summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorromaingimbert <romain.gimbert@orange.com>2018-09-05 10:28:44 +0200
committerromaingimbert <romain.gimbert@orange.com>2018-09-05 10:28:44 +0200
commitddeba2f466751a23cbbf6dc07b1b415231a39a5d (patch)
tree74b05db744222a1169d6423df99d905f9f99aa12
parent93e9e5a072e0cb5e15ca1b96594e9d8ffb63819e (diff)
Fix critical security issues
-change pom dependencies version Change-Id: Ib378ac1d8a05345494dcda0299dd5715b04de14e Issue-ID: EXTAPI-126 Signed-off-by: romaingimbert <romain.gimbert@orange.com>
Diffstat
-rw-r--r--pom.xml26
-rw-r--r--src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java3
-rw-r--r--src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java3
-rw-r--r--src/main/java/org/onap/nbi/commons/JacksonFilter.java3
4 files changed, 31 insertions, 4 deletions
diff --git a/pom.xml b/pom.xml
index 0aa9fde..1a42cd8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -121,6 +121,12 @@
</dependency>
<dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.8.11.2</version>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>8.5.32</version>
@@ -163,7 +169,7 @@
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
- <version>1.7.0</version>
+ <version>1.9.3</version>
</dependency>
<dependency>
@@ -227,6 +233,12 @@
<groupId>com.bazaarvoice.jolt</groupId>
<artifactId>json-utils</artifactId>
<version>0.1.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- test -->
@@ -259,6 +271,12 @@
<artifactId>spring-cloud-contract-wiremock</artifactId>
<version>1.0.0.RELEASE</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -293,6 +311,12 @@
<groupId>org.onap.msb.java-sdk</groupId>
<artifactId>msb-java-sdk</artifactId>
<version>1.1.1</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
</dependencies>
diff --git a/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java b/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java
index 8083fff..b2a017c 100644
--- a/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java
+++ b/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java
@@ -16,6 +16,7 @@
package org.onap.nbi.apis.hub.service;
import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.MappingJsonFactory;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import org.onap.nbi.apis.hub.model.Event;
@@ -30,7 +31,7 @@ import java.util.UUID;
public class EventFactory {
- private static final ObjectMapper mapper = new ObjectMapper();
+ private static final ObjectMapper mapper = new ObjectMapper(new MappingJsonFactory());
public static Event getEvent(EventType eventType, ServiceOrder serviceOrder, ServiceOrderItem serviceOrderItem) {
Event event = new Event();
diff --git a/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java b/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java
index 7be84c2..1821f0a 100644
--- a/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java
+++ b/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java
@@ -15,6 +15,7 @@
*/
package org.onap.nbi.apis.serviceorder.utils;
+import com.fasterxml.jackson.databind.MappingJsonFactory;
import java.io.IOException;
import org.onap.nbi.apis.serviceorder.model.orchestrator.ServiceOrderInfo;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -24,7 +25,7 @@ public final class JsonEntityConverter {
private JsonEntityConverter() {
}
- private static final ObjectMapper MAPPER = new ObjectMapper();
+ private static final ObjectMapper MAPPER = new ObjectMapper(new MappingJsonFactory());
public static String convertServiceOrderInfoToJson(ServiceOrderInfo serviceOrderInfo) {
return MAPPER.valueToTree(serviceOrderInfo).toString();
diff --git a/src/main/java/org/onap/nbi/commons/JacksonFilter.java b/src/main/java/org/onap/nbi/commons/JacksonFilter.java
index 07c113e..97f6cf2 100644
--- a/src/main/java/org/onap/nbi/commons/JacksonFilter.java
+++ b/src/main/java/org/onap/nbi/commons/JacksonFilter.java
@@ -15,6 +15,7 @@
*/
package org.onap.nbi.commons;
+import com.fasterxml.jackson.databind.MappingJsonFactory;
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Arrays;
@@ -59,7 +60,7 @@ public class JacksonFilter {
}
public static <R> ObjectNode createNode(R bean, JsonRepresentation jsonRepresentation) {
- ObjectMapper mapper = new ObjectMapper();
+ ObjectMapper mapper = new ObjectMapper(new MappingJsonFactory());
return JacksonFilter.createNode(mapper, bean, jsonRepresentation.getAttributes());
}