Upgrade Vulnerable Direct Dependencies [snakeyaml]

Change-Id: I84417ab3d4f18634be519b837a34d1f1e774ceff
Signed-off-by: amohamad <a.mohamad@queensu.ca>

Issue-ID: SDC-3051

Updated MVN dependencies in the respective pom.xml files

Updated the signature of some methods to match new version 1.26

Modified test cases to match the new wording of exceptions

Still working on troublshooting other failing test cases

Change-Id: Ifc796574e6d8d4e4fc707db04944d83427b5dbe6
Signed-off-by: amohamad <a.mohamad@queensu.ca>
Signed-off-by: JulienBe <julien.bertozzi@intl.att.com>

5 files changed, 257 insertions, 215 deletions

diff --git a/common/onap-generic-artifact-browser/onap-generic-artifact-browser-service/pom.xml b/common/onap-generic-artifact-browser/onap-generic-artifact-browser-service/pom.xml
index 570d48bbaa..a79c13d54c 100644
--- a/common/onap-generic-artifact-browser/onap-generic-artifact-browser-service/pom.xml
+++ b/common/onap-generic-artifact-browser/onap-generic-artifact-browser-service/pom.xml
@@ -13,7 +13,6 @@
   <artifactId>onap-generic-artifact-browser-service</artifactId>
 
   <properties>
-    <snakeyaml.version>1.21</snakeyaml.version>
     <jsurfer.version>1.4.3</jsurfer.version>
     <jacoco.skip>false</jacoco.skip>
   </properties>
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java
new file mode 100644
index 0000000000..466d669ad9
--- /dev/null
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java
@@ -0,0 +1,47 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.sdc.tosca.services;
+
+import org.yaml.snakeyaml.introspector.BeanAccess;
+import org.yaml.snakeyaml.introspector.Property;
+import org.yaml.snakeyaml.introspector.PropertyUtils;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+public class MyPropertyUtils extends PropertyUtils {
+    //Unsorted properties
+    @Override
+    protected Set<Property> createPropertySet(Class<? extends Object> type, BeanAccess bnAccess) {
+        return new LinkedHashSet<>(getPropertiesMap(type,
+                BeanAccess.FIELD).values());
+    }
+
+    @Override
+    public Property getProperty(Class<?> type, String name) {
+        String updatedName = name;
+        if (YamlUtil.DEFAULT.equals(updatedName)) {
+            updatedName = YamlUtil.DEFAULT_STR;
+        }
+        return super.getProperty(type, updatedName);
+    }
+
+}
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
new file mode 100644
index 0000000000..7babd428c8
--- /dev/null
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
@@ -0,0 +1,70 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.sdc.tosca.services;
+
+import org.yaml.snakeyaml.constructor.Constructor;
+import org.yaml.snakeyaml.nodes.MappingNode;
+import org.yaml.snakeyaml.parser.ParserException;
+
+import java.util.AbstractMap;
+import java.util.Map;
+import java.util.Set;
+
+public class StrictMapAppenderConstructor extends Constructor {
+    /**
+     * Instantiates a new Strict map appender constructor.
+     *
+     * @param theRoot the the root
+     */
+    public StrictMapAppenderConstructor(Class<?> theRoot) {
+        super(theRoot);
+    }
+
+    @Override
+    protected Map<Object, Object> createDefaultMap(int initSize) {
+        final Map<Object, Object> delegate = super.createDefaultMap(initSize);
+        return new AbstractMap<>() {
+            @Override
+            public Object put(Object key, Object value) {
+                if (delegate.containsKey(key)) {
+                    throw new IllegalStateException("duplicate key: " + key);
+                }
+                return delegate.put(key, value);
+            }
+
+            @Override
+            public Set<Entry<Object, Object>> entrySet() {
+                return delegate.entrySet();
+            }
+        };
+    }
+
+    @Override
+    protected Map<Object, Object> constructMapping(MappingNode node) {
+        try {
+            return super.constructMapping(node);
+        } catch (IllegalStateException exception) {
+            throw new ParserException("while parsing MappingNode",
+                    node.getStartMark(), exception.getMessage(),
+                    node.getEndMark());
+        }
+    }
+}
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java
index 45499d15f4..37d8411d9b 100644
--- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java
@@ -51,7 +51,7 @@ public class ToscaExtensionYamlUtil extends YamlUtil {
     public class ToscaPropertyUtilsWithHeatExtension extends MyPropertyUtils {
 
         @Override
-        public Property getProperty(Class<? extends Object> type, String name) throws IntrospectionException {
+        public Property getProperty(Class<? extends Object> type, String name)  {
             Class<? extends Object> classType = type;
             try {
                 if (type.equals(Class.forName(TOSCA_MODEL_PARAMETER_DEFINITION))) {
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java
index 4ac60d40e4..8530846fae 100644
--- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java
@@ -16,32 +16,23 @@
 
 package org.onap.sdc.tosca.services;
 
-import java.util.List;
-import java.util.Optional;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.yaml.snakeyaml.DumperOptions;
+import org.yaml.snakeyaml.LoaderOptions;
 import org.yaml.snakeyaml.TypeDescription;
 import org.yaml.snakeyaml.Yaml;
 import org.yaml.snakeyaml.constructor.Constructor;
-import org.yaml.snakeyaml.introspector.BeanAccess;
 import org.yaml.snakeyaml.introspector.Property;
 import org.yaml.snakeyaml.introspector.PropertyUtils;
 import org.yaml.snakeyaml.nodes.MappingNode;
 import org.yaml.snakeyaml.nodes.NodeTuple;
 import org.yaml.snakeyaml.nodes.Tag;
-import org.yaml.snakeyaml.parser.ParserException;
 import org.yaml.snakeyaml.representer.Representer;
 
-
-import java.beans.IntrospectionException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.AbstractMap;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 /**
  * The type Yaml util.
@@ -50,101 +41,107 @@ import java.util.Set;
 public class YamlUtil {
     private static final Logger LOGGER = LoggerFactory.getLogger(YamlUtil.class.getName());
 
-  private static final String DEFAULT = "default";
-  private static final String DEFAULT_STR = "_default";
-
-  /**
-   * Yaml to object t.
-   *
-   * @param <T>         the type parameter
-   * @param yamlContent the yaml content
-   * @param typClass    the t class
-   * @return the t
-   */
-  public <T> T yamlToObject(String yamlContent, Class<T> typClass) {
-    Constructor constructor = getConstructor(typClass);
-    constructor.setPropertyUtils(getPropertyUtils());
-    TypeDescription yamlFileDescription = new TypeDescription(typClass);
-    constructor.addTypeDescription(yamlFileDescription);
-    Yaml yaml = new Yaml(constructor);
-    T yamlObj = (T) yaml.load(yamlContent);
-    //noinspection ResultOfMethodCallIgnored
-    yamlObj.toString();
-    return yamlObj;
-  }
+    static final String DEFAULT = "default";
+    static final String DEFAULT_STR = "_default";
 
-  public InputStream loadYamlFileIs(String yamlFullFileName) {
-    return YamlUtil.class.getResourceAsStream(yamlFullFileName);
-  }
-
-  /**
-   * Yaml to object t.
-   *
-   * @param <T>         the type parameter
-   * @param yamlContent the yaml content
-   * @param typClass    the t class
-   * @return the t
-   */
-  public <T> T yamlToObject(InputStream yamlContent, Class<T> typClass) {
-    try {
-      Constructor constructor = getConstructor(typClass);
-      constructor.setPropertyUtils(getPropertyUtils());
-      TypeDescription yamlFileDescription = new TypeDescription(typClass);
-      constructor.addTypeDescription(yamlFileDescription);
-      Yaml yaml = new Yaml(constructor);
-      T yamlObj = (T) yaml.load(yamlContent);
-      if (yamlObj != null) {
+    /**
+     * Yaml to object t.
+     *
+     * @param <T>         the type parameter
+     * @param yamlContent the yaml content
+     * @param typClass    the t class
+     * @return the t
+     */
+    public <T> T yamlToObject(String yamlContent, Class<T> typClass) {
+        Constructor constructor = getConstructor(typClass);
+        constructor.setPropertyUtils(getPropertyUtils());
+        TypeDescription yamlFileDescription = new TypeDescription(typClass);
+        constructor.addTypeDescription(yamlFileDescription);
+        T yamlObj = new Yaml(constructor, new Representer(), new DumperOptions(), getLoaderOptions()).load(yamlContent);;
         //noinspection ResultOfMethodCallIgnored
         yamlObj.toString();
         return yamlObj;
-      } else {
-        throw new RuntimeException();
-      }
-    } catch (Exception exception) {
-      throw new RuntimeException(exception);
-    } finally {
-      try {
-        if (yamlContent != null) {
-          yamlContent.close();
+    }
+
+    public InputStream loadYamlFileIs(String yamlFullFileName) {
+        return YamlUtil.class.getResourceAsStream(yamlFullFileName);
+    }
+
+    /**
+     * Yaml to object t.
+     *
+     * @param <T>         the type parameter
+     * @param yamlContent the yaml content
+     * @param typClass    the t class
+     * @return the t
+     */
+    public <T> T yamlToObject(InputStream yamlContent, Class<T> typClass) {
+        try {
+            Constructor constructor = getConstructor(typClass);
+            constructor.setAllowDuplicateKeys(false);
+            constructor.setPropertyUtils(getPropertyUtils());
+            TypeDescription yamlFileDescription = new TypeDescription(typClass);
+            constructor.addTypeDescription(yamlFileDescription);
+            //No Yaml Constructor takes only Constructor and LoaderOptions, that is why I had to pass anonymous Representer and DumperOptions objects
+            T yamlObj = new Yaml(constructor, new Representer(), new DumperOptions(), getLoaderOptions()).load(yamlContent);
+            if (yamlObj != null) {
+                //noinspection ResultOfMethodCallIgnored
+                yamlObj.toString();
+                return yamlObj;
+            } else {
+                throw new RuntimeException();
+            }
+        } catch (Exception exception) {
+            throw new RuntimeException(exception);
+        } finally {
+            try {
+                if (yamlContent != null) {
+                    yamlContent.close();
+                }
+            } catch (IOException ignore) {
+                //do nothing
+            }
         }
-      } catch (IOException ignore) {
-        //do nothing
-      }
     }
-  }
 
+    private LoaderOptions getLoaderOptions() {
+        LoaderOptions options = new LoaderOptions();
+        options.setAllowDuplicateKeys(false);
+        options.setMaxAliasesForCollections(9999);
+        return options;
+    }
 
-  /**
-   * Gets constructor.
-   *
-   * @param <T>      the type parameter
-   * @param typClass the t class
-   * @return the constructor
-   */
-  public <T> Constructor getConstructor(Class<T> typClass) {
-    return new StrictMapAppenderConstructor(typClass);
-  }
 
-  /**
-   * Gets property utils.
-   *
-   * @return the property utils
-   */
-  protected PropertyUtils getPropertyUtils() {
-    return new MyPropertyUtils();
-  }
+    /**
+     * Gets constructor.
+     *
+     * @param <T>      the type parameter
+     * @param typClass the t class
+     * @return the constructor
+     */
+    public <T> Constructor getConstructor(Class<T> typClass) {
+        return new StrictMapAppenderConstructor(typClass);
+    }
 
+    /**
+     * Gets property utils.
+     *
+     * @return the property utils
+     */
+    protected PropertyUtils getPropertyUtils() {
+        return new MyPropertyUtils();
+    }
 
-  /**
-   * Yaml to map map.
-   *
-   * @param yamlContent the yaml content
-   * @return the map
-   */
-  public Map<String, LinkedHashMap<String, Object>> yamlToMap(InputStream yamlContent) {
-    Yaml yaml = new Yaml();
-    return (Map<String, LinkedHashMap<String, Object>>) yaml.load(yamlContent);
-  }
+
+    /**
+     * Yaml to map map.
+     *
+     * @param yamlContent the yaml content
+     * @return the map
+     */
+    public Map<String, LinkedHashMap<String, Object>> yamlToMap(InputStream yamlContent) {
+        return new Yaml().load(yamlContent);
+    }
 
 
     /**
@@ -172,137 +169,66 @@ public class YamlUtil {
      * @return The YAML Object
      */
     public static Object read(final InputStream yamlFileInputStream) {
-        final Yaml yaml = new Yaml();
-        return yaml.load(yamlFileInputStream);
-    }
-
-  /**
-   * Object to yaml string.
-   * @param obj the obj
-   * @return the string
-   */
-  public String objectToYaml(Object obj) {
-    DumperOptions options = new DumperOptions();
-    options.setPrettyFlow(true);
-    options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
-    Representer representer = new CustomRepresenter();
-    representer.addClassTag(obj.getClass(), Tag.MAP);
-    representer.setPropertyUtils(new MyPropertyUtils());
-
-    Yaml yaml = new Yaml(representer, options);
-    return yaml.dump(obj);
-  }
-
-  /**
-   * Is yaml file content valid boolean.
-   *
-   * @param yamlFullFileName the yaml full file name
-   * @return the boolean
-   */
-  public boolean isYamlFileContentValid(String yamlFullFileName) {
-    Yaml yaml = new Yaml();
-    try {
-      Object loadResult = yaml.load(yamlFullFileName);
-      return loadResult != null;
-    } catch (Exception exception) {
-      return false;
-    }
-  }
-
-
-  private class CustomRepresenter extends Representer {
-    @Override
-    protected MappingNode representJavaBean(Set<Property> properties, Object javaBean) {
-      //remove the bean type from the output yaml (!! ...)
-      if (!classTags.containsKey(javaBean.getClass())) {
-        addClassTag(javaBean.getClass(), Tag.MAP);
-      }
-
-      return super.representJavaBean(properties, javaBean);
-    }
-
-    @Override
-    protected NodeTuple representJavaBeanProperty(Object javaBean, Property property,
-                                                  Object propertyValue, Tag customTag) {
-      if (propertyValue == null) {
-        return null;
-      } else {
-        NodeTuple defaultNode =
-            super.representJavaBeanProperty(javaBean, property, propertyValue, customTag);
-
-        return DEFAULT_STR.equals(property.getName())
-            ? new NodeTuple(representData(DEFAULT), defaultNode.getValueNode())
-            : defaultNode;
-      }
-    }
-  }
-
-
-  /**
-   * The type My property utils.
-   */
-  public class MyPropertyUtils extends PropertyUtils {
-    //Unsorted properties
-    @Override
-    protected Set<Property> createPropertySet(Class<? extends Object> type, BeanAccess bnAccess)
-        throws IntrospectionException {
-      return new LinkedHashSet<>(getPropertiesMap(type,
-          BeanAccess.FIELD).values());
+        return new Yaml().load(yamlFileInputStream);
     }
 
-    @Override
-    public Property getProperty(Class<?> type, String name) throws IntrospectionException {
-      String updatedName = name;
-      if (DEFAULT.equals(updatedName)) {
-        updatedName = DEFAULT_STR;
-      }
-      return super.getProperty(type, updatedName);
+    /**
+     * Object to yaml string.
+     *
+     * @param obj the obj
+     * @return the string
+     */
+    public String objectToYaml(Object obj) {
+        DumperOptions options = new DumperOptions();
+        options.setPrettyFlow(true);
+        options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
+        Representer representer = new CustomRepresenter();
+        representer.addClassTag(obj.getClass(), Tag.MAP);
+        representer.setPropertyUtils(new MyPropertyUtils());
+
+        Yaml yaml = new Yaml(representer, options);
+        return yaml.dump(obj);
     }
 
-  }
-
-  /**
-   * The type Strict map appender constructor.
-   */
-  protected class StrictMapAppenderConstructor extends Constructor {
-
     /**
-     * Instantiates a new Strict map appender constructor.
+     * Is yaml file content valid boolean.
      *
-     * @param theRoot the the root
+     * @param yamlFullFileName the yaml full file name
+     * @return the boolean
      */
-    public StrictMapAppenderConstructor(Class<?> theRoot) {
-      super(theRoot);
+    public boolean isYamlFileContentValid(String yamlFullFileName) {
+        try {
+            return new Yaml().load(yamlFullFileName) != null;
+        } catch (Exception exception) {
+            return false;
+        }
     }
 
-    @Override
-    protected Map<Object, Object> createDefaultMap() {
-      final Map<Object, Object> delegate = super.createDefaultMap();
-      return new AbstractMap<Object, Object>() {
+
+    private class CustomRepresenter extends Representer {
         @Override
-        public Object put(Object key, Object value) {
-          if (delegate.containsKey(key)) {
-            throw new IllegalStateException("duplicate key: " + key);
-          }
-          return delegate.put(key, value);
+        protected MappingNode representJavaBean(Set<Property> properties, Object javaBean) {
+            //remove the bean type from the output yaml (!! ...)
+            if (!classTags.containsKey(javaBean.getClass())) {
+                addClassTag(javaBean.getClass(), Tag.MAP);
+            }
+
+            return super.representJavaBean(properties, javaBean);
         }
 
         @Override
-        public Set<Entry<Object, Object>> entrySet() {
-          return delegate.entrySet();
+        protected NodeTuple representJavaBeanProperty(Object javaBean, Property property,
+                                                      Object propertyValue, Tag customTag) {
+            if (propertyValue == null) {
+                return null;
+            } else {
+                NodeTuple defaultNode =
+                        super.representJavaBeanProperty(javaBean, property, propertyValue, customTag);
+
+                return DEFAULT_STR.equals(property.getName())
+                        ? new NodeTuple(representData(DEFAULT), defaultNode.getValueNode())
+                        : defaultNode;
+            }
         }
-      };
-    }
-
-    @Override
-    protected Map<Object, Object> constructMapping(MappingNode node) {
-      try {
-        return super.constructMapping(node);
-      } catch (IllegalStateException exception) {
-        throw new ParserException("while parsing MappingNode",
-            node.getStartMark(), exception.getMessage(),
-            node.getEndMark());
-      }
     }
-  }
 }