From: Sunder Tattavarada Date: Thu, 18 Jun 2020 19:46:13 +0000 (+0000) Subject: Merge "Fixed few security issues from the dependencies" X-Git-Tag: 3.4.0~53 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=d17d2bf666685ec41e37467d32bb046724f72d1b;hp=-c;p=portal.git Merge "Fixed few security issues from the dependencies" --- d17d2bf666685ec41e37467d32bb046724f72d1b diff --combined ecomp-portal-BE-common/pom.xml index 36231095,526619fa..8e89aa2c --- a/ecomp-portal-BE-common/pom.xml +++ b/ecomp-portal-BE-common/pom.xml @@@ -184,17 -184,7 +184,7 @@@ jaxb-api 2.4.0-b180830.0359 - - org.springframework.boot - spring-boot-starter - 1.3.1.RELEASE - - - org.slf4j - log4j-over-slf4j - - - + org.hibernate @@@ -290,17 -280,17 +280,17 @@@ com.fasterxml.jackson.core jackson-annotations - 2.8.10 + 2.10.0 com.fasterxml.jackson.core jackson-core - 2.8.10 + 2.10.0 com.fasterxml.jackson.core jackson-databind - 2.8.11.4 + 2.10.0 postgresql @@@ -740,6 -730,8 +730,6 @@@ jersey-servlet - - org.projectlombok diff --combined ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java index dc652d59,9b03b46f..8bf93549 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java @@@ -53,7 -53,9 +53,7 @@@ import org.onap.portalsdk.core.logging. import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.HttpClientErrorException; @@@ -103,9 -105,16 +103,16 @@@ public class MicroserviceProxyControlle */ private boolean isValidJSON(String response) { try { + if(response != null && !response.isEmpty()) + { final ObjectMapper mapper = new ObjectMapper(); mapper.readTree(response); return true; + } + else + { + return false; + } } catch (IOException e) { logger.debug(EELFLoggerDelegate.debugLogger, "isValidJSON failed", e); return false; diff --combined ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java index 0253afd0,b40b8db6..1ac21b68 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java @@@ -63,7 -63,6 +63,7 @@@ import org.onap.portalapp.portal.core.M import org.onap.portalapp.portal.domain.CentralV2RoleFunction; import org.onap.portalapp.portal.domain.EPApp; import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.domain.EpAppType; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; import org.onap.portalapp.portal.framework.MockitoTestSuite; @@@ -126,23 -125,23 +126,23 @@@ public class ExternalAccessRolesControl EPApp app = new EPApp(); app.setName("Test"); app.setImageUrl("test"); - app.setDescription("test"); - app.setNotes("test"); - app.setUrl("test"); + app.setAppDescription("test"); + app.setAppNotes("test"); + app.setLandingPage("test"); app.setId((long) 1); app.setAppRestEndpoint("test"); - app.setAlternateUrl("test"); + app.setAlternateLandingPage("test"); app.setName("test"); app.setMlAppName("test"); app.setMlAppAdminId("test"); - app.setUsername("test"); - app.setAppPassword("test"); + app.setAppBasicAuthUsername("test"); + app.setAppBasicAuthPassword("test"); app.setOpen(false); app.setEnabled(false); app.setUebKey("test"); app.setUebSecret("test"); app.setUebTopicName("test"); - app.setAppType(1); + app.setAppType(EpAppType.GUI); return app; } @@@ -167,7 -166,7 +167,7 @@@ PrintWriter writer = new PrintWriter(sw); Mockito.when(mockedResponse.getWriter()).thenReturn(writer); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); @@@ -208,7 -207,7 +208,7 @@@ String expectedCentralUser = "test"; String loginId = "test"; EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); @@@ -226,7 -225,7 +226,7 @@@ String expectedCentralUser = null; String loginId = "test"; EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); @@@ -246,7 -245,7 +246,7 @@@ List centralV2RoleList = new ArrayList<>(); List centralRoleList = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); @@@ -268,7 -267,7 +268,7 @@@ List centralV2RoleList = new ArrayList<>(); List centralRoleList = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); ResponseEntity response = null; Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); @@@ -290,7 -289,7 +290,7 @@@ List applicationList = new ArrayList<>(); List centralV2Role = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); @@@ -310,7 -309,7 +310,7 @@@ List applicationList = new ArrayList<>(); List centralV2Role = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); ResponseEntity response = null; Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); @@@ -355,7 -354,7 +355,7 @@@ List applicationList = new ArrayList<>(); List centralV2RoleFunction = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); @@@ -388,7 -387,7 +388,7 @@@ List applicationList = new ArrayList<>(); List centralV2RoleFunction = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response); @@@ -420,7 -419,7 +420,7 @@@ long roleId = 1; CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); @@@ -468,7 -467,7 +468,7 @@@ long roleId = 1; CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); @@@ -517,7 -516,7 +517,7 @@@ CentralV2RoleFunction centralV2RoleFunction = new CentralV2RoleFunction(); centralV2RoleFunction.setCode("test"); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); @@@ -538,7 -537,7 +538,7 @@@ String code = "test"; CentralV2RoleFunction centralV2RoleFunction = null; EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); ResponseEntity response = new ResponseEntity<>(HttpStatus.FOUND); @@@ -566,7 -565,7 +566,7 @@@ @Test public void getRoleFunctionTest() throws Exception { EPApp mockApp = mockApp(); - mockApp.setCentralAuth(true); + mockApp.setRolesInAAF(true); List mockAppList = new ArrayList<>(); mockAppList.add(mockApp); StringWriter sw = new StringWriter(); @@@ -608,7 -607,7 +608,7 @@@ public void getRoleFunctionXSSTest() throws Exception { String expected = getXSSKeyJson(); EPApp mockApp = mockApp(); - mockApp.setCentralAuth(true); + mockApp.setRolesInAAF(true); List mockAppList = new ArrayList<>(); mockAppList.add(mockApp); StringWriter sw = new StringWriter(); @@@ -657,12 -656,12 +657,12 @@@ public void saveRoleFunctionExceptionTest() throws Exception { List applicationList = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); PortalRestResponse portalRestResponse = null; PortalRestResponse expectedportalRestResponse = new PortalRestResponse<>(); - expectedportalRestResponse.setMessage(null); + expectedportalRestResponse.setMessage("argument \"content\" is null"); expectedportalRestResponse.setResponse("Failed"); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey); @@@ -680,7 -679,7 +680,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); JSONObject roleFunc = new JSONObject(); roleFunc.put("type", "test_type"); @@@ -721,7 -720,7 +721,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); JSONObject roleFunc = new JSONObject(); roleFunc.put("type", " "); @@@ -769,7 -768,7 +769,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@@ -800,7 -799,7 +800,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); String code = ""; @@@ -832,7 -831,7 +832,7 @@@ public void getActiveRolesValidationTest() throws Exception { List expectedRolesList = null; EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); List cenRoles = new ArrayList<>(); @@@ -1113,7 -1112,7 +1113,7 @@@ Mockito.when(mockedResponse.getWriter()).thenReturn(writer); List applicationList = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); Mockito.when(externalAccessRolesService.getAllAppUsers(mockedRequest.getHeader(uebKey))).thenReturn(users); @@@ -1210,7 -1209,7 +1210,7 @@@ List applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); ResponseEntity response = new ResponseEntity<>(HttpStatus.OK); @@@ -1223,7 -1222,7 +1223,7 @@@ List applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); ResponseEntity response = new ResponseEntity<>(HttpStatus.OK); @@@ -1242,7 -1241,7 +1242,7 @@@ public void getEpUserExceptionTest() throws Exception { List applicationList = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); StringWriter sw = new StringWriter(); PrintWriter writer = new PrintWriter(sw); @@@ -1255,7 -1254,7 +1255,7 @@@ List applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); ResponseEntity response = new ResponseEntity<>(HttpStatus.OK); @@@ -1280,7 -1279,7 +1280,7 @@@ List applicationList = new ArrayList<>(); EPApp app = mockApp(); app.setUebKey("uebKey"); - app.setCentralAuth(true); + app.setRolesInAAF(true); applicationList.add(app); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); ResponseEntity response = new ResponseEntity<>(HttpStatus.OK); @@@ -1298,7 -1297,7 +1298,7 @@@ public void getEPRolesOfApplicationExceptionTest() throws Exception { List applicationList = new ArrayList<>(); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList); StringWriter sw = new StringWriter(); PrintWriter writer = new PrintWriter(sw); @@@ -1320,7 -1319,7 +1320,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@@ -1352,7 -1351,7 +1352,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@@ -1384,7 -1383,7 +1384,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR); @@@ -1436,7 -1435,7 +1436,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK); @@@ -1468,7 -1467,7 +1468,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); String code = ""; @@@ -1498,7 -1497,7 +1498,7 @@@ List userList = new ArrayList<>(); userList.add(user); EPApp app = mockApp(); - app.setCentralAuth(true); + app.setRolesInAAF(true); List appList = new ArrayList<>(); appList.add(app); expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);