summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPrudence Au <prudence.au@amdocs.com>2019-09-04 19:57:07 -0400
committerPrudence Au <prudence.au@amdocs.com>2019-09-05 13:53:01 -0400
commitbd0767fc08a46c290b7a5d2f5dde1688c681cf0d (patch)
tree2d439e4af5f76e701e2b044ff7f28f454bdf099f
parentd26dbbfc39a08657945c6c517879ac17b3d727cd (diff)
Address vulnerability issues.
- exclude commons-beanutils from spring-boot-starter-velocity - upgrade handlebars to version 4.1.2 - upgrade logback-classic to version 1.2.3 - upgrade xstream to version 1.4.11.1 - exclude dom4j from spring-boot-starter-velocity - upgrade camel-core to version 2.21.5 - exclude struts-core from spring-boot-starter-velocity - upgrade plexus-utils to version 3.0.22 Issue-ID: LOG-827 Issue-ID: LOG-1116 Issue-ID: LOG-1121 Issue-ID: LOG-1122 Issue-ID: LOG-1123 Issue-ID: LOG-1124 Issue-ID: LOG-1062 Issue-ID: LOG-1063 Signed-off-by: Prudence Au <prudence.au@amdocs.com> Change-Id: Ib851883ba4338f800523bbdbdb714e39549e5ecd
Diffstat
-rw-r--r--pom.xml65
-rw-r--r--src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java3
2 files changed, 56 insertions, 12 deletions
diff --git a/pom.xml b/pom.xml
index bb6cbc7..0b8c922 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,7 +31,7 @@ limitations under the License.
</parent>
<properties>
- <camel-spring-boot.version>2.21.1</camel-spring-boot.version>
+ <camel-spring-boot.version>2.21.5</camel-spring-boot.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<swagger.directory>${project.build.directory}/generated-resources/swagger</swagger.directory>
<!--docker -->
@@ -114,6 +114,20 @@ limitations under the License.
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-velocity</artifactId>
<version>1.4.7.RELEASE</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>dom4j</groupId>
+ <artifactId>dom4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts-core</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
@@ -132,15 +146,6 @@ limitations under the License.
<artifactId>camel-spring-boot-starter</artifactId>
<version>${camel-spring-boot.version}</version>
</dependency>
- <dependency>
- <groupId>org.apache.camel</groupId>
- <artifactId>camel-core</artifactId>
- <version>${camel-spring-boot.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.camel</groupId>
- <artifactId>camel-servlet-starter</artifactId>
- </dependency>
<!-- swagger dependencies -->
<dependency>
<groupId>io.swagger</groupId>
@@ -184,7 +189,13 @@ limitations under the License.
<dependency>
<groupId>org.onap.aai</groupId>
<artifactId>rest-client</artifactId>
- <version>1.2.1</version>
+ <version>1.3.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- Drools dependencies -->
<dependency>
@@ -196,8 +207,26 @@ limitations under the License.
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>1.4.11.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-utils</artifactId>
+ <version>3.0.22</version>
+ </dependency>
<!-- Test dependencies -->
<dependency>
@@ -225,6 +254,10 @@ limitations under the License.
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.github.jknack</groupId>
+ <artifactId>handlebars</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -242,6 +275,16 @@ limitations under the License.
<artifactId>jackson-annotations</artifactId>
<version>2.9.0</version>
</dependency>
+ <dependency>
+ <groupId>com.github.jknack</groupId>
+ <artifactId>handlebars</artifactId>
+ <version>4.1.2</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.2.3</version>
+ </dependency>
</dependencies>
<build>
diff --git a/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java b/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java
index b7fbd33..daa0cf7 100644
--- a/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java
+++ b/src/test/java/org/onap/pomba/contextbuilder/sdnc/unittest/service/SdncContextBuilderTest.java
@@ -30,6 +30,7 @@ import com.github.jknack.handlebars.internal.Files;
import com.github.tomakehurst.wiremock.junit.WireMockRule;
import java.io.File;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.text.MessageFormat;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
@@ -212,7 +213,7 @@ public class SdncContextBuilderTest {
private void addResponse(String url, String responseFile, WireMockRule thisMock) throws IOException {
File file = new File(ClassLoader.getSystemResource(responseFile).getFile());
- String payload = Files.read(file);
+ String payload = Files.read(file, Charset.defaultCharset());
thisMock.stubFor(get(url).willReturn(okJson(payload)));
}