diff options
author | Victor Gao <victor.gao@huawei.com> | 2018-11-14 18:52:10 +0800 |
---|---|---|
committer | Victor Gao <victor.gao@huawei.com> | 2018-11-14 19:43:52 +0800 |
commit | a48c2efc10c5c011080228ad81005b9029270c8f (patch) | |
tree | f8f240266d816e97c4a62625989029d5b823c632 | |
parent | 3ac92210eef64938306f908077cef7d81cc66159 (diff) |
Fix vulnerability issue in driver3.0.0-ONAP1.2.1
CVE-2016-6812
CVE-2018-1270
CVE-2018-11039
SONATYPE-2015-0002
CVE-2014-3578
CVE-2018-1257
CVE-2017-12624
CVE-2018-8039
Change-Id: I59014c277df9bf201bb672a108a82a2deb0ed95b
Issue-ID: VFC-1187
Signed-off-by: Victor Gao <victor.gao@huawei.com>
7 files changed, 37 insertions, 237 deletions
diff --git a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml index ac7e7542..fd614501 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml +++ b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml @@ -74,10 +74,21 @@ <version>1.3.0</version> </dependency> <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>3.2.2</version> + </dependency> + <dependency> <groupId>net.sf.json-lib</groupId> <artifactId>json-lib</artifactId> <version>2.4</version> <classifier>jdk15</classifier> + <exclusions> + <exclusion> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.slf4j</groupId> @@ -107,10 +118,21 @@ <artifactId>mariadb-java-client</artifactId> <version>2.2.2</version> </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + <version>3.1.17</version> + </dependency> <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxrs</artifactId> - <version>3.1.6</version> + <version>3.1.17</version> + <exclusions> + <exclusion> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.mybatis</groupId> @@ -126,47 +148,47 @@ <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> - <version>3.2.14.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> - <dependency> + <!--dependency> <groupId>org.springframework</groupId> <artifactId>spring-asm</artifactId> <version>3.1.0.RELEASE</version> - </dependency> + </dependency--> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-expression</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> - <version>3.1.0.RELEASE</version> + <version>4.3.18.RELEASE</version> </dependency> <dependency> <groupId>org.codehaus.jackson</groupId> @@ -214,11 +236,11 @@ <artifactId>commons-httpclient</artifactId> <version>3.1</version> </dependency> - <dependency> + <!--dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxrs</artifactId> <version>3.1.6</version> - </dependency> + </dependency --> <!-- UT coverage dependency start --> <dependency> diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmService2DriverMgr.java b/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmService2DriverMgr.java deleted file mode 100644 index 4898c60b..00000000 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmService2DriverMgr.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2017 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator; - -import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.api.internalsvc.inf.IVnfmAdapter2DriverMgrService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.DestructionAwareBeanPostProcessor; - -/** - * <br> - * <p> - * </p> - * - * @author - * @version VFC 1.0 Jan 23, 2017 - */ -public class RoaVnfmService2DriverMgr implements DestructionAwareBeanPostProcessor { - - private static final Logger LOG = LoggerFactory.getLogger(RoaVnfmService2DriverMgr.class); - - @Override - public Object postProcessAfterInitialization(Object bean, String name) throws BeansException { - if(bean instanceof IVnfmAdapter2DriverMgrService) { - IVnfmAdapter2DriverMgrService vnfmAdapterSvc = (IVnfmAdapter2DriverMgrService)bean; - vnfmAdapterSvc.register(); - LOG.info("Successfully Registered to Driver Manager!", RoaVnfmService2DriverMgr.class); - } - - return bean; - } - - @Override - public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException { - return bean; - } - - @Override - public void postProcessBeforeDestruction(Object bean, String name) throws BeansException { - // post processing - } - -} diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmServicePostProcessor.java b/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmServicePostProcessor.java deleted file mode 100644 index 9dff97b9..00000000 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmServicePostProcessor.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator; - -import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.api.internalsvc.inf.IVnfmAdapterMgrService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.DestructionAwareBeanPostProcessor; - -/** - * <br/> - * <p> - * </p> - * - * @author - * @version VFC 1.0 Aug 31, 2016 - */ -public class RoaVnfmServicePostProcessor implements DestructionAwareBeanPostProcessor { - - private static final Logger LOG = LoggerFactory.getLogger(RoaVnfmServicePostProcessor.class); - - @Override - public Object postProcessAfterInitialization(Object bean, String name) throws BeansException { - if(bean instanceof IVnfmAdapterMgrService) { - IVnfmAdapterMgrService vnfmAdapterSvc = (IVnfmAdapterMgrService)bean; - vnfmAdapterSvc.register(); - LOG.info("Successfully Registered to Microservice BUS!", RoaVnfmServicePostProcessor.class); - } - - return bean; - } - - @Override - public Object postProcessBeforeInitialization(Object bean, String name) throws BeansException { - return bean; - } - - @Override - public void postProcessBeforeDestruction(Object bean, String name) throws BeansException { - //post processing - } - -} diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/services.xml b/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/services.xml index 312365d1..62a8022b 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/services.xml +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/services.xml @@ -35,7 +35,7 @@ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/aop - http://www.springframework.org/schema/aop/spring-aop-3.0.xsd "> + http://www.springframework.org/schema/aop/spring-aop.xsd "> <!-- these are included in the dependency jar --> <import resource="classpath:META-INF/cxf/cxf.xml"/> diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/svc_register.xml b/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/svc_register.xml index d0325670..6087ecdf 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/svc_register.xml +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/main/resources/spring/Vnfmadapter/svc_register.xml @@ -35,7 +35,7 @@ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/aop - http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> + http://www.springframework.org/schema/aop/spring-aop.xsd"> <!-- <bean class="org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator.RoaVnfmServicePostProcessor"></bean> <bean class="org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.api.internalsvc.impl.VnfmAdapterMgrService"></bean> diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmServicePostProcessorTest.java b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmServicePostProcessorTest.java deleted file mode 100644 index 7235be74..00000000 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/RoaVnfmServicePostProcessorTest.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator; - -import org.junit.Assert; -import org.junit.Test; -import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator.RoaVnfmServicePostProcessor; -import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.api.internalsvc.impl.VnfmAdapterMgrService; - -/** - * Created by QuanZhong on 2017/3/17. - */ -public class RoaVnfmServicePostProcessorTest { - @Test - public void testPostProcessAfterInitialization(){ - RoaVnfmServicePostProcessor dm = new RoaVnfmServicePostProcessor(); - dm.postProcessAfterInitialization(new VnfmAdapterMgrService(),"abc"); - Assert.assertTrue(true); - } - @Test - public void testPostProcessAfterInitialization2(){ - RoaVnfmServicePostProcessor dm = new RoaVnfmServicePostProcessor(); - dm.postProcessAfterInitialization(null,"abc"); - Assert.assertTrue(true); - } - - @Test - public void testpostProcessBeforeDestruction(){ - RoaVnfmServicePostProcessor dm = new RoaVnfmServicePostProcessor(); - dm.postProcessBeforeDestruction(new VnfmAdapterMgrService(),"abc"); - Assert.assertTrue(true); - } - - @Test - public void testpostProcessBeforeInitialization(){ - RoaVnfmServicePostProcessor dm = new RoaVnfmServicePostProcessor(); - dm.postProcessBeforeInitialization(new VnfmAdapterMgrService(),"abc"); - Assert.assertTrue(true); - } -} diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/TestRoaVnfmService2DriverMgr.java b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/TestRoaVnfmService2DriverMgr.java deleted file mode 100644 index 7f0da0c0..00000000 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/activator/TestRoaVnfmService2DriverMgr.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator; - -import org.junit.Assert; -import org.junit.Test; -import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.activator.RoaVnfmService2DriverMgr; -import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.api.internalsvc.impl.VnfmAdapter2DriverMgrService; - -/** - * Created by QuanZhong on 2017/3/17. - */ -public class TestRoaVnfmService2DriverMgr { - @Test - public void testPostProcessAfterInitialization(){ - RoaVnfmService2DriverMgr dm = new RoaVnfmService2DriverMgr(); - dm.postProcessAfterInitialization(new VnfmAdapter2DriverMgrService(),"abc"); - Assert.assertTrue(true); - } - @Test - public void testPostProcessAfterInitialization2(){ - RoaVnfmService2DriverMgr dm = new RoaVnfmService2DriverMgr(); - dm.postProcessAfterInitialization(null,"abc"); - Assert.assertTrue(true); - } - - @Test - public void testpostProcessBeforeDestruction(){ - RoaVnfmService2DriverMgr dm = new RoaVnfmService2DriverMgr(); - dm.postProcessBeforeDestruction(new VnfmAdapter2DriverMgrService(),"abc"); - Assert.assertTrue(true); - } - - @Test - public void testpostProcessBeforeInitialization(){ - RoaVnfmService2DriverMgr dm = new RoaVnfmService2DriverMgr(); - dm.postProcessBeforeInitialization(new VnfmAdapter2DriverMgrService(),"abc"); - Assert.assertTrue(true); - } -} |