From f584fa72df298521ba05d345b5f27555f7a7f5d1 Mon Sep 17 00:00:00 2001 From: "prakash.e" Date: Thu, 5 Mar 2020 20:20:55 +0530 Subject: SVNFM codehaus jackson vulnerability fix Excluded jackson-mapper-asl in jackson-databind artifact Change-Id: I3daa7d1f3357913bed45209773a30a88ec3a4ee1 Issue-ID: VFC-1598 Signed-off-by: Prakash.E --- .../vnfmadapter/VnfmadapterService/service/pom.xml | 24 +++++++- .../vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java | 9 ++- .../svnfm/vnfmadapter/testutils/JsonUtilTest.java | 65 ++++++++++++++++++++++ 3 files changed, 92 insertions(+), 6 deletions(-) create mode 100644 huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java diff --git a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml index 39eecb1e..383ea069 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/pom.xml +++ b/huawei/vnfmadapter/VnfmadapterService/service/pom.xml @@ -194,6 +194,22 @@ org.codehaus.jackson jackson-jaxrs 1.9.13 + + + org.codehaus.jackson + jackson-mapper-asl + + + + + com.fasterxml.jackson.core + jackson-databind + 2.10.0 + + + com.fasterxml.jackson.core + jackson-core + 2.10.0 javax.ws.rs @@ -265,11 +281,17 @@ 1.18 test - + + + junit + junit + 4.9 + test diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java index 2de19983..16427582 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtil.java @@ -19,9 +19,9 @@ package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.testutils; import java.io.IOException; -import org.codehaus.jackson.map.DeserializationConfig.Feature; -import org.codehaus.jackson.map.ObjectMapper; -import org.codehaus.jackson.type.TypeReference; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; import net.sf.json.JSON; @@ -45,7 +45,6 @@ public final class JsonUtil { } static { - MAPPER.setDeserializationConfig( - MAPPER.getDeserializationConfig().without(new Feature[] { Feature.FAIL_ON_UNKNOWN_PROPERTIES })); + MAPPER.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES,false); } } \ No newline at end of file diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java new file mode 100644 index 00000000..720e1e19 --- /dev/null +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/test/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/testutils/JsonUtilTest.java @@ -0,0 +1,65 @@ +/* + * Copyright 2016 Huawei Technologies Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.testutils; + +import org.junit.Before; +import org.junit.Test; +import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.entity.Vnfm; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.Assert.assertEquals; + +public class JsonUtilTest { + + Vnfm vnfm; + + @Before + public void setUp(){ + vnfm = new Vnfm(); + } + + @Test + public void testMarshal() throws IOException { + vnfm.setId("123"); + vnfm.setVersion("V1.0.0"); + JsonUtil.marshal(vnfm); + assertEquals("123",vnfm.getId()); + } + + @Test + public void testUnMarshal() throws IOException { + String jsonValue="{\"id\":\"12345\",\"version\":\"V1.0.0\"}"; + Vnfm actual = JsonUtil.unMarshal(jsonValue,Vnfm.class); + assertEquals("V1.0.0",actual.getVersion()); + } + @Test + public void testUnMarshalWithUnknownField() throws IOException { + String jsonValue="{\"id\":\"12345\",\"version\":\"V1.0.0\",\"unknownField\":\"unknownValue\"}"; + Vnfm actual = JsonUtil.unMarshal(jsonValue,Vnfm.class); + assertEquals("V1.0.0",actual.getVersion()); + } + @Test + public void testUnMarshalForTypeReference() throws IOException { + String jsonValue="{\"id\":\"12345\",\"version\":\"V1.0.0\",\"unknownField\":\"unknownValue\"}"; + Map map = JsonUtil.unMarshal(jsonValue, HashMap.class); + assertEquals("V1.0.0",map.get("version")); + } +} -- cgit 1.2.3-korg