summaryrefslogtreecommitdiffstats
path: root/vnfmarket-be
diff options
context:
space:
mode:
authorChris Donley <christopher.donley@huawei.com>2018-03-26 16:24:40 -0700
committerChris Donley <christopher.donley@huawei.com>2018-03-26 23:55:26 +0000
commitc586ed12d006e0ba277fec5848709dffa09cfb37 (patch)
tree58a934b25507ba806c7d4ee74f0e903f9690fa64 /vnfmarket-be
parent04c21fa35a365fd318e76a38a30e12df367c1313 (diff)
Remove security vulnerabilities
add note on security for jackson.databind from FileUtil.java and LifecycleTestExceutor.java Remove unused test version of jquery 1.9.1. Real jquery is 3.1.1. Issue-ID: VNFSDK-212 Change-Id: Id8e0d7afa32a86cee371373ec6289f4e22ba2031 Signed-off-by: Chris Donley <christopher.donley@huawei.com>
Diffstat (limited to 'vnfmarket-be')
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java2
-rw-r--r--vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java6
2 files changed, 6 insertions, 2 deletions
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java
index 073bb3eb..3ea5e410 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java
@@ -32,10 +32,12 @@ import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.core.JsonGenerationException;
import com.fasterxml.jackson.core.JsonParseException;
+/** note jackson has security vulnerabilities */
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
+
public final class FileUtil {
public static final Logger logger = LoggerFactory.getLogger(FileUtil.class);
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
index d3f161f9..0311c6b0 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
@@ -1,5 +1,5 @@
/**
- * Copyright 2017 Huawei Technologies Co., Ltd.
+ * Copyright 2017-2018 Huawei Technologies Co., Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -33,11 +33,13 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.core.JsonParseException;
+/** note jackson has security vulnerabilities. use with care */
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
-/* CALL Flow: onBoardingHandler --> LifecycleTestHook--> LifecycleTestExecutor */
+
+/** CALL Flow: onBoardingHandler --> LifecycleTestHook--> LifecycleTestExecutor */
public class LifecycleTestExceutor {
private static final Logger logger = LoggerFactory.getLogger(LifecycleTestExceutor.class);
public static final String CATALOUGE_UPLOAD_URL_IN = "{0}:{1}/onapapi/catalog/v1/csars";