diff options
author | Murali-P <murali.p@huawei.com> | 2018-03-09 10:54:43 +0530 |
---|---|---|
committer | Murali-P <murali.p@huawei.com> | 2018-03-09 10:54:43 +0530 |
commit | 4a1cd7d20355ccf09b1d6ae133ea2a3702416ffd (patch) | |
tree | 8db1e471aaaf036b3302b0c678c678e0867c3b57 | |
parent | f091c83dd2a68711ba603ffc7ef2fe4b1c69ec62 (diff) |
Remove jackson to avoid security issues
Fix security issues raised by LF
Issue-ID: VNFSDK-161
Change-Id: I9cd93c56897b63e6153da06d11fc9b39a20f541b
Signed-off-by: Murali-P <murali.p@huawei.com>
5 files changed, 10 insertions, 119 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml index 0f4fd776..cce15648 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml +++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml @@ -76,7 +76,7 @@ <dependency> <groupId>io.swagger</groupId> <artifactId>swagger-jersey2-jaxrs</artifactId> - <version>1.5.3</version> + <version>1.5.18</version> </dependency> <!-- jersey --> <dependency> @@ -163,22 +163,8 @@ <artifactId>ant</artifactId> <version>1.8.2</version> <scope>test</scope> - </dependency> - <dependency> - <groupId>com.fasterxml.jackson.core</groupId> - <artifactId>jackson-databind</artifactId> - <version>2.9.4</version> - </dependency> - <dependency> - <groupId>org.codehaus.jackson</groupId> - <artifactId>jackson-jaxrs</artifactId> - <version>1.9.13</version> - </dependency> - <dependency> - <groupId>org.codehaus.jackson</groupId> - <artifactId>jackson-mapper-asl</artifactId> - <version>1.9.13</version> - </dependency> + </dependency> + <dependency> <groupId>org.apache.commons</groupId> diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java deleted file mode 100644 index 1a47522c..00000000 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 2016 Huawei Technologies Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.vnfsdk.marketplace.common; - -import java.io.IOException; - -import org.codehaus.jackson.map.DeserializationConfig; -import org.codehaus.jackson.map.ObjectMapper; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Json tools class, packaging a number of commonly used Json methods.<br> - * - * @author - * @version GSO 0.5 2016-08-26 - */ -public final class JsonUtil { - - private static final Logger LOGGER = LoggerFactory.getLogger(JsonUtil.class); - - private JsonUtil() { - } - - /** - * Convert object to JSON.<br> - * - * @param obj The object to be converted - * @return The JSON string - * @since GSO 0.5 - */ - public static String toJson(Object obj) { - try { - return new ObjectMapper().writeValueAsString(obj); - } catch (IOException ex) { - LOGGER.error("Parser to json error.", ex); - throw new IllegalArgumentException("Parser obj to json error, obj = " + obj, ex); - } - } - - /** - * Convert JSON to object.<br> - * - * @param jsonStr The JSON to be converted - * @param objClass The object class - * @return The objClass object - * @since GSO 0.5 - */ - public static <T> T fromJson(String jsonStr, Class<T> objClass) { - try { - ObjectMapper mapper = new ObjectMapper(); - mapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false); - return mapper.readValue(jsonStr, objClass); - } catch (IOException ex) { - LOGGER.error("Parser to object error.", ex); - throw new IllegalArgumentException( - "Parser json to object error, json = " + jsonStr + ", expect class = " + objClass, ex); - } - } - -} diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java index f48a07f3..d3f161f9 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java @@ -23,7 +23,6 @@ import org.apache.http.entity.ContentType; import org.apache.http.entity.mime.MultipartEntityBuilder; import org.onap.vnfsdk.marketplace.common.CommonConstant; import org.onap.vnfsdk.marketplace.common.FileUtil; -import org.onap.vnfsdk.marketplace.common.JsonUtil; import org.onap.vnfsdk.marketplace.msb.MsbDetails; import org.onap.vnfsdk.marketplace.msb.MsbDetailsHolder; import org.onap.vnfsdk.marketplace.onboarding.entity.OnBoradingRequest; @@ -129,11 +128,11 @@ public class LifecycleTestExceutor { return result; } - String rawDataJson = JsonUtil.toJson(oLifeCycleTestReq); - if (null == rawDataJson) { - logger.error("Failed to convert LifeCycleTestReq object to Json String !!!"); - return result; - } + String rawDataJson = ""; //TBD - Use Gson - jackson has security issue//JsonUtil.toJson(oLifeCycleTestReq); +// if (null == rawDataJson) { +// logger.error("Failed to convert LifeCycleTestReq object to Json String !!!"); +// return result; +// } RestResponse oResponse = RestfulClient.sendPostRequest(oMsbDetails.getDefaultServer().getHost(), oMsbDetails.getDefaultServer().getPort(), CommonConstant.LifeCycleTest.LIFECYCLE_TEST_URL, rawDataJson); diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java index d779bf5f..d793a32b 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java @@ -38,7 +38,6 @@ import org.glassfish.jersey.media.multipart.FormDataContentDisposition; import org.onap.validation.csar.CsarValidator; import org.onap.vnfsdk.marketplace.common.CommonConstant; import org.onap.vnfsdk.marketplace.common.FileUtil; -import org.onap.vnfsdk.marketplace.common.JsonUtil; import org.onap.vnfsdk.marketplace.common.RestUtil; import org.onap.vnfsdk.marketplace.common.ToolUtil; import org.onap.vnfsdk.marketplace.db.entity.PackageData; @@ -86,8 +85,8 @@ public class PackageWrapper { return Response.status(Status.EXPECTATION_FAILED).build(); } - ValidateLifecycleTestResponse lyfValidateResp = - JsonUtil.fromJson(reqParam, ValidateLifecycleTestResponse.class); + ValidateLifecycleTestResponse lyfValidateResp = null; //TBD - Use Gson - jackson has security issue/ + //JsonUtil.fromJson(reqParam, ValidateLifecycleTestResponse.class); if(!checkOperationSucess(lyfValidateResp)) { return Response.status(Status.EXPECTATION_FAILED).build(); } diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java b/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java index 12812006..d1562f8f 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java @@ -35,13 +35,10 @@ import java.util.zip.ZipOutputStream; import javax.ws.rs.core.Response; -import org.apache.ibatis.exceptions.PersistenceException; -import org.codehaus.jackson.JsonNode; import org.glassfish.jersey.media.multipart.FormDataContentDisposition; import org.junit.Before; import org.junit.Test; import org.onap.vnfsdk.marketplace.common.FileUtil; -import org.onap.vnfsdk.marketplace.common.JsonUtil; import org.onap.vnfsdk.marketplace.common.ToolUtil; import org.onap.vnfsdk.marketplace.db.entity.PackageData; import org.onap.vnfsdk.marketplace.db.impl.MarketplaceDaoImpl; @@ -1032,21 +1029,6 @@ public class PackageResourceTest { assertEquals(res, true); } - @Test - public void testToJson() { - List<String> listObj = new ArrayList<String>(); - listObj.add("test"); - String res = JsonUtil.toJson(listObj); - assertNotNull(res); - } - - @Test - public void testfromJson() { - - String carJson = "{ \"brand\" : \"Mercedes\", \"doors\" : 5 }"; - JsonNode res = JsonUtil.fromJson(carJson, JsonNode.class); - assertNotNull(res); - } @Test public void testUnzip() { |