[DMAAP-MR] Fix vulnerabilities for rel I

Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: Ie900556f2542c154cbef8c5a11db86bcc46402f7 Issue-ID: DMAAP-1608
author: efiacor <fiachra.corcoran@est.tech> 2021-07-15 14:13:18 +0100
committer: efiacor <fiachra.corcoran@est.tech> 2021-07-15 14:13:22 +0100
commit: c747114b805c85f4a111f35f289b2e58acf92ef9 (patch)
tree: c971fc061b5ec87bbba022dc86392cacfc4edbdd /src
parent: 5ad0b4d710f20bd7bed96486aa878645d5f8e806 (diff)
12 files changed, 28 insertions, 52 deletions
diff --git a/src/main/ajsc/dmaap_v1/dmaap/v1/conf/jaxrsBeans.groovy b/src/main/ajsc/dmaap_v1/dmaap/v1/conf/jaxrsBeans.groovy
index b019fbc..326b448 100644
--- a/src/main/ajsc/dmaap_v1/dmaap/v1/conf/jaxrsBeans.groovy
+++ b/src/main/ajsc/dmaap_v1/dmaap/v1/conf/jaxrsBeans.groovy
@@ -7,7 +7,7 @@
 	userService(org.onap.dmaap.JaxrsUserService)
 	topicService(org.onap.dmaap.service.TopicRestService)
 	eventService(org.onap.dmaap.service.EventsRestService)
-	adminServiceorg.onap.dmaap.service.AdminRestService)
+	adminServiceorg.(org.onap.dmaap.service.AdminRestService)
 	apiKeyService(org.onap.dmaap.service.ApiKeysRestService)
 	metricsService(org.onap.dmaap.service.MetricsRestService)
 	transactionService(org.onap.dmaap.service.TransactionRestService)
diff --git a/src/main/java/org/onap/dmaap/service/MMRestService.java b/src/main/java/org/onap/dmaap/service/MMRestService.java
index c5874ae..685dc8a 100644
--- a/src/main/java/org/onap/dmaap/service/MMRestService.java
+++ b/src/main/java/org/onap/dmaap/service/MMRestService.java
@@ -288,12 +288,7 @@ public class MMRestService {
 					InputStream inStream = null;
 					MirrorMaker mirrormaker = gson.fromJson(input, MirrorMaker.class);
 
-					try {
-						inStream = IOUtils.toInputStream(jsonOb.toString(), "UTF-8");
-
-					} catch (IOException ioe) {
-						throw ioe;
-					}
+					inStream = IOUtils.toInputStream(jsonOb.toString(), "UTF-8");
 
 					JSONObject responseJson = callPubSub(jsonOb.getString("messageID"), ctx, inStream, mirrormaker.name,
 							true);
@@ -490,12 +485,8 @@ public class MMRestService {
 
 					InputStream inStream = null;
 
-					try {
-						inStream = IOUtils.toInputStream(jsonOb.toString(), "UTF-8");
+					inStream = IOUtils.toInputStream(jsonOb.toString(), "UTF-8");
 
-					} catch (IOException ioe) {
-						LOGGER.error("Error while converting string to an input stream:", ioe);
-					}
 					JSONObject deleteMM = jsonOb.getJSONObject("deleteMirrorMaker");
 
 					JSONObject existMirrorMaker = validateMMExists(ctx, deleteMM.getString("name"));
@@ -760,12 +751,8 @@ public class MMRestService {
 						InputStream inStream = null;
 
 						// convert listAll Json object to InputStream object
-						try {
-							inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
+						inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
 
-						} catch (IOException ioe) {
-							LOGGER.error("Error while converting string to an input stream:", ioe);
-						}
 						JSONObject listMirrorMaker = new JSONObject();
 						listMirrorMaker = callPubSub(randomStr, ctx, inStream, null, true);
 
@@ -922,12 +909,8 @@ public class MMRestService {
 						InputStream inStream = null;
 
 						// convert listAll Json object to InputStream object
-						try {
-							inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
+						inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
 
-						} catch (IOException ioe) {
-							LOGGER.error("Error while converting string to an input stream:", ioe);
-						}
 						String msgFrmSubscribe = mirrorService.subscribe(ctx, topic, consumergroup, consumerid);
 						// call listAllMirrorMaker
 						mirrorService.pushEvents(ctx, topic, inStream, null, null);
@@ -1133,12 +1116,8 @@ public class MMRestService {
 						InputStream inStream = null;
 
 						// convert listAll Json object to InputStream object
-						try {
-							inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
+						inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
 
-						} catch (IOException ioe) {
-							LOGGER.error("Error while converting string to an input stream:", ioe);
-						}
 						// call listAllMirrorMaker
 						mirrorService.pushEvents(ctx, topic, inStream, null, null);
 
@@ -1401,12 +1380,8 @@ public class MMRestService {
 		InputStream inStream = null;
 
 		// convert listAll Json object to InputStream object
-		try {
-			inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
+		inStream = IOUtils.toInputStream(listAll.toString(), "UTF-8");
 
-		} catch (IOException ioe) {
-			LOGGER.error("Error while converting string to an input stream:", ioe);
-		}
 		JSONObject listMirrorMaker = new JSONObject();
 		listMirrorMaker = callPubSub(randomStr, ctx, inStream, name, false);
 		if (null != listMirrorMaker && listMirrorMaker.length() > 0) {
diff --git a/src/main/resources/docker-compose/docker-compose.yml b/src/main/resources/docker-compose/docker-compose.yml
index 6b41996..9cba0a2 100644
--- a/src/main/resources/docker-compose/docker-compose.yml
+++ b/src/main/resources/docker-compose/docker-compose.yml
@@ -13,7 +13,7 @@ services:
      ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
      ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
      ZOOKEEPER_CLIENT_PORT: 2181
-     KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
+     KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl -Dzookeeper.4lw.commands.whitelist=*
      ZOOKEEPER_SERVER_ID: 1
     volumes:
       -  ./zk/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
diff --git a/src/main/resources/docker-compose/kafka/zk_client_jaas.conf b/src/main/resources/docker-compose/kafka/zk_client_jaas.conf
index d4ef1eb..79a7601 100644
--- a/src/main/resources/docker-compose/kafka/zk_client_jaas.conf
+++ b/src/main/resources/docker-compose/kafka/zk_client_jaas.conf
@@ -1,5 +1,5 @@
 Client {
-   org.apache.zookeeper.server.auth.DigestLoginModule required
-   username="kafka"
-   password="kafka_secret";
+  org.apache.zookeeper.server.auth.DigestLoginModule required
+  username="kafka"
+  password="kafka_secret";
  };
 \ No newline at end of file
diff --git a/src/main/resources/docker-compose/zk/zk_server_jaas.conf b/src/main/resources/docker-compose/zk/zk_server_jaas.conf
index 26bf460..3d2767f 100644
--- a/src/main/resources/docker-compose/zk/zk_server_jaas.conf
+++ b/src/main/resources/docker-compose/zk/zk_server_jaas.conf
@@ -1,4 +1,4 @@
 Server {
        org.apache.zookeeper.server.auth.DigestLoginModule required
-       user_kafka=kafka_secret;
+       user_kafka="kafka_secret";
 };
 \ No newline at end of file
diff --git a/src/test/java/org/onap/dmaap/JUnitTestSuite.java b/src/test/java/org/onap/dmaap/JUnitTestSuite.java
index d20d0d6..b555b57 100644
--- a/src/test/java/org/onap/dmaap/JUnitTestSuite.java
+++ b/src/test/java/org/onap/dmaap/JUnitTestSuite.java
@@ -25,13 +25,15 @@ import junit.framework.TestSuite;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
 import org.junit.runners.Suite.SuiteClasses;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
 
 @RunWith(Suite.class)
 @SuiteClasses({ DMaaPCambriaExceptionMapperTest.class, DMaaPWebExceptionMapper.class, 
 	JaxrsEchoServiceTest.class, HelloWorldTest.class, JaxrsUserServiceTest.class })
 public class JUnitTestSuite {
-	private static final Logger LOGGER = Logger.getLogger(JUnitTestSuite.class);
+	private static final Logger LOGGER = LogManager.getLogger(JUnitTestSuite.class);
 
 	public static void main(String[] args) {
 		LOGGER.info("Running the test suite");
diff --git a/src/test/java/org/onap/dmaap/TestRunner.java b/src/test/java/org/onap/dmaap/TestRunner.java
index 4542566..a8d1ddc 100644
--- a/src/test/java/org/onap/dmaap/TestRunner.java
+++ b/src/test/java/org/onap/dmaap/TestRunner.java
@@ -23,10 +23,12 @@
 import org.junit.runner.JUnitCore;
 import org.junit.runner.Result;
 import org.junit.runner.notification.Failure;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
 
 public class TestRunner {
-	private static final Logger LOGGER = Logger.getLogger(TestRunner.class);
+	private static final Logger LOGGER = LogManager.getLogger(TestRunner.class);
 
 	public static void main(String[] args) {
 		// TODO Auto-generated method stub
diff --git a/src/test/java/org/onap/dmaap/mmagent/TestRunner.java b/src/test/java/org/onap/dmaap/mmagent/TestRunner.java
index 3e4ece3..9bf4839 100644
--- a/src/test/java/org/onap/dmaap/mmagent/TestRunner.java
+++ b/src/test/java/org/onap/dmaap/mmagent/TestRunner.java
@@ -23,10 +23,11 @@
 import org.junit.runner.JUnitCore;
 import org.junit.runner.Result;
 import org.junit.runner.notification.Failure;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 public class TestRunner {
-	private static final Logger LOGGER = Logger.getLogger(TestRunner.class);
+	private static final Logger LOGGER = LogManager.getLogger(TestRunner.class);
 
 	public static void main(String[] args) {
 		// TODO Auto-generated method stub
diff --git a/src/test/java/org/onap/dmaap/mr/cambria/embed/ZooKeeperLocal.java b/src/test/java/org/onap/dmaap/mr/cambria/embed/ZooKeeperLocal.java
index 3209845..97447a8 100644
--- a/src/test/java/org/onap/dmaap/mr/cambria/embed/ZooKeeperLocal.java
+++ b/src/test/java/org/onap/dmaap/mr/cambria/embed/ZooKeeperLocal.java
@@ -22,6 +22,7 @@
 
 import org.apache.zookeeper.server.ServerConfig;
 import org.apache.zookeeper.server.ZooKeeperServerMain;
+import org.apache.zookeeper.server.admin.AdminServer.AdminServerException;
 import org.apache.zookeeper.server.quorum.QuorumPeerConfig;
 
 import java.io.FileNotFoundException;
@@ -49,7 +50,7 @@ public class ZooKeeperLocal {
 		    public void run() {
 		        try {
 		            zooKeeperServer.runFromConfig(configuration);
-		        } catch (IOException e) {
+		        } catch (IOException | AdminServerException e) {
 		            System.out.println("ZooKeeper Failed");
 		            e.printStackTrace(System.err);
 		        }
diff --git a/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaJsonStreamReaderTest.java b/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaJsonStreamReaderTest.java
index ddfc435..1be8920 100644
--- a/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaJsonStreamReaderTest.java
+++ b/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaJsonStreamReaderTest.java
@@ -54,9 +54,6 @@ public class CambriaJsonStreamReaderTest {
 			stream = IOUtils.toInputStream(source, "UTF-8");
 			test = new CambriaJsonStreamReader(stream,"hello");
 			test.next();
-		} catch (IOException e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
 		} catch (CambriaApiException e1) {
 			e1.printStackTrace();
 		}
diff --git a/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaRawStreamReaderTest.java b/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaRawStreamReaderTest.java
index ab58082..887e7c9 100644
--- a/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaRawStreamReaderTest.java
+++ b/src/test/java/org/onap/dmaap/mr/cambria/resources/streamReaders/CambriaRawStreamReaderTest.java
@@ -55,9 +55,6 @@ public class CambriaRawStreamReaderTest {
 			stream = IOUtils.toInputStream(source, "UTF-8");
 			test = new CambriaRawStreamReader(stream,"hello");
 			msg = test.next();
-		} catch (IOException e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
 		} catch (CambriaApiException e1) {
 			e1.printStackTrace();
 		}
diff --git a/src/test/java/org/onap/dmaap/util/JUnitTestSuite.java b/src/test/java/org/onap/dmaap/util/JUnitTestSuite.java
index 9de79ab..7a05d9d 100644
--- a/src/test/java/org/onap/dmaap/util/JUnitTestSuite.java
+++ b/src/test/java/org/onap/dmaap/util/JUnitTestSuite.java
@@ -25,12 +25,13 @@ import junit.framework.TestSuite;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
 import org.junit.runners.Suite.SuiteClasses;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 @RunWith(Suite.class)
 @SuiteClasses({ ContentLengthInterceptorTest.class, DMaaPAuthFilterTest.class, ServicePropertiesMapBeanTest.class})
 public class JUnitTestSuite {
-	private static final Logger LOGGER = Logger.getLogger(JUnitTestSuite.class);
+	private static final Logger LOGGER = LogManager.getLogger(JUnitTestSuite.class);
 
 	public static void main(String[] args) {
 		LOGGER.info("Running the test suite");
author	efiacor <fiachra.corcoran@est.tech>	2021-07-15 14:13:18 +0100
committer	efiacor <fiachra.corcoran@est.tech>	2021-07-15 14:13:22 +0100
commit	c747114b805c85f4a111f35f289b2e58acf92ef9 (patch)
tree	c971fc061b5ec87bbba022dc86392cacfc4edbdd /src
parent	5ad0b4d710f20bd7bed96486aa878645d5f8e806 (diff)