigurationProvider {
}
}
- private String getUri(String host, Integer port, String... paths) throws URISyntaxException {
- return new URIBuilder()
- .setScheme("http")
- .setHost(host)
- .setPort(port)
- .setPath(String.join("/", paths))
+ private String getUri(String host, Integer port, String... paths) {
+ return new DefaultUriBuilderFactory().builder()
+ .scheme("http")
+ .host(host)
+ .port(port)
+ .path(String.join("/", paths))
.build().toString();
}
}
diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java
index 20fbc6bf..ab789a00 100644
--- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java
+++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java
@@ -21,8 +21,6 @@
package org.onap.dcaegen2.services.prh.service;
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
@@ -34,6 +32,8 @@ import com.google.gson.JsonSyntaxException;
import org.junit.jupiter.api.Test;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
+
class HttpGetClientTest {
private static final String SOMEURL = "http://someurl";
@@ -50,12 +50,9 @@ class HttpGetClientTest {
HttpGetClient httpGetClient = new HttpGetClient(webClient);
when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just(DATA));
- //when
- Mono<JsonObject> jsonObjectMono = httpGetClient.callHttpGet(SOMEURL, JsonObject.class);
-
- //then
- assertThat(jsonObjectMono).isNotNull();
- assertThat(jsonObjectMono.block()).isEqualTo(gson.fromJson(DATA, JsonObject.class));
+ //when/then
+ StepVerifier.create(httpGetClient.callHttpGet(SOMEURL, JsonObject.class)).expectSubscription()
+ .expectNext(gson.fromJson(DATA, JsonObject.class)).verifyComplete();
}
@Test
@@ -65,16 +62,12 @@ class HttpGetClientTest {
HttpGetClient httpGetClient = new HttpGetClient(webClient);
when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just("some wrong data"));
- //when
- Mono<JsonObject> jsonObjectMono = httpGetClient.callHttpGet(SOMEURL, JsonObject.class);
-
- //then
- assertThat(jsonObjectMono).isNotNull();
- assertThrows(JsonSyntaxException.class, jsonObjectMono::block);
+ //when/then
+ StepVerifier.create(httpGetClient.callHttpGet(SOMEURL, JsonObject.class)).expectSubscription()
+ .expectError(JsonSyntaxException.class).verify();
}
-
private void mockWebClientDependantObject() {
doReturn(requestBodyUriSpec).when(webClient).get();
when(requestBodyUriSpec.uri(SOMEURL)).thenReturn(requestBodyUriSpec);
diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java
index 7b305222..e99389f5 100644
--- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java
+++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java
@@ -20,18 +20,17 @@
package org.onap.dcaegen2.services.prh.service;
-import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
-import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.onap.dcaegen2.services.prh.model.EnvProperties;
import org.onap.dcaegen2.services.prh.model.ImmutableEnvProperties;
import reactor.core.publisher.Mono;
+import reactor.test.StepVerifier;
class PrhConfigurationProviderTest {
@@ -72,12 +71,9 @@ class PrhConfigurationProviderTest {
PrhConfigurationProvider provider = new PrhConfigurationProvider(webClient);
- // when
- Mono<JsonObject> jsonObjectMono = provider.callForPrhConfiguration(envProperties);
-
- // then
- assertThat(jsonObjectMono).isNotNull();
- assertThat(jsonObjectMono.block()).isEqualTo(prhMockConfigurationJson);
+ //when/then
+ StepVerifier.create(provider.callForPrhConfiguration(envProperties)).expectSubscription()
+ .expectNext(prhMockConfigurationJson).verifyComplete();
}
@Test
@@ -90,11 +86,8 @@ class PrhConfigurationProviderTest {
PrhConfigurationProvider provider = new PrhConfigurationProvider(webClient);
- // when
- Mono<JsonObject> jsonObjectMono = provider.callForPrhConfiguration(envProperties);
-
- // then
- assertThat(jsonObjectMono).isNotNull();
- Assertions.assertThrows(IllegalStateException.class, jsonObjectMono::block);
+ //when/then
+ StepVerifier.create(provider.callForPrhConfiguration(envProperties)).expectSubscription()
+ .expectError(IllegalStateException.class).verify();
}
} \ No newline at end of file
diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java
index 5aa63e00..2f7ff61c 100644
--- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java
+++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java
@@ -23,6 +23,7 @@ package org.onap.dcaegen2.services.prh.tasks;
import static org.mockito.Mockito.spy;
import java.util.Map;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -49,6 +50,7 @@ public class ScheduleControllerSpy {
@Bean
@Primary
public ScheduledTasks registerSimpleScheduledTask() {
- return spy(new ScheduledTasks(dmaapConsumerTaskImplSpy, dmaapPublisherTaskImplSpy, aaiPublisherTaskImplSpy, mdcContextMap));
+ return spy(new ScheduledTasks(dmaapConsumerTaskImplSpy, dmaapPublisherTaskImplSpy, aaiPublisherTaskImplSpy,
+ mdcContextMap));
}
}