From 4a1457c84c5f3a68ccdfb3e348996e14ccea89e8 Mon Sep 17 00:00:00 2001 From: wasala Date: Tue, 11 Sep 2018 09:50:21 +0200 Subject: PRH:security vulnerabilities fix *Removed unused libraries *Fixed vulnerablities in connection with clm scan *Replaced AssertJ in tests verification by using StepVerifier Change-Id: I81c3ac54e5514735f0fca8150fcc218d96dc5ce3 Issue-ID: DCAEGEN2-770 Signed-off-by: wasala --- .../consumer/DMaaPConsumerReactiveHttpClient.java | 35 ++++++++++------------ .../producer/DMaaPProducerReactiveHttpClient.java | 20 ++++++------- .../DMaaPConsumerReactiveHttpClientTest.java | 14 --------- .../DMaaPProducerReactiveHttpClientTest.java | 19 ++---------- 4 files changed, 27 insertions(+), 61 deletions(-) (limited to 'prh-dmaap-client/src') diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClient.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClient.java index 242214d2..02c6ba96 100644 --- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClient.java +++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClient.java @@ -25,15 +25,14 @@ import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.X_INVOCA import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.X_ONAP_REQUEST_ID; import java.net.URI; -import java.net.URISyntaxException; import java.util.UUID; import java.util.function.Consumer; -import org.apache.http.client.utils.URIBuilder; import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration; import org.slf4j.MDC; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.web.reactive.function.client.WebClient; +import org.springframework.web.util.DefaultUriBuilderFactory; import reactor.core.publisher.Mono; /** @@ -71,21 +70,17 @@ public class DMaaPConsumerReactiveHttpClient { * @return reactive response from DMaaP in string format */ public Mono getDMaaPConsumerResponse() { - try { - return webClient - .get() - .uri(getUri()) - .headers(getHeaders()) - .retrieve() - .onStatus(HttpStatus::is4xxClientError, clientResponse -> - Mono.error(new RuntimeException("DmaaPConsumer HTTP " + clientResponse.statusCode())) - ) - .onStatus(HttpStatus::is5xxServerError, clientResponse -> - Mono.error(new RuntimeException("DmaaPConsumer HTTP " + clientResponse.statusCode()))) - .bodyToMono(String.class); - } catch (URISyntaxException e) { - return Mono.error(e); - } + return webClient + .get() + .uri(getUri()) + .headers(getHeaders()) + .retrieve() + .onStatus(HttpStatus::is4xxClientError, clientResponse -> + Mono.error(new RuntimeException("DmaaPConsumer HTTP " + clientResponse.statusCode())) + ) + .onStatus(HttpStatus::is5xxServerError, clientResponse -> + Mono.error(new RuntimeException("DmaaPConsumer HTTP " + clientResponse.statusCode()))) + .bodyToMono(String.class); } private Consumer getHeaders() { @@ -105,8 +100,8 @@ public class DMaaPConsumerReactiveHttpClient { return this; } - URI getUri() throws URISyntaxException { - return new URIBuilder().setScheme(dmaapProtocol).setHost(dmaapHostName).setPort(dmaapPortNumber) - .setPath(createRequestPath()).build(); + URI getUri() { + return new DefaultUriBuilderFactory().builder().scheme(dmaapProtocol).host(dmaapHostName).port(dmaapPortNumber) + .path(createRequestPath()).build(); } } diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClient.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClient.java index 862ad841..6cd54846 100644 --- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClient.java +++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClient.java @@ -26,9 +26,7 @@ import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.X_INVOCA import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.X_ONAP_REQUEST_ID; import java.net.URI; -import java.net.URISyntaxException; import java.util.UUID; -import org.apache.http.client.utils.URIBuilder; import org.onap.dcaegen2.services.prh.config.DmaapPublisherConfiguration; import org.onap.dcaegen2.services.prh.model.ConsumerDmaapModel; import org.slf4j.MDC; @@ -37,8 +35,11 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.ResponseEntity; import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.DefaultUriBuilderFactory; import reactor.core.publisher.Mono; + + /** * @author Przemysław Wąsala on 7/4/18 */ @@ -74,12 +75,9 @@ public class DMaaPProducerReactiveHttpClient { public Mono> getDMaaPProducerResponse(ConsumerDmaapModel consumerDmaapModelMono) { return Mono.defer(() -> { - try { - HttpEntity request = new HttpEntity<>(createJsonBody(consumerDmaapModelMono), getAllHeaders()); - return Mono.just(restTemplate.exchange(getUri(), HttpMethod.POST, request, String.class)); - } catch (URISyntaxException e) { - return Mono.error(e); - } + HttpEntity request = new HttpEntity<>(createJsonBody(consumerDmaapModelMono), getAllHeaders()); + return Mono.just(restTemplate.exchange(getUri(), HttpMethod.POST, request, String.class)); + }); } @@ -97,9 +95,9 @@ public class DMaaPProducerReactiveHttpClient { return this; } - URI getUri() throws URISyntaxException { - return new URIBuilder().setScheme(dmaapProtocol).setHost(dmaapHostName).setPort(dmaapPortNumber) - .setPath(dmaapTopicName).build(); + URI getUri() { + return new DefaultUriBuilderFactory().builder().scheme(dmaapProtocol).host(dmaapHostName).port(dmaapPortNumber) + .path(dmaapTopicName).build(); } } diff --git a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClientTest.java b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClientTest.java index 26fa65f5..c8ffd12f 100644 --- a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClientTest.java +++ b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPConsumerReactiveHttpClientTest.java @@ -96,20 +96,6 @@ class DMaaPConsumerReactiveHttpClientTest { }).verifyComplete(); } - @Test - void getHttpResponse_whenUriSyntaxExceptionHasBeenThrown() throws URISyntaxException { - //given - dmaapConsumerReactiveHttpClient = spy(dmaapConsumerReactiveHttpClient); - //when - when(webClient.get()).thenReturn(requestHeadersSpec); - dmaapConsumerReactiveHttpClient.createDMaaPWebClient(webClient); - when(dmaapConsumerReactiveHttpClient.getUri()).thenThrow(URISyntaxException.class); - - //then - StepVerifier.create(dmaapConsumerReactiveHttpClient.getDMaaPConsumerResponse()).expectSubscription() - .expectError(Exception.class).verify(); - } - @Test void getAppropriateUri_whenPassingCorrectedPathForPnf() throws URISyntaxException { Assertions.assertEquals(dmaapConsumerReactiveHttpClient.getUri(), diff --git a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClientTest.java b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClientTest.java index 05b74895..29d1039f 100644 --- a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClientTest.java +++ b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPProducerReactiveHttpClientTest.java @@ -23,12 +23,9 @@ package org.onap.dcaegen2.services.prh.service.producer; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; import static org.mockito.Mockito.when; import java.net.URI; -import java.net.URISyntaxException; - import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -42,6 +39,8 @@ import org.springframework.http.ResponseEntity; import org.springframework.web.client.RestTemplate; import reactor.test.StepVerifier; + + /** * @author Przemysław Wąsala on 7/4/18 */ @@ -86,19 +85,7 @@ class DMaaPProducerReactiveHttpClientTest { } @Test - void getHttpResponse_whenUriSyntaxExceptionHasBeenThrown() throws URISyntaxException { - //given - dmaapProducerReactiveHttpClient = spy(dmaapProducerReactiveHttpClient); - //when - when(dmaapProducerReactiveHttpClient.getUri()).thenThrow(URISyntaxException.class); - - //then - StepVerifier.create(dmaapProducerReactiveHttpClient.getDMaaPProducerResponse(any())).expectSubscription() - .expectError(Exception.class).verify(); - } - - @Test - void getAppropriateUri_whenPassingCorrectedPathForPnf() throws URISyntaxException { + void getAppropriateUri_whenPassingCorrectedPathForPnf() { Assertions.assertEquals(dmaapProducerReactiveHttpClient.getUri(), URI.create("https://54.45.33.2:1234/unauthenticated.PNF_READY")); } -- cgit 1.2.3-korg