summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@ericsson.com>2018-06-26 11:47:22 +0100
committerliamfallon <liam.fallon@ericsson.com>2018-06-26 11:47:35 +0100
commitc78db71cba65d95698116dc7cbad5827f23362d0 (patch)
treee1e6c09848e4ba9ae84f6da9c9656951fa795b78
parentc64ab628a9a861a36b25418a2f187b93efc27880 (diff)
Upgrade version of Jython to remove vulnerability
Upgrade version of Jython from 2.2.1 to 2.7.1 to fix security vulnerability. Change-Id: I605b02483431b057f0ffa6017a5726ef8e1834d3 Issue-ID: POLICY-905 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/pom.xml4
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java3
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java3
-rw-r--r--plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java3
4 files changed, 8 insertions, 5 deletions
diff --git a/plugins/plugins-executor/plugins-executor-jython/pom.xml b/plugins/plugins-executor/plugins-executor-jython/pom.xml
index 8b246561b..13b55caa4 100644
--- a/plugins/plugins-executor/plugins-executor-jython/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jython/pom.xml
@@ -37,8 +37,8 @@
<dependencies>
<dependency>
<groupId>org.python</groupId>
- <artifactId>jython</artifactId>
- <version>2.2.1</version>
+ <artifactId>jython-standalone</artifactId>
+ <version>2.7.1</version>
</dependency>
</dependencies>
</project> \ No newline at end of file
diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java
index 26512b52d..ea8f027c5 100644
--- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java
+++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java
@@ -25,6 +25,7 @@ import java.util.Map;
import org.onap.policy.apex.context.ContextException;
import org.onap.policy.apex.core.engine.executor.StateFinalizerExecutor;
import org.onap.policy.apex.core.engine.executor.exception.StateMachineException;
+import org.python.core.CompileMode;
import org.python.core.Py;
import org.python.core.PyCode;
import org.python.core.PyException;
@@ -61,7 +62,7 @@ public class JythonStateFinalizerExecutor extends StateFinalizerExecutor {
try {
synchronized (Py.class) {
compiled = Py.compile_flags(getSubject().getLogic(), "<" + getSubject().getKey().toString() + ">",
- "exec", null);
+ CompileMode.exec, null);
}
} catch (final PyException e) {
LOGGER.warn("failed to compile Jython code for state finalizer " + getSubject().getKey(), e);
diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java
index 4387a5df7..b0dd9c5c9 100644
--- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java
+++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java
@@ -25,6 +25,7 @@ import java.util.Map;
import org.onap.policy.apex.context.ContextException;
import org.onap.policy.apex.core.engine.executor.TaskExecutor;
import org.onap.policy.apex.core.engine.executor.exception.StateMachineException;
+import org.python.core.CompileMode;
import org.python.core.Py;
import org.python.core.PyCode;
import org.python.core.PyException;
@@ -61,7 +62,7 @@ public class JythonTaskExecutor extends TaskExecutor {
try {
synchronized (Py.class) {
compiled = Py.compile_flags(getSubject().getTaskLogic().getLogic(),
- "<" + getSubject().getKey().toString() + ">", "exec", null);
+ "<" + getSubject().getKey().toString() + ">", CompileMode.exec, null);
}
} catch (final PyException e) {
LOGGER.warn("failed to compile Jython code for task " + getSubject().getKey().getID(), e);
diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java
index cf94793ff..4fd48f2e7 100644
--- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java
+++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java
@@ -25,6 +25,7 @@ import org.onap.policy.apex.core.engine.event.EnEvent;
import org.onap.policy.apex.core.engine.executor.TaskSelectExecutor;
import org.onap.policy.apex.core.engine.executor.exception.StateMachineException;
import org.onap.policy.apex.model.basicmodel.concepts.AxArtifactKey;
+import org.python.core.CompileMode;
import org.python.core.Py;
import org.python.core.PyCode;
import org.python.core.PyException;
@@ -60,7 +61,7 @@ public class JythonTaskSelectExecutor extends TaskSelectExecutor {
try {
synchronized (Py.class) {
compiled = Py.compile_flags(getSubject().getTaskSelectionLogic().getLogic(),
- "<" + getSubject().getKey().toString() + ">", "exec", null);
+ "<" + getSubject().getKey().toString() + ">", CompileMode.exec, null);
}
} catch (final PyException e) {
LOGGER.warn("failed to compile Jython code for task selection logic in " + getSubject().getKey().getID(),