Security vulnerabilities identified in CLM scan

Mapper: security vulnerabilities identified in CLM scan

Change-Id: I2b977e99e4ad6d1aae24e0d441da6002c28ab0ac
Issue-ID: DCAEGEN2-769
Signed-off-by: amshegokar <AS00500801@techmahindra.com>

diff --git a/UniversalVesAdapter/.classpath b/UniversalVesAdapter/.classpath
index 6d7587a..c77b3a1 100644 (file)
--- a/UniversalVesAdapter/.classpath
+++ b/UniversalVesAdapter/.classpath
@@ -27,5 +27,16 @@
                        <attribute name="maven.pomderived" value="true"/>
                </attributes>
        </classpathentry>
+       <classpathentry kind="src" output="target/classes" path="src/gen/java">
+               <attributes>
+                       <attribute name="optional" value="true"/>
+                       <attribute name="maven.pomderived" value="true"/>
+               </attributes>
+       </classpathentry>
+       <classpathentry kind="src" path=".apt_generated">
+               <attributes>
+                       <attribute name="optional" value="true"/>
+               </attributes>
+       </classpathentry>
        <classpathentry kind="output" path="target/classes"/>
 </classpath>

diff --git a/UniversalVesAdapter/.project b/UniversalVesAdapter/.project
index 473a65c..1123cab 100644 (file)
--- a/UniversalVesAdapter/.project
+++ b/UniversalVesAdapter/.project
@@ -20,6 +20,16 @@
                        <arguments>
                        </arguments>
                </buildCommand>
+               <buildCommand>
+                       <name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
+                       <arguments>
+                       </arguments>
+               </buildCommand>
+               <buildCommand>
+                       <name>org.springframework.ide.eclipse.boot.validation.springbootbuilder</name>
+                       <arguments>
+                       </arguments>
+               </buildCommand>
                <buildCommand>
                        <name>org.eclipse.m2e.core.maven2Builder</name>
                        <arguments>
@@ -27,6 +37,7 @@
                </buildCommand>
        </buildSpec>
        <natures>
+               <nature>net.sf.eclipsecs.core.CheckstyleNature</nature>
                <nature>org.springframework.ide.eclipse.core.springnature</nature>
                <nature>org.eclipse.jdt.core.javanature</nature>
                <nature>org.eclipse.m2e.core.maven2Nature</nature>

diff --git a/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs b/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs
index 714351a..78b2bfc 100644 (file)
--- a/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs
+++ b/UniversalVesAdapter/.settings/org.eclipse.jdt.core.prefs
@@ -2,4 +2,5 @@ eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.processAnnotations=enabled
 org.eclipse.jdt.core.compiler.source=1.8

diff --git a/UniversalVesAdapter/pom.xml b/UniversalVesAdapter/pom.xml
index cd5e489..1342ec3 100644 (file)
--- a/UniversalVesAdapter/pom.xml
+++ b/UniversalVesAdapter/pom.xml
@@ -84,7 +84,7 @@
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-web</artifactId>
-                       <version>2.0.3.RELEASE</version>
+                       <version>2.0.4.RELEASE</version>
                </dependency>
                <dependency>
                        <groupId>org.springframework.boot</groupId>
@@ -95,9 +95,13 @@
                <dependency>
                        <groupId>org.springframework.data</groupId>
                        <artifactId>spring-data-commons</artifactId>
-                       <version>2.0.6.RELEASE</version>
+                       <version>2.0.8.RELEASE</version>
+               </dependency>
+               <dependency>
+                   <groupId>org.codehaus.groovy</groupId>
+                   <artifactId>groovy-all</artifactId>
+                   <version>2.4.14</version>
                </dependency>
-
                <dependency>
                        <groupId>com.jayway.jsonpath</groupId>
                        <artifactId>json-path</artifactId>
@@ -108,7 +112,7 @@
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-databind</artifactId>
-                       <version>2.9.5</version>
+                       <version>2.9.6</version>
                </dependency>
 
 
@@ -130,7 +134,7 @@
                <dependency>
                        <groupId>xerces</groupId>
                        <artifactId>xercesImpl</artifactId>
-                       <version>2.11.0-atlassian-01</version>
+                       <version>2.12.0</version>
                </dependency>
 
                <!-- https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream -->

diff --git a/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java b/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java
index f92511e..ca1bcc9 100644 (file)
--- a/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java
+++ b/UniversalVesAdapter/src/main/java/org/onap/universalvesadapter/service/VESAdapterInitializer.java
@@ -79,11 +79,40 @@ public class VESAdapterInitializer implements CommandLineRunner, Ordered {
 
                } else {
                
-                
-
                        LOGGER.info(">>>Static configuration to be used");
-                       
+                       final String url = "http://localhost:8085/start";
+                       final String USER_AGENT = "Mozilla/5.0";
+
+                       try {
+                               URL obj = new URL(url);
+                               HttpURLConnection httpURLConnection = (HttpURLConnection) obj.openConnection();
+
+                               // optional default is GET
+                               httpURLConnection.setRequestMethod("GET");
+
+                               // add request header
+                               httpURLConnection.setRequestProperty("User-Agent", USER_AGENT);
 
+                               int responseCode = httpURLConnection.getResponseCode();
+                               LOGGER.info("Sending 'GET' request to URL : " + url);
+                               LOGGER.info("Response Code : " + responseCode);
+                               BufferedReader in = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
+                               String inputLine;
+                               StringBuffer response = new StringBuffer();
+
+                               while ((inputLine = in.readLine()) != null) {
+                                       response.append(inputLine);
+                               }
+                               in.close();
+
+                               // print result
+                               LOGGER.info("The result is :" + response.toString());
+
+                       } catch (Exception e) {
+                               LOGGER.error("Error occured due to :" + e.getMessage());
+                               e.printStackTrace();
+                       }
+                       
                }
 
        }

diff --git a/UniversalVesAdapter/src/main/resources/application.properties b/UniversalVesAdapter/src/main/resources/application.properties
index c2dec51..c940da4 100644 (file)
--- a/UniversalVesAdapter/src/main/resources/application.properties
+++ b/UniversalVesAdapter/src/main/resources/application.properties
@@ -8,11 +8,11 @@ mapperConfig.file=../UniversalVesAdapter/src/main/resources/MapperConfig.json
 dmaap.mr_props=DMaapMR.properties
 
 #DEV Machine DB Details
-spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
-spring.datasource.username=postgres
-spring.datasource.password=root
+#spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
+#spring.datasource.username=postgres
+#spring.datasource.password=root
 
 #Lab Details
-#spring.datasource.url=jdbc:postgresql://10.53.172.129:5432/dummy
-#spring.datasource.username=ngpuser
-#spring.datasource.password=root
\ No newline at end of file
+spring.datasource.url=jdbc:postgresql://10.53.172.129:5432/dummy
+spring.datasource.username=ngpuser
+spring.datasource.password=root
\ No newline at end of file

diff --git a/pom.xml b/pom.xml
index f2c805f..7342310 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -67,7 +67,7 @@
 
         <json.path.version>2.2.0</json.path.version>
         <quartz.version>2.2.0</quartz.version>
-        <httpclient.version>4.5.2</httpclient.version>
+        <httpclient.version>4.5.6</httpclient.version>
         <commons.lang3.version>3.5</commons.lang3.version>
 
         <docker.maven.version>1.0.0</docker.maven.version>

diff --git a/snmpmapper/pom.xml b/snmpmapper/pom.xml
index 4306ae3..0180e6a 100644 (file)
--- a/snmpmapper/pom.xml
+++ b/snmpmapper/pom.xml
@@ -25,20 +25,20 @@
 
        <dependencies>
        <dependency>
-    <groupId>org.springframework.webflow</groupId>
-    <artifactId>spring-webflow</artifactId>
-    <version>2.5.0.RELEASE</version>
-</dependency>
+       <groupId>org.springframework.webflow</groupId>
+       <artifactId>spring-webflow</artifactId>
+       <version>2.5.0.RELEASE</version>
+       </dependency>
        
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-thymeleaf</artifactId>
-                       <version>2.0.3.RELEASE</version>
+                       <version>2.0.4.RELEASE</version>
                </dependency>
                <dependency>
                        <groupId>org.springframework.boot</groupId>
                        <artifactId>spring-boot-starter-web</artifactId>
-                       <version>2.0.3.RELEASE</version>
+                       <version>2.0.4.RELEASE</version>
                </dependency>
 
                <dependency>
@@ -52,6 +52,16 @@
                        <artifactId>spring-boot-starter-data-jpa</artifactId>
                        <version>2.0.3.RELEASE</version>
                </dependency>
+               <dependency>
+                       <groupId>org.springframework</groupId>
+                       <artifactId>spring-core</artifactId>
+                       <version>5.0.5.RELEASE</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.springframework</groupId>
+                       <artifactId>spring-expression</artifactId>
+                       <version>5.0.9.RELEASE</version>
+               </dependency>
                <dependency>
                        <groupId>org.postgresql</groupId>
                        <artifactId>postgresql</artifactId>

diff --git a/snmpmapper/src/main/resources/application.properties b/snmpmapper/src/main/resources/application.properties
index cf4f33c..2121542 100644 (file)
--- a/snmpmapper/src/main/resources/application.properties
+++ b/snmpmapper/src/main/resources/application.properties
@@ -1,7 +1,12 @@
 server.port=9090
-spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
-spring.datasource.username=postgres
+#spring.datasource.url=jdbc:postgresql://10.49.16.19:5432/dummy
+#spring.datasource.username=postgres
+#spring.datasource.password=root
+
+spring.datasource.url=jdbc:postgresql://10.53.172.129:5432/dummy
+spring.datasource.username=ngpuser
 spring.datasource.password=root
+
 spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
 spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults=false
 spring.servlet.multipart.enabled=true