Remove vulnerable log4j dependency

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3310
Change-Id: I1c31ab30efa7a3d03a08f512024a3967ce024237

diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index fd25bc2..964e777 100644 (file)
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -497,6 +497,10 @@
                     <groupId>xerces</groupId>
                     <artifactId>xercesImpl</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>log4j</groupId>
+                    <artifactId>log4j</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>

diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml
index 17942d2..65b692d 100644 (file)
--- a/catalog-fe/pom.xml
+++ b/catalog-fe/pom.xml
@@ -244,6 +244,12 @@
             <groupId>org.owasp.esapi</groupId>
             <artifactId>esapi</artifactId>
             <version>2.2.0.0</version>
+          <exclusions>
+            <exclusion>
+              <groupId>log4j</groupId>
+              <artifactId>log4j</artifactId>
+            </exclusion>
+          </exclusions>
         </dependency>
         <dependency>
             <groupId>org.onap.portal.sdk</groupId>

diff --git a/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java b/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java
index 18b5a71..61c6c56 100644 (file)
--- a/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java
+++ b/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java
@@ -179,7 +179,7 @@ public abstract class SetupCDTest extends DriverFactory {
                     addTrafficFileToReport(result);
                 }
 
-                if (result.getInstanceName().equals(OnboardingFlowsUi.class.getName()) && result.getStatus() == ITestResult.FAILURE) {
+                if (OnboardingFlowsUi.class.getName().equals(result.getInstanceName()) && result.getStatus() == ITestResult.FAILURE) {
                     final String msg = "Onboarding test failed, closing browser";
                     LOGGER.info(msg);
                     getExtendTest().log(Status.INFO, msg);

diff --git a/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml b/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml
index 8d5d2b2..fbd796e 100644 (file)
--- a/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml
+++ b/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml
@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
+<!DOCTYPE suite SYSTEM "https://testng.org/testng-1.0.dtd" >
 <suite name="externalApis" configfailurepolicy="continue" parallel="methods" thread-count="1" data-provider-thread-count="1">
-       <parameter name="makeDistribution"  value="false"/>
-       <parameter name="makeToscaValidation"  value="true"/>
-       <test name="ExternalApis"> 
-               <classes>
-                       <class name="org.onap.sdc.backend.ci.tests.sanity.Onboard"/>
-               </classes>
-       </test>
+  <parameter name="makeDistribution" value="false"/>
+  <parameter name="makeToscaValidation" value="true"/>
+  <test name="ExternalApis">
+    <classes>
+      <class name="org.onap.sdc.backend.ci.tests.sanity.Onboard"/>
+    </classes>
+  </test>
 </suite>
\ No newline at end of file

diff --git a/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml b/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml
index 47dc9f6..48e28fc 100644 (file)
--- a/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml
+++ b/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml
@@ -1,30 +1,29 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
-<suite name="uitests" configfailurepolicy="continue" parallel="methods" thread-count="1"
-       data-provider-thread-count="1">
+<!DOCTYPE suite SYSTEM "https://testng.org/testng-1.0.dtd" >
+<suite name="uitests" configfailurepolicy="continue" parallel="methods" thread-count="1" data-provider-thread-count="1">
 
-    <parameter name="makeDistribution" value="false"/>
+  <parameter name="makeDistribution" value="false"/>
 
-    <test name="uiSanity">
-        <classes>
-            <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Vf">
-                <methods>
-                    <include name="changeInstanceNameInVfTest"/>
-                </methods>
-            </class>
-            <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Service">
-                <methods>
-                    <include name="updateService"/>
-                </methods>
-            </class>
-            <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.OnboardingFlowsUi">
-                <methods>
-                    <include name="onapOnboardVNFflow"/>
-                    <include name="onapOnboardVSPValidationsSanityFlow"/>
-                    <include name="onboardPNFSoftwareInformationFlow"/>
-                </methods>
-            </class>
-            <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.GAB"/>
-        </classes>
-    </test>
+  <test name="uiSanity">
+    <classes>
+      <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Vf">
+        <methods>
+          <include name="changeInstanceNameInVfTest"/>
+        </methods>
+      </class>
+      <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Service">
+        <methods>
+          <include name="updateService"/>
+        </methods>
+      </class>
+      <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.OnboardingFlowsUi">
+        <methods>
+          <include name="onapOnboardVNFflow"/>
+          <include name="onapOnboardVSPValidationsSanityFlow"/>
+          <include name="onboardPNFSoftwareInformationFlow"/>
+        </methods>
+      </class>
+      <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.GAB"/>
+    </classes>
+  </test>
 </suite>

diff --git a/pom.xml b/pom.xml
index 6d13985..213fc27 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -121,7 +121,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <junit.platform.version>1.6.0</junit.platform.version>
         <junitJupiter.version>5.6.0</junitJupiter.version>
         <assertj.version>3.16.0</assertj.version>
-        <testng.version>7.2.0</testng.version>
+        <testng.version>7.3.0</testng.version>
         <cucumber.version>5.6.0</cucumber.version>
         <bean-matchers.version>0.11</bean-matchers.version>
         <hamcrest.version>2.1</hamcrest.version>

diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index 7616ebd..c3e1877 100644 (file)
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -76,15 +76,12 @@
       <version>1.0.2</version>
       <scope>compile</scope>
     </dependency>
-
     <dependency>
-      <groupId>org.apache.logging.log4j</groupId>
-      <artifactId>log4j-core</artifactId>
-      <version>${log4j.version}</version>
-      <scope>compile</scope>
+      <groupId>org.openecomp.sdc</groupId>
+      <artifactId>openecomp-sdc-logging-api</artifactId>
+      <version>${project.version}</version>
     </dependency>
 
-
   </dependencies>
   <build>
     <finalName>WSSimulator-${project.version}</finalName>

diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
index 014b6c4..ea4203d 100644 (file)
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
@@ -35,8 +35,8 @@ import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
 import org.openecomp.sdc.webseal.simulator.conf.Conf;
 
 import javax.net.ssl.SSLContext;
@@ -75,8 +75,7 @@ public class SdcProxy extends HttpServlet {
     private final String CONFIGURATIONS = "/configurations";
     private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet());
 
-
-    private final static Logger logger = LogManager.getLogger(SdcProxy.class);
+    private static final Logger logger = LoggerFactory.getLogger(SdcProxy.class);
 
     public void init(ServletConfig config) throws ServletException {
         super.init(config);