diff options
author | Sunil Unnava <su622b@att.com> | 2018-02-27 03:09:04 -0500 |
---|---|---|
committer | Sunil Unnava <su622b@att.com> | 2018-02-27 03:10:52 -0500 |
commit | 907bb776273e1bf41331609c51dc520c3d4fa181 (patch) | |
tree | 115bf6090777f645d930b7c44249da55b5dd2799 | |
parent | 3d4e12d9293a7a3ca3cceb03289d11497ccbff38 (diff) |
Security issues fixesv1.1.1
Issue-ID: DMAAP-207
Change-Id: I8c95f2647676fc4c2e754bdc280b97886f53403f
Signed-off-by: Sunil Unnava <su622b@att.com>
-rw-r--r-- | .project | 17 | ||||
-rw-r--r-- | pom.xml | 91 | ||||
-rw-r--r-- | src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java | 50 | ||||
-rw-r--r-- | version.properties | 2 |
4 files changed, 124 insertions, 36 deletions
@@ -11,12 +11,29 @@ </arguments>
</buildCommand>
<buildCommand>
+ <name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>
+ <buildCommand>
+ <name>org.springframework.ide.eclipse.core.springbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.springframework.ide.eclipse.boot.validation.springbootbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
</buildSpec>
<natures>
+ <nature>org.springframework.ide.eclipse.core.springnature</nature>
+ <nature>net.sf.eclipsecs.core.CheckstyleNature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
</natures>
@@ -24,7 +24,7 @@ <modelVersion>4.0.0</modelVersion> <groupId>org.onap.dmaap.messagerouter.msgrtr</groupId> <artifactId>msgrtr</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> <packaging>jar</packaging> <name>dmaap-messagerouter-msgrtr</name> <description>Message Router - Restful interface built for kafka</description> @@ -36,7 +36,7 @@ </parent> <properties> - <spring.version>3.2.14.RELEASE</spring.version> + <spring.version>3.2.15.RELEASE</spring.version> <cxf.version>3.0.4</cxf.version> <jstl.version>1.2</jstl.version> <maven.compiler.target>1.7</maven.compiler.target> @@ -90,13 +90,62 @@ </developers> <dependencies> - + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-core</artifactId> + <version>1.2.0</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.0</version> + </dependency> + <dependency> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + <version>1.9.2</version> + <exclusions> + <!-- We have JCL-over-SLF4J instead. --> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.codehaus.groovy</groupId> + <artifactId>groovy-all</artifactId> + <version>2.4.4</version> + <scope>compile</scope> + <exclusions> + <exclusion> + <artifactId>jline</artifactId> + <groupId>jline</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + <version>1.3.3</version> + </dependency> + <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> + <dependency> + <groupId>com.att.aft</groupId> + <artifactId>dme2</artifactId> + <version>3.1.200-oss</version> + </dependency> <!-- slf4j logger --> <dependency> @@ -233,15 +282,21 @@ </exclusions> </dependency> <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient</artifactId> - <version>4.4.1</version> - </dependency> - <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient-cache</artifactId> - <version>4.4.1</version> - </dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>4.5.3</version> +</dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient-cache</artifactId> + <version>4.5.3</version> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpcore</artifactId> + <version>4.4.1</version> + </dependency> + <!-- explicit jline add b/c it conflicts with the zk client --> <dependency> @@ -262,24 +317,12 @@ <version>2.6.0</version> </dependency> - <dependency> - <groupId>com.att.aft</groupId> - <artifactId>dme2</artifactId> - <version>3.1.200</version> - </dependency> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> <version>2.8.0</version> </dependency> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-all</artifactId> - <version>1.9.5</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>com.fasterxml.jackson.core</groupId> diff --git a/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java b/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java index b2db07e..df486d5 100644 --- a/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java +++ b/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java @@ -25,23 +25,51 @@ package com.att.nsa.cambria.service.impl; import static org.junit.Assert.*;
import java.io.IOException;
+import java.util.Date;
import com.att.nsa.cambria.beans.DMaaPContext;
+import com.att.nsa.cambria.embed.EmbedConfigurationReader;
+import com.att.nsa.cambria.utils.ConfigurationReader;
import com.att.nsa.configs.ConfigDbException;
+import com.att.nsa.drumlin.till.data.sha1HmacSigner;
import com.att.nsa.security.ReadWriteSecuredResource.AccessDeniedException;
-import org.junit.After;
-import org.junit.Before;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
public class AdminServiceImplemTest {
+
+ private static DMaaPContext context = new DMaaPContext();
+
+ private static EmbedConfigurationReader embedConfigurationReader = new EmbedConfigurationReader();
+
+ @BeforeClass
+ public static void setUp() throws Exception {
+
+ final long nowMs = System.currentTimeMillis();
+ Date date = new Date(nowMs + 10000);
+
+ final String serverCalculatedSignature = sha1HmacSigner.sign(date.toString(), "password");
+ MockHttpServletRequest request = new MockHttpServletRequest();
+ request.addHeader("X-Auth", "admin:" + serverCalculatedSignature);
+
+ //NsaSimpleApiKey apiKey = new NsaSimpleApiKey("admin", "password");
+ // PowerMockito.when(baseNsaApiDbImpl.loadApiKey("b/7ouTn9FfEw2PQwL0ov/Q==")).thenReturn(apiKey);
- @Before
- public void setUp() throws Exception {
+ request.addHeader("X-Date", date);
+ request.addHeader("Date", date);
+ MockHttpServletResponse response = new MockHttpServletResponse();
+ context.setRequest(request);
+ context.setResponse(response);
+ context.setConfigReader(embedConfigurationReader.buildConfigurationReader());
}
- @After
- public void tearDown() throws Exception {
+ @AfterClass
+ public static void tearDown() throws Exception {
+ embedConfigurationReader.tearDown();
}
@@ -51,7 +79,7 @@ public class AdminServiceImplemTest { AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.showConsumerCache(new DMaaPContext());
+ adminServiceImpl.showConsumerCache(context);
} catch (IOException | AccessDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -73,7 +101,7 @@ public class AdminServiceImplemTest { AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.dropConsumerCache(new DMaaPContext());
+ adminServiceImpl.dropConsumerCache(context);
} catch (IOException | AccessDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -95,7 +123,7 @@ public class AdminServiceImplemTest { AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.getBlacklist(new DMaaPContext());
+ adminServiceImpl.getBlacklist(context);
} catch (IOException | AccessDeniedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -117,7 +145,7 @@ public class AdminServiceImplemTest { AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.addToBlacklist(new DMaaPContext(), "120.120.120.120");
+ adminServiceImpl.addToBlacklist(context, "120.120.120.120");
} catch (IOException | AccessDeniedException | ConfigDbException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -139,7 +167,7 @@ public class AdminServiceImplemTest { AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
try {
- adminServiceImpl.addToBlacklist(new DMaaPContext(), "120.120.120.120");
+ adminServiceImpl.addToBlacklist(context, "120.120.120.120");
} catch (IOException | AccessDeniedException | ConfigDbException e) {
// TODO Auto-generated catch block
e.printStackTrace();
diff --git a/version.properties b/version.properties index d6e413c..e1118ab 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=1 minor=1 -patch=0 +patch=1 base_version=${major}.${minor}.${patch} |