diff options
| -rw-r--r-- | Changelog.md | 18 | ||||
| -rw-r--r-- | csarvalidation/pom.xml | 4 | ||||
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java | 2 | ||||
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/validation/csar/CsarUtil.java | 242 | ||||
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/validation/csar/CsarValidator.java | 40 | ||||
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/validation/csar/FileUtil.java | 32 | ||||
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/validation/csar/VTPValidateCSAR.java | 2 | ||||
| -rw-r--r-- | csarvalidation/src/main/java/org/onap/validation/csar/ValidatorSchemaLoader.java | 2 | ||||
| -rw-r--r-- | deployment/pom.xml | 2 | ||||
| -rw-r--r-- | pom.xml | 2 | ||||
| -rw-r--r-- | releases/1.2.12-maven.yaml | 5 | ||||
| -rw-r--r-- | version.properties | 2 |
12 files changed, 189 insertions, 164 deletions
diff --git a/Changelog.md b/Changelog.md index f871c16..3210fe6 100644 --- a/Changelog.md +++ b/Changelog.md @@ -67,3 +67,21 @@ All notable changes to this project will be documented in this file. - https://jira.onap.org/browse/VNFSDK-644 ## [1.2.12] + +## Fixed +- Fixed rule R816745 that was searching for the path to PM_Dictionary in manifest file under name source, + instead of Source (starting with a capital letter). + Now both versions (source and Source) are accepted by this rule. + - https://jira.onap.org/browse/VNFSDK-645 +- Fixed commons-codec vulnerability + - https://jira.onap.org/browse/VNFSDK-584 + +## Added +- Added non-vulnerable log4j version + - https://jira.onap.org/browse/VNFSDK-553 + +## Upgrade +- Upgraded from java 8 to java 11 + - https://jira.onap.org/browse/VNFSDK-631 + +## [1.2.13] diff --git a/csarvalidation/pom.xml b/csarvalidation/pom.xml index 07e553d..12e3b93 100644 --- a/csarvalidation/pom.xml +++ b/csarvalidation/pom.xml @@ -14,7 +14,7 @@ <parent> <groupId>org.onap.vnfsdk.validation</groupId> <artifactId>validation</artifactId> - <version>1.2.12-SNAPSHOT</version> + <version>1.2.13-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>validation-csar</artifactId> @@ -35,7 +35,7 @@ </repositories> <properties> - <log4j-slf4j-impl.version>2.13.0</log4j-slf4j-impl.version> + <log4j-slf4j-impl.version>2.13.3</log4j-slf4j-impl.version> <snakeyaml.version>1.26</snakeyaml.version> <jackson-core.version>2.9.4</jackson-core.version> <junit.version>4.12</junit.version> diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java index e8c558b..b004858 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java @@ -57,7 +57,7 @@ public abstract class VTPValidateCSARBase extends OnapCommand { this.validateCSAR(csar); } catch (Exception e) { - LOG.error(this.getVnfReqsNo() + ": Failed to validate CSAR" , e); + LOG.error("{}: Failed to validate CSAR {}", this.getVnfReqsNo(), e); throw new OnapCommandExecutionFailed(e.getMessage()); } diff --git a/csarvalidation/src/main/java/org/onap/validation/csar/CsarUtil.java b/csarvalidation/src/main/java/org/onap/validation/csar/CsarUtil.java index c2d6048..7d48b06 100644 --- a/csarvalidation/src/main/java/org/onap/validation/csar/CsarUtil.java +++ b/csarvalidation/src/main/java/org/onap/validation/csar/CsarUtil.java @@ -32,127 +32,131 @@ import java.util.zip.ZipEntry; import java.util.zip.ZipFile; import java.util.Map; -public class CsarUtil { - - private static final Logger logger = LoggerFactory.getLogger(CsarUtil.class); - - public static String getUnzipDir(String dirName) { - File tmpDir = new File(File.separator + dirName); - return tmpDir.getAbsolutePath().replace(".csar", ""); - } - - /** - * unzip zip file. - * - * @param zipFileName - * file name to zip - * @param extPlace - * extPlace - * @return unzip file names in zip - * @throws IOException - * e1 - * @throws ValidationException - */ - public static Map<String, String> unzip(String zipFileName, String extPlace) throws IOException { - HashMap<String, String> unzipFileNames = new HashMap<>(); - - try(ZipFile zipFile = new ZipFile(zipFileName)) { - - Enumeration<?> fileEn = zipFile.entries(); - byte[] buffer = new byte[CommonConstants.BUFFER_SIZE]; - - while (fileEn.hasMoreElements()) { - InputStream input = null; - BufferedOutputStream bos = null; - ZipEntry entry = (ZipEntry) fileEn.nextElement(); - if (!entry.isDirectory()) { - try { - input = zipFile.getInputStream(entry); - File file = new File(extPlace, entry.getName()); - - //Currently it does not support xml based VNF descriptors. - //So skip and proceed to YAML defined files validation only. - if (file.getAbsolutePath().contains("xml"+System.getProperty("file.separator"))) { - continue; - } - - if (!file.getParentFile().exists()) { - FileUtil.createDirectory(file.getParentFile().getAbsolutePath()); - } - - bos = new BufferedOutputStream(new FileOutputStream(file)); - while (true) { - int length = input.read(buffer); - if (length == -1) { - break; - } - bos.write(buffer, 0, length); - } - - unzipFileNames.put(file.getName(), file.getAbsolutePath()); - - } finally { - closeOutputStream(bos); - closeInputStream(input); - } - } +public final class CsarUtil { + + private static final Logger logger = LoggerFactory.getLogger(CsarUtil.class); + + private CsarUtil(){ + //It is made private in order to resolve: Utility classes should not have public constructors + } + public static String getUnzipDir(String dirName) { + File tmpDir = new File(File.separator + dirName); + return tmpDir.getAbsolutePath().replace(".csar", ""); + } + + /** + * unzip zip file. + * + * @param zipFileName + * file name to zip + * @param extPlace + * extPlace + * @return unzip file names in zip + * @throws IOException + * e1 + * @throws ValidationException + */ + public static Map<String, String> unzip(String zipFileName, String extPlace) throws IOException { + HashMap<String, String> unzipFileNames = new HashMap<>(); + InputStream input = null; + try(ZipFile zipFile = new ZipFile(zipFileName)) { + + Enumeration<?> fileEn = zipFile.entries(); + byte[] buffer = new byte[CommonConstants.BUFFER_SIZE]; + + while (fileEn.hasMoreElements()) { + ZipEntry entry = (ZipEntry) fileEn.nextElement(); + if (entry.isDirectory()) { + continue; } - } - return unzipFileNames; - } - - /** - * close InputStream. - * - * @param inputStream - * the inputstream to close - * @throws ValidationException - */ - public static void closeInputStream(InputStream inputStream) { - try { - if (inputStream != null) { - inputStream.close(); + + input = zipFile.getInputStream(entry); + File file = new File(extPlace, entry.getName()); + + //Currently it does not support xml based VNF descriptors. + //So skip and proceed to YAML defined files validation only. + if (file.getAbsolutePath().contains("xml"+System.getProperty("file.separator"))) { + continue; } - } catch (Exception e1) { - logger.error("FILE_IO" + ":" + "close InputStream error! " +ErrorCodes.FILE_IO+" "+ e1.getMessage(), e1); - throw new ValidationException(ErrorCodes.FILE_IO); - } - } - - /** - * close OutputStream. - * - * @param outputStream - * the output stream to close - * @throws ValidationException - */ - public static void closeOutputStream(OutputStream outputStream) { - try { - if (outputStream != null) { - outputStream.close(); + + updateUnzipFileNames(input, buffer, unzipFileNames, file); + } + } finally { + closeInputStream(input); + } + return unzipFileNames; + } + + private static void updateUnzipFileNames(InputStream input, byte[] buffer, HashMap<String, String> unzipFileNames, File file) throws IOException { + if (!file.getParentFile().exists()) { + FileUtil.createDirectory(file.getParentFile().getAbsolutePath()); + } + try (BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file))){ + while (true) { + int length = input.read(buffer); + if (length == -1) { + break; } - } catch (Exception e1) { - logger.error("FILE_IO" + ":" + "close OutputStream error! " +ErrorCodes.FILE_IO, e1); - throw new ValidationException(ErrorCodes.FILE_IO); - - } - } - - /** - * - * @param filePath - * @return HashMap<String, String> - */ - public static Map<String, String> csarExtract(String filePath) { - - try { - String tempfolder = CsarUtil.getUnzipDir(filePath); - return CsarUtil.unzip(filePath, tempfolder); - - } catch (IOException e1) { - logger.error("CSAR_EXTRACTION" + ":" + "CSAR extraction error ! " +ErrorCodes.FILE_IO+" "+ e1.getMessage(), e1); - throw new ValidationException(ErrorCodes.FILE_IO); - } - } + bos.write(buffer, 0, length); + } + + unzipFileNames.put(file.getName(), file.getAbsolutePath()); + } + } + + /** + * close InputStream. + * + * @param inputStream + * the inputstream to close + * @throws ValidationException + */ + public static void closeInputStream(InputStream inputStream) { + try { + if (inputStream != null) { + inputStream.close(); + } + } catch (Exception e1) { + String errCodeMessage = ErrorCodes.FILE_IO+" "+ e1.getMessage(); + logger.error("FILE_IO:close InputStream error! {} {}", errCodeMessage, e1); + throw new ValidationException(ErrorCodes.FILE_IO); + } + } + + /** + * close OutputStream. + * + * @param outputStream + * the output stream to close + * @throws ValidationException + */ + public static void closeOutputStream(OutputStream outputStream) { + try { + if (outputStream != null) { + outputStream.close(); + } + } catch (Exception e1) { + logger.error("FILE_IO:close OutputStream error! {} {}", ErrorCodes.FILE_IO, e1); + throw new ValidationException(ErrorCodes.FILE_IO); + + } + } + /** + * + * @param filePath + * @return HashMap<String, String> + */ + public static Map<String, String> csarExtract(String filePath) { + + try { + String tempfolder = CsarUtil.getUnzipDir(filePath); + return CsarUtil.unzip(filePath, tempfolder); + + } catch (IOException e1) { + String errCodeMessage = ErrorCodes.FILE_IO+" "+ e1.getMessage(); + logger.error("CSAR_EXTRACTION:CSAR extraction error ! {} {}", errCodeMessage, e1); + throw new ValidationException(ErrorCodes.FILE_IO); + } + } } diff --git a/csarvalidation/src/main/java/org/onap/validation/csar/CsarValidator.java b/csarvalidation/src/main/java/org/onap/validation/csar/CsarValidator.java index 0478758..bc18f8e 100644 --- a/csarvalidation/src/main/java/org/onap/validation/csar/CsarValidator.java +++ b/csarvalidation/src/main/java/org/onap/validation/csar/CsarValidator.java @@ -65,10 +65,8 @@ public class CsarValidator { */ public CsarValidator(String packageId, String csarWithPath) throws IOException { - try (FileInputStream is = new FileInputStream(csarWithPath)) { - - } catch(FileNotFoundException e2) { - LOG.error(csarWithPath + ":CSAR is not found! " + ErrorCodes.RESOURCE_MISSING, e2); + if (!isCsarExist(csarWithPath)) { + LOG.error(csarWithPath + ":CSAR is not found! " + ErrorCodes.RESOURCE_MISSING); throw new ValidationException(ErrorCodes.RESOURCE_MISSING, "RESOURCE MISSING" + csarWithPath + ":CSAR is not found!"); } @@ -80,8 +78,8 @@ public class CsarValidator { LOG.debug("CSAR extracted sucessfully."); } } catch(Exception e1) { - LOG.error("INVALID_CSAR_CONTENT" + ":" + csarWithPath + ": CSAR is not a valid CSAR/ZIP file! " - + ErrorCodes.INVALID_CSAR_CONTENT, e1); + LOG.error("INVALID_CSAR_CONTENT:{}: CSAR is not a valid CSAR/ZIP file! {} {}", + csarWithPath, ErrorCodes.INVALID_CSAR_CONTENT, e1); throw new ValidationException(ErrorCodes.INVALID_CSAR_CONTENT, "INVALID_CSAR_CONTENT" + ":" + csarWithPath + ": CSAR is not a valid CSAR/ZIP file! "); } @@ -89,9 +87,7 @@ public class CsarValidator { try { vsl = new ValidatorSchemaLoader(); } catch(Exception e) { - LOG.error( - "SCHEMA_LOAD_ERROR" + ":" + "CSAR schema is not loaded correctly! " + ErrorCodes.SCHEMA_LOAD_ERROR, - e); + LOG.error("SCHEMA_LOAD_ERROR:CSAR schema is not loaded correctly! {} {}", ErrorCodes.SCHEMA_LOAD_ERROR, e); throw new ValidationException(ErrorCodes.SCHEMA_LOAD_ERROR, "SCHEMA_LOAD_ERROR" + ":" + "CSAR schema is not loaded correctly! "); } @@ -127,8 +123,6 @@ public class CsarValidator { String vms = csarValidatorSeam.validateMainService(); - //String r02454 = r02454(); - if((!CommonConstants.SUCCESS_STR.equals(vsm)) && (!CommonConstants.SUCCESS_STR.equals(vms))) { return vsm + " OR " + vms; @@ -137,11 +131,6 @@ public class CsarValidator { if(!CommonConstants.SUCCESS_STR.equals(vtm)) { return vtm; } -/* - if (CommonConstants.SUCCESS_STR != r02454) { - return r02454; - } -*/ return CommonConstants.SUCCESS_STR; } @@ -283,8 +272,7 @@ public class CsarValidator { } } } catch(IOException | NullPointerException e) { - LOG.error("CSAR_TOSCA_VALIDATION" + ":" + "Could not read file %s ! " + ErrorCodes.FILE_IO + " " - + ErrorCodes.RESOURCE_MISSING, e); + LOG.error("CSAR_TOSCA_VALIDATION:Could not read file {} {} ! {}", ErrorCodes.FILE_IO, ErrorCodes.RESOURCE_MISSING, e); throw new ValidationException(ErrorCodes.RESOURCE_MISSING); } @@ -383,14 +371,16 @@ public class CsarValidator { Yaml yaml = new Yaml(); Map<String, ?> values; + String exceptionMessage; try (InputStream input = new FileInputStream(new File(cFile))) { values = (Map<String, ?>)yaml.load(input); } catch(FileNotFoundException e) { - LOG.error("FILE_NOT_FOUND" + ":" + "Exception caught while trying to find the file ! " + e.getMessage(), e); + exceptionMessage = e.getMessage(); + LOG.error("FILE_NOT_FOUND:Exception caught while trying to find the file ! {} {}", exceptionMessage, e); return false; } catch(IOException e1) { - LOG.error("FILE_NOT_FOUND" + ":" + "Exception caught while trying to open the file ! " + e1.getMessage(), - e1); + exceptionMessage = e1.getMessage(); + LOG.error("FILE_NOT_FOUND:Exception caught while trying to open the file ! {} {}", exceptionMessage, e1); return false; } @@ -435,9 +425,9 @@ public class CsarValidator { try (InputStream input = new FileInputStream(new File(cfile))) { toscaMeta = (Map<String, ?>)yaml.load(input); } catch(FileNotFoundException e) { - LOG.error("CSAR_TOSCA_LOAD" + ":" + "TOSCA metadata is not loaded by Yaml! " + ErrorCodes.FILE_IO, e); + LOG.error("CSAR_TOSCA_LOAD:TOSCA metadata is not loaded by Yaml! {} {}", ErrorCodes.FILE_IO, e); } catch(IOException e1) { - LOG.error("CSAR_TOSCA_LOAD" + ":" + "TOSCA metadata is not loaded by Yaml! " + ErrorCodes.FILE_IO, e1); + LOG.error("CSAR_TOSCA_LOAD:TOSCA metadata is not loaded by Yaml! {} {}", ErrorCodes.FILE_IO, e1); } if(toscaMeta != null) { return toscaMeta.keySet().containsAll((vsl.getToscaMeta().keySet())); @@ -461,4 +451,8 @@ public class CsarValidator { public static void setCsarFiles(Map<String, String> csarFiles) { CsarValidator.csarFiles = csarFiles; } + + public static boolean isCsarExist(String csarWithPath){ + return new File(csarWithPath).exists(); + } } diff --git a/csarvalidation/src/main/java/org/onap/validation/csar/FileUtil.java b/csarvalidation/src/main/java/org/onap/validation/csar/FileUtil.java index eedd628..ccf1c71 100644 --- a/csarvalidation/src/main/java/org/onap/validation/csar/FileUtil.java +++ b/csarvalidation/src/main/java/org/onap/validation/csar/FileUtil.java @@ -63,17 +63,19 @@ public final class FileUtil { */ public static boolean deleteFile(File file) { String hintInfo = file.isDirectory() ? "dir " : "file "; - boolean isFileDeleted=false; - try { - if (file.exists()) { - Files.delete(Paths.get(file.getPath())); - logger.info("delete {} {}" ,hintInfo, file.getAbsolutePath()); + boolean isFileDeleted = file.delete(); + boolean isFileExist = file.exists(); + String fileAbsolutePath = file.getAbsolutePath(); + if (!isFileExist) { + if (isFileDeleted) { + logger.info("delete {}{}", hintInfo, fileAbsolutePath); } else { - logger.info("file not exist. no need delete {} {}" ,hintInfo , file.getAbsolutePath()); + isFileDeleted = true; + logger.info("file not exist. no need delete {}{}", hintInfo, fileAbsolutePath); } - isFileDeleted=true; - } catch (IOException e) { - logger.error("fail to delete {} {} ", hintInfo, file.getAbsolutePath(), ", exception :: ", e); + } else { + logger.info("fail to delete {}{}", hintInfo, fileAbsolutePath); + } return isFileDeleted; } @@ -91,7 +93,8 @@ public final class FileUtil { inputStream.close(); } } catch (Exception e1) { - logger.error(FILE_IO_STR + ":" + "close InputStream error! "+ErrorCodes.FILE_IO+ " " + e1.getMessage(), e1); + String errCodeMessage = ErrorCodes.FILE_IO+ " " + e1.getMessage(); + logger.error("FILE_IO:close InputStream error! {}{}", errCodeMessage, e1); throw new ValidationException(ErrorCodes.FILE_IO); } } @@ -108,7 +111,8 @@ public final class FileUtil { outputStream.close(); } } catch (Exception e1) { - logger.error(FILE_IO_STR + ":" + "close OutputStream error! "+ErrorCodes.FILE_IO+ " " + e1.getMessage(), e1); + String errCodeMessage = ErrorCodes.FILE_IO+ " " + e1.getMessage(); + logger.error("FILE_IO:close OutputStream error! {}{}", errCodeMessage, e1); throw new ValidationException(ErrorCodes.FILE_IO); } } @@ -119,7 +123,8 @@ public final class FileUtil { ifs.close(); } } catch (Exception e1) { - logger.error(FILE_IO_STR + ":" + "close OutputStream error! "+ErrorCodes.FILE_IO+ " " + e1.getMessage(), e1); + String errCodeMessage = ErrorCodes.FILE_IO+ " " + e1.getMessage(); + logger.error("FILE_IO:close OutputStream error! {}{}", errCodeMessage, e1); throw new ValidationException(ErrorCodes.FILE_IO); } } @@ -136,7 +141,8 @@ public final class FileUtil { zipFile.close(); } } catch (IOException e1) { - logger.error("CLOSE_ZIPFILE" + ":" + "close ZipFile error! "+ErrorCodes.FILE_IO+ " " + e1.getMessage(), e1); + String errCodeMessage = ErrorCodes.FILE_IO+ " " + e1.getMessage(); + logger.error("CLOSE_ZIPFILE:close ZipFile error! {}{}", errCodeMessage, e1); throw new ValidationException(ErrorCodes.FILE_IO); } } diff --git a/csarvalidation/src/main/java/org/onap/validation/csar/VTPValidateCSAR.java b/csarvalidation/src/main/java/org/onap/validation/csar/VTPValidateCSAR.java index b97b488..1624e46 100644 --- a/csarvalidation/src/main/java/org/onap/validation/csar/VTPValidateCSAR.java +++ b/csarvalidation/src/main/java/org/onap/validation/csar/VTPValidateCSAR.java @@ -30,7 +30,7 @@ import org.slf4j.LoggerFactory; */ @OnapCommandSchema(schema = "vtp-validate-csar-casablanca.yaml") public class VTPValidateCSAR extends OnapCommand { - private static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSAR.class); + private static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSAR.class); //NOSONAR @Override protected void run() throws OnapCommandException { diff --git a/csarvalidation/src/main/java/org/onap/validation/csar/ValidatorSchemaLoader.java b/csarvalidation/src/main/java/org/onap/validation/csar/ValidatorSchemaLoader.java index c488c11..b96275f 100644 --- a/csarvalidation/src/main/java/org/onap/validation/csar/ValidatorSchemaLoader.java +++ b/csarvalidation/src/main/java/org/onap/validation/csar/ValidatorSchemaLoader.java @@ -46,8 +46,6 @@ public class ValidatorSchemaLoader { static HashMap<String, String> optionTwoSchema; - private String schemaFolder; - public ValidatorSchemaLoader() { loadResources(); diff --git a/deployment/pom.xml b/deployment/pom.xml index bb56d3a..7e2acab 100644 --- a/deployment/pom.xml +++ b/deployment/pom.xml @@ -24,7 +24,7 @@ <parent> <groupId>org.onap.vnfsdk.validation</groupId> <artifactId>validation</artifactId> - <version>1.2.12-SNAPSHOT</version> + <version>1.2.13-SNAPSHOT</version> </parent> <artifactId>csarvalidation-deployment</artifactId> @@ -10,7 +10,7 @@ <modelVersion>4.0.0</modelVersion> <groupId>org.onap.vnfsdk.validation</groupId> <artifactId>validation</artifactId> - <version>1.2.12-SNAPSHOT</version> + <version>1.2.13-SNAPSHOT</version> <name>vnfsdk-validation</name> <packaging>pom</packaging> diff --git a/releases/1.2.12-maven.yaml b/releases/1.2.12-maven.yaml new file mode 100644 index 0000000..44dcb3a --- /dev/null +++ b/releases/1.2.12-maven.yaml @@ -0,0 +1,5 @@ +--- +distribution_type: maven +version: '1.2.12' +project: 'vnfsdk-validation' +log_dir: 'vnfsdk-validation-maven-stage-master/446' diff --git a/version.properties b/version.properties index e3b60f9..86087fa 100644 --- a/version.properties +++ b/version.properties @@ -5,7 +5,7 @@ major=1 minor=2 -patch=12 +patch=13 base_version=${major}.${minor}.${patch} |