From cab4bc6ec33032d981d28fe7bc72f4ccaf55b84a Mon Sep 17 00:00:00 2001 From: sonibhanu Date: Fri, 3 Jan 2020 10:56:38 +0530 Subject: Fix vulnerability issue in multivimproxy Change from slf4j to log4j and also change from jackson to gson Change-Id: I828b6078dfcce5c2c6406489379a41faa58d7bf5 Issue-ID: VFC-1598 Signed-off-by: sonibhanu --- service/pom.xml | 22 ++++++++++++++++++++-- .../nfvo/multivimproxy/common/util/JsonUtil.java | 6 +++--- .../multivimproxy/common/util/RestfulUtil.java | 7 +++---- .../nfvo/multivimproxy/common/util/StringUtil.java | 6 +++--- .../common/util/request/RequestUtil.java | 6 +++--- .../common/util/response/RoaResponseUtil.java | 6 +++--- .../common/util/restclient/HttpBaseRest.java | 6 +++--- .../common/util/restclient/HttpRest.java | 6 +++--- .../common/util/restclient/HttpsRest.java | 6 +++--- .../util/restclient/RestHttpContentExchange.java | 6 +++--- .../common/util/restclient/RestfulConfigure.java | 6 +++--- .../common/util/restclient/RestfulFactory.java | 7 ++++--- .../util/restclient/SystemEnvVariablesDefImpl.java | 6 +++--- .../impl/MultivimProxyAdapter2MSBManager.java | 6 +++--- .../impl/MultivimProxyAdapterMgrService.java | 6 +++--- .../nfvo/multivimproxy/service/rest/ProxyRoa.java | 6 +++--- 16 files changed, 66 insertions(+), 48 deletions(-) diff --git a/service/pom.xml b/service/pom.xml index 0172687..260caf6 100644 --- a/service/pom.xml +++ b/service/pom.xml @@ -34,10 +34,15 @@ httpcore 4.3 - + + + com.google.code.gson + gson + 2.8.2 commons-io @@ -92,6 +97,7 @@ jetty-all 8.1.16.v20140903 + + + org.apache.logging.log4j + log4j-core + 2.13.0 + diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/JsonUtil.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/JsonUtil.java index 14df83a..7344215 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/JsonUtil.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/JsonUtil.java @@ -16,9 +16,9 @@ package org.onap.vfc.nfvo.multivimproxy.common.util; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.constant.ParamConstant; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONArray; import net.sf.json.JSONException; @@ -35,7 +35,7 @@ import net.sf.json.JSONObject; */ public final class JsonUtil { - private static final Logger LOG = LoggerFactory.getLogger(StringUtil.class); + private static final Logger LOG = LogManager.getLogger(StringUtil.class); private static final int TYPE_STRING = 0; diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/RestfulUtil.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/RestfulUtil.java index c1c1189..49e46e7 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/RestfulUtil.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/RestfulUtil.java @@ -24,7 +24,8 @@ import java.util.Map; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; -import org.onap.vfc.nfvo.multivimproxy.common.util.ResourceUtil; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.constant.Constant; import org.onap.vfc.nfvo.multivimproxy.common.constant.ParamConstant; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.Restful; @@ -34,8 +35,6 @@ import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulOptions; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulParametes; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulResponse; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.ServiceException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONArray; import net.sf.json.JSONException; @@ -66,7 +65,7 @@ public class RestfulUtil { public static final String NO_RESULT_EXCEPTION = "org.openo.nfvo.resmanage.service.group.resoperate.add.res.no.result"; - private static final Logger LOGGER = LoggerFactory.getLogger(RestfulUtil.class); + private static final Logger LOGGER = LogManager.getLogger(RestfulUtil.class); private static final Restful REST_CLIENT_HTTP = RestfulFactory.getRestInstance(RestfulFactory.PROTO_HTTP); diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/StringUtil.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/StringUtil.java index 3692d46..26d8ba4 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/StringUtil.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/StringUtil.java @@ -20,8 +20,8 @@ import java.math.BigDecimal; import java.text.DecimalFormat; import org.apache.commons.lang.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * @@ -34,7 +34,7 @@ import org.slf4j.LoggerFactory; */ public final class StringUtil { - private static final Logger LOGGER = LoggerFactory.getLogger(StringUtil.class); + private static final Logger LOGGER = LogManager.getLogger(StringUtil.class); private StringUtil() { } diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/request/RequestUtil.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/request/RequestUtil.java index 3bda627..ca6ef91 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/request/RequestUtil.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/request/RequestUtil.java @@ -27,11 +27,11 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.apache.commons.io.IOUtils; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulClientConst; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulParametes; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.ServiceException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONException; import net.sf.json.JSONObject; @@ -47,7 +47,7 @@ import net.sf.json.JSONObject; */ public final class RequestUtil { - private static final Logger LOGGER = LoggerFactory.getLogger(RequestUtil.class); + private static final Logger LOGGER = LogManager.getLogger(RequestUtil.class); /** * Constructor
diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/response/RoaResponseUtil.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/response/RoaResponseUtil.java index 4ab7b2a..636fe6c 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/response/RoaResponseUtil.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/response/RoaResponseUtil.java @@ -20,11 +20,11 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.constant.HttpConstant; import org.onap.vfc.nfvo.multivimproxy.common.constant.ParamConstant; import org.onap.vfc.nfvo.multivimproxy.common.constant.ResponseConstant; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONObject; @@ -39,7 +39,7 @@ import net.sf.json.JSONObject; */ public final class RoaResponseUtil { - private static final Logger LOGGER = LoggerFactory.getLogger(RoaResponseUtil.class); + private static final Logger LOGGER = LogManager.getLogger(RoaResponseUtil.class); private RoaResponseUtil() { diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpBaseRest.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpBaseRest.java index 100f799..0672715 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpBaseRest.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpBaseRest.java @@ -27,12 +27,12 @@ import java.util.Date; import java.util.Map; import java.util.concurrent.atomic.AtomicInteger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.eclipse.jetty.client.Address; import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.client.HttpExchange; import org.eclipse.jetty.http.HttpMethods; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** *
@@ -44,7 +44,7 @@ import org.slf4j.LoggerFactory; */ public abstract class HttpBaseRest implements Restful { - private static final Logger LOG = LoggerFactory.getLogger(HttpRest.class); + private static final Logger LOG = LogManager.getLogger(HttpRest.class); final AtomicInteger requestId = new AtomicInteger(0); diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpRest.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpRest.java index 30a7c4b..d2e2af2 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpRest.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpRest.java @@ -16,11 +16,11 @@ package org.onap.vfc.nfvo.multivimproxy.common.util.restclient; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.http.HttpMethods; import org.eclipse.jetty.util.thread.QueuedThreadPool; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** *
@@ -32,7 +32,7 @@ import org.slf4j.LoggerFactory; */ public class HttpRest extends HttpBaseRest { - private static final Logger LOG = LoggerFactory.getLogger(HttpRest.class); + private static final Logger LOG = LogManager.getLogger(HttpRest.class); /** * Initializing Rest options.
diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpsRest.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpsRest.java index 64f5968..73e71ef 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpsRest.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/HttpsRest.java @@ -19,6 +19,8 @@ package org.onap.vfc.nfvo.multivimproxy.common.util.restclient; import java.io.IOException; import java.io.UnsupportedEncodingException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.eclipse.jetty.client.ContentExchange; import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.client.HttpExchange; @@ -26,12 +28,10 @@ import org.eclipse.jetty.io.ByteArrayBuffer; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.onap.vfc.nfvo.multivimproxy.common.util.request.RequestUtil; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class HttpsRest extends HttpBaseRest { - private static final Logger LOG = LoggerFactory.getLogger(HttpsRest.class); + private static final Logger LOG = LogManager.getLogger(HttpsRest.class); private static final String UNSUPPORTED_EXCEPTION = "UnsupportedEncodingException: "; public void initHttpsRest() { diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestHttpContentExchange.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestHttpContentExchange.java index f5a59cb..1a620c2 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestHttpContentExchange.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestHttpContentExchange.java @@ -26,14 +26,14 @@ import java.util.Map; import java.util.zip.GZIPInputStream; import org.apache.commons.lang.StringUtils; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.eclipse.jetty.client.ContentExchange; import org.eclipse.jetty.client.HttpDestination; import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.http.HttpHeaders; import org.eclipse.jetty.io.Buffer; import org.eclipse.jetty.util.StringUtil; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * ContentExchange implementation classe to provide access to response. @@ -46,7 +46,7 @@ import org.slf4j.LoggerFactory; */ public class RestHttpContentExchange extends ContentExchange { - private static final Logger LOGGER = LoggerFactory.getLogger(RestHttpContentExchange.class); + private static final Logger LOGGER = LogManager.getLogger(RestHttpContentExchange.class); private boolean gzip = false; diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulConfigure.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulConfigure.java index 7d0c1eb..1222d2a 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulConfigure.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulConfigure.java @@ -21,8 +21,8 @@ import java.io.File; import java.io.FileReader; import java.io.IOException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import net.sf.json.JSONObject; @@ -36,7 +36,7 @@ import net.sf.json.JSONObject; */ public class RestfulConfigure { - private static final Logger LOG = LoggerFactory.getLogger(RestfulConfigure.class); + private static final Logger LOG = LogManager.getLogger(RestfulConfigure.class); private RestfulOptions options = null; diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulFactory.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulFactory.java index bc6ccae..caf5c18 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulFactory.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/RestfulFactory.java @@ -16,11 +16,12 @@ package org.onap.vfc.nfvo.multivimproxy.common.util.restclient; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + import java.util.HashMap; import java.util.Map; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * RestFul instance factory.
@@ -42,7 +43,7 @@ public class RestfulFactory { */ public static final String PROTO_HTTP = "http"; - private static final Logger LOG = LoggerFactory.getLogger(RestfulFactory.class); + private static final Logger LOG = LogManager.getLogger(RestfulFactory.class); private static final Map INSTANCES = new HashMap<>(2); diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/SystemEnvVariablesDefImpl.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/SystemEnvVariablesDefImpl.java index 1981f64..a572a2b 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/SystemEnvVariablesDefImpl.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/common/util/restclient/SystemEnvVariablesDefImpl.java @@ -19,8 +19,8 @@ package org.onap.vfc.nfvo.multivimproxy.common.util.restclient; import java.io.File; import java.io.IOException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * System environment variable helper implementation.
@@ -32,7 +32,7 @@ import org.slf4j.LoggerFactory; */ public class SystemEnvVariablesDefImpl implements SystemEnvVariables { - private static final Logger LOG = LoggerFactory.getLogger(SystemEnvVariablesDefImpl.class); + private static final Logger LOG = LogManager.getLogger(SystemEnvVariablesDefImpl.class); @Override public String getAppRoot() { diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapter2MSBManager.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapter2MSBManager.java index d97c5bb..b733930 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapter2MSBManager.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapter2MSBManager.java @@ -18,13 +18,13 @@ package org.onap.vfc.nfvo.multivimproxy.service.adapter.impl; import java.util.Map; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.constant.Constant; import org.onap.vfc.nfvo.multivimproxy.common.constant.HttpConstant; import org.onap.vfc.nfvo.multivimproxy.common.util.RestfulUtil; import org.onap.vfc.nfvo.multivimproxy.service.adapter.inf.IMultivimProxyAdapter2MSBManager; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulResponse; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONObject; @@ -38,7 +38,7 @@ import net.sf.json.JSONObject; */ public class MultivimProxyAdapter2MSBManager implements IMultivimProxyAdapter2MSBManager { - private static final Logger LOG = LoggerFactory.getLogger(MultivimProxyAdapter2MSBManager.class); + private static final Logger LOG = LogManager.getLogger(MultivimProxyAdapter2MSBManager.class); @Override public JSONObject registerProxy(Map paramsMap, JSONObject driverInfo) { diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapterMgrService.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapterMgrService.java index 63ad9ac..430e66d 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapterMgrService.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/adapter/impl/MultivimProxyAdapterMgrService.java @@ -25,6 +25,8 @@ import java.util.HashMap; import java.util.Map; import java.util.concurrent.Executors; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.constant.Constant; import org.onap.vfc.nfvo.multivimproxy.common.constant.HttpConstant; import org.onap.vfc.nfvo.multivimproxy.common.constant.ParamConstant; @@ -32,8 +34,6 @@ import org.onap.vfc.nfvo.multivimproxy.common.constant.UrlConstant; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.SystemEnvVariablesFactory; import org.onap.vfc.nfvo.multivimproxy.service.adapter.inf.IMultivimProxyAdapter2MSBManager; import org.onap.vfc.nfvo.multivimproxy.service.adapter.inf.IMultivimProxyAdapterMgrService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONObject; @@ -47,7 +47,7 @@ import net.sf.json.JSONObject; */ public class MultivimProxyAdapterMgrService implements IMultivimProxyAdapterMgrService { - private static final Logger LOG = LoggerFactory.getLogger(MultivimProxyAdapterMgrService.class); + private static final Logger LOG = LogManager.getLogger(MultivimProxyAdapterMgrService.class); public static final String RESMGRADAPTERINFO = "resmgradapterinfo.json"; diff --git a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/rest/ProxyRoa.java b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/rest/ProxyRoa.java index e9c00f8..e90fc17 100644 --- a/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/rest/ProxyRoa.java +++ b/service/src/main/java/org/onap/vfc/nfvo/multivimproxy/service/rest/ProxyRoa.java @@ -33,6 +33,8 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import org.apache.commons.io.IOUtils; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.onap.vfc.nfvo.multivimproxy.common.conf.Config; import org.onap.vfc.nfvo.multivimproxy.common.constant.Constant; import org.onap.vfc.nfvo.multivimproxy.common.constant.ParamConstant; @@ -41,8 +43,6 @@ import org.onap.vfc.nfvo.multivimproxy.common.util.RestfulUtil; import org.onap.vfc.nfvo.multivimproxy.common.util.request.RequestUtil; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulParametes; import org.onap.vfc.nfvo.multivimproxy.common.util.restclient.RestfulResponse; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import net.sf.json.JSONArray; import net.sf.json.JSONObject; @@ -51,7 +51,7 @@ import net.sf.json.JSONObject; @Consumes(MediaType.APPLICATION_JSON) public class ProxyRoa { - private static final Logger LOGGER = LoggerFactory.getLogger(ProxyRoa.class); + private static final Logger LOGGER = LogManager.getLogger(ProxyRoa.class); private static final String vimId = Config.getCloudRegionId() + "_" + Config.getCloudRegionId(); -- cgit 1.2.3-korg