aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2021-07-20 23:22:45 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2021-07-21 23:37:28 +0000
commit66af7c5df813bc779ae088c588bfab2cd9cdd74c (patch)
tree93e1c2731122406a47332c4d341290b83b96937c /catalog-be
parent0514ec6635a08cdbaac5d664c3a4f13bcb0cbf51 (diff)
Remove dependency vulnerability
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ia703de3d5bad1780e63be401ce0b435cb665f505 Issue-ID: SDC-3572
Diffstat (limited to 'catalog-be')
-rw-r--r--catalog-be/pom.xml20
-rw-r--r--catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java94
2 files changed, 64 insertions, 50 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index 53af2c7b27..bf56d4d3c9 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -16,7 +16,7 @@
<java-hamcrest.version>2.0.0.0</java-hamcrest.version>
<swagger.version>${swagger-core-mvn-plugin.version}</swagger.version>
<swagger-ui.version>3.25.0</swagger-ui.version>
- <maven-dependency-plugin.version>3.1.1</maven-dependency-plugin.version>
+ <maven-dependency-plugin.version>3.2.0</maven-dependency-plugin.version>
<replacer.plugin.version>1.5.3</replacer.plugin.version>
</properties>
@@ -90,7 +90,7 @@
<!-- Swagger Dependencies End -->
<dependency>
- <groupId>org.hibernate</groupId>
+ <groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${hibernate.validator.version}</version>
</dependency>
@@ -239,6 +239,10 @@
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-validator</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -253,6 +257,12 @@
<dependency>
<groupId>org.glassfish.jersey.ext</groupId>
<artifactId>jersey-bean-validation</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-validator</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- http client -->
@@ -406,6 +416,10 @@
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -517,7 +531,7 @@
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
- <version>2.2.0.0</version>
+ <version>${org.owasp.esapi.version}</version>
<exclusions>
<exclusion>
<groupId>xerces</groupId>
diff --git a/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java b/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java
index 30a123dcad..c83cd3d25c 100644
--- a/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java
+++ b/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java
@@ -20,17 +20,25 @@
package org.openecomp.sdc.be.impl.aaf;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.mockito.Mockito.when;
+
+import java.util.Collections;
+import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.Signature;
-import org.hibernate.validator.internal.util.annotationfactory.AnnotationDescriptor;
-import org.hibernate.validator.internal.util.annotationfactory.AnnotationFactory;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.hibernate.validator.internal.util.annotation.AnnotationDescriptor;
+import org.hibernate.validator.internal.util.annotation.AnnotationDescriptor.Builder;
+import org.hibernate.validator.internal.util.annotation.AnnotationFactory;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
import org.openecomp.sdc.be.components.impl.aaf.AafPermission;
+import org.openecomp.sdc.be.components.impl.aaf.AafPermission.PermNames;
import org.openecomp.sdc.be.components.impl.aaf.PermissionAllowed;
import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler;
import org.openecomp.sdc.be.components.impl.exceptions.ComponentException;
@@ -42,26 +50,20 @@ import org.openecomp.sdc.common.impl.ExternalConfiguration;
import org.openecomp.sdc.common.impl.FSConfigurationSource;
import org.openecomp.sdc.common.util.ThreadLocalsHolder;
-import javax.servlet.http.HttpServletRequest;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.catchThrowable;
-import static org.mockito.Mockito.when;
-
-@RunWith(MockitoJUnitRunner.Silent.class)
-public class RoleAuthorizationHandlerTest {
+@ExtendWith(MockitoExtension.class)
+class RoleAuthorizationHandlerTest {
private RoleAuthorizationHandler roleAuthorizationHandler;
@Mock
- JoinPoint joinPoint;
+ private JoinPoint joinPoint;
@Mock
- Signature signature;
+ private Signature signature;
@Mock
- BeGenericServlet beGenericServlet;
+ private BeGenericServlet beGenericServlet;
@Mock
- HttpServletRequest httpServletRequest;
+ private HttpServletRequest httpServletRequest;
- @Before
+ @BeforeEach
public void setUp() {
MockitoAnnotations.initMocks(this);
when(joinPoint.getSignature()).thenReturn(signature);
@@ -74,48 +76,46 @@ public class RoleAuthorizationHandlerTest {
}
@Test
- public void testAuthorizeRoleOnePermittedRole() {
- String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE};
- AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
- permissionDescriptor.setValue("value", permsAllowed);
- PermissionAllowed rolesAllowed = (PermissionAllowed) AnnotationFactory.create(permissionDescriptor);
- when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission()))
- .thenReturn(true);
+ void testAuthorizeRoleOnePermittedRole() {
+ final String[] permsAllowed = {PermNames.WRITE_VALUE};
+ final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+ final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
+ when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(true);
roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed);
}
@Test
- public void testAuthorizeRoleTwoPermittedRole() {
- String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE, AafPermission.PermNames.READ_VALUE};
- AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
- permissionDescriptor.setValue("value", permsAllowed);
- PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor);
- when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission()))
- .thenReturn(true);
+ void testAuthorizeRoleTwoPermittedRole() {
+ final String[] permsAllowed = {PermNames.WRITE_VALUE, PermNames.READ_VALUE};
+ final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+ final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
+ when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(true);
roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed);
}
@Test
- public void testAuthorizeRoleNonPermittedRole() {
- String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE, AafPermission.PermNames.READ_VALUE};
- AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
- permissionDescriptor.setValue("value", permsAllowed);
- PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor);
- when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission()))
- .thenReturn(false);
+ void testAuthorizeRoleNonPermittedRole() {
+ final String[] permsAllowed = {PermNames.WRITE_VALUE, PermNames.READ_VALUE};
+ final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+ final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
+ when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(false);
- ComponentException thrown = (ComponentException) catchThrowable(()->roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
+ final ComponentException thrown = (ComponentException) catchThrowable(() -> roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
assertThat(thrown.getActionStatus()).isEqualTo(ActionStatus.AUTH_FAILED);
}
@Test
- public void testAuthorizeRoleEmptyRole() {
- String[] permsAllowed = {};
- AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
- permissionDescriptor.setValue("value", permsAllowed);
- PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor);
+ void testAuthorizeRoleEmptyRole() {
+ final String[] permsAllowed = {};
+ final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+ final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
- ComponentException thrown = (ComponentException) catchThrowable(()->roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
+ final ComponentException thrown = (ComponentException) catchThrowable(() -> roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
assertThat(thrown.getActionStatus()).isEqualTo(ActionStatus.AUTH_FAILED);
}
+
+ private AnnotationDescriptor<PermissionAllowed> createTestSubject(final String[] permsAllowed) {
+ return new Builder<>(PermissionAllowed.class, Collections.singletonMap("value", permsAllowed)).build();
+ }
+
}