diff options
author | romaingimbert <romain.gimbert@orange.com> | 2018-09-03 14:41:17 +0200 |
---|---|---|
committer | romaingimbert <romain.gimbert@orange.com> | 2018-09-03 14:41:17 +0200 |
commit | 6041103fc59c2d2c7461d2844582aee23086758f (patch) | |
tree | bf769beadd77837979e93f7f60a74d5b5407bf78 | |
parent | 83d3d0b7511bce0a4dce7724e1e4a6b54d3b3dc4 (diff) |
Fix critical security issues
-change pom dependencies version
Change-Id: I8ea5410575f95e7054ca2d93a1c712a12607893a
Issue-ID: EXTAPI-126
Signed-off-by: romaingimbert <romain.gimbert@orange.com>
4 files changed, 15 insertions, 11 deletions
@@ -113,13 +113,17 @@ <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-core</artifactId> </exclusion> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </exclusion> </exclusions> </dependency> <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-core</artifactId> - <version>8.5.33</version> + <version>8.5.32</version> </dependency> <dependency> @@ -159,7 +163,7 @@ <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> - <version>1.9.0</version> + <version>1.7.0</version> </dependency> <dependency> diff --git a/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java b/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java index 69e4a51..228e12d 100644 --- a/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java +++ b/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java @@ -19,7 +19,6 @@ import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; -import org.apache.commons.collections.CollectionUtils; import org.onap.nbi.apis.servicecatalog.jolt.FindServiceSpecJsonTransformer; import org.onap.nbi.apis.servicecatalog.jolt.GetServiceSpecJsonTransformer; import org.onap.nbi.apis.serviceorder.ServiceCatalogUrl; @@ -27,6 +26,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; import org.springframework.util.MultiValueMap; @Service @@ -67,7 +67,7 @@ public class ServiceSpecificationService { public List<LinkedHashMap> find(MultiValueMap<String, String> parametersMap) { List<LinkedHashMap> sdcResponse = sdcClient.callFind(parametersMap); List<LinkedHashMap> serviceCatalogResponse = new ArrayList<>(); - if(CollectionUtils.isNotEmpty(sdcResponse)){ + if(!CollectionUtils.isEmpty(sdcResponse)){ serviceCatalogResponse = findServiceSpecJsonTransformer.transform(sdcResponse); } diff --git a/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java b/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java index 6b70a18..54b5486 100644 --- a/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java +++ b/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java @@ -13,6 +13,8 @@ */ package org.onap.nbi.apis.servicecatalog; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -26,15 +28,13 @@ import java.util.Map.Entry; import java.util.Set; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; -import org.apache.commons.collections.CollectionUtils; import org.apache.commons.io.FileUtils; import org.onap.nbi.exceptions.TechnicalException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import org.springframework.util.CollectionUtils; @Service public class ToscaInfosProcessor { @@ -96,7 +96,7 @@ public class ToscaInfosProcessor { Object aDefault = parameter.get("default"); if (parameter.get("entry_schema") != null) { ArrayList entrySchema = (ArrayList) parameter.get("entry_schema"); - if (CollectionUtils.isNotEmpty(entrySchema)) { + if (!CollectionUtils.isEmpty(entrySchema)) { buildCharacteristicValuesFormShema(parameterType, serviceSpecCharacteristicValues, aDefault, entrySchema); } @@ -110,7 +110,7 @@ public class ToscaInfosProcessor { LinkedHashMap constraints = (LinkedHashMap) entrySchema.get(0); if (constraints != null) { ArrayList constraintsList = (ArrayList) constraints.get("constraints"); - if (CollectionUtils.isNotEmpty(constraintsList)) { + if (!CollectionUtils.isEmpty(constraintsList)) { LinkedHashMap valuesMap = (LinkedHashMap) constraintsList.get(0); if (valuesMap != null) { List<Object> values = (List<Object>) valuesMap.get("valid_values"); diff --git a/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java b/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java index d38d012..1564e9c 100644 --- a/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java +++ b/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java @@ -16,7 +16,6 @@ import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; -import org.apache.commons.collections.CollectionUtils; import org.onap.nbi.apis.serviceinventory.jolt.FindServiceInventoryJsonTransformer; import org.onap.nbi.apis.serviceinventory.jolt.GetServiceInventoryJsonTransformer; import org.onap.nbi.exceptions.BackendFunctionalException; @@ -25,6 +24,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; @@ -137,7 +137,7 @@ public class ServiceInventoryService { buildServiceInstances(serviceInstances, customerId, serviceName); } List<LinkedHashMap> serviceInventoryResponse = new ArrayList<>(); - if(CollectionUtils.isNotEmpty(serviceInstances)){ + if(!CollectionUtils.isEmpty(serviceInstances)){ serviceInventoryResponse = findServiceInventoryJsonTransformer.transform(serviceInstances); for (LinkedHashMap serviceInventory : serviceInventoryResponse) { |