diff options
author | vasraz <vasyl.razinkov@est.tech> | 2021-07-20 23:22:45 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2021-07-21 23:37:28 +0000 |
commit | 66af7c5df813bc779ae088c588bfab2cd9cdd74c (patch) | |
tree | 93e1c2731122406a47332c4d341290b83b96937c /catalog-be | |
parent | 0514ec6635a08cdbaac5d664c3a4f13bcb0cbf51 (diff) |
Remove dependency vulnerability
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ia703de3d5bad1780e63be401ce0b435cb665f505
Issue-ID: SDC-3572
Diffstat (limited to 'catalog-be')
-rw-r--r-- | catalog-be/pom.xml | 20 | ||||
-rw-r--r-- | catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java | 94 |
2 files changed, 64 insertions, 50 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml index 53af2c7b27..bf56d4d3c9 100644 --- a/catalog-be/pom.xml +++ b/catalog-be/pom.xml @@ -16,7 +16,7 @@ <java-hamcrest.version>2.0.0.0</java-hamcrest.version> <swagger.version>${swagger-core-mvn-plugin.version}</swagger.version> <swagger-ui.version>3.25.0</swagger-ui.version> - <maven-dependency-plugin.version>3.1.1</maven-dependency-plugin.version> + <maven-dependency-plugin.version>3.2.0</maven-dependency-plugin.version> <replacer.plugin.version>1.5.3</replacer.plugin.version> </properties> @@ -90,7 +90,7 @@ <!-- Swagger Dependencies End --> <dependency> - <groupId>org.hibernate</groupId> + <groupId>org.hibernate.validator</groupId> <artifactId>hibernate-validator</artifactId> <version>${hibernate.validator.version}</version> </dependency> @@ -239,6 +239,10 @@ <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> </exclusion> + <exclusion> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-validator</artifactId> + </exclusion> </exclusions> </dependency> @@ -253,6 +257,12 @@ <dependency> <groupId>org.glassfish.jersey.ext</groupId> <artifactId>jersey-bean-validation</artifactId> + <exclusions> + <exclusion> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-validator</artifactId> + </exclusion> + </exclusions> </dependency> <!-- http client --> @@ -406,6 +416,10 @@ <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> </exclusion> + <exclusion> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </exclusion> </exclusions> </dependency> @@ -517,7 +531,7 @@ <dependency> <groupId>org.owasp.esapi</groupId> <artifactId>esapi</artifactId> - <version>2.2.0.0</version> + <version>${org.owasp.esapi.version}</version> <exclusions> <exclusion> <groupId>xerces</groupId> diff --git a/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java b/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java index 30a123dcad..c83cd3d25c 100644 --- a/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java +++ b/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java @@ -20,17 +20,25 @@ package org.openecomp.sdc.be.impl.aaf; +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.catchThrowable; +import static org.mockito.Mockito.when; + +import java.util.Collections; +import javax.servlet.http.HttpServletRequest; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.Signature; -import org.hibernate.validator.internal.util.annotationfactory.AnnotationDescriptor; -import org.hibernate.validator.internal.util.annotationfactory.AnnotationFactory; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.hibernate.validator.internal.util.annotation.AnnotationDescriptor; +import org.hibernate.validator.internal.util.annotation.AnnotationDescriptor.Builder; +import org.hibernate.validator.internal.util.annotation.AnnotationFactory; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.MockitoAnnotations; -import org.mockito.junit.MockitoJUnitRunner; +import org.mockito.junit.jupiter.MockitoExtension; import org.openecomp.sdc.be.components.impl.aaf.AafPermission; +import org.openecomp.sdc.be.components.impl.aaf.AafPermission.PermNames; import org.openecomp.sdc.be.components.impl.aaf.PermissionAllowed; import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler; import org.openecomp.sdc.be.components.impl.exceptions.ComponentException; @@ -42,26 +50,20 @@ import org.openecomp.sdc.common.impl.ExternalConfiguration; import org.openecomp.sdc.common.impl.FSConfigurationSource; import org.openecomp.sdc.common.util.ThreadLocalsHolder; -import javax.servlet.http.HttpServletRequest; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.catchThrowable; -import static org.mockito.Mockito.when; - -@RunWith(MockitoJUnitRunner.Silent.class) -public class RoleAuthorizationHandlerTest { +@ExtendWith(MockitoExtension.class) +class RoleAuthorizationHandlerTest { private RoleAuthorizationHandler roleAuthorizationHandler; @Mock - JoinPoint joinPoint; + private JoinPoint joinPoint; @Mock - Signature signature; + private Signature signature; @Mock - BeGenericServlet beGenericServlet; + private BeGenericServlet beGenericServlet; @Mock - HttpServletRequest httpServletRequest; + private HttpServletRequest httpServletRequest; - @Before + @BeforeEach public void setUp() { MockitoAnnotations.initMocks(this); when(joinPoint.getSignature()).thenReturn(signature); @@ -74,48 +76,46 @@ public class RoleAuthorizationHandlerTest { } @Test - public void testAuthorizeRoleOnePermittedRole() { - String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE}; - AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class); - permissionDescriptor.setValue("value", permsAllowed); - PermissionAllowed rolesAllowed = (PermissionAllowed) AnnotationFactory.create(permissionDescriptor); - when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())) - .thenReturn(true); + void testAuthorizeRoleOnePermittedRole() { + final String[] permsAllowed = {PermNames.WRITE_VALUE}; + final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed); + final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor); + when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(true); roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed); } @Test - public void testAuthorizeRoleTwoPermittedRole() { - String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE, AafPermission.PermNames.READ_VALUE}; - AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class); - permissionDescriptor.setValue("value", permsAllowed); - PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor); - when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())) - .thenReturn(true); + void testAuthorizeRoleTwoPermittedRole() { + final String[] permsAllowed = {PermNames.WRITE_VALUE, PermNames.READ_VALUE}; + final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed); + final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor); + when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(true); roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed); } @Test - public void testAuthorizeRoleNonPermittedRole() { - String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE, AafPermission.PermNames.READ_VALUE}; - AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class); - permissionDescriptor.setValue("value", permsAllowed); - PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor); - when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())) - .thenReturn(false); + void testAuthorizeRoleNonPermittedRole() { + final String[] permsAllowed = {PermNames.WRITE_VALUE, PermNames.READ_VALUE}; + final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed); + final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor); + when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(false); - ComponentException thrown = (ComponentException) catchThrowable(()->roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed)); + final ComponentException thrown = (ComponentException) catchThrowable(() -> roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed)); assertThat(thrown.getActionStatus()).isEqualTo(ActionStatus.AUTH_FAILED); } @Test - public void testAuthorizeRoleEmptyRole() { - String[] permsAllowed = {}; - AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class); - permissionDescriptor.setValue("value", permsAllowed); - PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor); + void testAuthorizeRoleEmptyRole() { + final String[] permsAllowed = {}; + final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed); + final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor); - ComponentException thrown = (ComponentException) catchThrowable(()->roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed)); + final ComponentException thrown = (ComponentException) catchThrowable(() -> roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed)); assertThat(thrown.getActionStatus()).isEqualTo(ActionStatus.AUTH_FAILED); } + + private AnnotationDescriptor<PermissionAllowed> createTestSubject(final String[] permsAllowed) { + return new Builder<>(PermissionAllowed.class, Collections.singletonMap("value", permsAllowed)).build(); + } + } |