From c586ed12d006e0ba277fec5848709dffa09cfb37 Mon Sep 17 00:00:00 2001 From: Chris Donley Date: Mon, 26 Mar 2018 16:24:40 -0700 Subject: Remove security vulnerabilities add note on security for jackson.databind from FileUtil.java and LifecycleTestExceutor.java Remove unused test version of jquery 1.9.1. Real jquery is 3.1.1. Issue-ID: VNFSDK-212 Change-Id: Id8e0d7afa32a86cee371373ec6289f4e22ba2031 Signed-off-by: Chris Donley --- .../src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java | 2 ++ .../onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'vnfmarket-be/vnf-sdk-marketplace/src') diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java index 073bb3eb..3ea5e410 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/common/FileUtil.java @@ -32,10 +32,12 @@ import org.slf4j.LoggerFactory; import com.fasterxml.jackson.core.JsonGenerationException; import com.fasterxml.jackson.core.JsonParseException; +/** note jackson has security vulnerabilities */ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; + public final class FileUtil { public static final Logger logger = LoggerFactory.getLogger(FileUtil.class); diff --git a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java index d3f161f9..0311c6b0 100644 --- a/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java +++ b/vnfmarket-be/vnf-sdk-marketplace/src/main/java/org/onap/vnfsdk/marketplace/onboarding/hooks/validatelifecycle/LifecycleTestExceutor.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 Huawei Technologies Co., Ltd. + * Copyright 2017-2018 Huawei Technologies Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,11 +33,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.fasterxml.jackson.core.JsonParseException; +/** note jackson has security vulnerabilities. use with care */ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; -/* CALL Flow: onBoardingHandler --> LifecycleTestHook--> LifecycleTestExecutor */ + +/** CALL Flow: onBoardingHandler --> LifecycleTestHook--> LifecycleTestExecutor */ public class LifecycleTestExceutor { private static final Logger logger = LoggerFactory.getLogger(LifecycleTestExceutor.class); public static final String CATALOUGE_UPLOAD_URL_IN = "{0}:{1}/onapapi/catalog/v1/csars"; -- cgit 1.2.3-korg