From cfd1160833ecb24c336fe6d0d197547c36ce2327 Mon Sep 17 00:00:00 2001 From: liamfallon Date: Wed, 18 Apr 2018 21:16:52 +0100 Subject: Remove insecure dependency on PolicyEngineAPI The insecure dependency tyrus-container-grizzly-client is part of Tyrus, a Java web socket implementation library. A direct substitution of this library is not available so the code in AutoClientEnd.java and ManualClientEnd.java was adapted to work with the library org.java-websocket.Java-WebSocket that does not seem to have any vulnerabilities when tested with the org.owasp.dependency-check-maven plugin. The purpose of this submission is to see if the new library does indeed remove the vulnerability. If so, the implementation in AutoClientEnd and ManualClientEnd must be cleaned up. Change-Id: I961635aaea42c2f847edf11ee77e2961cdfb097b Issue-ID: POLICY-744 Signed-off-by: liamfallon --- .../java/org/onap/policy/std/test/ManualClientEndTest.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'PolicyEngineAPI/src/test') diff --git a/PolicyEngineAPI/src/test/java/org/onap/policy/std/test/ManualClientEndTest.java b/PolicyEngineAPI/src/test/java/org/onap/policy/std/test/ManualClientEndTest.java index 2ae522c1d..b87fa74bd 100644 --- a/PolicyEngineAPI/src/test/java/org/onap/policy/std/test/ManualClientEndTest.java +++ b/PolicyEngineAPI/src/test/java/org/onap/policy/std/test/ManualClientEndTest.java @@ -23,6 +23,9 @@ package org.onap.policy.std.test; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import java.net.URI; +import java.net.URL; + import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -45,8 +48,9 @@ public class ManualClientEndTest { @Test public void testManualClientEnd_1() throws Exception { - ManualClientEnd result = new ManualClientEnd(); - assertNotNull(result); + ManualClientEnd mce = new ManualClientEnd(new URI("http://www.onap.org")); + assertNotNull(mce); + mce.close(); // add additional test code here } @@ -79,7 +83,7 @@ public class ManualClientEndTest { @Test public void testStart_1() throws Exception { - String url = ""; + String url = "This is not a URL"; ManualClientEnd.start(url); -- cgit 1.2.3-korg