diff options
| author |   waqas.ikram <waqas.ikram@est.tech> | 2021-08-05 16:10:22 +0100 |
|---|---|---|
| committer | waqas.ikram <waqas.ikram@est.tech> | 2021-08-06 16:31:32 +0100 |
| commit | 3e571ecf69e1521f30ee8c7b8a31373c41cf6dda (patch) | |
| tree | c7e3077edca970a57cc6359218fac6e367685cfb | |
| parent | cf5385bbb71c92bc3ea6864a5e4f4d1fccb1ddc7 (diff) | |
Fixing vulnerabilities
Change-Id: I5d8df0acb99fcb1b4bd4a626ef047bd90ecc7b18
Issue-ID: SO-3728
Signed-off-by: waqas.ikram <waqas.ikram@est.tech>
5 files changed, 85 insertions, 78 deletions
@@ -18,19 +18,11 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <version-swagger-codegen>2.3.1</version-swagger-codegen> - <gson-fire-version>1.8.2</gson-fire-version> - <retrofit-version>2.3.0</retrofit-version> - <threetenbp-version>1.3.5</threetenbp-version> - <oltu-version>1.0.1</oltu-version> <swagger-core-version>1.5.15</swagger-core-version> - <okhttp3-version>3.14.0</okhttp3-version> - <okhttp-version>2.7.5</okhttp-version> - <okio-version>1.13.0</okio-version> <jaxb-api>2.3.0</jaxb-api> <snakeyaml-version>0.11</snakeyaml-version> <hamcrest-version>2.2</hamcrest-version> <equalsverifier-version>3.4.1</equalsverifier-version> - <springframework-wiremock-version>1.2.4.RELEASE</springframework-wiremock-version> <so-core-version>1.8.0-SNAPSHOT</so-core-version> <so-etsi-sol003-adapter-version>1.8.1-SNAPSHOT</so-etsi-sol003-adapter-version> </properties> diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml index cdf4dff..c61e2aa 100644 --- a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml @@ -24,12 +24,13 @@ <configuration> <inputSpec>${basedir}/src/main/resources/SOL005-NSLifecycleManagement-API.json</inputSpec> <language>java</language> - <library>okhttp-gson</library> <output>${project.build.directory}/generated-sources/so-etsi-nfvo-ns-lcm-api</output> <apiPackage>org.onap.so.etsi.nfvo.ns.lcm.api</apiPackage> <modelPackage>org.onap.so.etsi.nfvo.ns.lcm.model</modelPackage> <generateApiTests>false</generateApiTests> <generateModelTests>false</generateModelTests> + <generateApis>false</generateApis> + <generateSupportingFiles>false</generateSupportingFiles> <configOptions> <sourceFolder>src/gen/java/main</sourceFolder> <withXml>true</withXml> @@ -98,74 +99,10 @@ <version>${swagger-core-version}</version> </dependency> <dependency> - <groupId>com.squareup.retrofit2</groupId> - <artifactId>converter-gson</artifactId> - <version>${retrofit-version}</version> - </dependency> - <dependency> - <groupId>com.squareup.retrofit2</groupId> - <artifactId>retrofit</artifactId> - <version>${retrofit-version}</version> - </dependency> - <dependency> - <groupId>com.squareup.retrofit2</groupId> - <artifactId>converter-scalars</artifactId> - <version>${retrofit-version}</version> - </dependency> - <dependency> - <groupId>org.apache.oltu.oauth2</groupId> - <artifactId>org.apache.oltu.oauth2.client</artifactId> - <version>${oltu-version}</version> - </dependency> - <dependency> - <groupId>io.gsonfire</groupId> - <artifactId>gson-fire</artifactId> - <version>${gson-fire-version}</version> - </dependency> - <dependency> - <groupId>org.threeten</groupId> - <artifactId>threetenbp</artifactId> - <version>${threetenbp-version}</version> - </dependency> - <dependency> - <groupId>io.reactivex.rxjava2</groupId> - <artifactId>rxjava</artifactId> - </dependency> - <dependency> - <groupId>com.squareup.retrofit2</groupId> - <artifactId>adapter-rxjava2</artifactId> - <version>${retrofit-version}</version> - </dependency> - <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> </dependency> <dependency> - <groupId>com.squareup.okio</groupId> - <artifactId>okio</artifactId> - <version>${okio-version}</version> - </dependency> - <dependency> - <groupId>com.squareup.okhttp3</groupId> - <artifactId>okhttp</artifactId> - <version>${okhttp3-version}</version> - </dependency> - <dependency> - <groupId>com.squareup.okhttp3</groupId> - <artifactId>logging-interceptor</artifactId> - <version>${okhttp3-version}</version> - </dependency> - <dependency> - <groupId>com.squareup.okhttp</groupId> - <artifactId>logging-interceptor</artifactId> - <version>${okhttp-version}</version> - </dependency> - <dependency> - <groupId>com.squareup.okhttp</groupId> - <artifactId>okhttp</artifactId> - <version>${okhttp-version}</version> - </dependency> - <dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> </dependency> diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml index c2f7ebd..679eb1c 100644 --- a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml @@ -113,7 +113,6 @@ <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-contract-wiremock</artifactId> - <version>${springframework-wiremock-version}</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> @@ -124,6 +123,16 @@ <groupId>org.onap.so</groupId> <artifactId>common</artifactId> <version>${so-core-version}</version> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-catalina</artifactId> + </exclusion> + </exclusions> </dependency> </dependencies> </project>
\ No newline at end of file diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java index 31961d5..24604cf 100644 --- a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java @@ -20,11 +20,12 @@ package org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows; import java.time.LocalDateTime; -import org.onap.so.etsi.nfvo.ns.lcm.JSON; +import java.time.OffsetDateTime; import org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows.utils.LocalDateTimeTypeAdapter; +import org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows.utils.OffsetDateTimeTypeAdapter; import org.springframework.stereotype.Component; -import org.threeten.bp.OffsetDateTime; import com.google.gson.Gson; +import com.google.gson.GsonBuilder; /** * @author Waqas Ikram (waqas.ikram@est.tech) @@ -33,10 +34,10 @@ import com.google.gson.Gson; @Component public class GsonProvider { - private final JSON.OffsetDateTimeTypeAdapter offsetDateTimeTypeAdapter = new JSON.OffsetDateTimeTypeAdapter(); + private final OffsetDateTimeTypeAdapter offsetDateTimeTypeAdapter = new OffsetDateTimeTypeAdapter(); public Gson getGson() { - return JSON.createGson().registerTypeAdapter(OffsetDateTime.class, offsetDateTimeTypeAdapter) + return new GsonBuilder().registerTypeAdapter(OffsetDateTime.class, offsetDateTimeTypeAdapter) .registerTypeAdapter(LocalDateTime.class, new LocalDateTimeTypeAdapter()).create(); } diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java new file mode 100644 index 0000000..fb45fc5 --- /dev/null +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java @@ -0,0 +1,68 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows.utils; + +import java.io.IOException; +import java.time.OffsetDateTime; +import java.time.format.DateTimeFormatter; +import com.google.gson.TypeAdapter; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonToken; +import com.google.gson.stream.JsonWriter; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +public class OffsetDateTimeTypeAdapter extends TypeAdapter<OffsetDateTime> { + + private DateTimeFormatter formatter; + + public OffsetDateTimeTypeAdapter() { + this(DateTimeFormatter.ISO_OFFSET_DATE_TIME); + } + + public OffsetDateTimeTypeAdapter(final DateTimeFormatter formatter) { + this.formatter = formatter; + } + + @Override + public void write(final JsonWriter out, final OffsetDateTime date) throws IOException { + if (date == null) { + out.nullValue(); + } else { + out.value(formatter.format(date)); + } + } + + @Override + public OffsetDateTime read(final JsonReader in) throws IOException { + if (JsonToken.NULL == in.peek()) { + in.nextNull(); + return null; + + } + String date = in.nextString(); + if (date.endsWith("+0000")) { + date = date.substring(0, date.length() - 5) + "Z"; + } + return OffsetDateTime.parse(date, formatter); + } +} |