diff options
author | vasraz <vasyl.razinkov@est.tech> | 2021-01-20 21:20:28 +0000 |
---|---|---|
committer | Christophe Closset <christophe.closset@intl.att.com> | 2021-01-22 08:16:23 +0000 |
commit | 7c2593303b78cf8df66134d60af7a0efc54e4f13 (patch) | |
tree | bdb7bb483488b58974af5444769fb643a897f833 | |
parent | 32111c9725557d556a73929898264b4b338bb3d6 (diff) |
Remove vulnerable log4j dependency
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3310
Change-Id: I1c31ab30efa7a3d03a08f512024a3967ce024237
8 files changed, 51 insertions, 46 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml index fd25bc2956..964e777f2b 100644 --- a/catalog-be/pom.xml +++ b/catalog-be/pom.xml @@ -497,6 +497,10 @@ <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> </exclusion> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> </exclusions> </dependency> <dependency> diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml index 17942d2659..65b692dbdb 100644 --- a/catalog-fe/pom.xml +++ b/catalog-fe/pom.xml @@ -244,6 +244,12 @@ <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> <version>2.2.0.0</version> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.onap.portal.sdk</groupId> diff --git a/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java b/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java index 18b5a71061..61c6c56222 100644 --- a/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java +++ b/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java @@ -179,7 +179,7 @@ public abstract class SetupCDTest extends DriverFactory { addTrafficFileToReport(result); } - if (result.getInstanceName().equals(OnboardingFlowsUi.class.getName()) && result.getStatus() == ITestResult.FAILURE) { + if (OnboardingFlowsUi.class.getName().equals(result.getInstanceName()) && result.getStatus() == ITestResult.FAILURE) { final String msg = "Onboarding test failed, closing browser"; LOGGER.info(msg); getExtendTest().log(Status.INFO, msg); diff --git a/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml b/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml index 8d5d2b2f08..fbd796edb1 100644 --- a/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml +++ b/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml @@ -1,11 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd"> +<!DOCTYPE suite SYSTEM "https://testng.org/testng-1.0.dtd" > <suite name="externalApis" configfailurepolicy="continue" parallel="methods" thread-count="1" data-provider-thread-count="1"> - <parameter name="makeDistribution" value="false"/> - <parameter name="makeToscaValidation" value="true"/> - <test name="ExternalApis"> - <classes> - <class name="org.onap.sdc.backend.ci.tests.sanity.Onboard"/> - </classes> - </test> + <parameter name="makeDistribution" value="false"/> + <parameter name="makeToscaValidation" value="true"/> + <test name="ExternalApis"> + <classes> + <class name="org.onap.sdc.backend.ci.tests.sanity.Onboard"/> + </classes> + </test> </suite>
\ No newline at end of file diff --git a/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml b/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml index 47dc9f6960..48e28fc316 100644 --- a/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml +++ b/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml @@ -1,30 +1,29 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd"> -<suite name="uitests" configfailurepolicy="continue" parallel="methods" thread-count="1" - data-provider-thread-count="1"> +<!DOCTYPE suite SYSTEM "https://testng.org/testng-1.0.dtd" > +<suite name="uitests" configfailurepolicy="continue" parallel="methods" thread-count="1" data-provider-thread-count="1"> - <parameter name="makeDistribution" value="false"/> + <parameter name="makeDistribution" value="false"/> - <test name="uiSanity"> - <classes> - <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Vf"> - <methods> - <include name="changeInstanceNameInVfTest"/> - </methods> - </class> - <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Service"> - <methods> - <include name="updateService"/> - </methods> - </class> - <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.OnboardingFlowsUi"> - <methods> - <include name="onapOnboardVNFflow"/> - <include name="onapOnboardVSPValidationsSanityFlow"/> - <include name="onboardPNFSoftwareInformationFlow"/> - </methods> - </class> - <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.GAB"/> - </classes> - </test> + <test name="uiSanity"> + <classes> + <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Vf"> + <methods> + <include name="changeInstanceNameInVfTest"/> + </methods> + </class> + <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Service"> + <methods> + <include name="updateService"/> + </methods> + </class> + <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.OnboardingFlowsUi"> + <methods> + <include name="onapOnboardVNFflow"/> + <include name="onapOnboardVSPValidationsSanityFlow"/> + <include name="onboardPNFSoftwareInformationFlow"/> + </methods> + </class> + <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.GAB"/> + </classes> + </test> </suite> @@ -121,7 +121,7 @@ Modifications copyright (c) 2018-2019 Nokia <junit.platform.version>1.6.0</junit.platform.version> <junitJupiter.version>5.6.0</junitJupiter.version> <assertj.version>3.16.0</assertj.version> - <testng.version>7.2.0</testng.version> + <testng.version>7.3.0</testng.version> <cucumber.version>5.6.0</cucumber.version> <bean-matchers.version>0.11</bean-matchers.version> <hamcrest.version>2.1</hamcrest.version> diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml index 7616ebd78a..c3e1877882 100644 --- a/utils/webseal-simulator/pom.xml +++ b/utils/webseal-simulator/pom.xml @@ -76,15 +76,12 @@ <version>1.0.2</version> <scope>compile</scope> </dependency> - <dependency> - <groupId>org.apache.logging.log4j</groupId> - <artifactId>log4j-core</artifactId> - <version>${log4j.version}</version> - <scope>compile</scope> + <groupId>org.openecomp.sdc</groupId> + <artifactId>openecomp-sdc-logging-api</artifactId> + <version>${project.version}</version> </dependency> - </dependencies> <build> <finalName>WSSimulator-${project.version}</finalName> diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java index 014b6c4031..ea4203dcc1 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java @@ -35,8 +35,8 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContextBuilder; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; import org.openecomp.sdc.webseal.simulator.conf.Conf; import javax.net.ssl.SSLContext; @@ -75,8 +75,7 @@ public class SdcProxy extends HttpServlet { private final String CONFIGURATIONS = "/configurations"; private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet()); - - private final static Logger logger = LogManager.getLogger(SdcProxy.class); + private static final Logger logger = LoggerFactory.getLogger(SdcProxy.class); public void init(ServletConfig config) throws ServletException { super.init(config); |