Upgrading velocity version to v2.3 due to some vulnerabilities in previous version

author meriem zidane <meriem.zidane@bell.ca>

Fri, 10 Sep 2021 16:46:02 +0000 (12:46 -0400)

committer meriem zidane <meriem.zidane@bell.ca>

Fri, 10 Sep 2021 20:05:17 +0000 (16:05 -0400)
author meriem zidane <meriem.zidane@bell.ca>
Fri, 10 Sep 2021 16:46:02 +0000 (12:46 -0400)
committer meriem zidane <meriem.zidane@bell.ca>
Fri, 10 Sep 2021 20:05:17 +0000 (16:05 -0400)
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml

index ed4d96b..5c8b4bb 100644 (file)
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml
@@ -57,7 +57,8 @@
          </dependency>
          <dependency>
              <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity</artifactId>
+            <artifactId>velocity-engine-core</artifactId>
+            <version>2.3</version>
              <exclusions>
                  <exclusion>
                      <groupId>org.slf4j</groupId>
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt

index c818b0a..ee35736 100644 (file)
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt
@@ -17,7 +17,7 @@
  
  package org.onap.ccsdk.cds.controllerblueprints.core
  
-import org.apache.commons.lang.exception.ExceptionUtils
+import org.apache.commons.lang3.exception.ExceptionUtils
  import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogException
  import org.onap.ccsdk.cds.error.catalog.core.ErrorCatalogExceptionFluent
  import org.onap.ccsdk.cds.error.catalog.core.ErrorMessage
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt

index 43e27d0..0eb9656 100644 (file)
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt
@@ -28,9 +28,24 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
  import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintJsonNodeFactory
  import org.onap.ccsdk.cds.controllerblueprints.core.removeNullNode
  import java.io.StringWriter
+import java.util.Properties
  
  object BluePrintVelocityTemplateService {
  
+    private val properties = Properties().apply {
+        this.putAll(
+            mutableMapOf(
+                "introspector.conversion_handler.class" to "none",
+                "parser.space_gobbling" to "bc",
+                "directive.if.empty_check" to "false",
+                "parser.allow_hyphen_in_identifiers" to "true",
+                "velocimacro.enable_bc_mode" to "true",
+                "event_handler.invalid_references.quiet" to "true",
+                "event_handler.invalid_references.null" to "true",
+                "event_handler.invalid_references.tested" to "true"
+            )
+        )
+    }
      /**
       * Generate Content from Velocity Template and JSON Content with injected API
       */
@@ -73,7 +88,7 @@ object BluePrintVelocityTemplateService {
          /*
           *  initialize the engine
           */
-        velocity.init()
+        velocity.init(properties)
  
          val velocityContext = VelocityContext()
          velocityContext.put("StringUtils", StringUtils::class.java)
diff --git a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt

index d40067f..cccc61f 100644 (file)
--- a/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
+++ b/ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt
@@ -19,7 +19,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.message.service
  
  import com.fasterxml.jackson.databind.node.ObjectNode
  import io.micrometer.core.instrument.MeterRegistry
-import org.apache.commons.lang.builder.ToStringBuilder
+import org.apache.commons.lang3.builder.ToStringBuilder
  import org.apache.kafka.clients.producer.Callback
  import org.apache.kafka.clients.producer.KafkaProducer
  import org.apache.kafka.clients.producer.ProducerRecord
diff --git a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt

index 8d20944..ceeeb05 100644 (file)
--- a/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
+++ b/ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt
@@ -20,7 +20,7 @@ package org.onap.ccsdk.cds.blueprintsprocessor.designer.api.load
  import kotlinx.coroutines.Deferred
  import kotlinx.coroutines.async
  import kotlinx.coroutines.runBlocking
-import org.apache.commons.lang.text.StrBuilder
+import org.apache.commons.lang3.text.StrBuilder
  import org.onap.ccsdk.cds.controllerblueprints.core.interfaces.BluePrintCatalogService
  import org.slf4j.LoggerFactory
  import org.springframework.stereotype.Service
author	meriem zidane <meriem.zidane@bell.ca>
	Fri, 10 Sep 2021 16:46:02 +0000 (12:46 -0400)
committer	meriem zidane <meriem.zidane@bell.ca>
	Fri, 10 Sep 2021 20:05:17 +0000 (16:05 -0400)
ms/blueprintsprocessor/modules/blueprints/blueprint-core/pom.xml		patch \| blob \| history
ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintProcessorException.kt		patch \| blob \| history
ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintVelocityTemplateService.kt		patch \| blob \| history
ms/blueprintsprocessor/modules/commons/message-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/message/service/KafkaMessageProducerService.kt		patch \| blob \| history
ms/blueprintsprocessor/modules/inbounds/designer-api/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/designer/api/load/BluePrintCatalogLoadService.kt		patch \| blob \| history