diff options
author | GuangrongFu <fu.guangrong@zte.com.cn> | 2020-08-24 20:03:30 +0800 |
---|---|---|
committer | GuangrongFu <fu.guangrong@zte.com.cn> | 2020-08-24 20:08:10 +0800 |
commit | 95b4f4645fe544c8f11651d7aa78381b24fc3769 (patch) | |
tree | 7f2cd537ec26bec3b1af451e94a0bfe35d289dc3 | |
parent | ce764eb74e8c3cb143ddb31cce8b0af785d1b8a2 (diff) |
Fixed Some Vulnerability Issues
Fixed the fastjson issue
Fixed the retrofit issue
Change-Id: Ife7dca0f0aeaf09c753615ef870b84867a970c8d
Issue-ID: HOLMES-345
Signed-off-by: GuangrongFu <fu.guangrong@zte.com.cn>
4 files changed, 33 insertions, 23 deletions
@@ -107,9 +107,18 @@ <groupId>org.checkerframework</groupId>
<artifactId>checker-qual</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.squareup.retrofit2</groupId>
+ <artifactId>retrofit</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
+ <groupId>com.squareup.retrofit2</groupId>
+ <artifactId>retrofit</artifactId>
+ <version>2.5.0</version>
+ </dependency>
+ <dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>0.9.9</version>
@@ -313,10 +322,11 @@ <version>3.2.2</version>
</dependency>
<dependency>
- <groupId>com.alibaba</groupId>
- <artifactId>fastjson</artifactId>
- <version>1.2.49</version>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ <version>2.8.6</version>
</dependency>
+
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-server</artifactId>
diff --git a/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java b/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java index b0bd1f5..479437e 100644 --- a/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java +++ b/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java @@ -1,5 +1,5 @@ /**
- * Copyright 2017 ZTE Corporation.
+ * Copyright 2017-2020 ZTE Corporation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,17 +15,18 @@ */
package org.onap.holmes.rulemgt.bolt.enginebolt;
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import javax.inject.Inject;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpResponse;
import org.jvnet.hk2.annotations.Service;
+import org.onap.holmes.common.exception.CorrelationException;
import org.onap.holmes.common.utils.HttpsUtils;
import org.onap.holmes.rulemgt.bean.request.CorrelationCheckRule4Engine;
import org.onap.holmes.rulemgt.bean.request.CorrelationDeployRule4Engine;
import org.onap.holmes.rulemgt.constant.RuleMgtConstant;
-import org.onap.holmes.common.exception.CorrelationException;
+
+import javax.inject.Inject;
@Service
@Slf4j
@@ -44,9 +45,8 @@ public class EngineWrapper { if (response.getStatusLine().getStatusCode() == RuleMgtConstant.RESPONSE_STATUS_OK) {
log.info("Succeeded in calling the rule deployment RESTful API from the engine management service.");
try {
- // JSONObject json = JSONObject.fromObject(HttpsUtils.extractResponseEntity(response));
- JSONObject json= JSON.parseObject(HttpsUtils.extractResponseEntity(response));
- return json.get(RuleMgtConstant.PACKAGE).toString();
+ JsonObject json = JsonParser.parseString(HttpsUtils.extractResponseEntity(response)).getAsJsonObject();
+ return json.get(RuleMgtConstant.PACKAGE).getAsString();
} catch (Exception e) {
throw new CorrelationException("Failed to parse the value returned by the engine management service.", e);
}
diff --git a/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java b/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java index dcd530c..e6bc790 100644 --- a/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java +++ b/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 ZTE Corporation. + * Copyright 2017-2020 ZTE Corporation. * <p> * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except * in compliance with the License. You may obtain a copy of the License at @@ -13,14 +13,8 @@ */ package org.onap.holmes.rulemgt.dcae; -import com.alibaba.fastjson.JSONObject; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.util.HashMap; -import java.util.List; -import javax.ws.rs.core.MediaType; +import com.google.gson.Gson; import lombok.extern.slf4j.Slf4j; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpDelete; @@ -39,6 +33,12 @@ import org.onap.holmes.rulemgt.bean.request.RuleCreateRequest; import org.onap.holmes.rulemgt.bean.response.RuleQueryListResponse; import org.onap.holmes.rulemgt.bean.response.RuleResult4API; +import javax.ws.rs.core.MediaType; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.List; + @Slf4j public class DcaeConfigurationPolling implements Runnable { @@ -106,7 +106,7 @@ public class DcaeConfigurationPolling implements Runnable { httpClient = HttpsUtils.getConditionalHttpsClient(HttpsUtils.DEFUALT_TIMEOUT); HttpResponse httpResponse = HttpsUtils.get(httpGet, headers, httpClient); String response = HttpsUtils.extractResponseEntity(httpResponse); - return JSONObject.parseObject(response, RuleQueryListResponse.class); + return GsonUtil.jsonToBean(response, RuleQueryListResponse.class); } finally { httpGet.releaseConnection(); closeHttpClient(httpClient); diff --git a/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java b/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java index 53e60c8..6b640b2 100644 --- a/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java +++ b/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 ZTE Corporation. + * Copyright 2017-2020 ZTE Corporation. * <p> * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,7 +15,6 @@ */ package org.onap.holmes.rulemgt.dcae; -import com.alibaba.fastjson.JSONObject; import org.apache.http.HttpResponse; import org.apache.http.StatusLine; import org.apache.http.client.methods.HttpDelete; @@ -31,6 +30,7 @@ import org.junit.runner.RunWith; import org.onap.holmes.common.dcae.DcaeConfigurationQuery; import org.onap.holmes.common.dcae.entity.DcaeConfigurations; import org.onap.holmes.common.dcae.entity.Rule; +import org.onap.holmes.common.utils.GsonUtil; import org.onap.holmes.common.utils.HttpsUtils; import org.onap.holmes.rulemgt.bean.response.RuleQueryListResponse; import org.onap.holmes.rulemgt.bean.response.RuleResult4API; @@ -82,7 +82,7 @@ public class DcaeConfigurationPollingTest { expect(HttpsUtils.getConditionalHttpsClient(30000)).andReturn(clientMock); expect(HttpsUtils.get(anyObject(HttpGet.class), anyObject(HashMap.class), anyObject(CloseableHttpClient.class))) .andReturn(httpResponseMock); - expect(HttpsUtils.extractResponseEntity(httpResponseMock)).andReturn(JSONObject.toJSONString(ruleQueryListResponse)); + expect(HttpsUtils.extractResponseEntity(httpResponseMock)).andReturn(GsonUtil.beanToJson(ruleQueryListResponse)); clientMock.close(); expectLastCall(); |