diff options
author | Tony Hansen <tony@att.com> | 2018-09-11 21:08:32 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-09-11 21:08:32 +0000 |
commit | 3cc41a9deb1aa19961670c5bd3a8cbad4d362d3b (patch) | |
tree | 418fc5ff93c6a21e1f154c525a125b637edd218b /prh-app-server | |
parent | c055a50794e3933df9910514a58e4ff37ce19607 (diff) | |
parent | 4a1457c84c5f3a68ccdfb3e348996e14ccea89e8 (diff) |
Merge "PRH:security vulnerabilities fix"
Diffstat (limited to 'prh-app-server')
6 files changed, 42 insertions, 63 deletions
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml index b04c06b9..f663227c 100644 --- a/prh-app-server/pom.xml +++ b/prh-app-server/pom.xml @@ -130,6 +130,12 @@ <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.springframework.boot</groupId> @@ -149,10 +155,6 @@ </dependency> <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - </dependency> - <dependency> - <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> </dependency> <dependency> @@ -222,11 +224,6 @@ <scope>test</scope> </dependency> <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-test</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <scope>test</scope> @@ -241,6 +238,10 @@ <artifactId>testng</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.assertj</groupId> + <artifactId>assertj-core</artifactId> + </dependency> <dependency> <groupId>io.springfox</groupId> diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java index 8b3cdcd9..3967dc0a 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java @@ -48,7 +48,7 @@ public class MainApp { } @Bean - Map<String, String> mdcContextMap(){ + Map<String, String> mdcContextMap() { MDC.put(REQUEST_ID, "SampleRequestID"); MDC.put(INVOCATION_ID, UUID.randomUUID().toString()); return MDC.getCopyOfContextMap(); diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java index c80ecfaf..38b060e9 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java @@ -22,12 +22,11 @@ package org.onap.dcaegen2.services.prh.service; import com.google.gson.JsonArray; import com.google.gson.JsonObject; -import java.net.URISyntaxException; -import org.apache.http.client.utils.URIBuilder; import org.onap.dcaegen2.services.prh.model.EnvProperties; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import org.springframework.web.util.DefaultUriBuilderFactory; import reactor.core.publisher.Mono; @@ -57,16 +56,12 @@ public class PrhConfigurationProvider { private Mono<String> callConsulForConfigBindingServiceEndpoint(EnvProperties envProperties) { LOGGER.info("Retrieving Config Binding Service endpoint from Consul"); - try { - return httpGetClient.callHttpGet(getConsulUrl(envProperties), JsonArray.class) - .flatMap(jsonArray -> this.createConfigBindingServiceUrl(jsonArray, envProperties.appName())); - } catch (URISyntaxException e) { - LOGGER.warn("Malformed Consul uri", e); - return Mono.error(e); - } + return httpGetClient.callHttpGet(getConsulUrl(envProperties), JsonArray.class) + .flatMap(jsonArray -> this.createConfigBindingServiceUrl(jsonArray, envProperties.appName())); + } - private String getConsulUrl(EnvProperties envProperties) throws URISyntaxException { + private String getConsulUrl(EnvProperties envProperties) { return getUri(envProperties.consulHost(), envProperties.consulPort(), "/v1/catalog/service", envProperties.cbsName()); } @@ -83,13 +78,8 @@ public class PrhConfigurationProvider { } private Mono<String> buildConfigBindingServiceUrl(JsonObject jsonObject, String appName) { - try { - return Mono.just(getUri(jsonObject.get("ServiceAddress").getAsString(), - jsonObject.get("ServicePort").getAsInt(), "/service_component", appName)); - } catch (URISyntaxException e) { - LOGGER.warn("Malformed Config Binding Service uri", e); - return Mono.error(e); - } + return Mono.just(getUri(jsonObject.get("ServiceAddress").getAsString(), + jsonObject.get("ServicePort").getAsInt(), "/service_component", appName)); } private Mono<JsonObject> getConfigBindingObject(JsonArray jsonArray) { @@ -105,12 +95,12 @@ public class PrhConfigurationProvider { } } - private String getUri(String host, Integer port, String... paths) throws URISyntaxException { - return new URIBuilder() - .setScheme("http") - .setHost(host) - .setPort(port) - .setPath(String.join("/", paths)) + private String getUri(String host, Integer port, String... paths) { + return new DefaultUriBuilderFactory().builder() + .scheme("http") + .host(host) + .port(port) + .path(String.join("/", paths)) .build().toString(); } } diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java index 20fbc6bf..ab789a00 100644 --- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java +++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java @@ -21,8 +21,6 @@ package org.onap.dcaegen2.services.prh.service; -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock; @@ -34,6 +32,8 @@ import com.google.gson.JsonSyntaxException; import org.junit.jupiter.api.Test; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; +import reactor.test.StepVerifier; + class HttpGetClientTest { private static final String SOMEURL = "http://someurl"; @@ -50,12 +50,9 @@ class HttpGetClientTest { HttpGetClient httpGetClient = new HttpGetClient(webClient); when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just(DATA)); - //when - Mono<JsonObject> jsonObjectMono = httpGetClient.callHttpGet(SOMEURL, JsonObject.class); - - //then - assertThat(jsonObjectMono).isNotNull(); - assertThat(jsonObjectMono.block()).isEqualTo(gson.fromJson(DATA, JsonObject.class)); + //when/then + StepVerifier.create(httpGetClient.callHttpGet(SOMEURL, JsonObject.class)).expectSubscription() + .expectNext(gson.fromJson(DATA, JsonObject.class)).verifyComplete(); } @Test @@ -65,16 +62,12 @@ class HttpGetClientTest { HttpGetClient httpGetClient = new HttpGetClient(webClient); when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just("some wrong data")); - //when - Mono<JsonObject> jsonObjectMono = httpGetClient.callHttpGet(SOMEURL, JsonObject.class); - - //then - assertThat(jsonObjectMono).isNotNull(); - assertThrows(JsonSyntaxException.class, jsonObjectMono::block); + //when/then + StepVerifier.create(httpGetClient.callHttpGet(SOMEURL, JsonObject.class)).expectSubscription() + .expectError(JsonSyntaxException.class).verify(); } - private void mockWebClientDependantObject() { doReturn(requestBodyUriSpec).when(webClient).get(); when(requestBodyUriSpec.uri(SOMEURL)).thenReturn(requestBodyUriSpec); diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java index 7b305222..e99389f5 100644 --- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java +++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java @@ -20,18 +20,17 @@ package org.onap.dcaegen2.services.prh.service; -import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import com.google.gson.Gson; import com.google.gson.JsonArray; import com.google.gson.JsonObject; -import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.onap.dcaegen2.services.prh.model.EnvProperties; import org.onap.dcaegen2.services.prh.model.ImmutableEnvProperties; import reactor.core.publisher.Mono; +import reactor.test.StepVerifier; class PrhConfigurationProviderTest { @@ -72,12 +71,9 @@ class PrhConfigurationProviderTest { PrhConfigurationProvider provider = new PrhConfigurationProvider(webClient); - // when - Mono<JsonObject> jsonObjectMono = provider.callForPrhConfiguration(envProperties); - - // then - assertThat(jsonObjectMono).isNotNull(); - assertThat(jsonObjectMono.block()).isEqualTo(prhMockConfigurationJson); + //when/then + StepVerifier.create(provider.callForPrhConfiguration(envProperties)).expectSubscription() + .expectNext(prhMockConfigurationJson).verifyComplete(); } @Test @@ -90,11 +86,8 @@ class PrhConfigurationProviderTest { PrhConfigurationProvider provider = new PrhConfigurationProvider(webClient); - // when - Mono<JsonObject> jsonObjectMono = provider.callForPrhConfiguration(envProperties); - - // then - assertThat(jsonObjectMono).isNotNull(); - Assertions.assertThrows(IllegalStateException.class, jsonObjectMono::block); + //when/then + StepVerifier.create(provider.callForPrhConfiguration(envProperties)).expectSubscription() + .expectError(IllegalStateException.class).verify(); } }
\ No newline at end of file diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java index 5aa63e00..2f7ff61c 100644 --- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java +++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java @@ -23,6 +23,7 @@ package org.onap.dcaegen2.services.prh.tasks; import static org.mockito.Mockito.spy; import java.util.Map; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -49,6 +50,7 @@ public class ScheduleControllerSpy { @Bean @Primary public ScheduledTasks registerSimpleScheduledTask() { - return spy(new ScheduledTasks(dmaapConsumerTaskImplSpy, dmaapPublisherTaskImplSpy, aaiPublisherTaskImplSpy, mdcContextMap)); + return spy(new ScheduledTasks(dmaapConsumerTaskImplSpy, dmaapPublisherTaskImplSpy, aaiPublisherTaskImplSpy, + mdcContextMap)); } } |