From b485c37b36ddb3ab5e8085c009b26e97c8e62d74 Mon Sep 17 00:00:00 2001 From: JulienBe Date: Wed, 28 Oct 2020 11:50:25 -0400 Subject: Upgrade Vulnerable Direct Dependencies [snakeyaml] Change-Id: I84417ab3d4f18634be519b837a34d1f1e774ceff Signed-off-by: amohamad Issue-ID: SDC-3051 Updated MVN dependencies in the respective pom.xml files Updated the signature of some methods to match new version 1.26 Modified test cases to match the new wording of exceptions Still working on troublshooting other failing test cases Change-Id: Ifc796574e6d8d4e4fc707db04944d83427b5dbe6 Signed-off-by: amohamad Signed-off-by: JulienBe --- .../validation/impl/validators/YamlValidator.java | 77 +++++--- .../NeutronPortNamingConventionValidator.java | 210 +++++++++------------ 2 files changed, 135 insertions(+), 152 deletions(-) (limited to 'openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main') diff --git a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/YamlValidator.java b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/YamlValidator.java index b11ff5e341..c433c3e7d4 100644 --- a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/YamlValidator.java +++ b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/YamlValidator.java @@ -17,7 +17,8 @@ package org.openecomp.sdc.validation.impl.validators; -import org.onap.sdc.tosca.services.YamlUtil; +import org.onap.sdc.tosca.services.MyPropertyUtils; +import org.onap.sdc.tosca.services.StrictMapAppenderConstructor; import org.openecomp.core.validation.ErrorMessageCode; import org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder; import org.openecomp.core.validation.types.GlobalValidationContext; @@ -25,6 +26,12 @@ import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.validation.Validator; import org.openecomp.sdc.validation.impl.util.YamlValidatorUtil; +import org.yaml.snakeyaml.DumperOptions; +import org.yaml.snakeyaml.LoaderOptions; +import org.yaml.snakeyaml.TypeDescription; +import org.yaml.snakeyaml.Yaml; +import org.yaml.snakeyaml.constructor.Constructor; +import org.yaml.snakeyaml.representer.Representer; import java.io.InputStream; import java.util.Collection; @@ -33,42 +40,50 @@ import java.util.Optional; import java.util.Set; public class YamlValidator implements Validator { - private static final ErrorMessageCode ERROR_CODE_YML_1 = new ErrorMessageCode("YML1"); - private static final ErrorMessageCode ERROR_CODE_YML_2 = new ErrorMessageCode("YML2"); + private static final ErrorMessageCode ERROR_CODE_YML_1 = new ErrorMessageCode("YML1"); + private static final ErrorMessageCode ERROR_CODE_YML_2 = new ErrorMessageCode("YML2"); - @Override - public void validate(GlobalValidationContext globalContext) { - Set pmDictionaryFiles = GlobalContextUtil.findPmDictionaryFiles(globalContext); + @Override + public void validate(GlobalValidationContext globalContext) { + Set pmDictionaryFiles = GlobalContextUtil.findPmDictionaryFiles(globalContext); - Collection files = globalContext.files( - (fileName, globalValidationContext) -> FileExtensionUtils.isYaml(fileName) - && !pmDictionaryFiles.contains(fileName)); + Collection files = globalContext.files( + (fileName, globalValidationContext) -> FileExtensionUtils.isYaml(fileName) + && !pmDictionaryFiles.contains(fileName)); - files.forEach(fileName -> validate(fileName, globalContext)); - } - - private void validate(String fileName, GlobalValidationContext globalContext) { - Optional rowContent = globalContext.getFileContent(fileName); - if (rowContent.isEmpty()) { - globalContext.addMessage(fileName, ErrorLevel.ERROR, ErrorMessagesFormatBuilder - .getErrorWithParameters(ERROR_CODE_YML_1, Messages - .INVALID_YAML_FORMAT_REASON.getErrorMessage(), - Messages.EMPTY_YAML_FILE.getErrorMessage())); - return; /* no need to continue validation */ + files.forEach(fileName -> validate(fileName, globalContext)); } - try { - convert(rowContent.get(), Map.class); - } catch (Exception exception) { + private void validate(String fileName, GlobalValidationContext globalContext) { + Optional rowContent = globalContext.getFileContent(fileName); + if (rowContent.isEmpty()) { + globalContext.addMessage(fileName, ErrorLevel.ERROR, ErrorMessagesFormatBuilder + .getErrorWithParameters(ERROR_CODE_YML_1, Messages + .INVALID_YAML_FORMAT_REASON.getErrorMessage(), + Messages.EMPTY_YAML_FILE.getErrorMessage())); + return; /* no need to continue validation */ + } + + try (var yamlContent = rowContent.get()) { + Constructor constructor = new StrictMapAppenderConstructor(Map.class); + constructor.setAllowDuplicateKeys(false); + constructor.setPropertyUtils(new MyPropertyUtils()); + TypeDescription yamlFileDescription = new TypeDescription(Map.class); + constructor.addTypeDescription(yamlFileDescription); + LoaderOptions options = new LoaderOptions(); + options.setAllowDuplicateKeys(false); + //No Yaml Constructor takes only Constructor and LoaderOptions, that is why I had to pass anonymous Representer and DumperOptions objects + Object yamlObj = new Yaml(constructor, new Representer(), new DumperOptions(), options).load(yamlContent); - globalContext.addMessage(fileName, ErrorLevel.ERROR, ErrorMessagesFormatBuilder - .getErrorWithParameters(ERROR_CODE_YML_2, Messages - .INVALID_YAML_FORMAT_REASON.getErrorMessage(), - YamlValidatorUtil.getParserExceptionReason(exception))); + if (yamlObj == null) { + throw new Exception(); + } + } catch (Exception exception) { + globalContext.addMessage(fileName, ErrorLevel.ERROR, ErrorMessagesFormatBuilder + .getErrorWithParameters(ERROR_CODE_YML_2, Messages + .INVALID_YAML_FORMAT_REASON.getErrorMessage(), + YamlValidatorUtil.getParserExceptionReason(exception))); + } } - } - private T convert(InputStream content, Class type) { - return new YamlUtil().yamlToObject(content, type); - } } diff --git a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/namingconvention/NeutronPortNamingConventionValidator.java b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/namingconvention/NeutronPortNamingConventionValidator.java index b3d346177b..760c73a52b 100644 --- a/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/namingconvention/NeutronPortNamingConventionValidator.java +++ b/openecomp-be/lib/openecomp-sdc-validation-lib/openecomp-sdc-validation-impl/src/main/java/org/openecomp/sdc/validation/impl/validators/namingconvention/NeutronPortNamingConventionValidator.java @@ -30,146 +30,114 @@ import org.openecomp.sdc.validation.ValidationContext; import org.openecomp.sdc.validation.type.NamingConventionValidationContext; import org.openecomp.sdc.validation.util.ValidationUtil; +import java.util.Arrays; import java.util.List; import java.util.Map; import static java.util.Objects.nonNull; public class NeutronPortNamingConventionValidator implements ResourceValidator { - private static final ErrorMessageCode ERROR_CODE_NNP1 = new ErrorMessageCode("NNP1"); - private static final ErrorMessageCode ERROR_CODE_NNP2 = new ErrorMessageCode("NNP2"); - private static final ErrorMessageCode ERROR_CODE_NNP3 = new ErrorMessageCode("NNP3"); - - @Override - public void validate(String fileName, Map.Entry resourceEntry, - GlobalValidationContext globalContext, ValidationContext validationContext) { - - NamingConventionValidationContext namingConventionValidationContext = - (NamingConventionValidationContext)validationContext; - validatePortNetworkNamingConvention(fileName, namingConventionValidationContext.getHeatOrchestrationTemplate(), - globalContext); - validateFixedIpsNamingConvention(fileName, namingConventionValidationContext.getHeatOrchestrationTemplate(), - globalContext); - } - - private void validatePortNetworkNamingConvention(String fileName, - HeatOrchestrationTemplate heatOrchestrationTemplate, - GlobalValidationContext globalContext) { - if (MapUtils.isEmpty(heatOrchestrationTemplate.getResources())) { - return; + private static final ErrorMessageCode ERROR_CODE_NNP1 = new ErrorMessageCode("NNP1"); + private static final ErrorMessageCode ERROR_CODE_NNP2 = new ErrorMessageCode("NNP2"); + private static final ErrorMessageCode ERROR_CODE_NNP3 = new ErrorMessageCode("NNP3"); + + @Override + public void validate(String fileName, Map.Entry resourceEntry, + GlobalValidationContext globalContext, ValidationContext validationContext) { + NamingConventionValidationContext namingConventionValidationContext = (NamingConventionValidationContext) validationContext; + validatePortNetworkNamingConvention(fileName, namingConventionValidationContext.getHeatOrchestrationTemplate(), globalContext); + validateFixedIpsNamingConvention(fileName, namingConventionValidationContext.getHeatOrchestrationTemplate(), globalContext); } - String[] regexList = {".*_net_id", ".*_net_name", ".*_net_fqdn"}; - - heatOrchestrationTemplate - .getResources() - .entrySet() - .stream() - .filter(entry -> entry.getValue().getType() - .equals(HeatResourcesTypes.NEUTRON_PORT_RESOURCE_TYPE.getHeatResource())) - .forEach(entry -> entry.getValue() - .getProperties() - .entrySet() - .stream() - .filter(propertyEntry -> - ("network").equalsIgnoreCase(propertyEntry.getKey()) - || ("network_id").equals(propertyEntry.getKey())) - .forEach(propertyEntry -> validateParamNamingConvention(fileName, entry.getKey(), - propertyEntry.getValue(), regexList, - Messages.PARAMETER_NAME_NOT_ALIGNED_WITH_GUIDELINES, globalContext))); - } - private void validateFixedIpsNamingConvention(String fileName, - HeatOrchestrationTemplate heatOrchestrationTemplate, - GlobalValidationContext globalContext) { - if (MapUtils.isEmpty(heatOrchestrationTemplate.getResources())) { - return; + private void validatePortNetworkNamingConvention(String fileName, + HeatOrchestrationTemplate heatOrchestrationTemplate, + GlobalValidationContext globalContext) { + if (MapUtils.isEmpty(heatOrchestrationTemplate.getResources())) { + return; + } + String[] regexList = {".*_net_id", ".*_net_name", ".*_net_fqdn"}; + + heatOrchestrationTemplate + .getResources() + .entrySet() + .stream() + .filter(entry -> entry.getValue().getType().equals(HeatResourcesTypes.NEUTRON_PORT_RESOURCE_TYPE.getHeatResource())) + .forEach(entry -> entry.getValue() + .getProperties() + .entrySet() + .stream() + .filter(propertyEntry -> ("network").equalsIgnoreCase(propertyEntry.getKey()) || ("network_id").equals(propertyEntry.getKey())) + .forEach(propertyEntry -> validateParamNamingConvention(fileName, entry.getKey(), + propertyEntry.getValue(), regexList, + Messages.PARAMETER_NAME_NOT_ALIGNED_WITH_GUIDELINES, globalContext))); } - heatOrchestrationTemplate.getResources() - .entrySet() - .stream() - .filter(entry -> HeatResourcesTypes.findByHeatResource(entry.getValue().getType()) != null) - .filter(entry -> HeatResourcesTypes.findByHeatResource(entry.getValue().getType()) - .equals(HeatResourcesTypes.NEUTRON_PORT_RESOURCE_TYPE)) - .forEach(entry -> checkNeutronPortFixedIpsName(fileName, entry, globalContext)); - } - - private void checkNeutronPortFixedIpsName(String fileName, - Map.Entry resourceEntry, - GlobalValidationContext globalContext) { - String[] regexList = {"[^_]+_[^_]+_ips", "[^_]+_[^_]+_v6_ips", "[^_]+_[^_]+_ip_(\\d+)", - "[^_]+_[^_]+_v6_ip_(\\d+)", "[^_]+_[^_]+_[^_]+_ips", "[^_]+_[^_]+_[^_]+_v6_ips", - "[^_]+_[^_]+_[^_]+_ip_(\\d+)", "[^_]+_[^_]+_[^_]+_v6_ip_(\\d+)"}; + private void validateFixedIpsNamingConvention(String fileName, + HeatOrchestrationTemplate heatOrchestrationTemplate, + GlobalValidationContext globalContext) { + if (MapUtils.isEmpty(heatOrchestrationTemplate.getResources())) { + return; + } - if (MapUtils.isEmpty(resourceEntry.getValue().getProperties())) { - return; + heatOrchestrationTemplate.getResources() + .entrySet() + .stream() + .filter(entry -> HeatResourcesTypes.findByHeatResource(entry.getValue().getType()) != null) + .filter(entry -> HeatResourcesTypes.findByHeatResource(entry.getValue().getType()) + .equals(HeatResourcesTypes.NEUTRON_PORT_RESOURCE_TYPE)) + .forEach(entry -> checkNeutronPortFixedIpsName(fileName, entry, globalContext)); } - Map propertiesMap = resourceEntry.getValue().getProperties(); - Object fixedIps = propertiesMap.get("fixed_ips"); - if (nonNull(fixedIps) && fixedIps instanceof List) { - List fixedIpsList = (List) fixedIps; - for (Object fixedIpsObject : fixedIpsList) { - Map.Entry fixedIpsEntry = - ((Map) fixedIpsObject).entrySet().iterator().next(); - - validateFixedIpsName(fileName, resourceEntry, globalContext, regexList, fixedIpsEntry); + private void checkNeutronPortFixedIpsName(String fileName, + Map.Entry resourceEntry, + GlobalValidationContext globalContext) { + String[] regexList = {"[^_]+_[^_]+_ips", "[^_]+_[^_]+_v6_ips", "[^_]+_[^_]+_ip_(\\d+)", + "[^_]+_[^_]+_v6_ip_(\\d+)", "[^_]+_[^_]+_[^_]+_ips", "[^_]+_[^_]+_[^_]+_v6_ips", + "[^_]+_[^_]+_[^_]+_ip_(\\d+)", "[^_]+_[^_]+_[^_]+_v6_ip_(\\d+)"}; + if (MapUtils.isEmpty(resourceEntry.getValue().getProperties())) { + return; + } - } + Map propertiesMap = resourceEntry.getValue().getProperties(); + Object fixedIps = propertiesMap.get("fixed_ips"); + if (nonNull(fixedIps) && fixedIps instanceof List) { + List fixedIpsList = (List) fixedIps; + for (Object fixedIpsObject : fixedIpsList) { + Map.Entry fixedIpsEntry = ((Map) fixedIpsObject).entrySet().iterator().next(); + validateFixedIpsName(fileName, resourceEntry, globalContext, regexList, fixedIpsEntry); + } + } } - } - - private void validateFixedIpsName(String fileName, Map.Entry resourceEntry, - GlobalValidationContext globalContext, - String[] regexList, Map.Entry fixedIpsEntry) { - if (nonNull(fixedIpsEntry)) { - if (fixedIpsEntry.getValue() instanceof Map) { - - String fixedIpsName = ValidationUtil - .getWantedNameFromPropertyValueGetParam(fixedIpsEntry.getValue()); - if (nonNull(fixedIpsName) && !ValidationUtil.evalPattern(fixedIpsName, regexList)) { - globalContext.addMessage(fileName, ErrorLevel.WARNING, ErrorMessagesFormatBuilder.getErrorWithParameters(ERROR_CODE_NNP1, Messages.PARAMETER_NAME_NOT_ALIGNED_WITH_GUIDELINES.getErrorMessage(), - "Port", "Fixed_IPS", fixedIpsName, resourceEntry.getKey())); - } - - - } else { - globalContext.addMessage( - fileName, - ErrorLevel.WARNING, ErrorMessagesFormatBuilder - .getErrorWithParameters( - ERROR_CODE_NNP2, Messages.MISSING_GET_PARAM.getErrorMessage(), - "fixed_ips", resourceEntry.getKey())); - } + private void validateFixedIpsName(String fileName, Map.Entry resourceEntry, GlobalValidationContext globalContext, + String[] regexList, Map.Entry fixedIpsEntry) { + if (nonNull(fixedIpsEntry)) { + if (fixedIpsEntry.getValue() instanceof Map) { + String fixedIpsName = ValidationUtil.getWantedNameFromPropertyValueGetParam(fixedIpsEntry.getValue()); + if (nonNull(fixedIpsName) && !ValidationUtil.evalPattern(fixedIpsName, regexList)) { + globalContext.addMessage(fileName, ErrorLevel.WARNING, ErrorMessagesFormatBuilder + .getErrorWithParameters(ERROR_CODE_NNP1, Messages.PARAMETER_NAME_NOT_ALIGNED_WITH_GUIDELINES.getErrorMessage(), + "Port", "Fixed_IPS", fixedIpsName, resourceEntry.getKey())); + } + } else { + globalContext.addMessage(fileName, ErrorLevel.WARNING, ErrorMessagesFormatBuilder. + getErrorWithParameters(ERROR_CODE_NNP2, Messages.MISSING_GET_PARAM.getErrorMessage(), "fixed_ips", resourceEntry.getKey())); + } + } } - } - private void validateParamNamingConvention(String fileName, String resourceId, - Object propertyValue, - String[] regexList, - Messages message, - GlobalValidationContext globalContext) { - Object paramName; - if (propertyValue instanceof Map) { - paramName = ((Map) propertyValue).get("get_param"); - if (paramName instanceof String && !ValidationUtil.evalPattern(paramName, regexList)) { - globalContext.addMessage( - fileName, - ErrorLevel.WARNING, ErrorMessagesFormatBuilder - .getErrorWithParameters(ERROR_CODE_NNP3, message.getErrorMessage(), "Port", - "Network", (String) paramName, resourceId)); + private void validateParamNamingConvention(String fileName, String resourceId, Object propertyValue, String[] regexList, + Messages message, GlobalValidationContext globalContext) { + if (propertyValue instanceof Map) { + Object paramName = ((Map) propertyValue).get("get_param"); + if (paramName instanceof String && !ValidationUtil.evalPattern(paramName, regexList)) { + globalContext.addMessage(fileName, ErrorLevel.WARNING, ErrorMessagesFormatBuilder + .getErrorWithParameters(ERROR_CODE_NNP3, message.getErrorMessage(), "Port", "Network", (String) paramName, resourceId)); + } + } else { + globalContext.addMessage(fileName, ErrorLevel.WARNING, ErrorMessagesFormatBuilder + .getErrorWithParameters(ERROR_CODE_NNP2, Messages.MISSING_GET_PARAM.getErrorMessage(), "network or network_id", resourceId)); } - - } else { - globalContext.addMessage( - fileName, - ErrorLevel.WARNING, - ErrorMessagesFormatBuilder - .getErrorWithParameters( - ERROR_CODE_NNP2, Messages.MISSING_GET_PARAM.getErrorMessage(), - "network or network_id", resourceId)); } - } } -- cgit 1.2.3-korg