From: wasala <przemyslaw.wasala@nokia.com>
Date: Tue, 16 Oct 2018 08:36:59 +0000 (+0200)
Subject: CLM SCAN VULNERABILITIES
X-Git-Tag: 1.1.1~1
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F44%2F70544%2F1;p=dcaegen2%2Fservices%2Fprh.git

CLM SCAN VULNERABILITIES

*Upgraded Spring from 5.0.5 -> 5.1.0i
*Changed implementation of SSL in AAICLient

Change-Id: I1341c19931031da67c2d0deb14940a2748b0203b
Issue-ID: DCAEGEN2-870
Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
---

diff --git a/pom.xml b/pom.xml
index 1749eaf2..05d2f998 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
 
   <groupId>org.onap.dcaegen2.services</groupId>
   <artifactId>prh</artifactId>
-  <version>1.1.0-SNAPSHOT</version>
+  <version>1.1.1-SNAPSHOT</version>
 
   <name>dcaegen2-services-prh</name>
   <description>PNF Registration Handler</description>
@@ -48,8 +48,8 @@
   <properties>
     <java.version>8</java.version>
     <immutables.version>2.5.6</immutables.version>
-    <spring.version>5.0.5.RELEASE</spring.version>
-    <spring-boot.version>2.0.4.RELEASE</spring-boot.version>
+    <spring.version>5.1.0.RELEASE</spring.version>
+    <spring-boot.version>2.0.5.RELEASE</spring-boot.version>
     <tomcat.version>8.5.32</tomcat.version>
     <slf4j.version>1.7.25</slf4j.version>
     <junit-jupiter.version>5.1.0</junit-jupiter.version>
@@ -133,10 +133,15 @@
       <dependency>
         <groupId>io.projectreactor</groupId>
         <artifactId>reactor-bom</artifactId>
-        <version>Bismuth-SR10</version>
+        <version>Bismuth-SR12</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>io.projectreactor.netty</groupId>
+        <artifactId>reactor-netty</artifactId>
+        <version>0.8.1.RELEASE</version>
+      </dependency>
       <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-dependencies</artifactId>
@@ -160,6 +165,16 @@
         <artifactId>spring-beans</artifactId>
         <version>${spring.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-core</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-web</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-context</artifactId>
diff --git a/prh-aai-client/pom.xml b/prh-aai-client/pom.xml
index b86e9048..f08fed32 100644
--- a/prh-aai-client/pom.xml
+++ b/prh-aai-client/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>prh</artifactId>
-    <version>1.1.0-SNAPSHOT</version>
+    <version>1.1.1-SNAPSHOT</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.prh</groupId>
@@ -46,10 +46,18 @@
       <groupId>org.springframework</groupId>
       <artifactId>spring-beans</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-context</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-web</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-webflux</artifactId>
@@ -58,6 +66,10 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-reactor-netty</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.projectreactor.netty</groupId>
+      <artifactId>reactor-netty</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.onap.dcaegen2.services.prh</groupId>
       <artifactId>prh-commons</artifactId>
diff --git a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java
index 0dfe1f9e..256aa3b9 100644
--- a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java
+++ b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java
@@ -35,7 +35,9 @@ import org.onap.dcaegen2.services.prh.config.AaiClientConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
+import org.springframework.http.client.reactive.ClientHttpConnector;
 import org.springframework.http.client.reactive.ReactorClientHttpConnector;
+import org.springframework.http.client.reactive.ReactorResourceFactory;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.WebClient;
 import reactor.core.publisher.Mono;
@@ -68,18 +70,15 @@ public class AaiReactiveWebClient {
      * @return WebClient
      */
     public WebClient build() throws SSLException {
-        SslContext sslContext;
-        sslContext = SslContextBuilder
+        LOGGER.debug("Setting ssl context");
+        SslContext sslContext = SslContextBuilder
             .forClient()
             .trustManager(InsecureTrustManagerFactory.INSTANCE)
             .build();
-        LOGGER.debug("Setting ssl context");
-
+        ClientHttpConnector reactorClientHttpConnector = new ReactorClientHttpConnector(new ReactorResourceFactory(),
+            httpClient -> httpClient.secure(sslContextSpec -> sslContextSpec.sslContext(sslContext)));
         return WebClient.builder()
-            .clientConnector(new ReactorClientHttpConnector(clientOptions -> {
-                clientOptions.sslContext(sslContext);
-                clientOptions.disablePool();
-            }))
+            .clientConnector(reactorClientHttpConnector)
             .defaultHeaders(httpHeaders -> httpHeaders.setAll(aaiHeaders))
             .filter(basicAuthentication(aaiUserName, aaiUserPassword))
             .filter(logRequest())
diff --git a/prh-app-server/pom.xml b/prh-app-server/pom.xml
index df76b2b7..6584b5f9 100644
--- a/prh-app-server/pom.xml
+++ b/prh-app-server/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>prh</artifactId>
-    <version>1.1.0-SNAPSHOT</version>
+    <version>1.1.1-SNAPSHOT</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.prh</groupId>
@@ -130,12 +130,6 @@
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
-      <!--<exclusions>-->
-        <!--<exclusion>-->
-          <!--<groupId>com.fasterxml.jackson.core</groupId>-->
-          <!--<artifactId>jackson-databind</artifactId>-->
-        <!--</exclusion>-->
-      <!--</exclusions>-->
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
diff --git a/prh-commons/pom.xml b/prh-commons/pom.xml
index 7cc78388..27b2efed 100644
--- a/prh-commons/pom.xml
+++ b/prh-commons/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>prh</artifactId>
-    <version>1.1.0-SNAPSHOT</version>
+    <version>1.1.1-SNAPSHOT</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.prh</groupId>
@@ -73,7 +73,6 @@
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-web</artifactId>
-      <version>5.0.5.RELEASE</version>
     </dependency>
   </dependencies>
 </project>
diff --git a/prh-dmaap-client/pom.xml b/prh-dmaap-client/pom.xml
index 9778e8c7..384f652d 100644
--- a/prh-dmaap-client/pom.xml
+++ b/prh-dmaap-client/pom.xml
@@ -26,7 +26,7 @@
   <parent>
     <groupId>org.onap.dcaegen2.services</groupId>
     <artifactId>prh</artifactId>
-    <version>1.1.0-SNAPSHOT</version>
+    <version>1.1.1-SNAPSHOT</version>
   </parent>
 
   <groupId>org.onap.dcaegen2.services.prh</groupId>
@@ -46,6 +46,18 @@
       <groupId>org.springframework</groupId>
       <artifactId>spring-context</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+    </dependency>
+    <dependency>
+    <groupId>io.projectreactor.netty</groupId>
+    <artifactId>reactor-netty</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-webflux</artifactId>
diff --git a/version.properties b/version.properties
index 73415a7d..11ad59d0 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=1
 minor=1
-patch=0
+patch=1
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT