From c16117e08b97da93da61be841c22f5759cdadd37 Mon Sep 17 00:00:00 2001
From: amohamad <a.mohamad@queensu.ca>
Date: Sun, 19 Jul 2020 22:17:57 -0400
Subject: Upgrade Vulnerable Direct Dependencies [jackson]

Issue-ID: SDC-3051

Upgrade from jackson-databind 1.9 and 2.10 to 2.11

upgrade the respective pom.xml files

Upgrade the 1.9 imports and required code changes

Upgrade the beans-services.xml files

Change-Id: I56b59e08d65a0a1888c8caeb5470bc0c6a028ddd
Signed-off-by: amohamad <a.mohamad@queensu.ca>
---
 .../api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml   | 12 ++++++------
 .../src/main/webapp/WEB-INF/beans-services.xml               |  4 ++--
 .../openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml    | 12 ++++++------
 .../openecomp/server/interceptors/InternalEmptyObject.java   |  2 +-
 .../src/main/webapp/WEB-INF/beans-services.xml               |  4 ++--
 .../openecomp/sdcrests/errors/DefaultExceptionMapper.java    |  2 +-
 .../sdcrests/errors/DefaultExceptionMapperTest.java          |  2 +-
 .../vendorlicense/types/EntitlementPoolRequestDto.java       |  2 +-
 8 files changed, 20 insertions(+), 20 deletions(-)

(limited to 'openecomp-be/api/openecomp-sdc-rest-webapp')

diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml
index 6a6dd0aa73..d6b80e5430 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/pom.xml
@@ -33,14 +33,14 @@
         </dependency>
         <!-- JSON -->
         <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-jaxrs</artifactId>
-            <version>${org.codehaus.jackson.version}</version>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-json-provider</artifactId>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-core-asl</artifactId>
-            <version>${org.codehaus.jackson.version}</version>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>javax.inject</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/beans-services.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/beans-services.xml
index 6ecc8cc7e3..33fa2970ed 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/beans-services.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/beans-services.xml
@@ -16,11 +16,11 @@
     <!-- Needed for JSR-303 validations. May be removed when moving to JAX-RS 2.0 -->
     <bean class="org.springframework.validation.beanvalidation.MethodValidationPostProcessor"/>
 
-    <bean id="jacksonObjectMapper" class="org.codehaus.jackson.map.ObjectMapper">
+    <bean id="jacksonObjectMapper" class="com.fasterxml.jackson.databind.ObjectMapper">
         <property name="serializationInclusion" value="NON_NULL"/>
     </bean>
 
-    <bean id="jsonProvider" class="org.codehaus.jackson.jaxrs.JacksonJsonProvider">
+    <bean id="jsonProvider" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider">
         <property name="mapper" ref="jacksonObjectMapper"/>
     </bean>
 
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
index ba2bea1e31..9ead2b48e3 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
@@ -103,14 +103,14 @@
         </dependency>
         <!-- JSON -->
         <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-jaxrs</artifactId>
-            <version>${org.codehaus.jackson.version}</version>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-json-provider</artifactId>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-core-asl</artifactId>
-            <version>${org.codehaus.jackson.version}</version>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>javax.inject</groupId>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/interceptors/InternalEmptyObject.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/interceptors/InternalEmptyObject.java
index 903907fa78..b052c57d10 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/interceptors/InternalEmptyObject.java
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/interceptors/InternalEmptyObject.java
@@ -20,7 +20,7 @@
 
 package org.openecomp.server.interceptors;
 
-import org.codehaus.jackson.annotate.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
 
 import java.io.Serializable;
 
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/beans-services.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/beans-services.xml
index f2811e739f..62ae816cea 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/beans-services.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/beans-services.xml
@@ -20,11 +20,11 @@
     <!-- Needed for JSR-303 validations. May be removed when moving to JAX-RS 2.0 -->
     <bean class="org.springframework.validation.beanvalidation.MethodValidationPostProcessor"/>
 
-    <bean id="jacksonObjectMapper" class="org.codehaus.jackson.map.ObjectMapper">
+    <bean id="jacksonObjectMapper" class="com.fasterxml.jackson.databind.ObjectMapper">
         <property name="serializationInclusion" value="NON_NULL"/>
     </bean>
 
-    <bean id="jsonProvider" class="org.codehaus.jackson.jaxrs.JacksonJsonProvider">
+    <bean id="jsonProvider" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider">
         <property name="mapper" ref="jacksonObjectMapper"/>
     </bean>
 
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/main/java/org/openecomp/sdcrests/errors/DefaultExceptionMapper.java b/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/main/java/org/openecomp/sdcrests/errors/DefaultExceptionMapper.java
index 618ac59fa4..9fe70fc5e5 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/main/java/org/openecomp/sdcrests/errors/DefaultExceptionMapper.java
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/main/java/org/openecomp/sdcrests/errors/DefaultExceptionMapper.java
@@ -29,7 +29,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.ExceptionMapper;
 
 import org.apache.commons.collections4.CollectionUtils;
-import org.codehaus.jackson.map.JsonMappingException;
+import com.fasterxml.jackson.databind.JsonMappingException;
 import org.hibernate.validator.internal.engine.path.PathImpl;
 import org.openecomp.core.utilities.file.FileUtils;
 import org.openecomp.core.utilities.json.JsonUtil;
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/test/java/org/openecomp/sdcrests/errors/DefaultExceptionMapperTest.java b/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/test/java/org/openecomp/sdcrests/errors/DefaultExceptionMapperTest.java
index 8634cd3720..680c3409ad 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/test/java/org/openecomp/sdcrests/errors/DefaultExceptionMapperTest.java
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/openecomp-sdc-common-rest/src/test/java/org/openecomp/sdcrests/errors/DefaultExceptionMapperTest.java
@@ -26,7 +26,7 @@ import java.util.Set;
 import javax.validation.ConstraintViolation;
 import javax.validation.ConstraintViolationException;
 import javax.ws.rs.core.Response;
-import org.codehaus.jackson.map.JsonMappingException;
+import com.fasterxml.jackson.databind.JsonMappingException;
 import org.hibernate.validator.internal.engine.path.PathImpl;
 import org.junit.Test;
 import org.junit.runner.RunWith;
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-types/src/main/java/org/openecomp/sdcrests/vendorlicense/types/EntitlementPoolRequestDto.java b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-types/src/main/java/org/openecomp/sdcrests/vendorlicense/types/EntitlementPoolRequestDto.java
index f9a04566b2..642156fa30 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-types/src/main/java/org/openecomp/sdcrests/vendorlicense/types/EntitlementPoolRequestDto.java
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-license-rest/vendor-license-rest-types/src/main/java/org/openecomp/sdcrests/vendorlicense/types/EntitlementPoolRequestDto.java
@@ -22,7 +22,7 @@ package org.openecomp.sdcrests.vendorlicense.types;
 
 
 import io.swagger.v3.oas.annotations.media.Schema;
-import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import org.hibernate.validator.constraints.NotBlank;
 import org.openecomp.sdc.vendorlicense.dao.types.EntitlementPoolType;
 import org.openecomp.sdc.vendorlicense.dao.types.OperationalScope;
-- 
cgit 1.2.3-korg