diff options
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/examples-aadm/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-adaptive/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-decisionmaker/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-grpc/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-myfirstpolicy/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-onap-bbs/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java | 8 | ||||
| -rw-r--r-- | examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java | 13 | ||||
| -rw-r--r-- | examples/examples-onap-vcpe/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-pcvs/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-periodic/pom.xml | 2 | ||||
| -rw-r--r-- | examples/examples-servlet/pom.xml | 2 | ||||
| -rw-r--r-- | examples/pom.xml | 2 |
13 files changed, 24 insertions, 19 deletions
diff --git a/examples/examples-aadm/pom.xml b/examples/examples-aadm/pom.xml index b4a39f9be..c080532ec 100644 --- a/examples/examples-aadm/pom.xml +++ b/examples/examples-aadm/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-aadm</artifactId> diff --git a/examples/examples-adaptive/pom.xml b/examples/examples-adaptive/pom.xml index 98f344d22..b79d03e7a 100644 --- a/examples/examples-adaptive/pom.xml +++ b/examples/examples-adaptive/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-adaptive</artifactId> diff --git a/examples/examples-decisionmaker/pom.xml b/examples/examples-decisionmaker/pom.xml index 7e32e66e2..8767d27f3 100644 --- a/examples/examples-decisionmaker/pom.xml +++ b/examples/examples-decisionmaker/pom.xml @@ -23,7 +23,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-decisionmaker</artifactId> diff --git a/examples/examples-grpc/pom.xml b/examples/examples-grpc/pom.xml index 9848bf41c..172c4f227 100644 --- a/examples/examples-grpc/pom.xml +++ b/examples/examples-grpc/pom.xml @@ -24,7 +24,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-grpc</artifactId> <name>examples-grpc</name> diff --git a/examples/examples-myfirstpolicy/pom.xml b/examples/examples-myfirstpolicy/pom.xml index 6eebf6320..8a37c8902 100644 --- a/examples/examples-myfirstpolicy/pom.xml +++ b/examples/examples-myfirstpolicy/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-myfirstpolicy</artifactId> diff --git a/examples/examples-onap-bbs/pom.xml b/examples/examples-onap-bbs/pom.xml index 3f8716ae9..10a0877ff 100644 --- a/examples/examples-onap-bbs/pom.xml +++ b/examples/examples-onap-bbs/pom.xml @@ -25,7 +25,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-onap-bbs</artifactId> diff --git a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java index edaff6b52..884708d03 100644 --- a/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java +++ b/examples/examples-onap-bbs/src/main/java/org/onap/policy/apex/examples/bbs/WebClient.java @@ -34,7 +34,6 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; -import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; @@ -64,6 +63,10 @@ public class WebClient { // Duplicated string constants private static final String BBS_POLICY = "BBS Policy"; + //Features to prevent XXE injection + private static final String XML_DISALLOW_DOCTYPE_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; + private static final String XML_EXTERNAL_ENTITY_FEATURE = "http://xml.org/sax/features/external-general-entities"; + /** * Send simple https rest request. * @@ -140,7 +143,8 @@ public class WebClient { try (ByteArrayInputStream br = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8))) { DocumentBuilderFactory df = DocumentBuilderFactory.newInstance(); - df.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + df.setFeature(XML_DISALLOW_DOCTYPE_FEATURE, true); + df.setFeature(XML_EXTERNAL_ENTITY_FEATURE, false); Document document = df.newDocumentBuilder().parse(new InputSource(br)); document.normalize(); diff --git a/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java b/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java index 3cb588dc7..ba1481c0b 100644 --- a/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java +++ b/examples/examples-onap-bbs/src/test/java/org/onap/policy/apex/examples/bbs/WebClientTest.java @@ -36,6 +36,7 @@ import org.junit.Test; import org.mockito.Mockito; public class WebClientTest { + HttpsURLConnection mockedHttpsUrlConnection; String sampleString = "Response Code :200"; @@ -55,24 +56,24 @@ public class WebClientTest { @Test public void testHttpsRequest() { WebClient cl = new WebClient(); - String result = - cl.httpRequest("https://some.random.url/data", "POST", null, "admin", "admin", "application/json"); + String result = cl + .httpRequest("https://some.random.url/data", "POST", null, "admin", "admin", "application/json"); assertNotNull(result); } @Test public void testHttpRequest() { WebClient cl = new WebClient(); - String result = - cl.httpRequest("http://some.random.url/data", "GET", null, "admin", "admin", "application/json"); + String result = cl + .httpRequest("http://some.random.url/data", "GET", null, "admin", "admin", "application/json"); assertNotNull(result); } @Test public void testToPrettyString() { String xmlSample = "<input xmlns=\"org:onap:sdnc:northbound:generic-resource\">" - + "<sdnc-request-header> <svc-action>update</svc-action> </sdnc-request-header></input>"; + + "<sdnc-request-header> <svc-action>update</svc-action> </sdnc-request-header></input>"; WebClient cl = new WebClient(); - cl.toPrettyString(xmlSample, 4); + assertNotNull(cl.toPrettyString(xmlSample, 4)); } } diff --git a/examples/examples-onap-vcpe/pom.xml b/examples/examples-onap-vcpe/pom.xml index 2580658a8..fca1bbffc 100644 --- a/examples/examples-onap-vcpe/pom.xml +++ b/examples/examples-onap-vcpe/pom.xml @@ -24,7 +24,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-onap-vcpe</artifactId> diff --git a/examples/examples-pcvs/pom.xml b/examples/examples-pcvs/pom.xml index e559ab6ef..80e4dcf55 100644 --- a/examples/examples-pcvs/pom.xml +++ b/examples/examples-pcvs/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-pcvs</artifactId> diff --git a/examples/examples-periodic/pom.xml b/examples/examples-periodic/pom.xml index 1da32b00c..b4b80fef2 100644 --- a/examples/examples-periodic/pom.xml +++ b/examples/examples-periodic/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-periodic</artifactId> diff --git a/examples/examples-servlet/pom.xml b/examples/examples-servlet/pom.xml index 093a5da45..dcae48a4d 100644 --- a/examples/examples-servlet/pom.xml +++ b/examples/examples-servlet/pom.xml @@ -23,7 +23,7 @@ <parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> <artifactId>examples</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <artifactId>examples-servlet</artifactId> diff --git a/examples/pom.xml b/examples/pom.xml index 76fafc8bf..5d181857d 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -23,7 +23,7 @@ <parent> <groupId>org.onap.policy.apex-pdp</groupId> <artifactId>apex-pdp</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <groupId>org.onap.policy.apex-pdp.examples</groupId> |