summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMurali-P <murali.p@huawei.com>2018-03-09 10:54:43 +0530
committerMurali-P <murali.p@huawei.com>2018-03-09 10:54:43 +0530
commit4a1cd7d20355ccf09b1d6ae133ea2a3702416ffd (patch)
tree8db1e471aaaf036b3302b0c678c678e0867c3b57
parentf091c83dd2a68711ba603ffc7ef2fe4b1c69ec62 (diff)
Remove jackson to avoid security issues
Fix security issues raised by LF Issue-ID: VNFSDK-161 Change-Id: I9cd93c56897b63e6153da06d11fc9b39a20f541b Signed-off-by: Murali-P <murali.p@huawei.com>
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/pom.xml20
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java75
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java11
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java5
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java18
5 files changed, 10 insertions, 119 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/pom.xml b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
index 0f4fd776..cce15648 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/pom.xml
+++ b/vnfmarket-be/vnf-sdk-marketplace/pom.xml
@@ -76,7 +76,7 @@
<dependency>
<groupId>io.swagger</groupId>
<artifactId>swagger-jersey2-jaxrs</artifactId>
- <version>1.5.3</version>
+ <version>1.5.18</version>
</dependency>
<!-- jersey -->
<dependency>
@@ -163,22 +163,8 @@
<artifactId>ant</artifactId>
<version>1.8.2</version>
<scope>test</scope>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- <version>2.9.4</version>
- </dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-jaxrs</artifactId>
- <version>1.9.13</version>
- </dependency>
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>jackson-mapper-asl</artifactId>
- <version>1.9.13</version>
- </dependency>
+ </dependency>
+
<dependency>
<groupId>org.apache.commons</groupId>
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java
deleted file mode 100644
index 1a47522c..00000000
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2016 Huawei Technologies Co., Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onap.vnfsdk.marketplace.common;
-
-import java.io.IOException;
-
-import org.codehaus.jackson.map.DeserializationConfig;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Json tools class, packaging a number of commonly used Json methods.<br>
- *
- * @author
- * @version GSO 0.5 2016-08-26
- */
-public final class JsonUtil {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(JsonUtil.class);
-
- private JsonUtil() {
- }
-
- /**
- * Convert object to JSON.<br>
- *
- * @param obj The object to be converted
- * @return The JSON string
- * @since GSO 0.5
- */
- public static String toJson(Object obj) {
- try {
- return new ObjectMapper().writeValueAsString(obj);
- } catch (IOException ex) {
- LOGGER.error("Parser to json error.", ex);
- throw new IllegalArgumentException("Parser obj to json error, obj = " + obj, ex);
- }
- }
-
- /**
- * Convert JSON to object.<br>
- *
- * @param jsonStr The JSON to be converted
- * @param objClass The object class
- * @return The objClass object
- * @since GSO 0.5
- */
- public static <T> T fromJson(String jsonStr, Class<T> objClass) {
- try {
- ObjectMapper mapper = new ObjectMapper();
- mapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false);
- return mapper.readValue(jsonStr, objClass);
- } catch (IOException ex) {
- LOGGER.error("Parser to object error.", ex);
- throw new IllegalArgumentException(
- "Parser json to object error, json = " + jsonStr + ", expect class = " + objClass, ex);
- }
- }
-
-}
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
index f48a07f3..d3f161f9 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
@@ -23,7 +23,6 @@ import org.apache.http.entity.ContentType;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.onap.vnfsdk.marketplace.common.CommonConstant;
import org.onap.vnfsdk.marketplace.common.FileUtil;
-import org.onap.vnfsdk.marketplace.common.JsonUtil;
import org.onap.vnfsdk.marketplace.msb.MsbDetails;
import org.onap.vnfsdk.marketplace.msb.MsbDetailsHolder;
import org.onap.vnfsdk.marketplace.onboarding.entity.OnBoradingRequest;
@@ -129,11 +128,11 @@ public class LifecycleTestExceutor {
return result;
}
- String rawDataJson = JsonUtil.toJson(oLifeCycleTestReq);
- if (null == rawDataJson) {
- logger.error("Failed to convert LifeCycleTestReq object to Json String !!!");
- return result;
- }
+ String rawDataJson = ""; //TBD - Use Gson - jackson has security issue//JsonUtil.toJson(oLifeCycleTestReq);
+// if (null == rawDataJson) {
+// logger.error("Failed to convert LifeCycleTestReq object to Json String !!!");
+// return result;
+// }
RestResponse oResponse = RestfulClient.sendPostRequest(oMsbDetails.getDefaultServer().getHost(),
oMsbDetails.getDefaultServer().getPort(), CommonConstant.LifeCycleTest.LIFECYCLE_TEST_URL, rawDataJson);
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
index d779bf5f..d793a32b 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
@@ -38,7 +38,6 @@ import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.onap.validation.csar.CsarValidator;
import org.onap.vnfsdk.marketplace.common.CommonConstant;
import org.onap.vnfsdk.marketplace.common.FileUtil;
-import org.onap.vnfsdk.marketplace.common.JsonUtil;
import org.onap.vnfsdk.marketplace.common.RestUtil;
import org.onap.vnfsdk.marketplace.common.ToolUtil;
import org.onap.vnfsdk.marketplace.db.entity.PackageData;
@@ -86,8 +85,8 @@ public class PackageWrapper {
return Response.status(Status.EXPECTATION_FAILED).build();
}
- ValidateLifecycleTestResponse lyfValidateResp =
- JsonUtil.fromJson(reqParam, ValidateLifecycleTestResponse.class);
+ ValidateLifecycleTestResponse lyfValidateResp = null; //TBD - Use Gson - jackson has security issue/
+ //JsonUtil.fromJson(reqParam, ValidateLifecycleTestResponse.class);
if(!checkOperationSucess(lyfValidateResp)) {
return Response.status(Status.EXPECTATION_FAILED).build();
}
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java b/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java
index 12812006..d1562f8f 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/test/java/org/onap/vnfsdk/marketplace/resource/PackageResourceTest.java
@@ -35,13 +35,10 @@ import java.util.zip.ZipOutputStream;
import javax.ws.rs.core.Response;
-import org.apache.ibatis.exceptions.PersistenceException;
-import org.codehaus.jackson.JsonNode;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.junit.Before;
import org.junit.Test;
import org.onap.vnfsdk.marketplace.common.FileUtil;
-import org.onap.vnfsdk.marketplace.common.JsonUtil;
import org.onap.vnfsdk.marketplace.common.ToolUtil;
import org.onap.vnfsdk.marketplace.db.entity.PackageData;
import org.onap.vnfsdk.marketplace.db.impl.MarketplaceDaoImpl;
@@ -1032,21 +1029,6 @@ public class PackageResourceTest {
assertEquals(res, true);
}
- @Test
- public void testToJson() {
- List<String> listObj = new ArrayList<String>();
- listObj.add("test");
- String res = JsonUtil.toJson(listObj);
- assertNotNull(res);
- }
-
- @Test
- public void testfromJson() {
-
- String carJson = "{ \"brand\" : \"Mercedes\", \"doors\" : 5 }";
- JsonNode res = JsonUtil.fromJson(carJson, JsonNode.class);
- assertNotNull(res);
- }
@Test
public void testUnzip() {