From c78db71cba65d95698116dc7cbad5827f23362d0 Mon Sep 17 00:00:00 2001 From: liamfallon Date: Tue, 26 Jun 2018 11:47:22 +0100 Subject: Upgrade version of Jython to remove vulnerability Upgrade version of Jython from 2.2.1 to 2.7.1 to fix security vulnerability. Change-Id: I605b02483431b057f0ffa6017a5726ef8e1834d3 Issue-ID: POLICY-905 Signed-off-by: liamfallon --- plugins/plugins-executor/plugins-executor-jython/pom.xml | 4 ++-- .../apex/plugins/executor/jython/JythonStateFinalizerExecutor.java | 3 ++- .../onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java | 3 ++- .../policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java | 3 ++- 4 files changed, 8 insertions(+), 5 deletions(-) (limited to 'plugins') diff --git a/plugins/plugins-executor/plugins-executor-jython/pom.xml b/plugins/plugins-executor/plugins-executor-jython/pom.xml index 8b246561b..13b55caa4 100644 --- a/plugins/plugins-executor/plugins-executor-jython/pom.xml +++ b/plugins/plugins-executor/plugins-executor-jython/pom.xml @@ -37,8 +37,8 @@ org.python - jython - 2.2.1 + jython-standalone + 2.7.1 \ No newline at end of file diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java index 26512b52d..ea8f027c5 100644 --- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java +++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java @@ -25,6 +25,7 @@ import java.util.Map; import org.onap.policy.apex.context.ContextException; import org.onap.policy.apex.core.engine.executor.StateFinalizerExecutor; import org.onap.policy.apex.core.engine.executor.exception.StateMachineException; +import org.python.core.CompileMode; import org.python.core.Py; import org.python.core.PyCode; import org.python.core.PyException; @@ -61,7 +62,7 @@ public class JythonStateFinalizerExecutor extends StateFinalizerExecutor { try { synchronized (Py.class) { compiled = Py.compile_flags(getSubject().getLogic(), "<" + getSubject().getKey().toString() + ">", - "exec", null); + CompileMode.exec, null); } } catch (final PyException e) { LOGGER.warn("failed to compile Jython code for state finalizer " + getSubject().getKey(), e); diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java index 4387a5df7..b0dd9c5c9 100644 --- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java +++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java @@ -25,6 +25,7 @@ import java.util.Map; import org.onap.policy.apex.context.ContextException; import org.onap.policy.apex.core.engine.executor.TaskExecutor; import org.onap.policy.apex.core.engine.executor.exception.StateMachineException; +import org.python.core.CompileMode; import org.python.core.Py; import org.python.core.PyCode; import org.python.core.PyException; @@ -61,7 +62,7 @@ public class JythonTaskExecutor extends TaskExecutor { try { synchronized (Py.class) { compiled = Py.compile_flags(getSubject().getTaskLogic().getLogic(), - "<" + getSubject().getKey().toString() + ">", "exec", null); + "<" + getSubject().getKey().toString() + ">", CompileMode.exec, null); } } catch (final PyException e) { LOGGER.warn("failed to compile Jython code for task " + getSubject().getKey().getID(), e); diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java index cf94793ff..4fd48f2e7 100644 --- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java +++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java @@ -25,6 +25,7 @@ import org.onap.policy.apex.core.engine.event.EnEvent; import org.onap.policy.apex.core.engine.executor.TaskSelectExecutor; import org.onap.policy.apex.core.engine.executor.exception.StateMachineException; import org.onap.policy.apex.model.basicmodel.concepts.AxArtifactKey; +import org.python.core.CompileMode; import org.python.core.Py; import org.python.core.PyCode; import org.python.core.PyException; @@ -60,7 +61,7 @@ public class JythonTaskSelectExecutor extends TaskSelectExecutor { try { synchronized (Py.class) { compiled = Py.compile_flags(getSubject().getTaskSelectionLogic().getLogic(), - "<" + getSubject().getKey().toString() + ">", "exec", null); + "<" + getSubject().getKey().toString() + ">", CompileMode.exec, null); } } catch (final PyException e) { LOGGER.warn("failed to compile Jython code for task selection logic in " + getSubject().getKey().getID(), -- cgit 1.2.3-korg