From ddeba2f466751a23cbbf6dc07b1b415231a39a5d Mon Sep 17 00:00:00 2001 From: romaingimbert Date: Wed, 5 Sep 2018 10:28:44 +0200 Subject: [PATCH] Fix critical security issues -change pom dependencies version Change-Id: Ib378ac1d8a05345494dcda0299dd5715b04de14e Issue-ID: EXTAPI-126 Signed-off-by: romaingimbert --- pom.xml | 26 +++++++++++++++++++++- .../onap/nbi/apis/hub/service/EventFactory.java | 3 ++- .../serviceorder/utils/JsonEntityConverter.java | 3 ++- .../java/org/onap/nbi/commons/JacksonFilter.java | 3 ++- 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 0aa9fde..1a42cd8 100644 --- a/pom.xml +++ b/pom.xml @@ -120,6 +120,12 @@ + + com.fasterxml.jackson.core + jackson-databind + 2.8.11.2 + + org.apache.tomcat.embed tomcat-embed-core @@ -163,7 +169,7 @@ commons-beanutils commons-beanutils - 1.7.0 + 1.9.3 @@ -227,6 +233,12 @@ com.bazaarvoice.jolt json-utils 0.1.0 + + + com.fasterxml.jackson.core + jackson-databind + + @@ -259,6 +271,12 @@ spring-cloud-contract-wiremock 1.0.0.RELEASE test + + + com.fasterxml.jackson.core + jackson-databind + + @@ -293,6 +311,12 @@ org.onap.msb.java-sdk msb-java-sdk 1.1.1 + + + com.fasterxml.jackson.core + jackson-databind + + diff --git a/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java b/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java index 8083fff..b2a017c 100644 --- a/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java +++ b/src/main/java/org/onap/nbi/apis/hub/service/EventFactory.java @@ -16,6 +16,7 @@ package org.onap.nbi.apis.hub.service; import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.MappingJsonFactory; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; import org.onap.nbi.apis.hub.model.Event; @@ -30,7 +31,7 @@ import java.util.UUID; public class EventFactory { - private static final ObjectMapper mapper = new ObjectMapper(); + private static final ObjectMapper mapper = new ObjectMapper(new MappingJsonFactory()); public static Event getEvent(EventType eventType, ServiceOrder serviceOrder, ServiceOrderItem serviceOrderItem) { Event event = new Event(); diff --git a/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java b/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java index 7be84c2..1821f0a 100644 --- a/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java +++ b/src/main/java/org/onap/nbi/apis/serviceorder/utils/JsonEntityConverter.java @@ -15,6 +15,7 @@ */ package org.onap.nbi.apis.serviceorder.utils; +import com.fasterxml.jackson.databind.MappingJsonFactory; import java.io.IOException; import org.onap.nbi.apis.serviceorder.model.orchestrator.ServiceOrderInfo; import com.fasterxml.jackson.databind.ObjectMapper; @@ -24,7 +25,7 @@ public final class JsonEntityConverter { private JsonEntityConverter() { } - private static final ObjectMapper MAPPER = new ObjectMapper(); + private static final ObjectMapper MAPPER = new ObjectMapper(new MappingJsonFactory()); public static String convertServiceOrderInfoToJson(ServiceOrderInfo serviceOrderInfo) { return MAPPER.valueToTree(serviceOrderInfo).toString(); diff --git a/src/main/java/org/onap/nbi/commons/JacksonFilter.java b/src/main/java/org/onap/nbi/commons/JacksonFilter.java index 07c113e..97f6cf2 100644 --- a/src/main/java/org/onap/nbi/commons/JacksonFilter.java +++ b/src/main/java/org/onap/nbi/commons/JacksonFilter.java @@ -15,6 +15,7 @@ */ package org.onap.nbi.commons; +import com.fasterxml.jackson.databind.MappingJsonFactory; import java.math.BigDecimal; import java.util.ArrayList; import java.util.Arrays; @@ -59,7 +60,7 @@ public class JacksonFilter { } public static ObjectNode createNode(R bean, JsonRepresentation jsonRepresentation) { - ObjectMapper mapper = new ObjectMapper(); + ObjectMapper mapper = new ObjectMapper(new MappingJsonFactory()); return JacksonFilter.createNode(mapper, bean, jsonRepresentation.getAttributes()); } -- 2.16.6