From e5e5fd19bd18d08e9d9985a74387137c13935e44 Mon Sep 17 00:00:00 2001 From: pwielebs Date: Wed, 13 Nov 2019 12:38:28 +0100 Subject: Fix DCAE-SDK static code vulnerabilities - Update patch version of SDK Change-Id: I2896e1bda3e09d27c0e3a9674861dc950ed43741 Issue-ID: DCAEGEN2-1917 Signed-off-by: pwielebs --- pom.xml | 4 ++-- rest-services/aai-client/pom.xml | 2 +- rest-services/cbs-client/pom.xml | 2 +- rest-services/dmaap-client/pom.xml | 2 +- rest-services/http-client/pom.xml | 2 +- .../services/sdk/rest/services/adapters/http/HttpHeaders.java | 2 ++ .../services/sdk/rest/services/adapters/http/RxHttpClient.java | 5 +++-- rest-services/model/pom.xml | 2 +- rest-services/pom.xml | 2 +- security/crypt-password/pom.xml | 2 +- security/pom.xml | 2 +- security/ssl/pom.xml | 2 +- services/hv-ves-client/pom.xml | 2 +- services/hv-ves-client/producer/api/pom.xml | 2 +- services/hv-ves-client/producer/ct/pom.xml | 2 +- services/hv-ves-client/producer/impl/pom.xml | 2 +- services/hv-ves-client/producer/pom.xml | 2 +- services/hv-ves-client/protobuf/pom.xml | 2 +- services/pom.xml | 2 +- standardization/api-custom-header/pom.xml | 2 +- standardization/moher-api/healthstate/pom.xml | 2 +- standardization/moher-api/metrics/pom.xml | 2 +- standardization/moher-api/pom.xml | 2 +- standardization/moher-api/server-adapters/pom.xml | 2 +- standardization/moher-api/server-adapters/reactor-netty/pom.xml | 2 +- standardization/moher-api/server-adapters/spring-webflux/pom.xml | 2 +- standardization/pom.xml | 2 +- version.properties | 2 +- 28 files changed, 32 insertions(+), 29 deletions(-) diff --git a/pom.xml b/pom.xml index ec138157..cd73fdae 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.onap.dcaegen2.services sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT dcaegen2-services-sdk Common SDK repo for all DCAE Services @@ -75,7 +75,7 @@ 16.0.3 3.6.0.2 1.12.0 - 2.1.5.RELEASE + 2.2.1.RELEASE diff --git a/rest-services/aai-client/pom.xml b/rest-services/aai-client/pom.xml index 6cea5af1..798d61db 100644 --- a/rest-services/aai-client/pom.xml +++ b/rest-services/aai-client/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/cbs-client/pom.xml b/rest-services/cbs-client/pom.xml index 8c081417..a9aace8a 100644 --- a/rest-services/cbs-client/pom.xml +++ b/rest-services/cbs-client/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/dmaap-client/pom.xml b/rest-services/dmaap-client/pom.xml index a4c46d41..f7cb3bcc 100644 --- a/rest-services/dmaap-client/pom.xml +++ b/rest-services/dmaap-client/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/http-client/pom.xml b/rest-services/http-client/pom.xml index d3b8f124..be343ad8 100644 --- a/rest-services/http-client/pom.xml +++ b/rest-services/http-client/pom.xml @@ -28,7 +28,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/HttpHeaders.java b/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/HttpHeaders.java index 4ef43a59..c9ea7e6f 100644 --- a/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/HttpHeaders.java +++ b/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/HttpHeaders.java @@ -31,4 +31,6 @@ public final class HttpHeaders { public static final String CONTENT_TYPE = "Content-Type"; public static final String CONTENT_LENGTH = "Content-Length"; + public static final String CHUNKED = "chunked"; + public static final String TRANSFER_ENCODING_TYPE = "Transfer-Encoding"; } diff --git a/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/RxHttpClient.java b/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/RxHttpClient.java index 234a3800..7ac02bf6 100644 --- a/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/RxHttpClient.java +++ b/rest-services/http-client/src/main/java/org/onap/dcaegen2/services/sdk/rest/services/adapters/http/RxHttpClient.java @@ -20,7 +20,6 @@ package org.onap.dcaegen2.services.sdk.rest.services.adapters.http; import io.vavr.collection.Stream; -import java.util.stream.Collectors; import org.onap.dcaegen2.services.sdk.rest.services.model.logging.RequestDiagnosticContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -30,6 +29,8 @@ import reactor.netty.http.client.HttpClient.ResponseReceiver; import reactor.netty.http.client.HttpClientRequest; import reactor.netty.http.client.HttpClientResponse; +import java.util.stream.Collectors; + /** * @since 1.1.4 */ @@ -71,7 +72,7 @@ public class RxHttpClient { private ResponseReceiver prepareBodyChunked(HttpRequest request, HttpClient theClient) { return theClient - .chunkedTransfer(true) + .headers(hdrs -> hdrs.set(HttpHeaders.TRANSFER_ENCODING_TYPE, HttpHeaders.CHUNKED)) .request(request.method().asNetty()) .send(request.body().contents()) .uri(request.url()); diff --git a/rest-services/model/pom.xml b/rest-services/model/pom.xml index 74d0556f..69e50876 100644 --- a/rest-services/model/pom.xml +++ b/rest-services/model/pom.xml @@ -27,7 +27,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-rest-services - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk.rest.services diff --git a/rest-services/pom.xml b/rest-services/pom.xml index 0b434e3a..6f7150fb 100644 --- a/rest-services/pom.xml +++ b/rest-services/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk diff --git a/security/crypt-password/pom.xml b/security/crypt-password/pom.xml index 5e3152b7..85b99410 100644 --- a/security/crypt-password/pom.xml +++ b/security/crypt-password/pom.xml @@ -6,7 +6,7 @@ org.onap.dcaegen2.services.sdk.security dcaegen2-services-sdk-security - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT 4.0.0 diff --git a/security/pom.xml b/security/pom.xml index 7ba50abc..6baf182b 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk.security diff --git a/security/ssl/pom.xml b/security/ssl/pom.xml index 98b9b99e..1c6456d5 100644 --- a/security/ssl/pom.xml +++ b/security/ssl/pom.xml @@ -6,7 +6,7 @@ org.onap.dcaegen2.services.sdk.security dcaegen2-services-sdk-security - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT ssl diff --git a/services/hv-ves-client/pom.xml b/services/hv-ves-client/pom.xml index abd77a25..20129bcb 100644 --- a/services/hv-ves-client/pom.xml +++ b/services/hv-ves-client/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT dcaegen2-services-sdk-services-hvvesclient diff --git a/services/hv-ves-client/producer/api/pom.xml b/services/hv-ves-client/producer/api/pom.xml index 9311a339..cde2f657 100644 --- a/services/hv-ves-client/producer/api/pom.xml +++ b/services/hv-ves-client/producer/api/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT hvvesclient-producer-api diff --git a/services/hv-ves-client/producer/ct/pom.xml b/services/hv-ves-client/producer/ct/pom.xml index a92a1b96..af25bd8e 100644 --- a/services/hv-ves-client/producer/ct/pom.xml +++ b/services/hv-ves-client/producer/ct/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT hvvesclient-producer-ct diff --git a/services/hv-ves-client/producer/impl/pom.xml b/services/hv-ves-client/producer/impl/pom.xml index 6d3abbc6..422a1cb7 100644 --- a/services/hv-ves-client/producer/impl/pom.xml +++ b/services/hv-ves-client/producer/impl/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk hvvesclient-producer - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT hvvesclient-producer-impl diff --git a/services/hv-ves-client/producer/pom.xml b/services/hv-ves-client/producer/pom.xml index 164ebc80..bb907cca 100644 --- a/services/hv-ves-client/producer/pom.xml +++ b/services/hv-ves-client/producer/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-services-hvvesclient - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT hvvesclient-producer diff --git a/services/hv-ves-client/protobuf/pom.xml b/services/hv-ves-client/protobuf/pom.xml index 8bf9b7d8..6b892ec7 100644 --- a/services/hv-ves-client/protobuf/pom.xml +++ b/services/hv-ves-client/protobuf/pom.xml @@ -26,7 +26,7 @@ dcaegen2-services-sdk-services-hvvesclient org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT High Volume VES Collector Client :: Protobuf diff --git a/services/pom.xml b/services/pom.xml index c1a7190a..51351eac 100644 --- a/services/pom.xml +++ b/services/pom.xml @@ -26,7 +26,7 @@ org.onap.dcaegen2.services sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT org.onap.dcaegen2.services.sdk diff --git a/standardization/api-custom-header/pom.xml b/standardization/api-custom-header/pom.xml index 1f7b40b9..a2626f7b 100644 --- a/standardization/api-custom-header/pom.xml +++ b/standardization/api-custom-header/pom.xml @@ -7,7 +7,7 @@ org.onap.dcaegen2.services.sdk dcaegen2-services-sdk-standardization - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT .. diff --git a/standardization/moher-api/healthstate/pom.xml b/standardization/moher-api/healthstate/pom.xml index ef39b798..f6dceda2 100644 --- a/standardization/moher-api/healthstate/pom.xml +++ b/standardization/moher-api/healthstate/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT Monitoring and Healthcheck :: Health state diff --git a/standardization/moher-api/metrics/pom.xml b/standardization/moher-api/metrics/pom.xml index 52b4d4e9..fa11329a 100644 --- a/standardization/moher-api/metrics/pom.xml +++ b/standardization/moher-api/metrics/pom.xml @@ -26,7 +26,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT Monitoring and Healthcheck :: Metrics diff --git a/standardization/moher-api/pom.xml b/standardization/moher-api/pom.xml index 1af5a3c4..492399ba 100644 --- a/standardization/moher-api/pom.xml +++ b/standardization/moher-api/pom.xml @@ -26,7 +26,7 @@ dcaegen2-services-sdk-standardization org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT Monitoring and Healthcheck diff --git a/standardization/moher-api/server-adapters/pom.xml b/standardization/moher-api/server-adapters/pom.xml index ae8a1521..c63bcf2a 100644 --- a/standardization/moher-api/server-adapters/pom.xml +++ b/standardization/moher-api/server-adapters/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-api org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT Monitoring and Healthcheck :: Server Adapters diff --git a/standardization/moher-api/server-adapters/reactor-netty/pom.xml b/standardization/moher-api/server-adapters/reactor-netty/pom.xml index 24d9031f..faa6b060 100644 --- a/standardization/moher-api/server-adapters/reactor-netty/pom.xml +++ b/standardization/moher-api/server-adapters/reactor-netty/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-server-adapters org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT Monitoring and Healthcheck :: Server Adapters :: Reactor Netty diff --git a/standardization/moher-api/server-adapters/spring-webflux/pom.xml b/standardization/moher-api/server-adapters/spring-webflux/pom.xml index 6efa37b4..c7e1a956 100644 --- a/standardization/moher-api/server-adapters/spring-webflux/pom.xml +++ b/standardization/moher-api/server-adapters/spring-webflux/pom.xml @@ -25,7 +25,7 @@ dcaegen2-sdk-moher-server-adapters org.onap.dcaegen2.services.sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT Monitoring and Healthcheck :: Server Adapters :: Spring Webflux diff --git a/standardization/pom.xml b/standardization/pom.xml index 2ecd3311..fcf48473 100644 --- a/standardization/pom.xml +++ b/standardization/pom.xml @@ -8,7 +8,7 @@ org.onap.dcaegen2.services sdk - 1.3.2-SNAPSHOT + 1.3.3-SNAPSHOT .. diff --git a/version.properties b/version.properties index ef20baaf..fd60497b 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=1 minor=3 -patch=2 +patch=3 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT -- cgit 1.2.3-korg