From 4a1457c84c5f3a68ccdfb3e348996e14ccea89e8 Mon Sep 17 00:00:00 2001 From: wasala Date: Tue, 11 Sep 2018 09:50:21 +0200 Subject: PRH:security vulnerabilities fix *Removed unused libraries *Fixed vulnerablities in connection with clm scan *Replaced AssertJ in tests verification by using StepVerifier Change-Id: I81c3ac54e5514735f0fca8150fcc218d96dc5ce3 Issue-ID: DCAEGEN2-770 Signed-off-by: wasala --- .../org/onap/dcaegen2/services/prh/MainApp.java | 2 +- .../prh/service/PrhConfigurationProvider.java | 36 ++++++++-------------- .../services/prh/service/HttpGetClientTest.java | 23 +++++--------- .../prh/service/PrhConfigurationProviderTest.java | 21 +++++-------- .../services/prh/tasks/ScheduleControllerSpy.java | 4 ++- 5 files changed, 32 insertions(+), 54 deletions(-) (limited to 'prh-app-server/src') diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java index 8b3cdcd9..3967dc0a 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/MainApp.java @@ -48,7 +48,7 @@ public class MainApp { } @Bean - Map mdcContextMap(){ + Map mdcContextMap() { MDC.put(REQUEST_ID, "SampleRequestID"); MDC.put(INVOCATION_ID, UUID.randomUUID().toString()); return MDC.getCopyOfContextMap(); diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java index c80ecfaf..38b060e9 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProvider.java @@ -22,12 +22,11 @@ package org.onap.dcaegen2.services.prh.service; import com.google.gson.JsonArray; import com.google.gson.JsonObject; -import java.net.URISyntaxException; -import org.apache.http.client.utils.URIBuilder; import org.onap.dcaegen2.services.prh.model.EnvProperties; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import org.springframework.web.util.DefaultUriBuilderFactory; import reactor.core.publisher.Mono; @@ -57,16 +56,12 @@ public class PrhConfigurationProvider { private Mono callConsulForConfigBindingServiceEndpoint(EnvProperties envProperties) { LOGGER.info("Retrieving Config Binding Service endpoint from Consul"); - try { - return httpGetClient.callHttpGet(getConsulUrl(envProperties), JsonArray.class) - .flatMap(jsonArray -> this.createConfigBindingServiceUrl(jsonArray, envProperties.appName())); - } catch (URISyntaxException e) { - LOGGER.warn("Malformed Consul uri", e); - return Mono.error(e); - } + return httpGetClient.callHttpGet(getConsulUrl(envProperties), JsonArray.class) + .flatMap(jsonArray -> this.createConfigBindingServiceUrl(jsonArray, envProperties.appName())); + } - private String getConsulUrl(EnvProperties envProperties) throws URISyntaxException { + private String getConsulUrl(EnvProperties envProperties) { return getUri(envProperties.consulHost(), envProperties.consulPort(), "/v1/catalog/service", envProperties.cbsName()); } @@ -83,13 +78,8 @@ public class PrhConfigurationProvider { } private Mono buildConfigBindingServiceUrl(JsonObject jsonObject, String appName) { - try { - return Mono.just(getUri(jsonObject.get("ServiceAddress").getAsString(), - jsonObject.get("ServicePort").getAsInt(), "/service_component", appName)); - } catch (URISyntaxException e) { - LOGGER.warn("Malformed Config Binding Service uri", e); - return Mono.error(e); - } + return Mono.just(getUri(jsonObject.get("ServiceAddress").getAsString(), + jsonObject.get("ServicePort").getAsInt(), "/service_component", appName)); } private Mono getConfigBindingObject(JsonArray jsonArray) { @@ -105,12 +95,12 @@ public class PrhConfigurationProvider { } } - private String getUri(String host, Integer port, String... paths) throws URISyntaxException { - return new URIBuilder() - .setScheme("http") - .setHost(host) - .setPort(port) - .setPath(String.join("/", paths)) + private String getUri(String host, Integer port, String... paths) { + return new DefaultUriBuilderFactory().builder() + .scheme("http") + .host(host) + .port(port) + .path(String.join("/", paths)) .build().toString(); } } diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java index 20fbc6bf..ab789a00 100644 --- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java +++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/HttpGetClientTest.java @@ -21,8 +21,6 @@ package org.onap.dcaegen2.services.prh.service; -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock; @@ -34,6 +32,8 @@ import com.google.gson.JsonSyntaxException; import org.junit.jupiter.api.Test; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; +import reactor.test.StepVerifier; + class HttpGetClientTest { private static final String SOMEURL = "http://someurl"; @@ -50,12 +50,9 @@ class HttpGetClientTest { HttpGetClient httpGetClient = new HttpGetClient(webClient); when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just(DATA)); - //when - Mono jsonObjectMono = httpGetClient.callHttpGet(SOMEURL, JsonObject.class); - - //then - assertThat(jsonObjectMono).isNotNull(); - assertThat(jsonObjectMono.block()).isEqualTo(gson.fromJson(DATA, JsonObject.class)); + //when/then + StepVerifier.create(httpGetClient.callHttpGet(SOMEURL, JsonObject.class)).expectSubscription() + .expectNext(gson.fromJson(DATA, JsonObject.class)).verifyComplete(); } @Test @@ -65,16 +62,12 @@ class HttpGetClientTest { HttpGetClient httpGetClient = new HttpGetClient(webClient); when(responseSpec.bodyToMono(String.class)).thenReturn(Mono.just("some wrong data")); - //when - Mono jsonObjectMono = httpGetClient.callHttpGet(SOMEURL, JsonObject.class); - - //then - assertThat(jsonObjectMono).isNotNull(); - assertThrows(JsonSyntaxException.class, jsonObjectMono::block); + //when/then + StepVerifier.create(httpGetClient.callHttpGet(SOMEURL, JsonObject.class)).expectSubscription() + .expectError(JsonSyntaxException.class).verify(); } - private void mockWebClientDependantObject() { doReturn(requestBodyUriSpec).when(webClient).get(); when(requestBodyUriSpec.uri(SOMEURL)).thenReturn(requestBodyUriSpec); diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java index 7b305222..e99389f5 100644 --- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java +++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/service/PrhConfigurationProviderTest.java @@ -20,18 +20,17 @@ package org.onap.dcaegen2.services.prh.service; -import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import com.google.gson.Gson; import com.google.gson.JsonArray; import com.google.gson.JsonObject; -import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.onap.dcaegen2.services.prh.model.EnvProperties; import org.onap.dcaegen2.services.prh.model.ImmutableEnvProperties; import reactor.core.publisher.Mono; +import reactor.test.StepVerifier; class PrhConfigurationProviderTest { @@ -72,12 +71,9 @@ class PrhConfigurationProviderTest { PrhConfigurationProvider provider = new PrhConfigurationProvider(webClient); - // when - Mono jsonObjectMono = provider.callForPrhConfiguration(envProperties); - - // then - assertThat(jsonObjectMono).isNotNull(); - assertThat(jsonObjectMono.block()).isEqualTo(prhMockConfigurationJson); + //when/then + StepVerifier.create(provider.callForPrhConfiguration(envProperties)).expectSubscription() + .expectNext(prhMockConfigurationJson).verifyComplete(); } @Test @@ -90,11 +86,8 @@ class PrhConfigurationProviderTest { PrhConfigurationProvider provider = new PrhConfigurationProvider(webClient); - // when - Mono jsonObjectMono = provider.callForPrhConfiguration(envProperties); - - // then - assertThat(jsonObjectMono).isNotNull(); - Assertions.assertThrows(IllegalStateException.class, jsonObjectMono::block); + //when/then + StepVerifier.create(provider.callForPrhConfiguration(envProperties)).expectSubscription() + .expectError(IllegalStateException.class).verify(); } } \ No newline at end of file diff --git a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java index 5aa63e00..2f7ff61c 100644 --- a/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java +++ b/prh-app-server/src/test/java/org/onap/dcaegen2/services/prh/tasks/ScheduleControllerSpy.java @@ -23,6 +23,7 @@ package org.onap.dcaegen2.services.prh.tasks; import static org.mockito.Mockito.spy; import java.util.Map; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -49,6 +50,7 @@ public class ScheduleControllerSpy { @Bean @Primary public ScheduledTasks registerSimpleScheduledTask() { - return spy(new ScheduledTasks(dmaapConsumerTaskImplSpy, dmaapPublisherTaskImplSpy, aaiPublisherTaskImplSpy, mdcContextMap)); + return spy(new ScheduledTasks(dmaapConsumerTaskImplSpy, dmaapPublisherTaskImplSpy, aaiPublisherTaskImplSpy, + mdcContextMap)); } } -- cgit 1.2.3-korg