From 66af7c5df813bc779ae088c588bfab2cd9cdd74c Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 20 Jul 2021 23:22:45 +0100
Subject: Remove dependency vulnerability

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ia703de3d5bad1780e63be401ce0b435cb665f505
Issue-ID: SDC-3572
---
 catalog-be/pom.xml                                 | 20 ++++-
 .../be/impl/aaf/RoleAuthorizationHandlerTest.java  | 94 +++++++++++-----------
 2 files changed, 64 insertions(+), 50 deletions(-)

(limited to 'catalog-be')

diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index 53af2c7b27..bf56d4d3c9 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -16,7 +16,7 @@
     <java-hamcrest.version>2.0.0.0</java-hamcrest.version>
     <swagger.version>${swagger-core-mvn-plugin.version}</swagger.version>
     <swagger-ui.version>3.25.0</swagger-ui.version>
-    <maven-dependency-plugin.version>3.1.1</maven-dependency-plugin.version>
+    <maven-dependency-plugin.version>3.2.0</maven-dependency-plugin.version>
     <replacer.plugin.version>1.5.3</replacer.plugin.version>
   </properties>
 
@@ -90,7 +90,7 @@
     <!-- Swagger Dependencies End -->
 
     <dependency>
-      <groupId>org.hibernate</groupId>
+      <groupId>org.hibernate.validator</groupId>
       <artifactId>hibernate-validator</artifactId>
       <version>${hibernate.validator.version}</version>
     </dependency>
@@ -239,6 +239,10 @@
           <groupId>org.springframework</groupId>
           <artifactId>spring-context</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>org.hibernate</groupId>
+          <artifactId>hibernate-validator</artifactId>
+        </exclusion>
       </exclusions>
 
     </dependency>
@@ -253,6 +257,12 @@
     <dependency>
       <groupId>org.glassfish.jersey.ext</groupId>
       <artifactId>jersey-bean-validation</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.hibernate</groupId>
+          <artifactId>hibernate-validator</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <!-- http client -->
@@ -406,6 +416,10 @@
           <groupId>commons-io</groupId>
           <artifactId>commons-io</artifactId>
         </exclusion>
+        <exclusion>
+          <groupId>commons-codec</groupId>
+          <artifactId>commons-codec</artifactId>
+        </exclusion>
       </exclusions>
     </dependency>
 
@@ -517,7 +531,7 @@
     <dependency>
       <groupId>org.owasp.esapi</groupId>
       <artifactId>esapi</artifactId>
-      <version>2.2.0.0</version>
+      <version>${org.owasp.esapi.version}</version>
       <exclusions>
         <exclusion>
           <groupId>xerces</groupId>
diff --git a/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java b/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java
index 30a123dcad..c83cd3d25c 100644
--- a/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java
+++ b/catalog-be/src/test/java/org/openecomp/sdc/be/impl/aaf/RoleAuthorizationHandlerTest.java
@@ -20,17 +20,25 @@
 
 package org.openecomp.sdc.be.impl.aaf;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.mockito.Mockito.when;
+
+import java.util.Collections;
+import javax.servlet.http.HttpServletRequest;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.Signature;
-import org.hibernate.validator.internal.util.annotationfactory.AnnotationDescriptor;
-import org.hibernate.validator.internal.util.annotationfactory.AnnotationFactory;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.hibernate.validator.internal.util.annotation.AnnotationDescriptor;
+import org.hibernate.validator.internal.util.annotation.AnnotationDescriptor.Builder;
+import org.hibernate.validator.internal.util.annotation.AnnotationFactory;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
 import org.openecomp.sdc.be.components.impl.aaf.AafPermission;
+import org.openecomp.sdc.be.components.impl.aaf.AafPermission.PermNames;
 import org.openecomp.sdc.be.components.impl.aaf.PermissionAllowed;
 import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler;
 import org.openecomp.sdc.be.components.impl.exceptions.ComponentException;
@@ -42,26 +50,20 @@ import org.openecomp.sdc.common.impl.ExternalConfiguration;
 import org.openecomp.sdc.common.impl.FSConfigurationSource;
 import org.openecomp.sdc.common.util.ThreadLocalsHolder;
 
-import javax.servlet.http.HttpServletRequest;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.catchThrowable;
-import static org.mockito.Mockito.when;
-
-@RunWith(MockitoJUnitRunner.Silent.class)
-public class RoleAuthorizationHandlerTest {
+@ExtendWith(MockitoExtension.class)
+class RoleAuthorizationHandlerTest {
 
     private RoleAuthorizationHandler roleAuthorizationHandler;
     @Mock
-    JoinPoint joinPoint;
+    private JoinPoint joinPoint;
     @Mock
-    Signature signature;
+    private Signature signature;
     @Mock
-    BeGenericServlet beGenericServlet;
+    private BeGenericServlet beGenericServlet;
     @Mock
-    HttpServletRequest httpServletRequest;
+    private HttpServletRequest httpServletRequest;
 
-    @Before
+    @BeforeEach
     public void setUp() {
         MockitoAnnotations.initMocks(this);
         when(joinPoint.getSignature()).thenReturn(signature);
@@ -74,48 +76,46 @@ public class RoleAuthorizationHandlerTest {
     }
 
     @Test
-    public void testAuthorizeRoleOnePermittedRole() {
-        String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE};
-        AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
-        permissionDescriptor.setValue("value", permsAllowed);
-        PermissionAllowed rolesAllowed = (PermissionAllowed) AnnotationFactory.create(permissionDescriptor);
-        when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission()))
-                .thenReturn(true);
+    void testAuthorizeRoleOnePermittedRole() {
+        final String[] permsAllowed = {PermNames.WRITE_VALUE};
+        final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+        final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
+        when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(true);
         roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed);
     }
 
     @Test
-    public void testAuthorizeRoleTwoPermittedRole() {
-        String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE, AafPermission.PermNames.READ_VALUE};
-        AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
-        permissionDescriptor.setValue("value", permsAllowed);
-        PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor);
-        when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission()))
-                .thenReturn(true);
+    void testAuthorizeRoleTwoPermittedRole() {
+        final String[] permsAllowed = {PermNames.WRITE_VALUE, PermNames.READ_VALUE};
+        final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+        final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
+        when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(true);
         roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed);
     }
 
     @Test
-    public void testAuthorizeRoleNonPermittedRole() {
-        String[] permsAllowed = {AafPermission.PermNames.WRITE_VALUE, AafPermission.PermNames.READ_VALUE};
-        AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
-        permissionDescriptor.setValue("value", permsAllowed);
-        PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor);
-        when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission()))
-                .thenReturn(false);
+    void testAuthorizeRoleNonPermittedRole() {
+        final String[] permsAllowed = {PermNames.WRITE_VALUE, PermNames.READ_VALUE};
+        final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+        final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
+        when(httpServletRequest.isUserInRole(AafPermission.getEnumByString(permsAllowed[0]).getFullPermission())).thenReturn(false);
 
-        ComponentException thrown = (ComponentException) catchThrowable(()->roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
+        final ComponentException thrown = (ComponentException) catchThrowable(() -> roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
         assertThat(thrown.getActionStatus()).isEqualTo(ActionStatus.AUTH_FAILED);
     }
 
     @Test
-    public void testAuthorizeRoleEmptyRole() {
-        String[] permsAllowed = {};
-        AnnotationDescriptor<PermissionAllowed> permissionDescriptor = new AnnotationDescriptor<PermissionAllowed>(PermissionAllowed.class);
-        permissionDescriptor.setValue("value", permsAllowed);
-        PermissionAllowed rolesAllowed = (PermissionAllowed)AnnotationFactory.create(permissionDescriptor);
+    void testAuthorizeRoleEmptyRole() {
+        final String[] permsAllowed = {};
+        final AnnotationDescriptor<PermissionAllowed> permissionDescriptor = createTestSubject(permsAllowed);
+        final PermissionAllowed rolesAllowed = AnnotationFactory.create(permissionDescriptor);
 
-        ComponentException thrown = (ComponentException) catchThrowable(()->roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
+        final ComponentException thrown = (ComponentException) catchThrowable(() -> roleAuthorizationHandler.authorizeRole(joinPoint, rolesAllowed));
         assertThat(thrown.getActionStatus()).isEqualTo(ActionStatus.AUTH_FAILED);
     }
+
+    private AnnotationDescriptor<PermissionAllowed> createTestSubject(final String[] permsAllowed) {
+        return new Builder<>(PermissionAllowed.class, Collections.singletonMap("value", permsAllowed)).build();
+    }
+
 }
-- 
cgit 1.2.3-korg