From: wasala <przemyslaw.wasala@nokia.com>
Date: Tue, 18 Sep 2018 12:17:19 +0000 (+0200)
Subject: Security vulnerabilities corrections
X-Git-Tag: 1.0.2~15
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F83%2F67283%2F1;p=dcaegen2%2Fcollectors%2Fdatafile.git

Security vulnerabilities corrections

*Improved imported libraries
*Fixed imported libraries in connection
of risk security

Change-Id: I28e6b22f8088f70cae431e6e99936cdb67e4cc0d
Issue-ID: DCAEGEN2-764
Signed-off-by: wasala <przemyslaw.wasala@nokia.com>
---

diff --git a/datafile-app-server/pom.xml b/datafile-app-server/pom.xml
index 339daeb4..64dd2bc5 100644
--- a/datafile-app-server/pom.xml
+++ b/datafile-app-server/pom.xml
@@ -153,16 +153,6 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-webflux</artifactId>
     </dependency>
-    <dependency>
-      <groupId>com.spotify</groupId>
-      <artifactId>docker-maven-plugin</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>com.fasterxml.jackson.core</groupId>
-          <artifactId>jackson-databind</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
     <dependency>
       <groupId>commons-net</groupId>
       <artifactId>commons-net</artifactId>
@@ -228,6 +218,11 @@
       <artifactId>fake-sftp-server-rule</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.jcraft</groupId>
+      <artifactId>jsch</artifactId>
+      <version>0.1.53</version>
+    </dependency>
 
     <!--REQUIRED TO GENERATE DOCUMENTATION -->
     <dependency>
@@ -238,18 +233,5 @@
       <groupId>io.springfox</groupId>
       <artifactId>springfox-swagger-ui</artifactId>
     </dependency>
-
   </dependencies>
-  <dependencyManagement>
-    <dependencies>
-      <dependency>
-        <!-- IMPORT DEPENDENCY MANAGEMENT FROM SPRING BOOT -->
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-dependencies</artifactId>
-        <version>2.0.4.RELEASE</version>
-        <type>pom</type>
-        <scope>import</scope>
-      </dependency>
-    </dependencies>
-  </dependencyManagement>
 </project>
diff --git a/datafile-commons/pom.xml b/datafile-commons/pom.xml
index 3f551542..d018ff79 100644
--- a/datafile-commons/pom.xml
+++ b/datafile-commons/pom.xml
@@ -31,10 +31,6 @@
   <artifactId>datafile-commons</artifactId>
   <packaging>jar</packaging>
 
-  <properties>
-    <main.basedir>${project.parent.basedir}</main.basedir>
-  </properties>
-
   <dependencies>
     <dependency>
       <groupId>org.immutables</groupId>
@@ -44,16 +40,6 @@
       <groupId>org.immutables</groupId>
       <artifactId>gson</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.apache.httpcomponents</groupId>
-      <artifactId>httpclient</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.commons</groupId>
-      <artifactId>commons-lang3</artifactId>
-    </dependency>
-
-    <!-- TEST DEPENDENCIES -->
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-api</artifactId>
@@ -69,8 +55,6 @@
       <artifactId>mockito-core</artifactId>
       <scope>test</scope>
     </dependency>
-
-    <!-- LOGGING DEPENDENCIES -->
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
@@ -83,5 +67,10 @@
       <groupId>org.slf4j</groupId>
       <artifactId>log4j-over-slf4j</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-web</artifactId>
+      <version>5.0.5.RELEASE</version>
+    </dependency>
   </dependencies>
 </project>
diff --git a/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java b/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java
index af41b356..91cc3c69 100644
--- a/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java
+++ b/datafile-commons/src/main/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtils.java
@@ -18,13 +18,13 @@
 
 package org.onap.dcaegen2.collectors.datafile.model.utils;
 
-import org.apache.http.HttpStatus;
+import org.springframework.http.HttpStatus;
 
-public final class HttpUtils implements HttpStatus {
+public final class HttpUtils {
 
     private HttpUtils() {}
 
     public static boolean isSuccessfulResponseCode(Integer statusCode) {
-        return statusCode >= 200 && statusCode < 300;
+        return statusCode >= HttpStatus.OK.value() && statusCode < HttpStatus.MULTIPLE_CHOICES.value();
     }
 }
diff --git a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java
index 675589fb..062724e7 100644
--- a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java
+++ b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/CommonFunctionsTest.java
@@ -17,31 +17,15 @@
 package org.onap.dcaegen2.collectors.datafile.model;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.StatusLine;
-import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
 class CommonFunctionsTest {
     // Given
     private ConsumerDmaapModel model = new ConsumerDmaapModelForUnitTest();
     private static final String EXPECTED_RESULT =
-            "{\"location\":\"target/A20161224.1030-1045.bin.gz\",\"compression\":\"gzip\","
-                    + "\"fileFormatType\":\"org.3GPP.32.435#measCollec\",\"fileFormatVersion\":\"V10\"}";
-
-    private static final HttpResponse httpResponseMock = mock(HttpResponse.class);
-    private static final HttpEntity httpEntityMock = mock(HttpEntity.class);
-    private static final StatusLine statusLineMock = mock(StatusLine.class);
-
-    @BeforeAll
-    static void setup() {
-        when(httpResponseMock.getEntity()).thenReturn(httpEntityMock);
-        when(httpResponseMock.getStatusLine()).thenReturn(statusLineMock);
-    }
+        "{\"location\":\"target/A20161224.1030-1045.bin.gz\",\"compression\":\"gzip\","
+            + "\"fileFormatType\":\"org.3GPP.32.435#measCollec\",\"fileFormatVersion\":\"V10\"}";
 
     @Test
     void createJsonBody_shouldReturnJsonInString() {
diff --git a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java
index dcccd5f5..5b028973 100644
--- a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java
+++ b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/ConsumerDmaapModelTest.java
@@ -21,8 +21,6 @@ import org.junit.jupiter.api.Test;
 
 public class ConsumerDmaapModelTest {
 
-    // Given
-    private ConsumerDmaapModel consumerDmaapModel;
     private static final String LOCATION = "target/A20161224.1030-1045.bin.gz";
     private static final String COMPRESSION = "gzip";
     private static final String FILE_FORMAT_TYPE = "org.3GPP.32.435#measCollec";
@@ -32,8 +30,9 @@ public class ConsumerDmaapModelTest {
     public void consumerDmaapModelBuilder_shouldBuildAnObject() {
 
         // When
-        consumerDmaapModel = ImmutableConsumerDmaapModel.builder().location(LOCATION).compression(COMPRESSION)
-                .fileFormatType(FILE_FORMAT_TYPE).fileFormatVersion(FILE_FORMAT_VERSION).build();
+        // Given
+        ConsumerDmaapModel consumerDmaapModel = ImmutableConsumerDmaapModel.builder().location(LOCATION).compression(COMPRESSION)
+            .fileFormatType(FILE_FORMAT_TYPE).fileFormatVersion(FILE_FORMAT_VERSION).build();
 
         // Then
         Assertions.assertNotNull(consumerDmaapModel);
diff --git a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java
index 83fe14a7..8effcbb8 100644
--- a/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java
+++ b/datafile-commons/src/test/java/org/onap/dcaegen2/collectors/datafile/model/utils/HttpUtilsTest.java
@@ -21,7 +21,6 @@ package org.onap.dcaegen2.collectors.datafile.model.utils;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
-import org.apache.http.HttpStatus;
 import org.junit.jupiter.api.Test;
 
 
@@ -29,11 +28,11 @@ public class HttpUtilsTest {
 
     @Test
     public void isSuccessfulResponseCode_shouldReturnTrue() {
-        assertTrue(HttpUtils.isSuccessfulResponseCode(HttpUtils.SC_ACCEPTED));
+        assertTrue(HttpUtils.isSuccessfulResponseCode(202));
     }
 
     @Test
     public void isSuccessfulResponseCode_shouldReturnFalse() {
-        assertFalse(HttpUtils.isSuccessfulResponseCode(HttpStatus.SC_BAD_GATEWAY));
+        assertFalse(HttpUtils.isSuccessfulResponseCode(502));
     }
 }
diff --git a/datafile-dmaap-client/pom.xml b/datafile-dmaap-client/pom.xml
index d458eca3..96e0988c 100644
--- a/datafile-dmaap-client/pom.xml
+++ b/datafile-dmaap-client/pom.xml
@@ -49,11 +49,10 @@
     <dependency>
       <groupId>org.springframework</groupId>
       <artifactId>spring-webflux</artifactId>
-      <scope>compile</scope>
     </dependency>
     <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-reactor-netty</artifactId>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context</artifactId>
     </dependency>
     <dependency>
       <groupId>org.apache.httpcomponents</groupId>
@@ -64,8 +63,10 @@
       <artifactId>datafile-commons</artifactId>
       <version>1.0.0-SNAPSHOT</version>
     </dependency>
-
-    <!-- TEST DEPENDENCIES -->
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-reactor-netty</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-api</artifactId>
@@ -86,10 +87,6 @@
       <artifactId>junit-vintage-engine</artifactId>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>
diff --git a/pom.xml b/pom.xml
index 190c62a9..42448f45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,6 +29,7 @@
   <groupId>org.onap.dcaegen2.collectors</groupId>
   <artifactId>datafile</artifactId>
   <version>1.0.0-SNAPSHOT</version>
+
   <name>dcaegen2-collectors.datafile</name>
   <description>datafile collector</description>
   <packaging>pom</packaging>
@@ -40,20 +41,14 @@
     </license>
   </licenses>
 
-
   <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-
-    <!-- JAVA VERSION -->
     <java.version>8</java.version>
-    <compiler.plugin.version>3.7.0</compiler.plugin.version>
-    <tomcat.version>8.5.28</tomcat.version>
+    <immutable.version>2.7.1</immutable.version>
+    <spring.version>5.0.5.RELEASE</spring.version>
     <spring-boot.version>2.0.4.RELEASE</spring-boot.version>
+    <tomcat.version>8.5.32</tomcat.version>
     <docker.maven.version>1.0.0</docker.maven.version>
     <resource.maven.plugin.version>3.1.0</resource.maven.plugin.version>
-    <!-- DEVELOPMENT SETTINGS -->
-    <immutable.version>2.7.1</immutable.version>
 
     <!-- LOGGING SETTINGS -->
     <slf4j.version>1.7.25</slf4j.version>
@@ -138,8 +133,20 @@
 
  <dependencyManagement>
     <dependencies>
-
-      <!-- DEVELOPMENT TOOLS DEPENDENCIES -->
+      <dependency>
+        <groupId>io.projectreactor</groupId>
+        <artifactId>reactor-bom</artifactId>
+        <version>Bismuth-SR10</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-dependencies</artifactId>
+        <version>${spring-boot.version}</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
       <dependency>
         <groupId>org.immutables</groupId>
         <artifactId>value</artifactId>
@@ -152,32 +159,25 @@
         <version>${immutable.version}</version>
       </dependency>
       <dependency>
-        <groupId>io.projectreactor</groupId>
-        <artifactId>reactor-bom</artifactId>
-        <version>Bismuth-RELEASE</version>
-        <type>pom</type>
-        <scope>import</scope>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-beans</artifactId>
+        <version>${spring.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-context</artifactId>
+        <version>${spring.version}</version>
       </dependency>
       <dependency>
-        <groupId>com.spotify</groupId>
-        <artifactId>docker-maven-plugin</artifactId>
-        <version>${docker.maven.version}</version>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-webflux</artifactId>
+        <version>${spring.version}</version>
       </dependency>
       <dependency>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-resources-plugin</artifactId>
         <version>${resource.maven.plugin.version}</version>
       </dependency>
-      <dependency>
-        <groupId>org.bouncycastle</groupId>
-        <artifactId>bcprov-jdk15on</artifactId>
-        <version>1.59</version>
-      </dependency>
-      <dependency>
-        <groupId>org.bouncycastle</groupId>
-        <artifactId>bcpkix-jdk15on</artifactId>
-        <version>1.59</version>
-      </dependency>
       <dependency>
         <groupId>org.codehaus.plexus</groupId>
         <artifactId>plexus-utils</artifactId>
@@ -203,27 +203,6 @@
         <artifactId>commons-io</artifactId>
         <version>1.3.2</version>
       </dependency>
-      <dependency>
-        <groupId>org.springframework</groupId>
-        <artifactId>spring-beans</artifactId>
-        <version>5.0.5.RELEASE</version>
-      </dependency>
-      <dependency>
-        <groupId>org.springframework</groupId>
-        <artifactId>spring-context</artifactId>
-        <version>5.0.5.RELEASE</version>
-      </dependency>
-      <dependency>
-        <groupId>org.springframework</groupId>
-        <artifactId>spring-webflux</artifactId>
-        <version>5.0.5.RELEASE</version>
-        <scope>compile</scope>
-      </dependency>
-      <dependency>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-starter-reactor-netty</artifactId>
-        <version>2.0.4.RELEASE</version>
-      </dependency>
       <dependency>
         <groupId>org.apache.tomcat.embed</groupId>
         <artifactId>tomcat-embed-core</artifactId>
@@ -240,7 +219,6 @@
         <version>${tomcat.version}</version>
       </dependency>
 
-      <!-- LOGGING dependencies> -->
       <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-classic</artifactId>
@@ -258,7 +236,6 @@
         <version>1.7.25</version>
       </dependency>
 
-      <!-- TESTING TOOLS DEPENDENCIES -->
       <dependency>
         <groupId>org.junit.jupiter</groupId>
         <artifactId>junit-jupiter-api</artifactId>
@@ -286,7 +263,7 @@
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-test</artifactId>
-        <version>5.0.4.RELEASE</version>
+        <version>${spring.version}</version>
         <scope>test</scope>
       </dependency>
       <dependency>