summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsa282w <sa282w@att.com>2018-04-02 11:33:14 -0400
committersa282w <sa282w@att.com>2018-04-02 11:33:14 -0400
commitd8c81e748f1db2fbd2bdd810671d90894af35d69 (patch)
treee532c473e94cc561ed6aafb8b728ff666ac0090c
parent19a214bd35c126067ea6c07825d1e58edf336c50 (diff)
Security Vunerabilities
Issue-ID: PORTAL-155 Excluded beanshell dependency from epsdk-common, epsdk-core and epsdk-fw pom.xml. Change-Id: I068bd1134269a162a64710abc92aacf9cbba32d3 Signed-off-by: sa282w <sa282w@att.com>
-rw-r--r--ecomp-sdk/epsdk-app-common/pom.xml24
-rw-r--r--ecomp-sdk/epsdk-app-os/pom.xml10
-rw-r--r--ecomp-sdk/epsdk-core/pom.xml34
-rw-r--r--ecomp-sdk/epsdk-fw/pom.xml16
-rw-r--r--ecomp-sdk/epsdk-music/pom.xml42
5 files changed, 72 insertions, 54 deletions
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index 6e4f9e19..f31aa797 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -172,11 +172,11 @@
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.2.0</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.lucene</groupId>
- <artifactId>lucene-queryparser</artifactId>
- </exclusion>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.lucene</groupId>
+ <artifactId>lucene-queryparser</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -242,7 +242,7 @@
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.1.0</version>
- <exclusions>
+ <exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils-core</artifactId>
@@ -251,7 +251,7 @@
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
</exclusion>
- <exclusion>
+ <exclusion>
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
@@ -259,6 +259,10 @@
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.beanshell</groupId>
+ <artifactId>bsh-core</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<!-- Jacoco for offline instrumentation -->
@@ -268,7 +272,6 @@
<version>${jacoco.version}</version>
<classifier>runtime</classifier>
</dependency>
-
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
@@ -309,8 +312,9 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.2</version>
- </dependency>
- <dependency>
+ </dependency>
+ <dependency>
+
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
<version>2.11.0.SP5</version>
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index ff5ce26b..d904d68f 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -307,11 +307,11 @@
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.2.0</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.lucene</groupId>
- <artifactId>lucene-queryparser</artifactId>
- </exclusion>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.lucene</groupId>
+ <artifactId>lucene-queryparser</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index 8fd5a6ee..1bdb1490 100644
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -319,11 +319,11 @@
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.2.0</version>
- <exclusions>
- <exclusion>
- <groupId>org.apache.lucene</groupId>
- <artifactId>lucene-queryparser</artifactId>
- </exclusion>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.lucene</groupId>
+ <artifactId>lucene-queryparser</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -348,7 +348,7 @@
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.1.0.1</version>
- <exclusions>
+ <exclusions>
<exclusion>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils-core</artifactId>
@@ -357,9 +357,13 @@
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
</exclusion>
- <exclusion>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
+ <exclusion>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.beanshell</groupId>
+ <artifactId>bsh-core</artifactId>
</exclusion>
</exclusions>
</dependency>
@@ -434,12 +438,12 @@
<groupId>xalan</groupId>
<artifactId>xalan</artifactId>
<version>2.7.2</version>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <version>2.11.0.SP5</version>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.11.0.SP5</version>
+ </dependency>
</dependencies>
</project>
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 62600840..55f68744 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -107,6 +107,10 @@
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.beanshell</groupId>
+ <artifactId>bsh-core</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -145,6 +149,12 @@
<artifactId>resteasy-spring</artifactId>
<version>${resteasy.version}</version>
<scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
@@ -189,9 +199,9 @@
<version>1.3.3</version>
</dependency>
<dependency>
- <groupId>commons-beanutils</groupId>
- <artifactId>commons-beanutils</artifactId>
- <version>1.9.3</version>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ <version>1.9.3</version>
</dependency>
</dependencies>
diff --git a/ecomp-sdk/epsdk-music/pom.xml b/ecomp-sdk/epsdk-music/pom.xml
index e5ee7a68..6429518f 100644
--- a/ecomp-sdk/epsdk-music/pom.xml
+++ b/ecomp-sdk/epsdk-music/pom.xml
@@ -125,7 +125,7 @@
<groupId>org.onap.music</groupId>
<artifactId>core</artifactId>
<version>2.4.4.2</version>
- </dependency>
+ </dependency>
<!-- Mapper -->
<dependency>
@@ -201,26 +201,26 @@
</configuration>
</plugin>
<plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <configuration>
- <archive>
- <manifest>
- </manifest>
- </archive>
- <descriptorRefs>
- <descriptorRef>jar-with-dependencies</descriptorRef>
- </descriptorRefs>
- </configuration>
- <executions>
- <execution>
- <id>make-assembly</id> <!-- this is used for inheritance merges -->
- <phase>package</phase> <!-- bind to the packaging phase -->
- <goals>
- <goal>single</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <archive>
+ <manifest>
+ </manifest>
+ </archive>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ </configuration>
+ <executions>
+ <execution>
+ <id>make-assembly</id> <!-- this is used for inheritance merges -->
+ <phase>package</phase> <!-- bind to the packaging phase -->
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>