summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuangrongFu <fu.guangrong@zte.com.cn>2020-08-24 20:03:30 +0800
committerGuangrongFu <fu.guangrong@zte.com.cn>2020-08-24 20:08:10 +0800
commit95b4f4645fe544c8f11651d7aa78381b24fc3769 (patch)
tree7f2cd537ec26bec3b1af451e94a0bfe35d289dc3
parentce764eb74e8c3cb143ddb31cce8b0af785d1b8a2 (diff)
Fixed Some Vulnerability Issues
Fixed the fastjson issue Fixed the retrofit issue Change-Id: Ife7dca0f0aeaf09c753615ef870b84867a970c8d Issue-ID: HOLMES-345 Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn>
-rw-r--r--pom.xml16
-rw-r--r--rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java16
-rw-r--r--rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java18
-rw-r--r--rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java6
4 files changed, 33 insertions, 23 deletions
diff --git a/pom.xml b/pom.xml
index cb7bf34..9abc7e5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -107,9 +107,18 @@
<groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.squareup.retrofit2</groupId>
+ <artifactId>retrofit</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
+ <groupId>com.squareup.retrofit2</groupId>
+ <artifactId>retrofit</artifactId>
+ <version>2.5.0</version>
+ </dependency>
+ <dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>0.9.9</version>
@@ -313,10 +322,11 @@
<version>3.2.2</version>
</dependency>
<dependency>
- <groupId>com.alibaba</groupId>
- <artifactId>fastjson</artifactId>
- <version>1.2.49</version>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ <version>2.8.6</version>
</dependency>
+
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-server</artifactId>
diff --git a/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java b/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java
index b0bd1f5..479437e 100644
--- a/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java
+++ b/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java
@@ -1,5 +1,5 @@
/**
- * Copyright 2017 ZTE Corporation.
+ * Copyright 2017-2020 ZTE Corporation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,17 +15,18 @@
*/
package org.onap.holmes.rulemgt.bolt.enginebolt;
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import javax.inject.Inject;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpResponse;
import org.jvnet.hk2.annotations.Service;
+import org.onap.holmes.common.exception.CorrelationException;
import org.onap.holmes.common.utils.HttpsUtils;
import org.onap.holmes.rulemgt.bean.request.CorrelationCheckRule4Engine;
import org.onap.holmes.rulemgt.bean.request.CorrelationDeployRule4Engine;
import org.onap.holmes.rulemgt.constant.RuleMgtConstant;
-import org.onap.holmes.common.exception.CorrelationException;
+
+import javax.inject.Inject;
@Service
@Slf4j
@@ -44,9 +45,8 @@ public class EngineWrapper {
if (response.getStatusLine().getStatusCode() == RuleMgtConstant.RESPONSE_STATUS_OK) {
log.info("Succeeded in calling the rule deployment RESTful API from the engine management service.");
try {
- // JSONObject json = JSONObject.fromObject(HttpsUtils.extractResponseEntity(response));
- JSONObject json= JSON.parseObject(HttpsUtils.extractResponseEntity(response));
- return json.get(RuleMgtConstant.PACKAGE).toString();
+ JsonObject json = JsonParser.parseString(HttpsUtils.extractResponseEntity(response)).getAsJsonObject();
+ return json.get(RuleMgtConstant.PACKAGE).getAsString();
} catch (Exception e) {
throw new CorrelationException("Failed to parse the value returned by the engine management service.", e);
}
diff --git a/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java b/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java
index dcd530c..e6bc790 100644
--- a/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java
+++ b/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java
@@ -1,5 +1,5 @@
/**
- * Copyright 2017 ZTE Corporation.
+ * Copyright 2017-2020 ZTE Corporation.
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -13,14 +13,8 @@
*/
package org.onap.holmes.rulemgt.dcae;
-import com.alibaba.fastjson.JSONObject;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.HashMap;
-import java.util.List;
-import javax.ws.rs.core.MediaType;
+import com.google.gson.Gson;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
@@ -39,6 +33,12 @@ import org.onap.holmes.rulemgt.bean.request.RuleCreateRequest;
import org.onap.holmes.rulemgt.bean.response.RuleQueryListResponse;
import org.onap.holmes.rulemgt.bean.response.RuleResult4API;
+import javax.ws.rs.core.MediaType;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.HashMap;
+import java.util.List;
+
@Slf4j
public class DcaeConfigurationPolling implements Runnable {
@@ -106,7 +106,7 @@ public class DcaeConfigurationPolling implements Runnable {
httpClient = HttpsUtils.getConditionalHttpsClient(HttpsUtils.DEFUALT_TIMEOUT);
HttpResponse httpResponse = HttpsUtils.get(httpGet, headers, httpClient);
String response = HttpsUtils.extractResponseEntity(httpResponse);
- return JSONObject.parseObject(response, RuleQueryListResponse.class);
+ return GsonUtil.jsonToBean(response, RuleQueryListResponse.class);
} finally {
httpGet.releaseConnection();
closeHttpClient(httpClient);
diff --git a/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java b/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java
index 53e60c8..6b640b2 100644
--- a/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java
+++ b/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java
@@ -1,5 +1,5 @@
/**
- * Copyright 2017 ZTE Corporation.
+ * Copyright 2017-2020 ZTE Corporation.
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,7 +15,6 @@
*/
package org.onap.holmes.rulemgt.dcae;
-import com.alibaba.fastjson.JSONObject;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.client.methods.HttpDelete;
@@ -31,6 +30,7 @@ import org.junit.runner.RunWith;
import org.onap.holmes.common.dcae.DcaeConfigurationQuery;
import org.onap.holmes.common.dcae.entity.DcaeConfigurations;
import org.onap.holmes.common.dcae.entity.Rule;
+import org.onap.holmes.common.utils.GsonUtil;
import org.onap.holmes.common.utils.HttpsUtils;
import org.onap.holmes.rulemgt.bean.response.RuleQueryListResponse;
import org.onap.holmes.rulemgt.bean.response.RuleResult4API;
@@ -82,7 +82,7 @@ public class DcaeConfigurationPollingTest {
expect(HttpsUtils.getConditionalHttpsClient(30000)).andReturn(clientMock);
expect(HttpsUtils.get(anyObject(HttpGet.class), anyObject(HashMap.class), anyObject(CloseableHttpClient.class)))
.andReturn(httpResponseMock);
- expect(HttpsUtils.extractResponseEntity(httpResponseMock)).andReturn(JSONObject.toJSONString(ruleQueryListResponse));
+ expect(HttpsUtils.extractResponseEntity(httpResponseMock)).andReturn(GsonUtil.beanToJson(ruleQueryListResponse));
clientMock.close();
expectLastCall();