summaryrefslogtreecommitdiffstats
path: root/security-util-lib/src
AgeCommit message (Collapse)AuthorFilesLines
2022-09-06Revert 'Fix security issues in SecurityUtil'vasraz1-101/+66
Reason for revert: this change make SDC code retro-incompatible because of 'every-time-generated-key' Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ieda243d2f83fa67cbd38f86cde7ff44775c3fc1c Issue-ID: SDC-4163
2021-05-24Fix Critical Security vulnerabilitiesvasraz1-3/+1
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I937fdeef64ad7ef60f6062e3c39879899ba4ecb7 Issue-ID: SDC-3572
2021-05-20Fix tests not running after junit5 upgradeandre.schmid1-1/+1
There was a conflict with the junit version in spring boot and the one in the project. With that, maven surefire plugin was not finding the tests. The org.onap.sdc.security.logging.wrappers.LoggerTest was also broken with a conflict with mockito and an undesirable powermock library from org.onap.portal.sdk:epsdk-fw artifact. There was also an incorrect assertion in the test. Issue-ID: SDC-3604 Signed-off-by: André Schmid <andre.schmid@est.tech> Change-Id: Ieacedaa9c5204c2eab6ee96870f9b7726e06fc43
2021-04-30Vulnerable packages updateChrisC17-60/+58
Update SDC-BE-COMMON to new version 1.6.1 Update several packages to the seccom recommended version updated tests to JUNIT5 Issue-ID: SDC-3572 Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: Ibf26663aac0e3de6a36df4c723baa963206cc1b7
2020-08-12Call "Optional#isPresent()" before accessing the value in PortalClientNeil Derraugh3-63/+80
- Fixed unchecked instances of Optional - Added a comment describing my understanding of the intent of the areUserRolesChanged method Issue-ID: SDC-3101 Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com> Change-Id: I7328fc291df62ad9a4789a5640fc3cb46418bdd5 Signed-off-by: sebdet <sebastien.determe@intl.att.com>
2020-05-31Upgrade Junit to 5.6Neil Derraugh18-398/+426
- Update @Before -> @BeforeEach, @After -> @AfterEach - Update Mockito usage - Update assertThrows so not to expect exceptions Issue-ID: SDC-3078 Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com> Change-Id: I0b1056698767c4b060e243bbda799253072b4b55
2020-05-31Merge "Fix security issue in CipherUtil"Ofir Sonsino2-11/+17
2020-05-21Add unit test for SecurityLogsUtilsm.kowalski31-0/+44
Issue-ID: SDC-2327 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: I9e235cb0569c29b4b0f8237fed3538758f4d8bf7
2020-05-19Fix security issue in CipherUtilNeil Derraugh2-11/+17
- Specified mode and padding to address risky algorithm Issue-ID: SDC-2976 Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com> Change-Id: I3a2344f3d4a14ad7cb7e01a68148858147a41427
2020-05-19Add unit test for StatusCodem.kowalski31-0/+39
Issue-ID: SDC-2327 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: Ib3f1a672b07c38a7c4252624ff9e68fe35d0947e
2020-05-18Merge "Add unit test for EcompLoggerErrorCode"Ofir Sonsino1-0/+52
2020-05-18Add unit test for EcompLoggerErrorCodem.kowalski31-0/+52
Issue-ID: SDC-2327 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: I38ea3b9d037a4fca633333a26c105df87f511bd4
2020-05-18Merge "Add unit test for Severity"Ofir Sonsino1-0/+39
2020-05-14Add unit test for Severitym.kowalski31-0/+39
Issue-ID: SDC-2327 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: Ie2120686736c0dc8ceb1f44f39f7e3ac5715c09a
2020-05-13Add unit test for LoggerSupportabilityActionsm.kowalski31-0/+46
Issue-ID: SDC-2327 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: Ie89baf783a5a6508182bd910f745abcf4b65d70d
2020-04-27Fix security issues in SecurityUtilNeil Derraugh1-70/+96
- Removed hard coded key - Specified mode and padding to address risky algorithm Issue-ID: SDC-2975 Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com> Change-Id: I3360c0ace0ae49571294b8e8c160f0415c578d36
2020-01-30Add test cases for security-util-libgummar2-0/+253
Test files added for a. LoggerSdcAudit.java b. LoggerSdcUtilBase.java Issue-ID: SDC-2736 Change-Id: I9a6ef40e85cfa7efebcd672bdb393316709442d9 Signed-off-by: gummar <raj.gumma@est.tech>
2020-01-29Add test cases for security-util-libgummar2-0/+864
Test files added for a. Logger.java b. LogFieldsMdcHandler.java Issue-ID: SDC-2736 Change-Id: Ifbd4ba51a6d423b515d9dedf3be5c97befff0651 Signed-off-by: gummar <raj.gumma@est.tech>
2019-12-05Fix Sonar issuesshrek20001-9/+6
Public class variable fields do not respect the ncapsulation principle https://sonar.onap.org/project/issues?id=org.onap.sdc.sdc-be-common%3Asdc-be-common-parent%3Amaster&open=AW6fpbQilnf4Fh92BMWX&resolved=false&types=VULNERABILITY Issue-ID: SDC-2697 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: I82f9aa980d8a2eb283a11c05a86095a27fad71ab Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
2019-12-01Merge "Fix Sonar issues"Ofir Sonsino1-69/+84
2019-11-28Merge "Fix Sonar issues"Ilana Paktor1-2/+2
2019-11-28Merge "Fix Sonar issues"Ilana Paktor1-30/+4
2019-11-28Fix Sonar issuesshrek20001-69/+84
Fix usage of deprecated warn API. Issue-ID: SDC-2697 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: I0dcf89330c09f09a7436efb81a9b40e6ae001d73
2019-11-28Unit testshrek20001-32/+8
Improve code coverage by using lombok Issue-ID: SDC-2690 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: I3f8fe1261a79886baf3dd5208822d68d95e5c001
2019-11-28Fix Sonar issuesshrek20001-30/+4
lombok helps to increase code coverage Issue-ID: SDC-2690 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: I076c200befe2c1c887db81fe6db8e00af3556f36
2019-11-28Fix Sonar issuesshrek20001-9/+9
There is no requirement that class names be unique, only that they be unique within a package. Therefore trying to determine an object's type based on its class name is an exercise fraught with danger. One of those dangers is that a malicious user will send objects of the same name as the trusted class and thereby gain trusted access. Instead, the instanceof operator or the Class.isAssignableFrom() method should be used to check the object's underlying type. Issue-ID: SDC-2697 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: Ie4fd94618135b425a7e505992649f1a6384b0f98 Signed-off-by: shrek2000 <oren.kleks@amdocs.com>
2019-11-28Fix Sonar issuesshrek20001-2/+2
When arithmetic is performed on integers, the result will always be an integer. You can assign that result to a long, double, or float with automatic type conversion, but having started as an int or long, the result will likely not be what you expect. For instance, if the result of int division is assigned to a floating-point variable, precision will have been lost before the assignment. Likewise, if the result of multiplication is assigned to a long, it may have already overflowed before the assignment. In either case, the result will not be what was expected. Instead, at least one operand should be cast or promoted to the final type before the operation takes place. Issue-ID: SDC-2690 Signed-off-by: shrek2000 <oren.kleks@amdocs.com> Change-Id: I3ef06e48b02a73753a824076d3a9de8b585f2917
2019-11-21add security-util-lib to OnapYuli Shlosberg56-0/+7102
This lib provides security layer filters and mainly used in sdc project. It base on third party projects e.g. Cadi and Portal Issue-ID: SDC-2656 Signed-off-by: Yuli Shlosberg <ys9693@att.com> Change-Id: Iae1a78f0960386e9bdc0994fbac09a24e041cb54