From 4a1cd7d20355ccf09b1d6ae133ea2a3702416ffd Mon Sep 17 00:00:00 2001
From: Murali-P <murali.p@huawei.com>
Date: Fri, 9 Mar 2018 10:54:43 +0530
Subject: Remove jackson to avoid security issues

Fix security issues raised by LF

Issue-ID: VNFSDK-161

Change-Id: I9cd93c56897b63e6153da06d11fc9b39a20f541b
Signed-off-by: Murali-P <murali.p@huawei.com>
---
 .../onap/vnfsdk/marketplace/common/JsonUtil.java   | 75 ----------------------
 .../validatelifecycle/LifecycleTestExceutor.java   | 11 ++--
 .../vnfsdk/marketplace/wrapper/PackageWrapper.java |  5 +-
 3 files changed, 7 insertions(+), 84 deletions(-)
 delete mode 100644 vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java

(limited to 'vnfmarket-be/vnf-sdk-marketplace/src/main')

diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java
deleted file mode 100644
index 1a47522c..00000000
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/JsonUtil.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2016 Huawei Technologies Co., Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onap.vnfsdk.marketplace.common;
-
-import java.io.IOException;
-
-import org.codehaus.jackson.map.DeserializationConfig;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Json tools class, packaging a number of commonly used Json methods.<br>
- * 
- * @author
- * @version GSO 0.5 2016-08-26
- */
-public final class JsonUtil {
-
-    private static final Logger LOGGER = LoggerFactory.getLogger(JsonUtil.class);
-
-    private JsonUtil() {
-    }
-
-    /**
-     * Convert object to JSON.<br>
-     * 
-     * @param obj The object to be converted
-     * @return The JSON string
-     * @since GSO 0.5
-     */
-    public static String toJson(Object obj) {
-        try {
-            return new ObjectMapper().writeValueAsString(obj);
-        } catch (IOException ex) {
-            LOGGER.error("Parser to json error.", ex);
-            throw new IllegalArgumentException("Parser obj to json error, obj = " + obj, ex);
-        }
-    }
-
-    /**
-     * Convert JSON to object.<br>
-     * 
-     * @param jsonStr The JSON to be converted
-     * @param objClass The object class
-     * @return The objClass object
-     * @since GSO 0.5
-     */
-    public static <T> T fromJson(String jsonStr, Class<T> objClass) {
-        try {
-            ObjectMapper mapper = new ObjectMapper();
-            mapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-            return mapper.readValue(jsonStr, objClass);
-        } catch (IOException ex) {
-            LOGGER.error("Parser to object error.", ex);
-            throw new IllegalArgumentException(
-                    "Parser json to object error, json = " + jsonStr + ", expect class = " + objClass, ex);
-        }
-    }
-
-}
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
index f48a07f3..d3f161f9 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java
@@ -23,7 +23,6 @@ import org.apache.http.entity.ContentType;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.onap.vnfsdk.marketplace.common.CommonConstant;
 import org.onap.vnfsdk.marketplace.common.FileUtil;
-import org.onap.vnfsdk.marketplace.common.JsonUtil;
 import org.onap.vnfsdk.marketplace.msb.MsbDetails;
 import org.onap.vnfsdk.marketplace.msb.MsbDetailsHolder;
 import org.onap.vnfsdk.marketplace.onboarding.entity.OnBoradingRequest;
@@ -129,11 +128,11 @@ public class LifecycleTestExceutor {
 			return result;
 		}
 
-		String rawDataJson = JsonUtil.toJson(oLifeCycleTestReq);
-		if (null == rawDataJson) {
-			logger.error("Failed to convert LifeCycleTestReq object to Json String !!!");
-			return result;
-		}
+		String rawDataJson = ""; //TBD - Use Gson - jackson has security issue//JsonUtil.toJson(oLifeCycleTestReq);
+//		if (null == rawDataJson) {
+//			logger.error("Failed to convert LifeCycleTestReq object to Json String !!!");
+//			return result;
+//		}
 
 		RestResponse oResponse = RestfulClient.sendPostRequest(oMsbDetails.getDefaultServer().getHost(),
 				oMsbDetails.getDefaultServer().getPort(), CommonConstant.LifeCycleTest.LIFECYCLE_TEST_URL, rawDataJson);
diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
index d779bf5f..d793a32b 100644
--- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
+++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/wrapper/PackageWrapper.java
@@ -38,7 +38,6 @@ import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.onap.validation.csar.CsarValidator;
 import org.onap.vnfsdk.marketplace.common.CommonConstant;
 import org.onap.vnfsdk.marketplace.common.FileUtil;
-import org.onap.vnfsdk.marketplace.common.JsonUtil;
 import org.onap.vnfsdk.marketplace.common.RestUtil;
 import org.onap.vnfsdk.marketplace.common.ToolUtil;
 import org.onap.vnfsdk.marketplace.db.entity.PackageData;
@@ -86,8 +85,8 @@ public class PackageWrapper {
             return Response.status(Status.EXPECTATION_FAILED).build();
         }
 
-        ValidateLifecycleTestResponse lyfValidateResp =
-                JsonUtil.fromJson(reqParam, ValidateLifecycleTestResponse.class);
+        ValidateLifecycleTestResponse lyfValidateResp = null; //TBD - Use Gson - jackson has security issue/
+                //JsonUtil.fromJson(reqParam, ValidateLifecycleTestResponse.class);
         if(!checkOperationSucess(lyfValidateResp)) {
             return Response.status(Status.EXPECTATION_FAILED).build();
         }
-- 
cgit 1.2.3-korg