From 8356ed8bce80a957c68236ce14fe0a270524c7df Mon Sep 17 00:00:00 2001 From: sebdet Date: Mon, 8 Apr 2019 14:39:39 +0200 Subject: [PATCH] Fix dom4j issue Upgrade Spring and Camel to latest version so that it fixes thesecurity issues Issue-ID: CLAMP-338 Change-Id: I214ac3520be3c388ec2f7e715b7d37e0db5d5a9c Signed-off-by: sebdet --- pom.xml | 5 +- .../clds/config/spring/CldsConfiguration.java | 29 ++--- src/main/java/org/onap/clamp/clds/dao/CldsDao.java | 133 +++++++++++++-------- .../installer/CsarInstallerImplTest.java | 66 +++++----- 4 files changed, 127 insertions(+), 106 deletions(-) diff --git a/pom.xml b/pom.xml index f60833ff..e03aeada 100644 --- a/pom.xml +++ b/pom.xml @@ -64,8 +64,8 @@ 1.8 1.0.0 - 2.22.1 - 2.0.6.RELEASE + 2.23.1 + 2.1.4.RELEASE jacoco ${project.build.directory}/surefire-reports @@ -409,6 +409,7 @@ com.googlecode.json-simple json-simple + 1.1.1 org.apache.commons diff --git a/src/main/java/org/onap/clamp/clds/config/spring/CldsConfiguration.java b/src/main/java/org/onap/clamp/clds/config/spring/CldsConfiguration.java index 8372e3f5..8e1c75bb 100644 --- a/src/main/java/org/onap/clamp/clds/config/spring/CldsConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/spring/CldsConfiguration.java @@ -5,20 +5,20 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.clamp.clds.config.spring; @@ -28,10 +28,8 @@ import javax.xml.transform.TransformerConfigurationException; import org.onap.clamp.clds.config.ClampProperties; import org.onap.clamp.clds.config.EncodedPasswordBasicDataSource; -import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.transform.XslTransformer; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.config.PropertiesFactoryBean; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.ApplicationContext; @@ -50,7 +48,7 @@ public class CldsConfiguration { /** * Clds Identity database DataSource configuration - * + * * @return */ @Bean(name = "cldsDataSource") @@ -66,13 +64,6 @@ public class CldsConfiguration { return bean; } - @Bean(name = "cldsDao") - public CldsDao getCldsDao(@Qualifier("cldsDataSource") DataSource dataSource) { - CldsDao cldsDao = new CldsDao(); - cldsDao.setDataSource(dataSource); - return cldsDao; - } - @Bean(name = "cldsBpmnTransformer") public XslTransformer getCldsBpmnXslTransformer() throws TransformerConfigurationException { XslTransformer xslTransformer = new XslTransformer(); diff --git a/src/main/java/org/onap/clamp/clds/dao/CldsDao.java b/src/main/java/org/onap/clamp/clds/dao/CldsDao.java index 5da26b19..0cf68ea1 100644 --- a/src/main/java/org/onap/clamp/clds/dao/CldsDao.java +++ b/src/main/java/org/onap/clamp/clds/dao/CldsDao.java @@ -26,7 +26,6 @@ package org.onap.clamp.clds.dao; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import java.io.InputStream; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.HashMap; @@ -35,7 +34,6 @@ import java.util.Map; import javax.sql.DataSource; -import org.onap.clamp.clds.model.CldsDbServiceCache; import org.onap.clamp.clds.model.CldsDictionary; import org.onap.clamp.clds.model.CldsDictionaryItem; import org.onap.clamp.clds.model.CldsEvent; @@ -43,11 +41,11 @@ import org.onap.clamp.clds.model.CldsModel; import org.onap.clamp.clds.model.CldsModelInstance; import org.onap.clamp.clds.model.CldsModelProp; import org.onap.clamp.clds.model.CldsMonitoringDetails; -import org.onap.clamp.clds.model.CldsServiceData; import org.onap.clamp.clds.model.CldsTemplate; import org.onap.clamp.clds.model.CldsToscaModel; import org.onap.clamp.clds.model.ValueItem; -import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.namedparam.MapSqlParameterSource; import org.springframework.jdbc.core.namedparam.SqlParameterSource; @@ -86,14 +84,17 @@ public class CldsDao { /** * Log message when instantiating. */ - public CldsDao() { + @Autowired + public CldsDao(@Qualifier("cldsDataSource") DataSource dataSource) { logger.info("CldsDao instantiating..."); + setDataSource(dataSource); } /** * When dataSource is provided, instantiate spring jdbc objects. * - * @param dataSource the data source + * @param dataSource + * the data source */ public void setDataSource(DataSource dataSource) { this.jdbcTemplateObject = new JdbcTemplate(dataSource); @@ -117,7 +118,8 @@ public class CldsDao { /** * Get a model from the database given the model name. * - * @param modelName the model name + * @param modelName + * the model name * @return the model */ public CldsModel getModel(String modelName) { @@ -138,16 +140,19 @@ public class CldsDao { /** * Get a model from the database given the controlNameUuid. * - * @param controlNameUuid the control name uuid + * @param controlNameUuid + * the control name uuid * @return the model by uuid */ public CldsModel getModelByUuid(String controlNameUuid) { return getModel(null, controlNameUuid); } + /** * Get a model and template information from the database given the model name. * - * @param modelName the model name + * @param modelName + * the model name * @return model model template */ @@ -179,8 +184,10 @@ public class CldsDao { * Update model in the database using parameter values and return updated model * object. * - * @param model the model - * @param userid the userid + * @param model + * the model + * @param userid + * the userid * @return model */ public CldsModel setModel(CldsModel model, String userid) { @@ -208,8 +215,10 @@ public class CldsDao { * Inserts new modelInstance in the database using parameter values and return * updated model object. * - * @param model the model - * @param modelInstancesList the model instances list + * @param model + * the model + * @param modelInstancesList + * the model instances list */ public void insModelInstance(CldsModel model, List modelInstancesList) { // Delete all existing model instances for given controlNameUUID @@ -241,10 +250,14 @@ public class CldsDao { * Insert an event in the database - require either modelName or * controlNamePrefix/controlNameUuid. * - * @param modelName the model name - * @param controlNamePrefix the control name prefix - * @param controlNameUuid the control name uuid - * @param cldsEvent the clds event + * @param modelName + * the model name + * @param controlNamePrefix + * the control name prefix + * @param controlNameUuid + * the control name uuid + * @param cldsEvent + * the clds event * @return clds event */ public CldsEvent insEvent(String modelName, String controlNamePrefix, String controlNameUuid, CldsEvent cldsEvent) { @@ -268,8 +281,10 @@ public class CldsDao { /** * Update event with process instance id. * - * @param eventId the event id - * @param processInstanceId the process instance id + * @param eventId + * the event id + * @param processInstanceId + * the process instance id */ public void updEvent(String eventId, String processInstanceId) { SqlParameterSource in = new MapSqlParameterSource().addValue("v_event_id", eventId) @@ -291,8 +306,10 @@ public class CldsDao { * Update template in the database using parameter values and return updated * template object. * - * @param template the template - * @param userid the userid + * @param template + * the template + * @param userid + * the userid */ public void setTemplate(CldsTemplate template, String userid) { SqlParameterSource in = new MapSqlParameterSource().addValue("v_template_name", template.getName()) @@ -322,7 +339,8 @@ public class CldsDao { /** * Get a template from the database given the model name. * - * @param templateName the template name + * @param templateName + * the template name * @return model template */ public CldsTemplate getTemplate(String templateName) { @@ -367,7 +385,7 @@ public class CldsDao { public List getDeployedModelProperties() { List cldsModelPropList = new ArrayList<>(); String modelsSql = "select m.model_id, m.model_name, mp.model_prop_id, mp.model_prop_text FROM model m, " - + "model_properties mp, event e " + + "model_properties mp, event e " + "WHERE m.model_prop_id = mp.model_prop_id and m.event_id = e.event_id and e.action_cd = 'DEPLOY'"; List> rows = jdbcTemplateObject.queryForList(modelsSql); CldsModelProp cldsModelProp = null; @@ -421,7 +439,8 @@ public class CldsDao { /** * Method to delete model from database. * - * @param modelName the model name + * @param modelName + * the model name */ public void deleteModel(String modelName) { SqlParameterSource in = new MapSqlParameterSource().addValue("v_model_name", modelName); @@ -461,7 +480,8 @@ public class CldsDao { /** * Method to retrieve a tosca models by Policy Type from database. * - * @param policyType the policy type + * @param policyType + * the policy type * @return List of CldsToscaModel */ public List getToscaModelByPolicyType(String policyType) { @@ -471,7 +491,8 @@ public class CldsDao { /** * Method to retrieve a tosca models by toscaModelName, version from database. * - * @param toscaModelName the tosca model name + * @param toscaModelName + * the tosca model name * @return List of CldsToscaModel */ public List getToscaModelByName(String toscaModelName) { @@ -486,8 +507,7 @@ public class CldsDao { String toscaModelSql = "SELECT tm.tosca_model_name, tm.tosca_model_id, tm.policy_type, " + "tmr.tosca_model_revision_id, tmr.tosca_model_json, tmr.version, tmr.user_id, tmr.createdTimestamp, " - + "tmr.lastUpdatedTimestamp " - + ((toscaModelName != null) ? (", tmr.tosca_model_yaml ") : " ") + + "tmr.lastUpdatedTimestamp " + ((toscaModelName != null) ? (", tmr.tosca_model_yaml ") : " ") + "FROM tosca_model tm, tosca_model_revision tmr WHERE tm.tosca_model_id = tmr.tosca_model_id " + ((toscaModelName != null) ? (" AND tm.tosca_model_name = '" + toscaModelName + "'") : " ") + ((policyType != null) ? (" AND tm.policy_type = '" + policyType + "'") : " ") @@ -520,8 +540,10 @@ public class CldsDao { /** * Method to upload a new version of Tosca Model Yaml in Database. * - * @param cldsToscaModel the clds tosca model - * @param userId the user id + * @param cldsToscaModel + * the clds tosca model + * @param userId + * the user id * @return CldsToscaModel clds tosca model */ public CldsToscaModel updateToscaModelWithNewVersion(CldsToscaModel cldsToscaModel, String userId) { @@ -537,8 +559,10 @@ public class CldsDao { /** * Method to upload a new Tosca model Yaml in DB. Default version is 1.0 * - * @param cldsToscaModel the clds tosca model - * @param userId the user id + * @param cldsToscaModel + * the clds tosca model + * @param userId + * the user id * @return CldsToscaModel clds tosca model */ public CldsToscaModel insToscaModel(CldsToscaModel cldsToscaModel, String userId) { @@ -558,7 +582,8 @@ public class CldsDao { /** * Method to insert a new Dictionary in Database. * - * @param cldsDictionary the clds dictionary + * @param cldsDictionary + * the clds dictionary */ public void insDictionary(CldsDictionary cldsDictionary) { SqlParameterSource in = new MapSqlParameterSource() @@ -571,9 +596,12 @@ public class CldsDao { /** * Method to update Dictionary with new info in Database. * - * @param dictionaryId the dictionary id - * @param cldsDictionary the clds dictionary - * @param userId the user id + * @param dictionaryId + * the dictionary id + * @param cldsDictionary + * the clds dictionary + * @param userId + * the user id */ public void updateDictionary(String dictionaryId, CldsDictionary cldsDictionary, String userId) { @@ -586,8 +614,10 @@ public class CldsDao { /** * Method to get list of Dictionaries from the Database. * - * @param dictionaryId the dictionary id - * @param dictionaryName the dictionary name + * @param dictionaryId + * the dictionary id + * @param dictionaryName + * the dictionary name * @return dictionary */ public List getDictionary(String dictionaryId, String dictionaryName) { @@ -620,8 +650,10 @@ public class CldsDao { /** * Method to insert a new Dictionary Element for given dictionary in Database. * - * @param cldsDictionaryItem the clds dictionary item - * @param userId the user id + * @param cldsDictionaryItem + * the clds dictionary item + * @param userId + * the user id */ public void insDictionarElements(CldsDictionaryItem cldsDictionaryItem, String userId) { SqlParameterSource in = new MapSqlParameterSource() @@ -638,9 +670,12 @@ public class CldsDao { * Method to update Dictionary Elements with new info for a given dictionary in * Database. * - * @param dictionaryElementId the dictionary element id - * @param cldsDictionaryItem the clds dictionary item - * @param userId the user id + * @param dictionaryElementId + * the dictionary element id + * @param cldsDictionaryItem + * the clds dictionary item + * @param userId + * the user id */ public void updateDictionaryElements(String dictionaryElementId, CldsDictionaryItem cldsDictionaryItem, String userId) { @@ -659,9 +694,12 @@ public class CldsDao { * Method to get list of all dictionary elements for a given dictionary in the * Database. * - * @param dictionaryName the dictionary name - * @param dictionaryId the dictionary id - * @param dictElementShortName the dict element short name + * @param dictionaryName + * the dictionary name + * @param dictionaryId + * the dictionary id + * @param dictElementShortName + * the dict element short name * @return dictionary elements */ public List getDictionaryElements(String dictionaryName, String dictionaryId, @@ -701,7 +739,8 @@ public class CldsDao { * Method to get Map of all dictionary elements with key as dictionary short * name and value as the full name. * - * @param dictionaryElementType the dictionary element type + * @param dictionaryElementType + * the dictionary element type * @return Map of dictionary elements as key value pair */ public Map getDictionaryElementsByType(String dictionaryElementType) { diff --git a/src/test/java/org/onap/clamp/clds/sdc/controller/installer/CsarInstallerImplTest.java b/src/test/java/org/onap/clamp/clds/sdc/controller/installer/CsarInstallerImplTest.java index 1fe3ff3d..17e27d51 100644 --- a/src/test/java/org/onap/clamp/clds/sdc/controller/installer/CsarInstallerImplTest.java +++ b/src/test/java/org/onap/clamp/clds/sdc/controller/installer/CsarInstallerImplTest.java @@ -22,12 +22,13 @@ * */ - package org.onap.clamp.clds.sdc.controller.installer; import com.google.gson.JsonObject; + import java.io.IOException; import java.io.InputStream; + import org.apache.commons.io.IOUtils; import org.assertj.core.api.Assertions; import org.junit.Before; @@ -38,7 +39,6 @@ import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; import org.onap.clamp.clds.client.DcaeInventoryServices; import org.onap.clamp.clds.config.sdc.BlueprintParserFilesConfiguration; -import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.exception.sdc.controller.SdcArtifactInstallerException; import org.onap.clamp.clds.service.CldsService; import org.onap.clamp.clds.service.CldsTemplateService; @@ -83,64 +83,54 @@ public class CsarInstallerImplTest { private BlueprintArtifact artifact; /** - * Set up method. - * throws: Exception + * Set up method. throws: Exception */ @Before public void setUp() throws Exception { String dceaBlueprint = ResourceFileUtil.getResourceAsString("tosca/dcea_blueprint.yml"); artifact = prepareBlueprintArtifact(dceaBlueprint); - csarInstaller = new CsarInstallerImpl(applicationContext, new CldsDao(), new CldsTemplateService(), - cldsService, dcaeInventoryServices, new XslTransformer()); + csarInstaller = new CsarInstallerImpl(applicationContext, null, new CldsTemplateService(), cldsService, + dcaeInventoryServices, new XslTransformer()); } @Test public void shouldReturnInputParametersFromBlueprint() { - //given + // given String expectedBlueprintInputsText = "{\"aaiEnrichmentHost\":\"aai.onap.svc.cluster.local\"" - + ",\"aaiEnrichmentPort\":\"8443\"" - + ",\"enableAAIEnrichment\":true" - + ",\"dmaap_host\":\"message-router\"" - + ",\"dmaap_port\":\"3904\"" - + ",\"enableRedisCaching\":false" - + ",\"redisHosts\":\"dcae-redis:6379\"" - + ",\"tag_version\":" - + "\"nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0\"" - + ",\"consul_host\":\"consul-server\"" - + ",\"consul_port\":\"8500\",\"cbs_host\":\"{\\\"test\\\":" - + "{\\\"test\\\":\\\"test\\\"}}\",\"cbs_port\":\"10000\"" - + ",\"external_port\":\"32010\",\"policy_id\":\"AUTO_GENERATED_POLICY_ID_AT_SUBMIT\"}"; + + ",\"aaiEnrichmentPort\":\"8443\"" + ",\"enableAAIEnrichment\":true" + ",\"dmaap_host\":\"message-router\"" + + ",\"dmaap_port\":\"3904\"" + ",\"enableRedisCaching\":false" + ",\"redisHosts\":\"dcae-redis:6379\"" + + ",\"tag_version\":" + + "\"nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0\"" + + ",\"consul_host\":\"consul-server\"" + ",\"consul_port\":\"8500\",\"cbs_host\":\"{\\\"test\\\":" + + "{\\\"test\\\":\\\"test\\\"}}\",\"cbs_port\":\"10000\"" + + ",\"external_port\":\"32010\",\"policy_id\":\"AUTO_GENERATED_POLICY_ID_AT_SUBMIT\"}"; JsonObject expectedBlueprintInputs = JsonUtils.GSON.fromJson(expectedBlueprintInputsText, JsonObject.class); - //when + // when String parametersInJson = csarInstaller.getAllBlueprintParametersInJson(artifact); - //then + // then Assertions.assertThat(JsonUtils.GSON.fromJson(parametersInJson, JsonObject.class)) - .isEqualTo(expectedBlueprintInputs); + .isEqualTo(expectedBlueprintInputs); } @Test public void shouldReturnBuildModelName() throws SdcArtifactInstallerException { - //given - String expectedModelName = "CLAMP_test_name_" - + "vtest_service_version_" - + "test_resource_instance_name_" - + "test_artifact_name"; - prepareMockCsarHandler("name", "test_name", - "test_service_version"); + // given + String expectedModelName = "CLAMP_test_name_" + "vtest_service_version_" + "test_resource_instance_name_" + + "test_artifact_name"; + prepareMockCsarHandler("name", "test_name", "test_service_version"); Mockito.when(resourceInstance.getResourceInstanceName()).thenReturn("test_resource_instance_name"); - //when + // when String actualModelName = CsarInstallerImpl.buildModelName(csarHandler, artifact); - //then + // then Assertions.assertThat(actualModelName).isEqualTo(expectedModelName); } @Test public void shouldReturnRightMapping() throws SdcArtifactInstallerException, IOException { - //given - String input = "[{\"blueprintKey\":\"tca_k8s\"," - + "\"dcaeDeployable\":false," - + "\"files\":{\"svgXmlFilePath\":\"samplePath\",\"bpmnXmlFilePath\":\"samplePath\"}}]"; + // given + String input = "[{\"blueprintKey\":\"tca_k8s\"," + "\"dcaeDeployable\":false," + + "\"files\":{\"svgXmlFilePath\":\"samplePath\",\"bpmnXmlFilePath\":\"samplePath\"}}]"; BlueprintParserFilesConfiguration filesConfiguration = new BlueprintParserFilesConfiguration(); filesConfiguration.setBpmnXmlFilePath("samplePath"); filesConfiguration.setSvgXmlFilePath("samplePath"); @@ -149,10 +139,10 @@ public class CsarInstallerImplTest { Mockito.when(applicationContext.getResource(Mockito.any(String.class))).thenReturn(resource); Mockito.when(resource.getInputStream()).thenReturn(inputStream); csarInstaller.loadConfiguration(); - //when + // when BlueprintParserFilesConfiguration configuration = csarInstaller.searchForRightMapping(artifact); - //then + // then Assertions.assertThat(configuration.getBpmnXmlFilePath()).isEqualTo("samplePath"); Assertions.assertThat(configuration.getSvgXmlFilePath()).isEqualTo("samplePath"); } @@ -167,7 +157,7 @@ public class CsarInstallerImplTest { } private void prepareMockCsarHandler(String metadataNameMockInput, String metadataNameMockOutput, - String serviceVersion) { + String serviceVersion) { Mockito.when(csarHandler.getSdcCsarHelper()).thenReturn(sdcCsarHelper); Mockito.when(sdcCsarHelper.getServiceMetadata()).thenReturn(metadata); Mockito.when(metadata.getValue(metadataNameMockInput)).thenReturn(metadataNameMockOutput); -- 2.16.6