From: romaingimbert Date: Mon, 3 Sep 2018 12:41:17 +0000 (+0200) Subject: Fix critical security issues X-Git-Tag: 3.0.1~21 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=6041103fc59c2d2c7461d2844582aee23086758f;p=externalapi%2Fnbi.git Fix critical security issues -change pom dependencies version Change-Id: I8ea5410575f95e7054ca2d93a1c712a12607893a Issue-ID: EXTAPI-126 Signed-off-by: romaingimbert --- diff --git a/pom.xml b/pom.xml index e7768ff..ddd06a9 100644 --- a/pom.xml +++ b/pom.xml @@ -113,13 +113,17 @@ org.apache.tomcat.embed tomcat-embed-core + + com.fasterxml.jackson.core + jackson-databind + org.apache.tomcat.embed tomcat-embed-core - 8.5.33 + 8.5.32 @@ -159,7 +163,7 @@ commons-beanutils commons-beanutils - 1.9.0 + 1.7.0 diff --git a/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java b/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java index 69e4a51..228e12d 100644 --- a/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java +++ b/src/main/java/org/onap/nbi/apis/servicecatalog/ServiceSpecificationService.java @@ -19,7 +19,6 @@ import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; -import org.apache.commons.collections.CollectionUtils; import org.onap.nbi.apis.servicecatalog.jolt.FindServiceSpecJsonTransformer; import org.onap.nbi.apis.servicecatalog.jolt.GetServiceSpecJsonTransformer; import org.onap.nbi.apis.serviceorder.ServiceCatalogUrl; @@ -27,6 +26,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; import org.springframework.util.MultiValueMap; @Service @@ -67,7 +67,7 @@ public class ServiceSpecificationService { public List find(MultiValueMap parametersMap) { List sdcResponse = sdcClient.callFind(parametersMap); List serviceCatalogResponse = new ArrayList<>(); - if(CollectionUtils.isNotEmpty(sdcResponse)){ + if(!CollectionUtils.isEmpty(sdcResponse)){ serviceCatalogResponse = findServiceSpecJsonTransformer.transform(sdcResponse); } diff --git a/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java b/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java index 6b70a18..54b5486 100644 --- a/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java +++ b/src/main/java/org/onap/nbi/apis/servicecatalog/ToscaInfosProcessor.java @@ -13,6 +13,8 @@ */ package org.onap.nbi.apis.servicecatalog; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -26,15 +28,13 @@ import java.util.Map.Entry; import java.util.Set; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; -import org.apache.commons.collections.CollectionUtils; import org.apache.commons.io.FileUtils; import org.onap.nbi.exceptions.TechnicalException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import org.springframework.util.CollectionUtils; @Service public class ToscaInfosProcessor { @@ -96,7 +96,7 @@ public class ToscaInfosProcessor { Object aDefault = parameter.get("default"); if (parameter.get("entry_schema") != null) { ArrayList entrySchema = (ArrayList) parameter.get("entry_schema"); - if (CollectionUtils.isNotEmpty(entrySchema)) { + if (!CollectionUtils.isEmpty(entrySchema)) { buildCharacteristicValuesFormShema(parameterType, serviceSpecCharacteristicValues, aDefault, entrySchema); } @@ -110,7 +110,7 @@ public class ToscaInfosProcessor { LinkedHashMap constraints = (LinkedHashMap) entrySchema.get(0); if (constraints != null) { ArrayList constraintsList = (ArrayList) constraints.get("constraints"); - if (CollectionUtils.isNotEmpty(constraintsList)) { + if (!CollectionUtils.isEmpty(constraintsList)) { LinkedHashMap valuesMap = (LinkedHashMap) constraintsList.get(0); if (valuesMap != null) { List values = (List) valuesMap.get("valid_values"); diff --git a/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java b/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java index d38d012..1564e9c 100644 --- a/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java +++ b/src/main/java/org/onap/nbi/apis/serviceinventory/ServiceInventoryService.java @@ -16,7 +16,6 @@ import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; -import org.apache.commons.collections.CollectionUtils; import org.onap.nbi.apis.serviceinventory.jolt.FindServiceInventoryJsonTransformer; import org.onap.nbi.apis.serviceinventory.jolt.GetServiceInventoryJsonTransformer; import org.onap.nbi.exceptions.BackendFunctionalException; @@ -25,6 +24,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; @@ -137,7 +137,7 @@ public class ServiceInventoryService { buildServiceInstances(serviceInstances, customerId, serviceName); } List serviceInventoryResponse = new ArrayList<>(); - if(CollectionUtils.isNotEmpty(serviceInstances)){ + if(!CollectionUtils.isEmpty(serviceInstances)){ serviceInventoryResponse = findServiceInventoryJsonTransformer.transform(serviceInstances); for (LinkedHashMap serviceInventory : serviceInventoryResponse) {