Remediation for Log4Shell vulnerability

[dcaegen2/collectors/ves.git] / pom.xml

<?xml version="1.0"?>
<!--
    ================================================================================
        Copyright (c) 2017-2019,2021 AT&T Intellectual Property. All rights reserved.
        Copyright (c) 2020-2022 Nokia. All rights reserved.
        ================================================================================
        Licensed under the Apache License, Version 2.0 (the "License"); you may not
        use this file except in compliance with the License. You may obtain a copy
        of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
        by applicable law or agreed to in writing, software distributed under the
        License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
        OF ANY KIND, either express or implied. See the License for the specific
        language governing permissions and limitations under the License.
        ============LICENSE_END=========================================================
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>org.onap.oparent</groupId>
    <artifactId>oparent</artifactId>
    <version>3.2.0</version>
    <relativePath/>
  </parent>
  <groupId>org.onap.dcaegen2.collectors.ves</groupId>
  <artifactId>VESCollector</artifactId>
  <version>1.10.3-SNAPSHOT</version>
  <name>dcaegen2-collectors-ves</name>
  <description>VESCollector</description>
  <properties>
    <!-- PROJECT SETTINGS -->
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>11</java.version>
    <docker.image.name>onap/org.onap.dcaegen2.collectors.ves.vescollector</docker.image.name>
    <!-- TEST SETTINGS -->
    <surefire.redirectTestOutputToFile>true</surefire.redirectTestOutputToFile>
    <!-- PLUGIN SETTINGS -->
    <dependency.locations.enabled>false</dependency.locations.enabled>
    <!-- NEXUS RELATED SETTINGS -->
    <nexusproxy>https://nexus.onap.org</nexusproxy>
    <snapshots.path>content/repositories/snapshots/</snapshots.path>
    <releases.path>content/repositories/releases/</releases.path>
    <site.path>content/sites/site/org/onap/dcaegen2/collectors/ves/${project.artifactId}/${project.version}</site.path>
    <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format>
    <onap.nexus.dockerregistry.daily>nexus3.onap.org:10003</onap.nexus.dockerregistry.daily>
    <maven.compiler.target>${java.version}</maven.compiler.target>
    <maven.compiler.source>${java.version}</maven.compiler.source>
    <sonar.coverage.jacoco.xmlReportPaths>
        ${project.reporting.outputDirectory}/jacoco-ut/jacoco.xml
    </sonar.coverage.jacoco.xmlReportPaths>
    <!-- DEPENDENCY RELATED SETTINGS -->
    <micrometer.version>1.6.5</micrometer.version>
    <spring.version>2.4.3</spring.version>
    <maven-assembly-plugin.version>3.1.0</maven-assembly-plugin.version>
    <maven-javadoc-plugin.version>3.0.1</maven-javadoc-plugin.version>
    <maven-project-info-reports-plugin.version>2.9</maven-project-info-reports-plugin.version>
    <maven-surefire-plugin.version>3.0.0-M1</maven-surefire-plugin.version>
    <docker-maven-plugin.version>1.2.0</docker-maven-plugin.version>
    <json-simple.version>1.1.1</json-simple.version>
    <json-schema-validator.version>1.0.49</json-schema-validator.version>
    <gson.version>2.8.6</gson.version>
    <json.version>20210307</json.version>
    <unirest-java.version>1.4.9</unirest-java.version>
    <commons-collections.version>3.2.2</commons-collections.version>
    <commons-configuration.version>1.10</commons-configuration.version>
    <vavr.version>0.10.3</vavr.version>
    <spring-boot-starter-log4j2.version>2.6.1</spring-boot-starter-log4j2.version>
    <log4j.version>2.17.1</log4j.version>
    <springfox-swagger2.version>3.0.0</springfox-swagger2.version>
    <assertj-core.version>3.19.0</assertj-core.version>
    <spring-boot-starter-test.version>2.2.13.RELEASE</spring-boot-starter-test.version>
    <sdk.version>1.8.7</sdk.version>
    <guava.version>30.1-jre</guava.version>
    <mock-server.version>5.11.1</mock-server.version>
    <reactor-test.version>3.4.0</reactor-test.version>
    <testcontainers.version>1.15.1</testcontainers.version>
    <junit-jupiter.version>1.15.1</junit-jupiter.version>
  </properties>
  <build>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-maven-plugin</artifactId>
          <version>${spring.version}</version>
        </plugin>
        <plugin>
          <artifactId>maven-assembly-plugin</artifactId>
          <version>${maven-assembly-plugin.version}</version>
        </plugin>
        <plugin>
          <artifactId>maven-javadoc-plugin</artifactId>
          <version>${maven-javadoc-plugin.version}</version>
        </plugin>
        <plugin>
          <artifactId>maven-project-info-reports-plugin</artifactId>
          <version>${maven-project-info-reports-plugin.version}</version>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-surefire-plugin</artifactId>
          <version>${maven-surefire-plugin.version}</version>
          <configuration>
            <environmentVariables>
              <TESTCONTAINERS_RYUK_DISABLED>true</TESTCONTAINERS_RYUK_DISABLED>
            </environmentVariables>
          </configuration>
        </plugin>
        <plugin>
          <groupId>com.spotify</groupId>
          <artifactId>docker-maven-plugin</artifactId>
          <version>${docker-maven-plugin.version}</version>
        </plugin>
        <plugin>
          <groupId>org.apache.maven.plugins</groupId>
          <artifactId>maven-enforcer-plugin</artifactId>
          <configuration>
            <skip>true</skip>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
    <plugins>
      <plugin>
        <artifactId>maven-assembly-plugin</artifactId>
        <configuration>
          <descriptors>
            <descriptor>src/assembly/dep.xml</descriptor>
          </descriptors>
          <attach>false</attach>
          <appendAssemblyId>false</appendAssemblyId>
          <updateOnly>true</updateOnly>
        </configuration>
        <executions>
          <execution>
            <id>make-assembly</id>
            <phase>package</phase>
            <goals>
              <goal>single</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-maven-plugin</artifactId>
        <executions>
          <execution>
            <goals>
              <goal>repackage</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <artifactId>maven-javadoc-plugin</artifactId>
        <configuration>
          <quiet>true</quiet>
          <verbose>false</verbose>
          <useStandardDocletOptions>false</useStandardDocletOptions>
        </configuration>
        <executions>
          <execution>
            <id>aggregate</id>
            <phase>site</phase>
            <goals>
              <goal>aggregate</goal>
            </goals>
          </execution>
          <execution>
            <id>attach-javadoc</id>
            <goals>
              <goal>jar</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      <plugin>
        <groupId>com.spotify</groupId>
        <artifactId>docker-maven-plugin</artifactId>
        <configuration>
          <serverId>${onap.nexus.dockerregistry.daily}</serverId>
          <imageName>${onap.nexus.dockerregistry.daily}/${docker.image.name}</imageName>
          <imageTags>
            <imageTag>${project.version}-${maven.build.timestamp}Z</imageTag>
            <imageTag>${project.version}</imageTag>
            <imageTag>latest</imageTag>
          </imageTags>
          <baseImage>openjdk:11.0.11-jre-slim</baseImage>
          <user>vescollector</user>
          <env>
            <HOSTALIASES>/etc/host.aliases</HOSTALIASES>
          </env>
          <workdir>/opt/app/VESCollector</workdir>
          <resources>
            <resource>
              <targetPath>.</targetPath>
              <directory>${project.build.directory}/${project.artifactId}-${project.version}</directory>
            </resource>
          </resources>
          <runs>
            <run>useradd -r -U vescollector</run>
            <run>chown -R vescollector:vescollector /opt/app</run>
            <run>mkdir /opt/app/VESCollector/logs</run>
            <run>chown -R vescollector:vescollector /opt/app/VESCollector/logs</run>
            <run>chown -R vescollector:vescollector /opt/app/VESCollector/etc</run>
            <!-- Maven is loosing file permissions during artifacts copy -->
            <run>chmod +x bin/*.sh</run>
            <run>
              <![CDATA[apt-get update && apt-get install -y --no-install-recommends procps && apt-get install -y less && apt-get install -y vim && apt-get install -y curl && apt-get clean all]]></run>
          </runs>
          <exposes>
            <expose>8080</expose>
            <expose>8443</expose>
          </exposes>
          <cmd>bin/docker-entry.sh</cmd>
        </configuration>
      </plugin>
    </plugins>
  </build>
  <profiles>
    <profile>
      <id>buildForPerfTests</id>
      <activation>
        <activeByDefault>false</activeByDefault>
      </activation>
      <dependencies>
        <!-- Libraries related with performance tests-->
        <dependency>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-actuator</artifactId>
          <version>${spring.version}</version>
        </dependency>
        <dependency>
          <groupId>io.micrometer</groupId>
          <artifactId>micrometer-registry-prometheus</artifactId>
          <version>${micrometer.version}</version>
        </dependency>
        <dependency>
          <groupId>io.micrometer</groupId>
          <artifactId>micrometer-core</artifactId>
          <version>${micrometer.version}</version>
        </dependency>
      </dependencies>
    </profile>
    <profile>
      <id>with-system-proxy</id>
      <build>
        <plugins>
          <plugin>
            <groupId>com.spotify</groupId>
            <artifactId>docker-maven-plugin</artifactId>
            <configuration>
              <buildArgs>
                <http_proxy>${env.http_proxy}</http_proxy>
              </buildArgs>
            </configuration>
          </plugin>
        </plugins>
      </build>
    </profile>
  </profiles>
  <reporting>
    <plugins>
      <plugin>
        <artifactId>maven-project-info-reports-plugin</artifactId>
        <reportSets>
          <reportSet>
            <reports>
              <report>dependencies</report>
              <report>license</report>
            </reports>
          </reportSet>
        </reportSets>
      </plugin>
      <plugin>
        <artifactId>maven-javadoc-plugin</artifactId>
        <configuration>
          <failOnError>false</failOnError>
          <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet>
          <docletArtifact>
            <groupId>org.umlgraph</groupId>
            <artifactId>umlgraph</artifactId>
            <version>5.6</version>
          </docletArtifact>
          <additionalparam>-views</additionalparam>
          <useStandardDocletOptions>true</useStandardDocletOptions>
        </configuration>
      </plugin>
    </plugins>
  </reporting>
  <dependencyManagement>
    <dependencies>
      <dependency>
        <!-- Import dependency management from Spring Boot -->
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-dependencies</artifactId>
        <version>${spring.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
  </dependencyManagement>
  <dependencies>
    <!-- JSON RELATED -->
    <dependency>
      <groupId>com.networknt</groupId>
      <artifactId>json-schema-validator</artifactId>
      <version>${json-schema-validator.version}</version>
      <exclusions>
        <exclusion>
          <groupId>com.fasterxml.jackson.core</groupId>
          <artifactId>jackson-databind</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>com.google.code.gson</groupId>
      <artifactId>gson</artifactId>
      <version>${gson.version}</version>
    </dependency>
    <dependency>
      <groupId>org.json</groupId>
      <artifactId>json</artifactId>
      <version>${json.version}</version>
    </dependency>
    <dependency>
      <groupId>com.google.guava</groupId>
      <artifactId>guava</artifactId>
      <version>${guava.version}</version>
    </dependency>
    <!-- REST API RELATED -->
    <dependency>
      <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>
      <artifactId>dmaap-client</artifactId>
      <version>${sdk.version}</version>
      <exclusions>
        <exclusion>
          <groupId>ch.qos.logback</groupId>
          <artifactId>logback-classic</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>io.projectreactor</groupId>
      <artifactId>reactor-test</artifactId>
      <version>${reactor-test.version}</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.testcontainers</groupId>
      <artifactId>testcontainers</artifactId>
      <version>${testcontainers.version}</version>
    </dependency>
    <dependency>
      <groupId>org.testcontainers</groupId>
      <artifactId>junit-jupiter</artifactId>
      <version>${junit-jupiter.version}</version>
    </dependency>
    <dependency>
      <groupId>com.mashape.unirest</groupId>
      <artifactId>unirest-java</artifactId>
      <version>${unirest-java.version}</version>
    </dependency>
    <!-- MISCELLANEOUS -->
    <dependency>
      <groupId>commons-collections</groupId>
      <artifactId>commons-collections</artifactId>
      <version>${commons-collections.version}</version>
    </dependency>
    <dependency>
      <groupId>commons-configuration</groupId>
      <artifactId>commons-configuration</artifactId>
      <version>${commons-configuration.version}</version>
    </dependency>
    <dependency>
      <groupId>io.vavr</groupId>
      <artifactId>vavr</artifactId>
      <version>${vavr.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
      <exclusions>
        <exclusion>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-logging</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-log4j2</artifactId>
      <version>${spring-boot-starter-log4j2.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.logging.log4j</groupId>
      <artifactId>log4j-core</artifactId>
      <version>${log4j.version}</version>
    </dependency>
    <dependency>
      <groupId>org.apache.logging.log4j</groupId>
      <artifactId>log4j-api</artifactId>
      <version>${log4j.version}</version>
    </dependency>
    <dependency>
      <groupId>io.springfox</groupId>
      <artifactId>springfox-swagger2</artifactId>
      <version>${springfox-swagger2.version}</version>
    </dependency>
    <dependency>
      <groupId>io.springfox</groupId>
      <artifactId>springfox-swagger-ui</artifactId>
      <version>${springfox-swagger2.version}</version>
      <scope>compile</scope>
    </dependency>
    <dependency>
      <groupId>org.mock-server</groupId>
      <artifactId>mockserver-junit-jupiter</artifactId>
      <version>${mock-server.version}</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.assertj</groupId>
      <artifactId>assertj-core</artifactId>
      <version>${assertj-core.version}</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-test</artifactId>
      <version>${spring-boot-starter-test.version}</version>
      <scope>test</scope>
      <exclusions>
        <exclusion>
          <groupId>com.vaadin.external.google</groupId>
          <artifactId>android-json</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>org.onap.dcaegen2.services.sdk.security.crypt</groupId>
      <artifactId>crypt-password</artifactId>
      <classifier>slim</classifier>
      <version>${sdk.version}</version>
    </dependency>
    <dependency>
      <groupId>org.onap.dcaegen2.services.sdk</groupId>
      <artifactId>dcaegen2-services-sdk-services-external-schema-manager</artifactId>
      <version>${sdk.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-crypto</artifactId>
    </dependency>
    <dependency>
      <groupId>org.onap.dcaegen2.services.sdk.standardization</groupId>
      <artifactId>api-custom-header</artifactId>
      <version>${sdk.version}</version>
    </dependency>
    <dependency>
      <groupId>org.onap.dcaegen2.services.sdk.rest.services</groupId>
      <artifactId>cbs-client</artifactId>
      <version>${sdk.version}</version>
    </dependency>
  </dependencies>
  <repositories>
    <repository>
      <id>external-repository</id>
      <url>https://oss.sonatype.org/content/repositories</url>
    </repository>
  </repositories>
  <pluginRepositories>
    <!-- Black Duck plugin dependencies -->
    <pluginRepository>
      <id>JCenter</id>
      <name>JCenter Repository</name>
      <url>http://jcenter.bintray.com</url>
    </pluginRepository>
    <pluginRepository>
      <id>Restlet</id>
      <name>Restlet Repository</name>
      <url>http://maven.restlet.com</url>
    </pluginRepository>
  </pluginRepositories>
</project>