From 9ee60949d3ceca3ab1fcf47c9214f7bf6baf89c6 Mon Sep 17 00:00:00 2001 From: amohamad Date: Fri, 26 Jun 2020 12:40:11 -0400 Subject: Upgrade Vulnerable Direct Dependencies [log4j] Signed-off-by: amohamad Issue-ID: SDC-3051 Upgrade from the vulnerable log4j 1.x to log4j 2.13.1 Add a log4j version property in sdc-main pom.xml Add two maven dependencies to respective child pom.xml Change name of log4j .properties and .xml config files to reflect log4j2 naming Update the configuration files to the totally new log4j 2 config syntax Replace PropertyConfigurator with LoggerContext Remove the abandoned log4j.lf5.util.ResourceUtils Signed-off-by: amohamad Change-Id: Ie0f141eb2e0337ee5b63b61dc1395ccd8040558d --- .../org/openecomp/sdc/ci/tests/api/ComponentBaseTest.java | 5 +++-- .../sdc/ci/tests/execute/lifecycle/LCSbaseTest.java | 4 ++-- .../sdc/ci/tests/execute/product/ProductTestBase.java | 4 ++-- .../sdc/ci/tests/preRequisites/DownloadArtifactBaseTest.java | 4 ++-- .../ci/tests/preRequisites/SimpleOneRsrcOneServiceTest.java | 4 ++-- .../main/java/org/openecomp/sdc/ci/tests/run/StartTest.java | 11 ++++++++--- .../org/openecomp/sdc/ci/tests/run/StartTest2backup.java | 12 ++++++++---- .../main/java/org/openecomp/sdc/ci/tests/utils/Utils.java | 5 +++-- .../openecomp/sdc/ci/tests/utils/rest/ResponseParser.java | 5 +++-- .../sdc/ci/tests/utils/validation/AuditValidationUtils.java | 7 ++++--- .../ci/tests/utils/validation/ProductValidationUtils.java | 5 +++-- 11 files changed, 40 insertions(+), 26 deletions(-) (limited to 'test-apis-ci/src/main/java') diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/api/ComponentBaseTest.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/api/ComponentBaseTest.java index 8f6d9db4c2..beef13afc6 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/api/ComponentBaseTest.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/api/ComponentBaseTest.java @@ -26,7 +26,8 @@ import com.aventstack.extentreports.ExtentTest; import com.aventstack.extentreports.Status; import org.janusgraph.core.JanusGraph; import org.apache.commons.collections.CollectionUtils; -import org.apache.log4j.Logger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.junit.rules.TestName; import org.openecomp.sdc.be.datatypes.enums.ComponentTypeEnum; import org.openecomp.sdc.be.datatypes.enums.ResourceTypeEnum; @@ -62,7 +63,7 @@ import static org.testng.AssertJUnit.assertNotNull; public abstract class ComponentBaseTest { - protected static Logger logger = Logger.getLogger(ComponentBaseTest.class); + protected static Logger logger = LogManager.getLogger(ComponentBaseTest.class); protected static final String REPORT_FOLDER = "." + File.separator + "ExtentReport" + File.separator; private static final String VERSIONS_INFO_FILE_NAME = "versions.info"; diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/lifecycle/LCSbaseTest.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/lifecycle/LCSbaseTest.java index 358e425cc5..b623aea33b 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/lifecycle/LCSbaseTest.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/lifecycle/LCSbaseTest.java @@ -20,7 +20,7 @@ package org.openecomp.sdc.ci.tests.execute.lifecycle; -import org.apache.log4j.lf5.util.ResourceUtils; + import org.junit.rules.TestName; import org.openecomp.sdc.be.datatypes.enums.ComponentTypeEnum; import org.openecomp.sdc.be.model.LifecycleStateEnum; @@ -71,7 +71,7 @@ public abstract class LCSbaseTest extends ComponentBaseTest { protected ArtifactReqDetails heatNetArtifactDetails; protected ArtifactReqDetails defaultArtifactDetails; - protected ResourceUtils resourceUtils; + protected ArtifactUtils artifactUtils; // protected static ServiceUtils serviceUtils = new ServiceUtils(); diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/product/ProductTestBase.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/product/ProductTestBase.java index fd59f8ed33..2b62a558ab 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/product/ProductTestBase.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/execute/product/ProductTestBase.java @@ -20,7 +20,7 @@ package org.openecomp.sdc.ci.tests.execute.product; -import org.apache.log4j.lf5.util.ResourceUtils; + import org.junit.Before; import org.junit.rules.TestName; import org.openecomp.sdc.be.datatypes.enums.ComponentTypeEnum; @@ -53,7 +53,7 @@ public class ProductTestBase extends ProductBaseTest { protected User sdncUserDetails; protected ArtifactReqDetails heatArtifactDetails; protected ArtifactReqDetails defaultArtifactDetails; - protected ResourceUtils resourceUtils; + protected ArtifactUtils artifactUtils; protected Resource resource; protected Service service; diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/DownloadArtifactBaseTest.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/DownloadArtifactBaseTest.java index a512206035..b02f211767 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/DownloadArtifactBaseTest.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/DownloadArtifactBaseTest.java @@ -20,7 +20,7 @@ package org.openecomp.sdc.ci.tests.preRequisites; -import org.apache.log4j.lf5.util.ResourceUtils; + import org.junit.rules.TestName; import org.openecomp.sdc.be.datatypes.enums.ComponentTypeEnum; import org.openecomp.sdc.be.model.Service; @@ -53,7 +53,7 @@ public class DownloadArtifactBaseTest extends ComponentBaseTest { protected ArtifactReqDetails heatArtifactDetails; protected ArtifactReqDetails defaultArtifactDetails; - protected ResourceUtils resourceUtils; + protected ArtifactUtils artifactUtils; protected Service service; diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/SimpleOneRsrcOneServiceTest.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/SimpleOneRsrcOneServiceTest.java index 319109a604..913b2852ac 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/SimpleOneRsrcOneServiceTest.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/preRequisites/SimpleOneRsrcOneServiceTest.java @@ -20,7 +20,7 @@ package org.openecomp.sdc.ci.tests.preRequisites; -import org.apache.log4j.lf5.util.ResourceUtils; + import org.junit.rules.TestName; import org.openecomp.sdc.be.model.User; import org.openecomp.sdc.ci.tests.api.ComponentBaseTest; @@ -57,7 +57,7 @@ public abstract class SimpleOneRsrcOneServiceTest extends ComponentBaseTest { protected User sdncDesignerDetails; protected ArtifactReqDetails defaultArtifactDetails; - protected ResourceUtils resourceUtils; + protected ArtifactUtils artifactUtils; protected Utils utils; diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest.java index c1a4e39905..4bd8f58a08 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest.java @@ -20,7 +20,9 @@ package org.openecomp.sdc.ci.tests.run; -import org.apache.log4j.PropertyConfigurator; + +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.core.LoggerContext; import org.openecomp.sdc.ci.tests.config.Config; import org.openecomp.sdc.ci.tests.utils.Utils; import org.slf4j.Logger; @@ -99,14 +101,17 @@ public class StartTest { String log4jPropsFile = System.getProperty("log4j.configuration"); if (System.getProperty("os.name").contains("Windows")) { - String logProps = "src/main/resources/ci/conf/log4j.properties"; + String logProps = "src/main/resources/ci/conf/log4j2.properties"; if (log4jPropsFile == null) { System.setProperty("targetlog", "target/"); log4jPropsFile = logProps; } } - PropertyConfigurator.configureAndWatch(log4jPropsFile); + + LoggerContext context = (org.apache.logging.log4j.core.LoggerContext) LogManager.getContext(false); + File file = new File(log4jPropsFile); + context.setConfigLocation(file.toURI()); } } diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest2backup.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest2backup.java index bb53610802..cbaf8be40b 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest2backup.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/run/StartTest2backup.java @@ -20,7 +20,9 @@ package org.openecomp.sdc.ci.tests.run; -import org.apache.log4j.PropertyConfigurator; + +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.core.LoggerContext; import org.junit.runner.JUnitCore; import org.junit.runner.Result; import org.junit.runner.notification.Failure; @@ -113,15 +115,17 @@ public class StartTest2backup { String log4jPropsFile = System.getProperty("log4j.configuration"); if (System.getProperty("os.name").contains("Windows")) { - String logProps = "src/main/resources/ci/conf/log4j.properties"; + String logProps = "src/main/resources/ci/conf/log4j2.properties"; if (log4jPropsFile == null) { System.setProperty("targetlog", "target/"); log4jPropsFile = logProps; } } - PropertyConfigurator.configureAndWatch(log4jPropsFile); - + + LoggerContext context = (org.apache.logging.log4j.core.LoggerContext) LogManager.getContext(false); + File file = new File(log4jPropsFile); + context.setConfigLocation(file.toURI()); } } diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/Utils.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/Utils.java index ea6ef62618..73e99011c3 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/Utils.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/Utils.java @@ -25,7 +25,8 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; import org.apache.commons.lang3.StringUtils; -import org.apache.log4j.Logger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.openecomp.sdc.be.model.Component; import org.openecomp.sdc.ci.tests.config.Config; import org.openecomp.sdc.ci.tests.datatypes.ServiceReqDetails; @@ -54,7 +55,7 @@ public final class Utils { Gson gson = new Gson(); - static Logger logger = Logger.getLogger(Utils.class.getName()); + static Logger logger = LogManager.getLogger(Utils.class); String contentTypeHeaderData = "application/json"; String acceptHeaderDate = "application/json"; diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/rest/ResponseParser.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/rest/ResponseParser.java index 30e54d3914..5254db84fa 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/rest/ResponseParser.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/rest/ResponseParser.java @@ -56,7 +56,8 @@ import com.fasterxml.jackson.databind.exc.InvalidFormatException; import com.fasterxml.jackson.databind.module.SimpleModule; import com.google.gson.*; import org.apache.commons.codec.binary.Base64; -import org.apache.log4j.Logger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.json.JSONArray; import org.json.JSONException; import org.json.simple.JSONObject; @@ -118,7 +119,7 @@ public class ResponseParser { public static final String ORIGIN_TYPE = "originType"; public static final String TOSCA_RESOURCE_NAME = "toscaResourceName"; - static Logger logger = Logger.getLogger(ResponseParser.class.getName()); + static Logger logger = LogManager.getLogger(ResponseParser.class); public static String getValueFromJsonResponse(String response, String fieldName) { try { diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/AuditValidationUtils.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/AuditValidationUtils.java index 06dbc12a99..1758fce232 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/AuditValidationUtils.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/AuditValidationUtils.java @@ -22,7 +22,8 @@ package org.openecomp.sdc.ci.tests.utils.validation; import com.datastax.driver.core.ColumnDefinitions; import com.datastax.driver.core.Row; -import org.apache.log4j.Logger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.codehaus.jettison.json.JSONArray; import org.codehaus.jettison.json.JSONException; import org.codehaus.jettison.json.JSONObject; @@ -64,14 +65,14 @@ import static org.testng.AssertJUnit.assertEquals; import static org.testng.AssertJUnit.assertTrue; public class AuditValidationUtils { - protected static Logger logger = Logger.getLogger(AuditValidationUtils.class.getName()); + protected static Logger logger = LogManager.getLogger(AuditValidationUtils.class); private static final String auditKeySpaceName = "sdcaudit"; public AuditValidationUtils() { super(); StartTest.enableLogger(); - logger = Logger.getLogger(AuditValidationUtils.class.getName()); + logger = LogManager.getLogger(AuditValidationUtils.class); } diff --git a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/ProductValidationUtils.java b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/ProductValidationUtils.java index 18c9f9f4c0..f2ef0826f2 100644 --- a/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/ProductValidationUtils.java +++ b/test-apis-ci/src/main/java/org/openecomp/sdc/ci/tests/utils/validation/ProductValidationUtils.java @@ -20,7 +20,8 @@ package org.openecomp.sdc.ci.tests.utils.validation; -import org.apache.log4j.Logger; +import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.json.simple.JSONArray; import org.json.simple.JSONObject; import org.json.simple.JSONValue; @@ -43,7 +44,7 @@ import static org.testng.AssertJUnit.*; public class ProductValidationUtils { - static Logger logger = Logger.getLogger(ProductValidationUtils.class.getName()); + static Logger logger = LogManager.getLogger(ProductValidationUtils.class); public static void compareExpectedAndActualProducts(Product expectedProduct, Product actualProduct) { compareExpectedAndActualProducts(expectedProduct, actualProduct, null); -- cgit 1.2.3-korg