diff options
author | Chris Donley <christopher.donley@huawei.com> | 2018-03-26 16:24:40 -0700 |
---|---|---|
committer | Chris Donley <christopher.donley@huawei.com> | 2018-03-26 23:55:26 +0000 |
commit | c586ed12d006e0ba277fec5848709dffa09cfb37 (patch) | |
tree | 58a934b25507ba806c7d4ee74f0e903f9690fa64 /vnfmarket-be/vnf-sdk-marketplace | |
parent | 04c21fa35a365fd318e76a38a30e12df367c1313 (diff) |
Remove security vulnerabilities
add note on security for jackson.databind from FileUtil.java and LifecycleTestExceutor.java
Remove unused test version of jquery 1.9.1. Real jquery is 3.1.1.
Issue-ID: VNFSDK-212
Change-Id: Id8e0d7afa32a86cee371373ec6289f4e22ba2031
Signed-off-by: Chris Donley <christopher.donley@huawei.com>
Diffstat (limited to 'vnfmarket-be/vnf-sdk-marketplace')
2 files changed, 6 insertions, 2 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java index 073bb3eb..3ea5e410 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java @@ -32,10 +32,12 @@ import org.slf4j.LoggerFactory; import com.fasterxml.jackson.core.JsonGenerationException; import com.fasterxml.jackson.core.JsonParseException; +/** note jackson has security vulnerabilities */ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; + public final class FileUtil { public static final Logger logger = LoggerFactory.getLogger(FileUtil.class); diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java index d3f161f9..0311c6b0 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 Huawei Technologies Co., Ltd. + * Copyright 2017-2018 Huawei Technologies Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,11 +33,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.fasterxml.jackson.core.JsonParseException; +/** note jackson has security vulnerabilities. use with care */ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; -/* CALL Flow: onBoardingHandler --> LifecycleTestHook--> LifecycleTestExecutor */ + +/** CALL Flow: onBoardingHandler --> LifecycleTestHook--> LifecycleTestExecutor */ public class LifecycleTestExceutor { private static final Logger logger = LoggerFactory.getLogger(LifecycleTestExceutor.class); public static final String CATALOUGE_UPLOAD_URL_IN = "{0}:{1}/onapapi/catalog/v1/csars"; |