diff options
author | prakash.e <prakash.e@huawei.com> | 2020-03-05 20:20:55 +0530 |
---|---|---|
committer | prakash eswaramoorthy <prakash.e@huawei.com> | 2020-03-05 14:53:38 +0000 |
commit | f584fa72df298521ba05d345b5f27555f7a7f5d1 (patch) | |
tree | 81085f6ec869c5e5470882797cf6bf5d6fa40b15 /huawei/vnfmadapter | |
parent | 7debcc6c8f7598d4d6036e3077dc87b8d65b80b3 (diff) |
SVNFM codehaus jackson vulnerability fix
Excluded jackson-mapper-asl in jackson-databind artifact
Change-Id: I3daa7d1f3357913bed45209773a30a88ec3a4ee1
Issue-ID: VFC-1598
Signed-off-by: Prakash.E <prakash.e@huawei.com>
Diffstat (limited to 'huawei/vnfmadapter')
3 files changed, 92 insertions, 6 deletions
diff --git a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml index 39eecb1e..383ea069 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml +++ b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml @@ -194,6 +194,22 @@ <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-jaxrs</artifactId> <version>1.9.13</version> + <exclusions> + <exclusion> + <groupId>org.codehaus.jackson</groupId> + <artifactId>jackson-mapper-asl</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + <version>2.10.0</version> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <version>2.10.0</version> </dependency> <dependency> <groupId>javax.ws.rs</groupId> @@ -265,11 +281,17 @@ <version>1.18</version> <scope>test</scope> </dependency> - <dependency> + <!--dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.8.1</version> <scope>test</scope> + </dependency--> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.9</version> + <scope>test</scope> </dependency> <!-- UT coverage dependency end --> diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java index 2de19983..16427582 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java @@ -19,9 +19,9 @@ package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.testutils; import java.io.IOException; -import org.codehaus.jackson.map.DeserializationConfig.Feature; -import org.codehaus.jackson.map.ObjectMapper; -import org.codehaus.jackson.type.TypeReference; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; import net.sf.json.JSON; @@ -45,7 +45,6 @@ public final class JsonUtil { } static { - MAPPER.setDeserializationConfig( - MAPPER.getDeserializationConfig().without(new Feature[] { Feature.FAIL_ON_UNKNOWN_PROPERTIES })); + MAPPER.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES,false); } }
\ No newline at end of file diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java new file mode 100644 index 00000000..720e1e19 --- /dev/null +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java @@ -0,0 +1,65 @@ +/* + * Copyright 2016 Huawei Technologies Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.testutils; + +import org.junit.Before; +import org.junit.Test; +import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.entity.Vnfm; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.Assert.assertEquals; + +public class JsonUtilTest { + + Vnfm vnfm; + + @Before + public void setUp(){ + vnfm = new Vnfm(); + } + + @Test + public void testMarshal() throws IOException { + vnfm.setId("123"); + vnfm.setVersion("V1.0.0"); + JsonUtil.marshal(vnfm); + assertEquals("123",vnfm.getId()); + } + + @Test + public void testUnMarshal() throws IOException { + String jsonValue="{\"id\":\"12345\",\"version\":\"V1.0.0\"}"; + Vnfm actual = JsonUtil.unMarshal(jsonValue,Vnfm.class); + assertEquals("V1.0.0",actual.getVersion()); + } + @Test + public void testUnMarshalWithUnknownField() throws IOException { + String jsonValue="{\"id\":\"12345\",\"version\":\"V1.0.0\",\"unknownField\":\"unknownValue\"}"; + Vnfm actual = JsonUtil.unMarshal(jsonValue,Vnfm.class); + assertEquals("V1.0.0",actual.getVersion()); + } + @Test + public void testUnMarshalForTypeReference() throws IOException { + String jsonValue="{\"id\":\"12345\",\"version\":\"V1.0.0\",\"unknownField\":\"unknownValue\"}"; + Map map = JsonUtil.unMarshal(jsonValue, HashMap.class); + assertEquals("V1.0.0",map.get("version")); + } +} |