diff options
author | vasraz <vasyl.razinkov@est.tech> | 2021-05-24 18:14:38 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2021-05-24 17:15:48 +0000 |
commit | df84b0585fefcefd0613e63e4af1c9802087397e (patch) | |
tree | ccdb2a1bf57d932f7070ab543ca5dd0aa9e3b21e | |
parent | 7f2e3520839a322f2c659bbf2501720a84bf0635 (diff) |
Fix Critical Security vulnerabilities
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I937fdeef64ad7ef60f6062e3c39879899ba4ecb7
Issue-ID: SDC-3572
-rw-r--r-- | pom.xml | 6 | ||||
-rw-r--r-- | security-util-lib/pom.xml | 14 | ||||
-rw-r--r-- | security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java | 4 |
3 files changed, 21 insertions, 3 deletions
@@ -127,6 +127,12 @@ <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter</artifactId> + <exclusions> + <exclusion> + <groupId>org.yaml</groupId> + <artifactId>snakeyaml</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.junit.jupiter</groupId> diff --git a/security-util-lib/pom.xml b/security-util-lib/pom.xml index edf71ef..82a1b7c 100644 --- a/security-util-lib/pom.xml +++ b/security-util-lib/pom.xml @@ -73,6 +73,14 @@ <groupId>log4j</groupId> <artifactId>log4j</artifactId> </exclusion> + <exclusion> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + </exclusion> + <exclusion> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + </exclusion> </exclusions> </dependency> @@ -159,6 +167,12 @@ <groupId>org.glassfish.jersey.ext</groupId> <artifactId>jersey-bean-validation</artifactId> <version>${jersey-bom.version}</version> + <exclusions> + <exclusion> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-validator</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.googlecode.json-simple</groupId> diff --git a/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java b/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java index 812537d..0bfaaaf 100644 --- a/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java +++ b/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java @@ -37,7 +37,7 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.onap.sdc.security.AuthenticationCookie; @@ -49,8 +49,6 @@ import org.onap.sdc.security.PortalClient; import org.onap.sdc.security.RedirectException; import org.onap.sdc.security.RepresentationUtils; import org.onap.sdc.security.RestrictionAccessFilterException; -import org.onap.sdc.security.logging.elements.LogFieldsMdcHandler; -import org.onap.sdc.security.logging.enums.EcompLoggerErrorCode; import org.onap.sdc.security.logging.wrappers.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; |