Age | Commit message (Collapse) | Author | Files | Lines |
|
- iq nexus vulnerabilities
- sonar security hotspots and code smell
Issue-ID: POLICY-4761
Issue-ID: POLICY-4833
Change-Id: Iab2e07d2ee7b90031bc5a30210ce7d3f5a47b3fd
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
Issue-ID: POLICY-4668
Change-Id: If4e79224de61d66d7514f3abbd7b8bee1c3d5681
Signed-off-by: adheli.tavares <adheli.tavares@est.tech>
|
|
The new version of Jetty and Jersey brings in Server Name Checking,
which must be eiter enabled or disabled.
Also, the bug in Swagger that drags in JUnit 5 with a non "test" scope is
worked around by excluding the junit 5 dependencies.
Issue-ID: POLICY-4474
Change-Id: Ib5ba23616c8d3cb011c5055a49c9cb325c9fd667
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Version rollback in parent repo caused an error here
Constructor used had to be reverted
Issue-ID: POLICY-4474
Change-Id: Ifaee86b127aaad5f27beb2e99cd5930f97f179de
Signed-off-by: saul.gill <saul.gill@est.tech>
|
|
Reduced technical debt by fixing sonar issues
Issue-ID: POLICY-4536
Change-Id: I9f8366ea49ab4e5541d64db2fe1f6e8f138ce763
Signed-off-by: Suresh Charan <suresh.charan@bell.ca>
|
|
Issue-ID: POLICY-4482
Change-Id: Ibc0833313bf8eb5330c414ff00a31313500959e6
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
- Upgrade Hibernate
- Upgrade Mockito
- Upgrade Mockserver
- Remove Powermock (no longer supported) and replace with spring-test ReflectionTestUtils
- Upgrade Spring Framework
- Add spring-security to allow authentication on unit tests using MockMVC
Minor clean-up
- Replace deprecated authorization configuraiton on spring boot applications with SecurityFilterChain bean
- Change @LocalPort include on tests to use test include rather than runtime include
- Remove unused imports
- Remove unused constants and variables
- Add deprecation annotations where required
Issue-ID: POLICY-4482
Change-Id: Iec5ba1283acd506c9f3c7fe7b5d7858db6abbaa7
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Issue-ID: POLICY-4134
Signed-off-by: Sirisha_Manchikanti <sirisha.manchikanti@est.tech>
Change-Id: Idefa5b6f3cb702a4b478b76570717e73214d235a
|
|
Issue-ID: POLICY-4133
Signed-off-by: Sirisha_Manchikanti <sirisha.manchikanti@est.tech>
Change-Id: I2745f3af97e9bb83d94c5cb6d29dfd452d315506
|
|
Added an API to RestServer so that multiple Filters may be provided.
Issue-ID: POLICY-3531
Change-Id: I21f474c01d58237c744d1d70f5b39c2c90fdb401
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Change-Id: I30acac6ea84bfb032994e81a93f38443818a0d1a
Issue-ID: POLICY-3538
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
Added a method to check the readiness of a bidirectional topic.
Issue-ID: POLICY-3531
Change-Id: I2fefae7ba1ea5ed9ed33140717d05828e6dec94d
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
With this change, all PF components can export prometheus metrics
by default. The prometheus metrics servlet will be running on
/metrics servletPath..
If the metrics shouldn't be exported, just add a flag
"promethus": false
in the restServerParameters of default configuration file.
This brings up prometheus servlet on /metrics servletPath.
Also as part of standard servlet support, "servletUriPath" and
"servletClass" are 2 other fields added to RestServerParameters
which can be used to add standard servlets. This can be revisited later
if needed.
Basically, any servlet can be added by passing these fields, for
example, to add prometheus metrics servlet on /test/metrics,
add the below to restServerParameters:
"servletUriPath": "/test/metrics",
"servletClass": "io.prometheus.client.exporter.MetricsServlet"
In addition, we can later go to individual components and add more
metrics, say for e.g.,
deployedPoliciesCounter/undeployedPoliciesCounter etc on PAP,
executedEvents/failedEvents etc on PDP and so on.
This will look something like below, for e.g. in policy-pap component:
io.prometheus.client.Counter counter = Counter.build()
.name("policies_deployed_total")
.help("Number of policies deployed.").register()
Whenever a policy is deployed, just call
counter.inc()
Usage of code like above in the individual component will expose
such data as well as part of the exposed metrics.
Change-Id: Id667f27b15c012398421ba657b5324cc1d82cf1f
Issue-ID: POLICY-3524
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
|
|
When dmaap is inaccessible for some reason, the topic source frequently
enters a fast fail loop, rapidly filling up the log. Modified the code
to wait the configured fetchTimeout when this occurs.
With any luck, this will also fix the sporadic kubernetes crash-fail
loops sometimes seen with the xacml-pdp pod.
Modified to limit how long it will sleep after a failure, regardless of
the fetchTimeout that was specified.
Issue-ID: POLICY-3457
Change-Id: I88e360fb1d31197b46f4959e5ea0ea2d741ad25c
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Modified the code so that if the consumer group is defined, but the
consumer instance is not, then policy-endpoints will generate a UUID for
the consumer instance.
Made the logic a little more straight-forward in response to a review
comment.
Issue-ID: POLICY-3405
Change-Id: If74440bdb01525bc463a28e5b8a9a2eca89a855a
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed:
- use "var"
- duplicate code block
Issue-ID: POLICY-3284
Change-Id: I8cd7f2588353a2e7702c90d37d7b9f972634dca9
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-3402
Change-Id: I7479027e3ea1e960266264c2d13cd69e2103710b
Signed-off-by: FrancescoFioraEst <francesco.fiora@est.tech>
|
|
|
|
The new version of checkstyle identified new issues. Fixed those.
Issue-ID: POLICY-3284
Change-Id: I2a8bf2b460fda7972ce573f14df5af52d46c9993
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-3394
Change-Id: I8dfb0814d5cc544b2c334dc11a3e69ef407f163f
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
|
|
Issue-ID: POLICY-3284
Change-Id: I78c3a8ac92e18e2b0088eb07e27a4e97866d6182
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
The factory classes in policy-endpoints have toString() methods that
return "[]" for their list contents. Updated the code to provide a list
of the keys rather than just an empty list.
Also replaced some toString() methods with lombok.
Also replace StringBuilder with concatenation in some cases.
Issue-ID: POLICY-3298
Change-Id: I64fca21a4b009f7e09fcc482b5d156753fb7e680
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Sonar complains about java.util.regex. Thought I used re2j when
creating all of the patterns, but apparently not. Fixed that oversight.
Issue-ID: POLICY-3284
Change-Id: Idbec112ab0d4c3b477ce357f8a556d95e4dea083
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed sonars:
- use "var" instead of actual type name
- re-interrupt threads
- use rej2 split() instead of String split()
Issue-ID: POLICY-3285
Change-Id: I82261e0b8a53ee5c5264556fbf5cec37454f014e
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Removed GroupValidationResult, replacing it with BeanValidationResult.
Modified the ParameterGroup subclasses to use BeanValidator, adding
annotations where needed to trigger the validations that had been
automatically performed by GroupValidationResult.
Added Size annotation, used to verify minimum lengths of maps and
collections.
Added ClassName annotation, used to verify that a property contains the
name of a class that is actually in the classpath.
Added another addResult() method to make it easier when replacing calls
to GroupValidationResult setResult() method with BeanValidationResult.
Issue-ID: POLICY-2059
Change-Id: Id4da24886908723006624c5d53edeb034102299d
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Currently, the HttpClient code sets self-signed-certs to true whenever
https is specified. This is insecure. Modified the code to set the
value based on the property, defaulting to false.
Issue-ID: POLICY-3145
Change-Id: Ie88cf2411ae44a7c53bc8943f615a74c5b87d1aa
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
The dependency upgrades in policy-parent caused some new sonars. In
particular, initMocks() has been deprecated - replaced with calls to the
Mockito Runner.
Issue-ID: POLICY-2914
Change-Id: Iaf10f676c380adb9785e836cb15792596b378e4e
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the issues:
- use of eq() in verify()
- remove @NamedQueries
- use computeIfAbsent()
Issue-ID: POLICY-2914
Change-Id: I265bc98f0f326e7b4ce86c25e68fc4859bd7fb02
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Change-Id: I4dce0dbdf71d01fbb59e9bf861d1af1ab49e5ae7
Issue-ID: POLICY-2914
Signed-off-by: a.sreekumar <ajith.sreekumar@bell.ca>
|
|
ONAP DMaaP Message Router no longer supports server-side filtering.
Removed it from policy-endpoints.
Issue-ID: POLICY-2881
Change-Id: I08157f7699608af63992dec78a61c5f9c55037b9
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the following sonars:
- too many assertions in a test case
- use parameterized test method
Disabled production sonars for util-test, as the entire module is only
used for testing other modules.
Issue-ID: POLICY-2650-sonar
Change-Id: If49775a6c95855dcd9601ee0d833bb00741b1550
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-1528
Change-Id: Ic4b9314a770e53cefb93776bfede35591363690e
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed issues reported due to updates to the sonar rules:
- invoke only one method in a junit lambda
- complete the assertion
- add DOCTYPE to html
Issue-ID: POLICY-2650
Change-Id: Ib8b8a2e4736cc23849c0f7aef972ffa3365a3e00
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
|
|
Issue-ID: POLICY-2623
Signed-off-by: Utkarsh Jauhari <uj426b@att.com>
Change-Id: I86c5b6efac8f62dd0d4ba576d8ec49cfa63a58bb
|
|
Probably due to a jar update, some methods are now deprecated.
Fixed them.
Issue-ID: POLICY-2650
Change-Id: I48aabd4552faaf88671dfbe6556dc739a8c94809
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-2188
Change-Id: I00843c61a6567001fc35c3ebb77b6843a1eb7da2
Signed-off-by: liamfallon <liam.fallon@est.tech>
|
|
Addressed the following issues:
- unused imports
- unused method parameters
- use assertEquals, assertSame instead of assertTrue
- provide the parametrized type for this generic
Also fixed some checkstyle issues:
- removed blank lines between "import" groups
Issue-ID: POLICY-2650
Change-Id: I004bb650ac10c49ccd0fc405f6959896fec39f9b
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Issue-ID: POLICY-1996
Change-Id: Id8a3acf9406c6acada4c3ffee679f2baf819cded
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
The default serialization provider for HttpClient and
HttpServletServer was Jackson. Modified to use GSON instead.
Issue-ID: POLICY-1526
Change-Id: Ic6282d119fa63d12470903a4f1eb4da3afd6efe7
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Fixed additional sonar issues:
- infinit loop; while the issue is bogus, it was easy enough to
modify the code to satisfy sonar
- doesn't like "volatile"; again, the issue is bogus, but easy enough
to modify the code
Disabled a couple of sonars in NetworkUtil, as they are not actually
an issue.
Issue-ID: POLICY-2305
Change-Id: I5500183e3fe4060696994cff55bdae4ba7e138c7
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Addressed the following sonar issues:
- missing assertion in junit test case
- disable sonars about setAccessible() as it's required for jackson
emulation
- sleep in junit
- don't use wild-cards (e.g., "*") with java.util Pattern
- use re2j instead of java.util Pattern
- use String methods (e.g., startsWith())
- duplicate method bodies
- duplicate code in Coder classes
- string concatenation in logger calls
- UTF-8 encoding
- return primitive instead of boxed primitive
- add assertion to tests
- renamed support methods from doTestXxx to verifyXxx
- cognitive complexity
- use AtomicRef instead of volatile
- use specific Functionals (e.g., IntConsumer)
- function always returns the same value
- serializable vs transient
Issue-ID: POLICY-2305
Change-Id: I08eb7aa495a80bdc1d26827ba17a7946c83b9828
Signed-off-by: Jim Hahn <jrh3@att.com>
|
|
Either log or rethrow
Use boolean expression
Add at least one test
Remove commented out code
Issue-ID: POLICY-2204
Change-Id: I4fdf31aea75303e4f49d25198eb3b12341995bfe
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Unused imports
Not enough arguments
Issue-ID: POLICY-2204
Change-Id: I6405cb697ea976096b1276e2291b1c73617d33b5
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Extracted code from ControlLoopUtils to create a new class in
common, PropertyObjectUtils.
Fixed a deprecated method invocation in a junit.
Fixed an object casting (i.e., sonar) issue in SCO.
Issue-ID: POLICY-2305
Signed-off-by: Jim Hahn <jrh3@att.com>
Change-Id: I331a47297f67097ea6986be125ef93cd1954b5ff
|
|
Per Jorge Hernandez, we don't want to fix this as
it falls under the selfSignedCert clause which is
used in testing and non-production environments.
Marking as //NOSONAR
Issue-ID: POLICY-2389
Signed-off-by: Chris Ramstad <cramstad@ciena.com>
Change-Id: Iaf47e19dc8450607b1dc3aa260370e9c0d7d491d
|
|
|
|
|