From b485c37b36ddb3ab5e8085c009b26e97c8e62d74 Mon Sep 17 00:00:00 2001 From: JulienBe Date: Wed, 28 Oct 2020 11:50:25 -0400 Subject: Upgrade Vulnerable Direct Dependencies [snakeyaml] Change-Id: I84417ab3d4f18634be519b837a34d1f1e774ceff Signed-off-by: amohamad Issue-ID: SDC-3051 Updated MVN dependencies in the respective pom.xml files Updated the signature of some methods to match new version 1.26 Modified test cases to match the new wording of exceptions Still working on troublshooting other failing test cases Change-Id: Ifc796574e6d8d4e4fc707db04944d83427b5dbe6 Signed-off-by: amohamad Signed-off-by: JulienBe --- .../onap/sdc/tosca/services/MyPropertyUtils.java | 47 +++ .../services/StrictMapAppenderConstructor.java | 70 ++++ .../sdc/tosca/services/ToscaExtensionYamlUtil.java | 2 +- .../java/org/onap/sdc/tosca/services/YamlUtil.java | 352 ++++++++------------- 4 files changed, 257 insertions(+), 214 deletions(-) create mode 100644 common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java create mode 100644 common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java (limited to 'common/onap-tosca-datatype/src/main/java/org/onap') diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java new file mode 100644 index 0000000000..466d669ad9 --- /dev/null +++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/MyPropertyUtils.java @@ -0,0 +1,47 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.sdc.tosca.services; + +import org.yaml.snakeyaml.introspector.BeanAccess; +import org.yaml.snakeyaml.introspector.Property; +import org.yaml.snakeyaml.introspector.PropertyUtils; + +import java.util.LinkedHashSet; +import java.util.Set; + +public class MyPropertyUtils extends PropertyUtils { + //Unsorted properties + @Override + protected Set createPropertySet(Class type, BeanAccess bnAccess) { + return new LinkedHashSet<>(getPropertiesMap(type, + BeanAccess.FIELD).values()); + } + + @Override + public Property getProperty(Class type, String name) { + String updatedName = name; + if (YamlUtil.DEFAULT.equals(updatedName)) { + updatedName = YamlUtil.DEFAULT_STR; + } + return super.getProperty(type, updatedName); + } + +} diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java new file mode 100644 index 0000000000..7babd428c8 --- /dev/null +++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java @@ -0,0 +1,70 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.sdc.tosca.services; + +import org.yaml.snakeyaml.constructor.Constructor; +import org.yaml.snakeyaml.nodes.MappingNode; +import org.yaml.snakeyaml.parser.ParserException; + +import java.util.AbstractMap; +import java.util.Map; +import java.util.Set; + +public class StrictMapAppenderConstructor extends Constructor { + /** + * Instantiates a new Strict map appender constructor. + * + * @param theRoot the the root + */ + public StrictMapAppenderConstructor(Class theRoot) { + super(theRoot); + } + + @Override + protected Map createDefaultMap(int initSize) { + final Map delegate = super.createDefaultMap(initSize); + return new AbstractMap<>() { + @Override + public Object put(Object key, Object value) { + if (delegate.containsKey(key)) { + throw new IllegalStateException("duplicate key: " + key); + } + return delegate.put(key, value); + } + + @Override + public Set> entrySet() { + return delegate.entrySet(); + } + }; + } + + @Override + protected Map constructMapping(MappingNode node) { + try { + return super.constructMapping(node); + } catch (IllegalStateException exception) { + throw new ParserException("while parsing MappingNode", + node.getStartMark(), exception.getMessage(), + node.getEndMark()); + } + } +} diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java index 45499d15f4..37d8411d9b 100644 --- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java +++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/ToscaExtensionYamlUtil.java @@ -51,7 +51,7 @@ public class ToscaExtensionYamlUtil extends YamlUtil { public class ToscaPropertyUtilsWithHeatExtension extends MyPropertyUtils { @Override - public Property getProperty(Class type, String name) throws IntrospectionException { + public Property getProperty(Class type, String name) { Class classType = type; try { if (type.equals(Class.forName(TOSCA_MODEL_PARAMETER_DEFINITION))) { diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java index 4ac60d40e4..8530846fae 100644 --- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java +++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/YamlUtil.java @@ -16,32 +16,23 @@ package org.onap.sdc.tosca.services; -import java.util.List; -import java.util.Optional; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.yaml.snakeyaml.DumperOptions; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.TypeDescription; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.Constructor; -import org.yaml.snakeyaml.introspector.BeanAccess; import org.yaml.snakeyaml.introspector.Property; import org.yaml.snakeyaml.introspector.PropertyUtils; import org.yaml.snakeyaml.nodes.MappingNode; import org.yaml.snakeyaml.nodes.NodeTuple; import org.yaml.snakeyaml.nodes.Tag; -import org.yaml.snakeyaml.parser.ParserException; import org.yaml.snakeyaml.representer.Representer; - -import java.beans.IntrospectionException; import java.io.IOException; import java.io.InputStream; -import java.util.AbstractMap; -import java.util.LinkedHashMap; -import java.util.LinkedHashSet; -import java.util.Map; -import java.util.Set; +import java.util.*; /** * The type Yaml util. @@ -50,101 +41,107 @@ import java.util.Set; public class YamlUtil { private static final Logger LOGGER = LoggerFactory.getLogger(YamlUtil.class.getName()); - private static final String DEFAULT = "default"; - private static final String DEFAULT_STR = "_default"; - - /** - * Yaml to object t. - * - * @param the type parameter - * @param yamlContent the yaml content - * @param typClass the t class - * @return the t - */ - public T yamlToObject(String yamlContent, Class typClass) { - Constructor constructor = getConstructor(typClass); - constructor.setPropertyUtils(getPropertyUtils()); - TypeDescription yamlFileDescription = new TypeDescription(typClass); - constructor.addTypeDescription(yamlFileDescription); - Yaml yaml = new Yaml(constructor); - T yamlObj = (T) yaml.load(yamlContent); - //noinspection ResultOfMethodCallIgnored - yamlObj.toString(); - return yamlObj; - } + static final String DEFAULT = "default"; + static final String DEFAULT_STR = "_default"; - public InputStream loadYamlFileIs(String yamlFullFileName) { - return YamlUtil.class.getResourceAsStream(yamlFullFileName); - } - - /** - * Yaml to object t. - * - * @param the type parameter - * @param yamlContent the yaml content - * @param typClass the t class - * @return the t - */ - public T yamlToObject(InputStream yamlContent, Class typClass) { - try { - Constructor constructor = getConstructor(typClass); - constructor.setPropertyUtils(getPropertyUtils()); - TypeDescription yamlFileDescription = new TypeDescription(typClass); - constructor.addTypeDescription(yamlFileDescription); - Yaml yaml = new Yaml(constructor); - T yamlObj = (T) yaml.load(yamlContent); - if (yamlObj != null) { + /** + * Yaml to object t. + * + * @param the type parameter + * @param yamlContent the yaml content + * @param typClass the t class + * @return the t + */ + public T yamlToObject(String yamlContent, Class typClass) { + Constructor constructor = getConstructor(typClass); + constructor.setPropertyUtils(getPropertyUtils()); + TypeDescription yamlFileDescription = new TypeDescription(typClass); + constructor.addTypeDescription(yamlFileDescription); + T yamlObj = new Yaml(constructor, new Representer(), new DumperOptions(), getLoaderOptions()).load(yamlContent);; //noinspection ResultOfMethodCallIgnored yamlObj.toString(); return yamlObj; - } else { - throw new RuntimeException(); - } - } catch (Exception exception) { - throw new RuntimeException(exception); - } finally { - try { - if (yamlContent != null) { - yamlContent.close(); + } + + public InputStream loadYamlFileIs(String yamlFullFileName) { + return YamlUtil.class.getResourceAsStream(yamlFullFileName); + } + + /** + * Yaml to object t. + * + * @param the type parameter + * @param yamlContent the yaml content + * @param typClass the t class + * @return the t + */ + public T yamlToObject(InputStream yamlContent, Class typClass) { + try { + Constructor constructor = getConstructor(typClass); + constructor.setAllowDuplicateKeys(false); + constructor.setPropertyUtils(getPropertyUtils()); + TypeDescription yamlFileDescription = new TypeDescription(typClass); + constructor.addTypeDescription(yamlFileDescription); + //No Yaml Constructor takes only Constructor and LoaderOptions, that is why I had to pass anonymous Representer and DumperOptions objects + T yamlObj = new Yaml(constructor, new Representer(), new DumperOptions(), getLoaderOptions()).load(yamlContent); + if (yamlObj != null) { + //noinspection ResultOfMethodCallIgnored + yamlObj.toString(); + return yamlObj; + } else { + throw new RuntimeException(); + } + } catch (Exception exception) { + throw new RuntimeException(exception); + } finally { + try { + if (yamlContent != null) { + yamlContent.close(); + } + } catch (IOException ignore) { + //do nothing + } } - } catch (IOException ignore) { - //do nothing - } } - } + private LoaderOptions getLoaderOptions() { + LoaderOptions options = new LoaderOptions(); + options.setAllowDuplicateKeys(false); + options.setMaxAliasesForCollections(9999); + return options; + } - /** - * Gets constructor. - * - * @param the type parameter - * @param typClass the t class - * @return the constructor - */ - public Constructor getConstructor(Class typClass) { - return new StrictMapAppenderConstructor(typClass); - } - /** - * Gets property utils. - * - * @return the property utils - */ - protected PropertyUtils getPropertyUtils() { - return new MyPropertyUtils(); - } + /** + * Gets constructor. + * + * @param the type parameter + * @param typClass the t class + * @return the constructor + */ + public Constructor getConstructor(Class typClass) { + return new StrictMapAppenderConstructor(typClass); + } + /** + * Gets property utils. + * + * @return the property utils + */ + protected PropertyUtils getPropertyUtils() { + return new MyPropertyUtils(); + } - /** - * Yaml to map map. - * - * @param yamlContent the yaml content - * @return the map - */ - public Map> yamlToMap(InputStream yamlContent) { - Yaml yaml = new Yaml(); - return (Map>) yaml.load(yamlContent); - } + + /** + * Yaml to map map. + * + * @param yamlContent the yaml content + * @return the map + */ + public Map> yamlToMap(InputStream yamlContent) { + return new Yaml().load(yamlContent); + } /** @@ -172,137 +169,66 @@ public class YamlUtil { * @return The YAML Object */ public static Object read(final InputStream yamlFileInputStream) { - final Yaml yaml = new Yaml(); - return yaml.load(yamlFileInputStream); - } - - /** - * Object to yaml string. - * @param obj the obj - * @return the string - */ - public String objectToYaml(Object obj) { - DumperOptions options = new DumperOptions(); - options.setPrettyFlow(true); - options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); - Representer representer = new CustomRepresenter(); - representer.addClassTag(obj.getClass(), Tag.MAP); - representer.setPropertyUtils(new MyPropertyUtils()); - - Yaml yaml = new Yaml(representer, options); - return yaml.dump(obj); - } - - /** - * Is yaml file content valid boolean. - * - * @param yamlFullFileName the yaml full file name - * @return the boolean - */ - public boolean isYamlFileContentValid(String yamlFullFileName) { - Yaml yaml = new Yaml(); - try { - Object loadResult = yaml.load(yamlFullFileName); - return loadResult != null; - } catch (Exception exception) { - return false; - } - } - - - private class CustomRepresenter extends Representer { - @Override - protected MappingNode representJavaBean(Set properties, Object javaBean) { - //remove the bean type from the output yaml (!! ...) - if (!classTags.containsKey(javaBean.getClass())) { - addClassTag(javaBean.getClass(), Tag.MAP); - } - - return super.representJavaBean(properties, javaBean); - } - - @Override - protected NodeTuple representJavaBeanProperty(Object javaBean, Property property, - Object propertyValue, Tag customTag) { - if (propertyValue == null) { - return null; - } else { - NodeTuple defaultNode = - super.representJavaBeanProperty(javaBean, property, propertyValue, customTag); - - return DEFAULT_STR.equals(property.getName()) - ? new NodeTuple(representData(DEFAULT), defaultNode.getValueNode()) - : defaultNode; - } - } - } - - - /** - * The type My property utils. - */ - public class MyPropertyUtils extends PropertyUtils { - //Unsorted properties - @Override - protected Set createPropertySet(Class type, BeanAccess bnAccess) - throws IntrospectionException { - return new LinkedHashSet<>(getPropertiesMap(type, - BeanAccess.FIELD).values()); + return new Yaml().load(yamlFileInputStream); } - @Override - public Property getProperty(Class type, String name) throws IntrospectionException { - String updatedName = name; - if (DEFAULT.equals(updatedName)) { - updatedName = DEFAULT_STR; - } - return super.getProperty(type, updatedName); + /** + * Object to yaml string. + * + * @param obj the obj + * @return the string + */ + public String objectToYaml(Object obj) { + DumperOptions options = new DumperOptions(); + options.setPrettyFlow(true); + options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); + Representer representer = new CustomRepresenter(); + representer.addClassTag(obj.getClass(), Tag.MAP); + representer.setPropertyUtils(new MyPropertyUtils()); + + Yaml yaml = new Yaml(representer, options); + return yaml.dump(obj); } - } - - /** - * The type Strict map appender constructor. - */ - protected class StrictMapAppenderConstructor extends Constructor { - /** - * Instantiates a new Strict map appender constructor. + * Is yaml file content valid boolean. * - * @param theRoot the the root + * @param yamlFullFileName the yaml full file name + * @return the boolean */ - public StrictMapAppenderConstructor(Class theRoot) { - super(theRoot); + public boolean isYamlFileContentValid(String yamlFullFileName) { + try { + return new Yaml().load(yamlFullFileName) != null; + } catch (Exception exception) { + return false; + } } - @Override - protected Map createDefaultMap() { - final Map delegate = super.createDefaultMap(); - return new AbstractMap() { + + private class CustomRepresenter extends Representer { @Override - public Object put(Object key, Object value) { - if (delegate.containsKey(key)) { - throw new IllegalStateException("duplicate key: " + key); - } - return delegate.put(key, value); + protected MappingNode representJavaBean(Set properties, Object javaBean) { + //remove the bean type from the output yaml (!! ...) + if (!classTags.containsKey(javaBean.getClass())) { + addClassTag(javaBean.getClass(), Tag.MAP); + } + + return super.representJavaBean(properties, javaBean); } @Override - public Set> entrySet() { - return delegate.entrySet(); + protected NodeTuple representJavaBeanProperty(Object javaBean, Property property, + Object propertyValue, Tag customTag) { + if (propertyValue == null) { + return null; + } else { + NodeTuple defaultNode = + super.representJavaBeanProperty(javaBean, property, propertyValue, customTag); + + return DEFAULT_STR.equals(property.getName()) + ? new NodeTuple(representData(DEFAULT), defaultNode.getValueNode()) + : defaultNode; + } } - }; - } - - @Override - protected Map constructMapping(MappingNode node) { - try { - return super.constructMapping(node); - } catch (IllegalStateException exception) { - throw new ParserException("while parsing MappingNode", - node.getStartMark(), exception.getMessage(), - node.getEndMark()); - } } - } } -- cgit 1.2.3-korg