Fix HV-VES static code vulnerabilities

author Joanna Jeremicz <joanna.jeremicz@nokia.com>

Tue, 19 Nov 2019 06:47:26 +0000 (07:47 +0100)

committer Joanna Jeremicz <joanna.jeremicz@nokia.com>

Fri, 22 Nov 2019 09:08:32 +0000 (10:08 +0100)
author Joanna Jeremicz <joanna.jeremicz@nokia.com>
Tue, 19 Nov 2019 06:47:26 +0000 (07:47 +0100)
committer Joanna Jeremicz <joanna.jeremicz@nokia.com>
Fri, 22 Nov 2019 09:08:32 +0000 (10:08 +0100)
diff --git a/pom.xml b/pom.xml

index 8b5d165..f36c5e8 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -57,7 +57,7 @@
          <build-helper-maven-plugin.version>1.7</build-helper-maven-plugin.version>
          <jacoco.version>0.8.2</jacoco.version>
          <detekt.version>1.0.0-RC14</detekt.version>
-        <sdk.version>1.1.4</sdk.version>
+        <sdk.version>1.3.2</sdk.version>
  
          <!-- Protocol buffers -->
          <protobuf.version>3.6.1</protobuf.version>
@@ -477,10 +477,20 @@
                  <groupId>io.projectreactor</groupId>
                  <artifactId>reactor-bom</artifactId>
                  <!-- remember to update netty native bindings versions -->
-                <version>Californium-SR8</version>
+                <version>Dysprosium-SR1</version>
                  <type>pom</type>
                  <scope>import</scope>
              </dependency>
+            <!-- Due to security reasons, override transitive kafka-clients dependency version (2.0.0 -> 2.3.1) -->
+            <dependency>
+                <groupId>org.apache.kafka</groupId>
+                <artifactId>kafka-clients</artifactId>
+                <version>2.3.1</version>
+            </dependency>
+            <!--
+            Disable native extension (epoll) on production for now.
+            Might be reintroduced if performance tests prove there is some performance issue.
+            -->
              <!--
              <dependency>
                  <groupId>io.netty</groupId>
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt

index 35adfe7..c913555 100644 (file)
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt
@@ -34,7 +34,7 @@ import org.onap.dcae.collectors.veshv.utils.logging.Logger
  import org.onap.dcae.collectors.veshv.utils.logging.MappedDiagnosticContext
  import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsClient
  import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsClientFactory
-import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.EnvProperties
+import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsClientConfiguration
  import reactor.core.publisher.Flux
  import reactor.core.publisher.Mono
  import reactor.retry.Jitter
@@ -52,7 +52,7 @@ class ConfigurationModule internal constructor(private val configStateListener:
  
      constructor(configStateListener: ConfigurationStateListener) : this(
              configStateListener,
-            CbsClientFactory.createCbsClient(EnvProperties.fromEnvironment())
+            CbsClientFactory.createCbsClient(CbsClientConfiguration.fromEnvironment())
      )
  
      fun healthCheckPort(args: Array<String>): Int = cmd.getHealthcheckPort(args)
author	Joanna Jeremicz <joanna.jeremicz@nokia.com>
	Tue, 19 Nov 2019 06:47:26 +0000 (07:47 +0100)
committer	Joanna Jeremicz <joanna.jeremicz@nokia.com>
	Fri, 22 Nov 2019 09:08:32 +0000 (10:08 +0100)
pom.xml		patch \| blob \| history
sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/api/ConfigurationModule.kt		patch \| blob \| history