From df84b0585fefcefd0613e63e4af1c9802087397e Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Mon, 24 May 2021 18:14:38 +0100
Subject: Fix Critical Security vulnerabilities

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I937fdeef64ad7ef60f6062e3c39879899ba4ecb7
Issue-ID: SDC-3572
---
 pom.xml                                                    |  6 ++++++
 security-util-lib/pom.xml                                  | 14 ++++++++++++++
 .../onap/sdc/security/filters/RestrictionAccessFilter.java |  4 +---
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9f46236..e65028c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -127,6 +127,12 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
diff --git a/security-util-lib/pom.xml b/security-util-lib/pom.xml
index edf71ef..82a1b7c 100644
--- a/security-util-lib/pom.xml
+++ b/security-util-lib/pom.xml
@@ -73,6 +73,14 @@
                    <groupId>log4j</groupId>
                    <artifactId>log4j</artifactId>
                </exclusion>
+               <exclusion>
+                   <groupId>commons-io</groupId>
+                   <artifactId>commons-io</artifactId>
+               </exclusion>
+               <exclusion>
+                   <groupId>commons-beanutils</groupId>
+                   <artifactId>commons-beanutils</artifactId>
+               </exclusion>
            </exclusions>
        </dependency>
 
@@ -159,6 +167,12 @@
            <groupId>org.glassfish.jersey.ext</groupId>
            <artifactId>jersey-bean-validation</artifactId>
            <version>${jersey-bom.version}</version>
+           <exclusions>
+               <exclusion>
+                   <groupId>org.hibernate</groupId>
+                   <artifactId>hibernate-validator</artifactId>
+               </exclusion>
+           </exclusions>
        </dependency>
        <dependency>
            <groupId>com.googlecode.json-simple</groupId>
diff --git a/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java b/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java
index 812537d..0bfaaaf 100644
--- a/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java
+++ b/security-util-lib/src/main/java/org/onap/sdc/security/filters/RestrictionAccessFilter.java
@@ -37,7 +37,7 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.onap.sdc.security.AuthenticationCookie;
@@ -49,8 +49,6 @@ import org.onap.sdc.security.PortalClient;
 import org.onap.sdc.security.RedirectException;
 import org.onap.sdc.security.RepresentationUtils;
 import org.onap.sdc.security.RestrictionAccessFilterException;
-import org.onap.sdc.security.logging.elements.LogFieldsMdcHandler;
-import org.onap.sdc.security.logging.enums.EcompLoggerErrorCode;
 import org.onap.sdc.security.logging.wrappers.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
-- 
cgit 1.2.3-korg