From 722d78240f9ae320ceb262b496cf8cee07ae2591 Mon Sep 17 00:00:00 2001 From: HuabingZhao Date: Thu, 8 Mar 2018 17:49:12 +0800 Subject: Solve nexus IQ security issue Upgrade the jackson-core to the latest version to solve SONATYPE-2017-0355 Issue-ID: MSB-131 Change-Id: I9a7fc431a07533c47fe56bd69b18012cf9d7216c Signed-off-by: HuabingZhao --- example/pom.xml | 2 +- pom.xml | 20 ++- .../httpclient/handler/RetrofitServiceHandler.java | 154 ++++++++++----------- 3 files changed, 92 insertions(+), 84 deletions(-) diff --git a/example/pom.xml b/example/pom.xml index 26ce5a4..81dc972 100644 --- a/example/pom.xml +++ b/example/pom.xml @@ -23,7 +23,7 @@ io.dropwizard dropwizard-core - 0.8.0 + 1.2.4 diff --git a/pom.xml b/pom.xml index 18530f4..5ce0f08 100644 --- a/pom.xml +++ b/pom.xml @@ -37,11 +37,6 @@ commons-lang3 3.0 - - com.eclipsesource.jaxrs - consumer - 5.0 - org.apache.httpcomponents httpclient @@ -65,6 +60,21 @@ 1.6.6 test + + com.fasterxml.jackson.core + jackson-databind + 2.9.3 + + + com.fasterxml.jackson.core + jackson-core + 2.9.3 + + + com.google.guava + guava + 19.0 + diff --git a/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java b/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java index 74096e7..085a35f 100644 --- a/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java +++ b/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java @@ -28,7 +28,7 @@ import org.onap.msb.sdk.httpclient.lb.LoadBalanceContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import jersey.repackaged.com.google.common.collect.Lists; +import com.google.common.collect.Lists; import retrofit2.Call; /** @@ -37,125 +37,123 @@ import retrofit2.Call; */ public class RetrofitServiceHandler implements InvocationHandler { - private final static Logger logger = LoggerFactory.getLogger(RetrofitServiceHandler.class); - private static long periodTime = 60; + private final static Logger logger = LoggerFactory.getLogger(RetrofitServiceHandler.class); + private static long periodTime = 60; - static { - try { - String periodStr = System.getenv("retrofit_route_cache_refresh_period"); - periodTime = periodStr != null ? Long.valueOf(periodStr) : 60; - logger.info("retrofit_route_cache_refresh_period:" + periodTime); - } catch (Exception e) { - logger.warn("", e); - } + static { + try { + String periodStr = System.getenv("retrofit_route_cache_refresh_period"); + periodTime = periodStr != null ? Long.valueOf(periodStr) : 60; + logger.info("retrofit_route_cache_refresh_period:" + periodTime); + } catch (Exception e) { + logger.warn("", e); + } - } + } - private RetrofitServiceHandlerContext flowContext; + private RetrofitServiceHandlerContext flowContext; - private AtomicReference> endPointToRetrofitRef = - new AtomicReference(); + private AtomicReference> endPointToRetrofitRef = new AtomicReference(); - public RetrofitServiceHandler(RetrofitServiceHandlerContext flowContext) { - super(); - this.flowContext = flowContext; - logger.info("retrofit_route_cache_refresh_period:" + periodTime); - } + public RetrofitServiceHandler(RetrofitServiceHandlerContext flowContext) { + super(); + this.flowContext = flowContext; + logger.info("retrofit_route_cache_refresh_period:" + periodTime); + } - /* - * (non-Javadoc) - * - * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object, java.lang.reflect.Method, - * java.lang.Object[]) - */ - @Override - public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + /* + * (non-Javadoc) + * + * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object, java.lang.reflect.Method, + * java.lang.Object[]) + */ + @Override + public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { - Object retrofitObject = null; - ServiceHttpEndPointObjectWapper wapper = null; + Object retrofitObject = null; + ServiceHttpEndPointObjectWapper wapper = null; - updateMsbInfo(); - wapper = selectRetrofitObjectByLBStrategy( - flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, null), - method, args); - retrofitObject = wapper.retrofitObject; + updateMsbInfo(); + wapper = selectRetrofitObjectByLBStrategy( + flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, null), method, + args); + retrofitObject = wapper.retrofitObject; - Object resultObjecct = method.invoke(retrofitObject, args); + Object resultObjecct = method.invoke(retrofitObject, args); - if (resultObjecct instanceof Call) { - Call targetCall = (Call) resultObjecct; - return new ProxyRetrofitCall(targetCall, this, wapper.endPoint, proxy, method, args); + if (resultObjecct instanceof Call) { + Call targetCall = (Call) resultObjecct; + return new ProxyRetrofitCall(targetCall, this, wapper.endPoint, proxy, method, args); + } + return resultObjecct; } - return resultObjecct; - } - public Object reInvoke(Object proxy, Method method, Object[] args, - ServiceHttpEndPointObject endPoint) throws Throwable { + public Object reInvoke(Object proxy, Method method, Object[] args, ServiceHttpEndPointObject endPoint) + throws Throwable { - Object retrofitObject = null; - ServiceHttpEndPointObjectWapper wapper = null; + Object retrofitObject = null; + ServiceHttpEndPointObjectWapper wapper = null; - updateMsbInfo(); + updateMsbInfo(); - Map serviceHttpEndPointObjectMap = - flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, endPoint); + Map serviceHttpEndPointObjectMap = + flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, endPoint); - wapper = selectRetrofitObjectByLBStrategy(serviceHttpEndPointObjectMap, method, args); + wapper = selectRetrofitObjectByLBStrategy(serviceHttpEndPointObjectMap, method, args); - retrofitObject = wapper.retrofitObject; + retrofitObject = wapper.retrofitObject; - Object resultObjecct = method.invoke(retrofitObject, args); + Object resultObjecct = method.invoke(retrofitObject, args); - return resultObjecct; + return resultObjecct; - } + } - private void updateMsbInfo() { + private void updateMsbInfo() { - if (System.currentTimeMillis() - flowContext.getLastUpdateMsbTime() > periodTime * 1000) { - clean(); + if (System.currentTimeMillis() - flowContext.getLastUpdateMsbTime() > periodTime * 1000) { + clean(); + } } - } - public void clean() { - endPointToRetrofitRef.set(null); - } + public void clean() { + endPointToRetrofitRef.set(null); + } - private ServiceHttpEndPointObjectWapper selectRetrofitObjectByLBStrategy( - Map srvEndPointToRetrofit, Method method, Object[] args) - throws RetrofitServiceRuntimeException { + private ServiceHttpEndPointObjectWapper selectRetrofitObjectByLBStrategy( + Map srvEndPointToRetrofit, Method method, Object[] args) + throws RetrofitServiceRuntimeException { - LoadBalanceContext ctx = new LoadBalanceContext(); - ctx.setEndPoints(Lists.newArrayList(srvEndPointToRetrofit.keySet())); - ctx.setArgs(args); - ctx.setMethod(method); - ServiceHttpEndPointObject endPoint = flowContext.getLbStrategy().chooseEndPointObject(ctx); - return new ServiceHttpEndPointObjectWapper(endPoint, srvEndPointToRetrofit.get(endPoint)); - } + LoadBalanceContext ctx = new LoadBalanceContext(); + ctx.setEndPoints(Lists.newArrayList(srvEndPointToRetrofit.keySet())); + ctx.setArgs(args); + ctx.setMethod(method); + ServiceHttpEndPointObject endPoint = flowContext.getLbStrategy().chooseEndPointObject(ctx); + return new ServiceHttpEndPointObjectWapper(endPoint, srvEndPointToRetrofit.get(endPoint)); + } } class ServiceHttpEndPointObjectWapper { - protected ServiceHttpEndPointObject endPoint; - protected Object retrofitObject; + protected ServiceHttpEndPointObject endPoint; + protected Object retrofitObject; - public ServiceHttpEndPointObjectWapper(ServiceHttpEndPointObject endPoint, - Object retrofitObject) { - super(); - this.endPoint = endPoint; - this.retrofitObject = retrofitObject; - } + public ServiceHttpEndPointObjectWapper(ServiceHttpEndPointObject endPoint, Object retrofitObject) { + super(); + this.endPoint = endPoint; + this.retrofitObject = retrofitObject; + } } -- cgit 1.2.3-korg