Upgrade version of Jython to remove vulnerability

Upgrade version of Jython from 2.2.1 to 2.7.1 to fix security
vulnerability.

Change-Id: I605b02483431b057f0ffa6017a5726ef8e1834d3
Issue-ID: POLICY-905
Signed-off-by: liamfallon <liam.fallon@ericsson.com>

diff --git a/plugins/plugins-executor/plugins-executor-jython/pom.xml b/plugins/plugins-executor/plugins-executor-jython/pom.xml
index 8b24656..13b55ca 100644 (file)
--- a/plugins/plugins-executor/plugins-executor-jython/pom.xml
+++ b/plugins/plugins-executor/plugins-executor-jython/pom.xml
@@ -37,8 +37,8 @@
     <dependencies>
         <dependency>
             <groupId>org.python</groupId>
-            <artifactId>jython</artifactId>
-            <version>2.2.1</version>
+            <artifactId>jython-standalone</artifactId>
+            <version>2.7.1</version>
         </dependency>
     </dependencies>
 </project>
\ No newline at end of file

diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java
index 26512b5..ea8f027 100644 (file)
--- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java
+++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonStateFinalizerExecutor.java
@@ -25,6 +25,7 @@ import java.util.Map;
 import org.onap.policy.apex.context.ContextException;
 import org.onap.policy.apex.core.engine.executor.StateFinalizerExecutor;
 import org.onap.policy.apex.core.engine.executor.exception.StateMachineException;
+import org.python.core.CompileMode;
 import org.python.core.Py;
 import org.python.core.PyCode;
 import org.python.core.PyException;
@@ -61,7 +62,7 @@ public class JythonStateFinalizerExecutor extends StateFinalizerExecutor {
         try {
             synchronized (Py.class) {
                 compiled = Py.compile_flags(getSubject().getLogic(), "<" + getSubject().getKey().toString() + ">",
-                        "exec", null);
+                        CompileMode.exec, null);
             }
         } catch (final PyException e) {
             LOGGER.warn("failed to compile Jython code for state finalizer " + getSubject().getKey(), e);

diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java
index 4387a5d..b0dd9c5 100644 (file)
--- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java
+++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskExecutor.java
@@ -25,6 +25,7 @@ import java.util.Map;
 import org.onap.policy.apex.context.ContextException;
 import org.onap.policy.apex.core.engine.executor.TaskExecutor;
 import org.onap.policy.apex.core.engine.executor.exception.StateMachineException;
+import org.python.core.CompileMode;
 import org.python.core.Py;
 import org.python.core.PyCode;
 import org.python.core.PyException;
@@ -61,7 +62,7 @@ public class JythonTaskExecutor extends TaskExecutor {
         try {
             synchronized (Py.class) {
                 compiled = Py.compile_flags(getSubject().getTaskLogic().getLogic(),
-                        "<" + getSubject().getKey().toString() + ">", "exec", null);
+                        "<" + getSubject().getKey().toString() + ">", CompileMode.exec, null);
             }
         } catch (final PyException e) {
             LOGGER.warn("failed to compile Jython code for task " + getSubject().getKey().getID(), e);

diff --git a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java
index cf94793..4fd48f2 100644 (file)
--- a/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java
+++ b/plugins/plugins-executor/plugins-executor-jython/src/main/java/org/onap/policy/apex/plugins/executor/jython/JythonTaskSelectExecutor.java
@@ -25,6 +25,7 @@ import org.onap.policy.apex.core.engine.event.EnEvent;
 import org.onap.policy.apex.core.engine.executor.TaskSelectExecutor;
 import org.onap.policy.apex.core.engine.executor.exception.StateMachineException;
 import org.onap.policy.apex.model.basicmodel.concepts.AxArtifactKey;
+import org.python.core.CompileMode;
 import org.python.core.Py;
 import org.python.core.PyCode;
 import org.python.core.PyException;
@@ -60,7 +61,7 @@ public class JythonTaskSelectExecutor extends TaskSelectExecutor {
         try {
             synchronized (Py.class) {
                 compiled = Py.compile_flags(getSubject().getTaskSelectionLogic().getLogic(),
-                        "<" + getSubject().getKey().toString() + ">", "exec", null);
+                        "<" + getSubject().getKey().toString() + ">", CompileMode.exec, null);
             }
         } catch (final PyException e) {
             LOGGER.warn("failed to compile Jython code for task selection logic in " + getSubject().getKey().getID(),