From 3e571ecf69e1521f30ee8c7b8a31373c41cf6dda Mon Sep 17 00:00:00 2001 From: "waqas.ikram" Date: Thu, 5 Aug 2021 16:10:22 +0100 Subject: Fixing vulnerabilities Change-Id: I5d8df0acb99fcb1b4bd4a626ef047bd90ecc7b18 Issue-ID: SO-3728 Signed-off-by: waqas.ikram --- pom.xml | 8 --- .../so-etsi-nfvo-ns-lcm-api/pom.xml | 67 +-------------------- .../so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml | 11 +++- .../etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java | 9 +-- .../flows/utils/OffsetDateTimeTypeAdapter.java | 68 ++++++++++++++++++++++ 5 files changed, 85 insertions(+), 78 deletions(-) create mode 100644 so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java diff --git a/pom.xml b/pom.xml index 2fa5b10..aeba076 100644 --- a/pom.xml +++ b/pom.xml @@ -18,19 +18,11 @@ UTF-8 UTF-8 2.3.1 - 1.8.2 - 2.3.0 - 1.3.5 - 1.0.1 1.5.15 - 3.14.0 - 2.7.5 - 1.13.0 2.3.0 0.11 2.2 3.4.1 - 1.2.4.RELEASE 1.8.0-SNAPSHOT 1.8.1-SNAPSHOT diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml index cdf4dff..c61e2aa 100644 --- a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-api/pom.xml @@ -24,12 +24,13 @@ ${basedir}/src/main/resources/SOL005-NSLifecycleManagement-API.json java - okhttp-gson ${project.build.directory}/generated-sources/so-etsi-nfvo-ns-lcm-api org.onap.so.etsi.nfvo.ns.lcm.api org.onap.so.etsi.nfvo.ns.lcm.model false false + false + false src/gen/java/main true @@ -97,74 +98,10 @@ swagger-annotations ${swagger-core-version} - - com.squareup.retrofit2 - converter-gson - ${retrofit-version} - - - com.squareup.retrofit2 - retrofit - ${retrofit-version} - - - com.squareup.retrofit2 - converter-scalars - ${retrofit-version} - - - org.apache.oltu.oauth2 - org.apache.oltu.oauth2.client - ${oltu-version} - - - io.gsonfire - gson-fire - ${gson-fire-version} - - - org.threeten - threetenbp - ${threetenbp-version} - - - io.reactivex.rxjava2 - rxjava - - - com.squareup.retrofit2 - adapter-rxjava2 - ${retrofit-version} - com.google.code.gson gson - - com.squareup.okio - okio - ${okio-version} - - - com.squareup.okhttp3 - okhttp - ${okhttp3-version} - - - com.squareup.okhttp3 - logging-interceptor - ${okhttp3-version} - - - com.squareup.okhttp - logging-interceptor - ${okhttp-version} - - - com.squareup.okhttp - okhttp - ${okhttp-version} - javax.xml.bind jaxb-api diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml index c2f7ebd..679eb1c 100644 --- a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/pom.xml @@ -113,7 +113,6 @@ org.springframework.cloud spring-cloud-contract-wiremock - ${springframework-wiremock-version} org.springframework.boot @@ -124,6 +123,16 @@ org.onap.so common ${so-core-version} + + + log4j + log4j + + + org.apache.tomcat + tomcat-catalina + + \ No newline at end of file diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java index 31961d5..24604cf 100644 --- a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/GsonProvider.java @@ -20,11 +20,12 @@ package org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows; import java.time.LocalDateTime; -import org.onap.so.etsi.nfvo.ns.lcm.JSON; +import java.time.OffsetDateTime; import org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows.utils.LocalDateTimeTypeAdapter; +import org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows.utils.OffsetDateTimeTypeAdapter; import org.springframework.stereotype.Component; -import org.threeten.bp.OffsetDateTime; import com.google.gson.Gson; +import com.google.gson.GsonBuilder; /** * @author Waqas Ikram (waqas.ikram@est.tech) @@ -33,10 +34,10 @@ import com.google.gson.Gson; @Component public class GsonProvider { - private final JSON.OffsetDateTimeTypeAdapter offsetDateTimeTypeAdapter = new JSON.OffsetDateTimeTypeAdapter(); + private final OffsetDateTimeTypeAdapter offsetDateTimeTypeAdapter = new OffsetDateTimeTypeAdapter(); public Gson getGson() { - return JSON.createGson().registerTypeAdapter(OffsetDateTime.class, offsetDateTimeTypeAdapter) + return new GsonBuilder().registerTypeAdapter(OffsetDateTime.class, offsetDateTimeTypeAdapter) .registerTypeAdapter(LocalDateTime.class, new LocalDateTimeTypeAdapter()).create(); } diff --git a/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java new file mode 100644 index 0000000..fb45fc5 --- /dev/null +++ b/so-etsi-nfvo-ns-lcm/so-etsi-nfvo-ns-lcm-bpmn-flows/src/main/java/org/onap/so/etsi/nfvo/ns/lcm/bpmn/flows/utils/OffsetDateTimeTypeAdapter.java @@ -0,0 +1,68 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.etsi.nfvo.ns.lcm.bpmn.flows.utils; + +import java.io.IOException; +import java.time.OffsetDateTime; +import java.time.format.DateTimeFormatter; +import com.google.gson.TypeAdapter; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonToken; +import com.google.gson.stream.JsonWriter; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +public class OffsetDateTimeTypeAdapter extends TypeAdapter { + + private DateTimeFormatter formatter; + + public OffsetDateTimeTypeAdapter() { + this(DateTimeFormatter.ISO_OFFSET_DATE_TIME); + } + + public OffsetDateTimeTypeAdapter(final DateTimeFormatter formatter) { + this.formatter = formatter; + } + + @Override + public void write(final JsonWriter out, final OffsetDateTime date) throws IOException { + if (date == null) { + out.nullValue(); + } else { + out.value(formatter.format(date)); + } + } + + @Override + public OffsetDateTime read(final JsonReader in) throws IOException { + if (JsonToken.NULL == in.peek()) { + in.nextNull(); + return null; + + } + String date = in.nextString(); + if (date.endsWith("+0000")) { + date = date.substring(0, date.length() - 5) + "Z"; + } + return OffsetDateTime.parse(date, formatter); + } +} -- cgit 1.2.3-korg