From 876a4acf6f2e8264bb82e960e9aa886799c4bdb1 Mon Sep 17 00:00:00 2001
From: Denes Nemeth <denes.nemeth@nokia.com>
Date: Wed, 14 Mar 2018 09:51:50 +0100
Subject: Fix some security vulnerabilities

Change-Id: Ib1c08c4f73df8cfe42b2857ee674f102ec09c253
Signed-off-by: Denes Nemeth <denes.nemeth@nokia.com>
Issue-ID: VFC-728
---
 nokiav2/generatedapis/pom.xml                      | 100 +++++++++++++++------
 .../src/test/java/TestInhertence.java              |  97 +++++++-------------
 2 files changed, 102 insertions(+), 95 deletions(-)

(limited to 'nokiav2/generatedapis')

diff --git a/nokiav2/generatedapis/pom.xml b/nokiav2/generatedapis/pom.xml
index 1e2c7d98..21114bc3 100644
--- a/nokiav2/generatedapis/pom.xml
+++ b/nokiav2/generatedapis/pom.xml
@@ -26,6 +26,14 @@
   <version>1.1.0-SNAPSHOT</version>
   <packaging>jar</packaging>
   <name>vfc/nfvo/driver/vnfm/svnfm/nokiav2/generatedapis</name>
+  <properties>
+    <gson-fire-version>1.8.2</gson-fire-version>
+    <retrofit-version>2.3.0</retrofit-version>
+    <rxjava-version>2.0.0</rxjava-version>
+    <threetenbp-version>1.3.5</threetenbp-version>
+    <oltu-version>1.0.1</oltu-version>
+    <swagger-core-version>1.5.15</swagger-core-version>
+  </properties>
   <build>
     <plugins>
       <plugin>
@@ -41,6 +49,7 @@
             <configuration>
               <inputSpec>${basedir}/src/main/resources/nokia.vnfm.api.v3.lcm.json</inputSpec>
               <language>java</language>
+              <library>retrofit2</library>
               <output>${project.build.directory}/generated-sources/cbam</output>
               <apiPackage>com.nokia.cbam.lcm.v32.api</apiPackage>
               <modelPackage>com.nokia.cbam.lcm.v32.model</modelPackage>
@@ -60,12 +69,15 @@
             <configuration>
               <inputSpec>${basedir}/src/main/resources/nokia.vnfm.api.v3.lcn.subscription.json</inputSpec>
               <language>java</language>
+              <library>retrofit2</library>
               <output>${project.build.directory}/generated-sources/cbam</output>
               <apiPackage>com.nokia.cbam.lcn.v32.api</apiPackage>
               <modelPackage>com.nokia.cbam.lcn.v32.model</modelPackage>
               <configOptions>
                 <generateSupportingFiles>false</generateSupportingFiles>
                 <sourceFolder>src/gen/java/main</sourceFolder>
+                <withXml>true</withXml>
+                <useRxJava2>true</useRxJava2>
               </configOptions>
             </configuration>
           </execution>
@@ -77,6 +89,7 @@
             <configuration>
               <inputSpec>${basedir}/src/main/resources/nokia.catalog.json</inputSpec>
               <language>java</language>
+              <library>retrofit2</library>
               <output>${project.build.directory}/generated-sources/cbam</output>
               <apiPackage>com.nokia.cbam.catalog.v1.api</apiPackage>
               <modelPackage>com.nokia.cbam.catalog.v1.model</modelPackage>
@@ -94,6 +107,7 @@
             <configuration>
               <inputSpec>${basedir}/src/main/resources/vfc.catalog.swagger.json</inputSpec>
               <language>java</language>
+              <library>retrofit2</library>
               <output>${project.build.directory}/generated-sources/vfccatalog</output>
               <apiPackage>org.onap.vfccatalog.api</apiPackage>
               <modelPackage>org.onap.vfccatalog.model</modelPackage>
@@ -111,6 +125,7 @@
             <configuration>
               <inputSpec>${basedir}/src/main/resources/vfc.vnfdriver.swagger.json</inputSpec>
               <language>java</language>
+              <library>retrofit2</library>
               <output>${project.build.directory}/generated-sources/vnfmdriver</output>
               <apiPackage>org.onap.vnfmdriver.api</apiPackage>
               <modelPackage>org.onap.vnfmdriver.model</modelPackage>
@@ -120,6 +135,26 @@
               </configOptions>
             </configuration>
           </execution>
+<!--
+          <execution>
+            <id>soadapter</id>
+            <goals>
+              <goal>generate</goal>
+            </goals>
+            <configuration>
+              <inputSpec>${basedir}/src/main/resources/so.vnfm.json</inputSpec>
+              <language>java</language>
+              <library>retrofit2</library>
+              <output>${project.build.directory}/generated-sources/soadapter</output>
+              <apiPackage>org.onap.soadapter.api</apiPackage>
+              <modelPackage>org.onap.soadapter.model</modelPackage>
+              <configOptions>
+                <generateSupportingFiles>false</generateSupportingFiles>
+                <sourceFolder>src/gen/java/main</sourceFolder>
+              </configOptions>
+            </configuration>
+          </execution>
+-->
         </executions>
       </plugin>
       <plugin>
@@ -156,37 +191,50 @@
     </plugins>
   </build>
   <dependencies>
-    <dependency>
-      <groupId>com.google.code.gson</groupId>
-      <artifactId>gson</artifactId>
-      <version>2.8.2</version>
-    </dependency>
     <dependency>
       <groupId>io.swagger</groupId>
       <artifactId>swagger-annotations</artifactId>
-      <version>1.5.16</version>
+      <version>${swagger-core-version}</version>
     </dependency>
     <dependency>
-      <groupId>joda-time</groupId>
-      <artifactId>joda-time</artifactId>
-      <version>2.9.9</version>
+      <groupId>com.squareup.retrofit2</groupId>
+      <artifactId>converter-gson</artifactId>
+      <version>${retrofit-version}</version>
     </dependency>
     <dependency>
-      <!-- this does not have a compile time dependency, but is required to be able to deserialize the date to joda time -->
-      <groupId>com.fasterxml.jackson.datatype</groupId>
-      <artifactId>jackson-datatype-joda</artifactId>
-      <!-- this version must be in sync with the dependency comming from spring boot -->
-      <version>2.8.10</version>
+      <groupId>com.squareup.retrofit2</groupId>
+      <artifactId>retrofit</artifactId>
+      <version>${retrofit-version}</version>
     </dependency>
     <dependency>
-      <groupId>com.squareup.okhttp</groupId>
-      <artifactId>okhttp</artifactId>
-      <version>2.7.5</version>
+      <groupId>com.squareup.retrofit2</groupId>
+      <artifactId>converter-scalars</artifactId>
+      <version>${retrofit-version}</version>
     </dependency>
     <dependency>
-      <groupId>com.squareup.okhttp</groupId>
-      <artifactId>logging-interceptor</artifactId>
-      <version>2.7.5</version>
+      <groupId>org.apache.oltu.oauth2</groupId>
+      <artifactId>org.apache.oltu.oauth2.client</artifactId>
+      <version>${oltu-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>io.gsonfire</groupId>
+      <artifactId>gson-fire</artifactId>
+      <version>${gson-fire-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.threeten</groupId>
+      <artifactId>threetenbp</artifactId>
+      <version>${threetenbp-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>io.reactivex.rxjava2</groupId>
+      <artifactId>rxjava</artifactId>
+      <version>${rxjava-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.squareup.retrofit2</groupId>
+      <artifactId>adapter-rxjava2</artifactId>
+      <version>${retrofit-version}</version>
     </dependency>
     <dependency>
       <groupId>junit</groupId>
@@ -196,14 +244,10 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>io.gsonfire</groupId>
-      <artifactId>gson-fire</artifactId>
-      <version>1.8.2</version>
-    </dependency>
-    <dependency>
-      <groupId>org.threeten</groupId>
-      <artifactId>threetenbp</artifactId>
-      <version>1.3.6</version>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>24.0-jre</version>
+      <scope>test</scope>
     </dependency>
   </dependencies>
 </project>
diff --git a/nokiav2/generatedapis/src/test/java/TestInhertence.java b/nokiav2/generatedapis/src/test/java/TestInhertence.java
index 8e7d551e..f7e1108a 100644
--- a/nokiav2/generatedapis/src/test/java/TestInhertence.java
+++ b/nokiav2/generatedapis/src/test/java/TestInhertence.java
@@ -16,10 +16,19 @@
 
 import com.nokia.cbam.lcm.v32.ApiClient;
 import com.nokia.cbam.lcm.v32.model.*;
+import okhttp3.Headers;
+import okhttp3.RequestBody;
+import okhttp3.ResponseBody;
+import okhttp3.internal.http.RealResponseBody;
+import okio.Buffer;
+import okio.BufferedSource;
 import org.junit.Test;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.lang.annotation.Annotation;
+
 import static junit.framework.TestCase.assertEquals;
-import static junit.framework.TestCase.assertNull;
 import static junit.framework.TestCase.assertTrue;
 
 public class TestInhertence {
@@ -28,7 +37,7 @@ public class TestInhertence {
      * test OpenStack v2 inheritence handling in serialization and deserialization
      */
     @Test
-    public void testOpenStackV2(){
+    public void testOpenStackV2() throws IOException{
         InstantiateVnfRequest req = new InstantiateVnfRequest();
         OPENSTACKV2INFO vim = new OPENSTACKV2INFO();
         req.getVims().add(vim);
@@ -36,78 +45,32 @@ public class TestInhertence {
         OpenStackAccessInfoV2 accessInfo = new OpenStackAccessInfoV2();
         accessInfo.setPassword("myPassword");
         vim.setAccessInfo(accessInfo);
-        String serialize = new ApiClient().getJSON().serialize(req);
-        assertTrue(serialize.contains("myPassword"));
-        InstantiateVnfRequest deserialize = new ApiClient().getJSON().deserialize(serialize, InstantiateVnfRequest.class);
+        Annotation[] x = new Annotation[0];
+        RequestBody requestBody = new ApiClient().getAdapterBuilder().build().requestBodyConverter(InstantiateVnfRequest.class, x, new Annotation[0]).convert(req);
+        assertTrue(getContent(requestBody).contains("myPassword"));
+        ResponseBody responseBody = toResponse(requestBody);
+        InstantiateVnfRequest deserialize = (InstantiateVnfRequest) new ApiClient().getAdapterBuilder().build().responseBodyConverter(InstantiateVnfRequest.class, new Annotation[0]).convert(responseBody);
         assertEquals(1, deserialize.getVims().size());
         OPENSTACKV2INFO deserializedVim = (OPENSTACKV2INFO) deserialize.getVims().get(0);
         assertEquals("myPassword", deserializedVim.getAccessInfo().getPassword());
     }
 
-    /**
-     * test OpenStack v3 inheritence handling in serialization and deserialization
-     */
-    @Test
-    public void testOpenStackV3(){
-        InstantiateVnfRequest req = new InstantiateVnfRequest();
-        OPENSTACKV3INFO vim = new OPENSTACKV3INFO();
-        req.getVims().add(vim);
-        vim.setVimInfoType(VimInfo.VimInfoTypeEnum.OPENSTACK_V3_INFO);
-        OpenStackAccessInfoV3 accessInfo = new OpenStackAccessInfoV3();
-        accessInfo.setPassword("myPassword");
-        vim.setAccessInfo(accessInfo);
-        String serialize = new ApiClient().getJSON().serialize(req);
-        assertTrue(serialize.contains("myPassword"));
-        InstantiateVnfRequest deserialize = new ApiClient().getJSON().deserialize(serialize, InstantiateVnfRequest.class);
-        assertEquals(1, deserialize.getVims().size());
-        OPENSTACKV3INFO deserializedVim = (OPENSTACKV3INFO) deserialize.getVims().get(0);
-        assertEquals("myPassword", deserializedVim.getAccessInfo().getPassword());
-    }
-
-    /**
-     * test vCloud  inheritence handling in serialization and deserialization
-     */
-    @Test
-    public void testVCloud(){
-        InstantiateVnfRequest req = new InstantiateVnfRequest();
-        VMWAREVCLOUDINFO vim = new VMWAREVCLOUDINFO();
-        req.getVims().add(vim);
-        vim.setVimInfoType(VimInfo.VimInfoTypeEnum.VMWARE_VCLOUD_INFO);
-        VCloudAccessInfo accessInfo = new VCloudAccessInfo();
-        accessInfo.setPassword("myPassword");
-        vim.setAccessInfo(accessInfo);
-        String serialize = new ApiClient().getJSON().serialize(req);
-        assertTrue(serialize.contains("myPassword"));
-        InstantiateVnfRequest deserialize = new ApiClient().getJSON().deserialize(serialize, InstantiateVnfRequest.class);
-        assertEquals(1, deserialize.getVims().size());
-        VMWAREVCLOUDINFO deserializedVim = (VMWAREVCLOUDINFO) deserialize.getVims().get(0);
-        assertEquals("myPassword", deserializedVim.getAccessInfo().getPassword());
+    private ResponseBody toResponse(RequestBody convert) throws IOException {
+        Headers headers = new Headers.Builder().build();
+        Buffer buffer = new Buffer();
+        convert.writeTo(buffer);
+        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+        buffer.copyTo(byteArrayOutputStream);
+        BufferedSource response = buffer;
+        return new RealResponseBody(headers, response);
     }
 
-    /**
-     * test LCN serialization and deserialization
-     */
-    @Test
-    public void testLcn() throws  Exception{
-        VnfLifecycleChangeNotification vnfLifecycleChangeNotification = new VnfLifecycleChangeNotification();
-        vnfLifecycleChangeNotification.setNotificationType(VnfNotificationType.VNFLIFECYCLECHANGENOTIFICATION);
-        vnfLifecycleChangeNotification.setVnfInstanceId("myId");
-        String serialize = new ApiClient().getJSON().serialize(vnfLifecycleChangeNotification);
-        VnfLifecycleChangeNotification deserialize = new ApiClient().getJSON().deserialize(serialize, VnfLifecycleChangeNotification.class);
-        assertEquals("myId", deserialize.getVnfInstanceId());
+    private String getContent(RequestBody requestBody) throws IOException {
+        Buffer buffer = new Buffer();
+        requestBody.writeTo(buffer);
+        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+        buffer.copyTo(byteArrayOutputStream);
+        return new String(byteArrayOutputStream.toByteArray());
     }
 
-    /**
-     * test arrays are not initialized to empty arrays
-     */
-    @Test
-    public void testArrayBehaviour() throws  Exception{
-        VnfLifecycleChangeNotification vnfLifecycleChangeNotification = new VnfLifecycleChangeNotification();
-        vnfLifecycleChangeNotification.setNotificationType(VnfNotificationType.VNFLIFECYCLECHANGENOTIFICATION);
-        vnfLifecycleChangeNotification.setVnfInstanceId("myId");
-        String serialize = new ApiClient().getJSON().serialize(vnfLifecycleChangeNotification);
-        VnfLifecycleChangeNotification deserialize = new ApiClient().getJSON().deserialize(serialize, VnfLifecycleChangeNotification.class);
-        assertNull(deserialize.getAffectedVirtualLinks());
-    }
-    
 }
-- 
cgit 1.2.3-korg