summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorliamfallon <liam.fallon@est.tech>2019-02-22 17:30:59 +0000
committerliamfallon <liam.fallon@est.tech>2019-02-22 17:30:59 +0000
commit1ba6a3268b220cc99e9ed993553fa6f34f111a39 (patch)
tree4dea3d65bd831f58dff8b066c484e9b876f60692 /plugins
parent53d016bd95ded26821a7711c6f049ffc4ccd51ca (diff)
Change versions of Zookeeper and C3P0
This review changes the versions of Zookeeper and C3P0 to resolve security issues. It also merges the context test utils module into the context test because that module was misplaced and put an incompatible Zookeeper dependency in the APEX context module. Issue-ID: POLICY-1540 Change-Id: I86048ae1fc8b818611f423d6fd1f4a9fcc3f76f9 Signed-off-by: liamfallon <liam.fallon@est.tech>
Diffstat (limited to 'plugins')
-rw-r--r--plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/pom.xml5
-rw-r--r--plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManager.java33
-rw-r--r--plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManagerParameters.java9
-rw-r--r--plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml45
4 files changed, 55 insertions, 37 deletions
diff --git a/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/pom.xml b/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/pom.xml
index 2dcdcf8de..8424969d7 100644
--- a/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/pom.xml
+++ b/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/pom.xml
@@ -1,6 +1,7 @@
<!--
============LICENSE_START=======================================================
Copyright (C) 2018 Ericsson. All rights reserved.
+ Modifications Copyright (C) 2019 Nordix Foundation.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -47,11 +48,11 @@
<artifactId>curator-recipes</artifactId>
<version>4.0.1</version>
</dependency>
- <!-- The latest Zookeeper version fixes the vulnerabilities -->
+ <!-- This Zookeeper version fixes the vulnerabilities -->
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
- <version>3.5.4-beta</version>
+ <version>3.4.13</version>
<exclusions>
<!-- Zookeeper uses an ancient version of log4j -->
<exclusion>
diff --git a/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManager.java b/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManager.java
index bc8ce9055..ce727b8bf 100644
--- a/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManager.java
+++ b/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManager.java
@@ -1,19 +1,20 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2016-2018 Ericsson. All rights reserved.
+ * Modifications Copyright (C) 2019 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
+ *
* SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
@@ -32,6 +33,8 @@ import org.apache.curator.utils.CloseableUtils;
import org.apache.zookeeper.CreateMode;
import org.onap.policy.apex.context.ContextException;
import org.onap.policy.apex.context.impl.locking.AbstractLockManager;
+import org.onap.policy.apex.context.parameters.ContextParameterConstants;
+import org.onap.policy.apex.context.parameters.LockManagerParameters;
import org.onap.policy.apex.model.basicmodel.concepts.AxArtifactKey;
import org.onap.policy.common.parameters.ParameterService;
import org.slf4j.ext.XLogger;
@@ -75,11 +78,19 @@ public class CuratorLockManager extends AbstractLockManager {
super.init(key);
// Get the lock manager parameters
- final CuratorLockManagerParameters lockParameters = ParameterService
- .get(CuratorLockManagerParameters.class.getSimpleName());
+ final LockManagerParameters lockParameters = ParameterService.get(ContextParameterConstants.LOCKING_GROUP_NAME);
+
+ if (!(lockParameters instanceof CuratorLockManagerParameters)) {
+ String message = "could not set up Curator locking, "
+ + "curator lock manager parameters are not set";
+ LOGGER.warn(message);
+ throw new ContextException(message);
+ }
+
+ final CuratorLockManagerParameters curatorLockPars = (CuratorLockManagerParameters)lockParameters;
// Check if the curator address has been set
- curatorZookeeperAddress = lockParameters.getZookeeperAddress();
+ curatorZookeeperAddress = curatorLockPars.getZookeeperAddress();
if (curatorZookeeperAddress == null || curatorZookeeperAddress.trim().length() == 0) {
String message = "could not set up Curator locking, "
+ "check if the curator Zookeeper address parameter is set correctly";
@@ -89,8 +100,8 @@ public class CuratorLockManager extends AbstractLockManager {
// Set up the curator framework we'll use
curatorFramework = CuratorFrameworkFactory.builder().connectString(curatorZookeeperAddress)
- .retryPolicy(new ExponentialBackoffRetry(lockParameters.getZookeeperConnectSleepTime(),
- lockParameters.getZookeeperContextRetries()))
+ .retryPolicy(new ExponentialBackoffRetry(curatorLockPars.getZookeeperConnectSleepTime(),
+ curatorLockPars.getZookeeperContextRetries()))
.build();
// Listen for changes on the Curator connection
@@ -102,8 +113,8 @@ public class CuratorLockManager extends AbstractLockManager {
// Wait for the connection to be made
try {
curatorFramework.blockUntilConnected(
- lockParameters.getZookeeperConnectSleepTime() * lockParameters.getZookeeperContextRetries(),
- TimeUnit.MILLISECONDS);
+ curatorLockPars.getZookeeperConnectSleepTime() * curatorLockPars.getZookeeperContextRetries(),
+ TimeUnit.MILLISECONDS);
} catch (final InterruptedException e) {
// restore the interrupt status
Thread.currentThread().interrupt();
@@ -123,7 +134,7 @@ public class CuratorLockManager extends AbstractLockManager {
// We'll use Ephemeral nodes for locks on the Zookeeper server
curatorFramework.create().withMode(CreateMode.EPHEMERAL_SEQUENTIAL);
- LOGGER.exit("init(" + key + "," + lockParameters + ")");
+ LOGGER.exit("init(" + key + "," + curatorLockPars + ")");
}
/*
diff --git a/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManagerParameters.java b/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManagerParameters.java
index ac936d436..39972a7f1 100644
--- a/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManagerParameters.java
+++ b/plugins/plugins-context/plugins-context-locking/plugins-context-locking-curator/src/main/java/org/onap/policy/apex/plugins/context/locking/curator/CuratorLockManagerParameters.java
@@ -1,19 +1,20 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2016-2018 Ericsson. All rights reserved.
+ * Modifications Copyright (C) 2019 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
+ *
* SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
@@ -30,7 +31,7 @@ import org.onap.policy.apex.context.parameters.LockManagerParameters;
public class CuratorLockManagerParameters extends LockManagerParameters {
// @formatter:off
/** The default address used to connect to the Zookeeper server. */
- public static final String DEFAULT_ZOOKEEPER_ADDRESS = "localhost:2181";
+ public static final String DEFAULT_ZOOKEEPER_ADDRESS = "localhost:2181";
/** The default sleep time to use when connecting to the Zookeeper server. */
public static final int DEFAULT_ZOOKEEPER_CONNECT_SLEEP_TIME = 1000;
diff --git a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml
index 2343a3ab8..ae2def8d2 100644
--- a/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml
+++ b/plugins/plugins-persistence/plugins-persistence-jpa/plugins-persistence-jpa-hibernate/pom.xml
@@ -1,23 +1,17 @@
-<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2018 Ericsson. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<!-- ============LICENSE_START=======================================================
+ Copyright (C) 2018 Ericsson. All rights reserved. Modifications Copyright
+ (C) 2019 Nordix Foundation. ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ use this file except in compliance with the License. You may obtain a copy
+ of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. SPDX-License-Identifier:
+ Apache-2.0 ============LICENSE_END========================================================= -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.onap.policy.apex-pdp.plugins.plugins-persistence.plugins-persistence-jpa</groupId>
@@ -72,6 +66,17 @@
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
<version>${version.hibernate}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.mchange</groupId>
+ <artifactId>c3p0</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>com.mchange</groupId>
+ <artifactId>c3p0</artifactId>
+ <version>0.9.5.3</version>
</dependency>
</dependencies>