Fix for security hotspot related to wek cyptography

https://sonarcloud.io/project/security_hotspots?id=onap_cps&hotspots=AXfObcurA2pnU4Plp4-j

Issue-ID: CPS-286
Signed-off-by: puthuparambil.aditya <aditya.puthuparambil@bell.ca>
Change-Id: I31012f81797396682dbccae0e4992a33bac806c7

diff --git a/cps-dependencies/pom.xml b/cps-dependencies/pom.xml
index d88d257..63f8615 100755 (executable)
--- a/cps-dependencies/pom.xml
+++ b/cps-dependencies/pom.xml
@@ -14,6 +14,7 @@
 
     <properties>
         <cglib-nodep.version>3.1</cglib-nodep.version>
+        <commons-codec.version>1.15</commons-codec.version>
         <commons-lang3.version>3.11</commons-lang3.version>
         <groovy.version>3.0.6</groovy.version>
         <hibernate-types.version>2.10.0</hibernate-types.version>

diff --git a/cps-ri/pom.xml b/cps-ri/pom.xml
index 72b95b8..94d2fa1 100644 (file)
--- a/cps-ri/pom.xml
+++ b/cps-ri/pom.xml
@@ -45,6 +45,10 @@
             <groupId>org.liquibase</groupId>\r
             <artifactId>liquibase-core</artifactId>\r
         </dependency>\r
+        <dependency>\r
+            <groupId>commons-codec</groupId>\r
+            <artifactId>commons-codec</artifactId>\r
+        </dependency>\r
         <!-- T E S T   D E P E N D E N C I E S -->\r
         <dependency>\r
             <groupId>org.codehaus.groovy</groupId>\r

diff --git a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
index b28beb4..9a8ea6a 100755 (executable)
--- a/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/impl/CpsModulePersistenceServiceImpl.java
@@ -28,6 +28,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 import javax.transaction.Transactional;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.onap.cps.spi.CascadeDeleteAllowed;
 import org.onap.cps.spi.CpsAdminPersistenceService;
 import org.onap.cps.spi.CpsModulePersistenceService;
@@ -46,7 +47,7 @@ import org.onap.cps.spi.repository.YangResourceRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.stereotype.Component;
-import org.springframework.util.DigestUtils;
+
 
 @Component
 public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceService {
@@ -90,7 +91,7 @@ public class CpsModulePersistenceServiceImpl implements CpsModulePersistenceServ
     private Set<YangResourceEntity> synchronizeYangResources(final Map<String, String> yangResourcesNameToContentMap) {
         final Map<String, YangResourceEntity> checksumToEntityMap = yangResourcesNameToContentMap.entrySet().stream()
             .map(entry -> {
-                final String checksum = DigestUtils.md5DigestAsHex(entry.getValue().getBytes(StandardCharsets.UTF_8));
+                final String checksum = DigestUtils.sha256Hex(entry.getValue().getBytes(StandardCharsets.UTF_8));
                 final YangResourceEntity yangResourceEntity = new YangResourceEntity();
                 yangResourceEntity.setName(entry.getKey());
                 yangResourceEntity.setContent(entry.getValue());

diff --git a/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv b/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv
index 4dd3127..93db7df 100644 (file)
--- a/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv
+++ b/cps-ri/src/main/resources/changelog/db/changes/data/yang_resource.csv
@@ -455,7 +455,7 @@ ietf-inet-types.yang|"module ietf-inet-types {
                 Identifiers (URIs)\";
   }
 
-}"|fd06e465f26f1e7d0253bbf77e7e55e1
+}"|417a7b14944f6236ad0e2b1ef956158c050cff9b74e3561ca80af32d11be240b
 cps-ran-schema-model2021-01-28.yang|"module cps-ran-schema-model {
   yang-version 1.1;
   namespace \"org:onap:ccsdk:features:sdnr:northbound:cps-ran-schema-model\";
@@ -1753,7 +1753,7 @@ cps-ran-schema-model2021-01-28.yang|"module cps-ran-schema-model {
         \"Target NR Cell Identifier. It consists of NR Cell
          Identifier (NCI) and Physical Cell Identifier of the target NR cell
          (nRPCI).\";
-    "|0337045143fa2e592243243f82699b93
+    "|436fef591eba7f38d1a0c5e3cbd3c122f01ab41dfab37cc5a9cbca1ed53b29fb
 ietf-yang-types.yang|"module ietf-yang-types {
 
   namespace \"urn:ietf:params:xml:ns:yang:ietf-yang-types\";
@@ -2233,4 +2233,4 @@ ietf-yang-types.yang|"module ietf-yang-types {
        notation, i.e., four octets written as decimal numbers
        and separated with the ''.'' (full stop) character.\";
   }
-}"|57d603ee9ab0c49355ad0695c0709c93
+}"|25516798613f862ad20831e59ba02b75ecdc9c6f5547ed5d90bda76143bf0112

diff --git a/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy b/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy
index b0c13af..d3d3768 100644 (file)
--- a/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy
+++ b/cps-ri/src/test/groovy/org/onap/cps/spi/impl/CpsModulePersistenceServiceSpec.groovy
@@ -57,7 +57,7 @@ class CpsModulePersistenceServiceSpec extends CpsPersistenceSpecBase {
     static final Long NEW_RESOURCE_ABSTRACT_ID = 0L
     static final String NEW_RESOURCE_NAME = 'some new resource'
     static final String NEW_RESOURCE_CONTENT = 'some resource content'
-    static final String NEW_RESOURCE_CHECKSUM = '8185b09f11e262f18043f0ea08803f46'
+    static final String NEW_RESOURCE_CHECKSUM = '09002da02ee2683898d2c81c67f9e22cdbf8577d8c2de16c84d724e4ae44a0a6'
 
     def newYangResourcesNameToContentMap = [(NEW_RESOURCE_NAME):NEW_RESOURCE_CONTENT]
     def dataspaceEntity
@@ -110,7 +110,7 @@ class CpsModulePersistenceServiceSpec extends CpsPersistenceSpecBase {
         then: 'the schema persisted (re)uses the existing id, name and has the same checksum'
             def existingResourceId = 3001L
             def existingResourceName = 'module1@2020-02-02.yang'
-            def existingResourceChecksum = '877e65a9f36d54e7702c3f073f6bc42b'
+            def existingResourceChecksum = 'e8bdda931099310de66532e08c3fafec391db29f55c81927b168f6aa8f81b73b'
             assertSchemaSetPersisted(DATASPACE_NAME, SCHEMA_SET_NAME_NEW,
                     existingResourceId, existingResourceName, existingResourceContent, existingResourceChecksum)
     }

diff --git a/cps-ri/src/test/resources/data/schemaset.sql b/cps-ri/src/test/resources/data/schemaset.sql
index 0ec1ec3..e6306d0 100644 (file)
--- a/cps-ri/src/test/resources/data/schemaset.sql
+++ b/cps-ri/src/test/resources/data/schemaset.sql
@@ -7,10 +7,10 @@ INSERT INTO SCHEMA_SET (ID, NAME, DATASPACE_ID) VALUES
     (2101, 'SCHEMA-SET-101', 1001); -- for removal, having anchor and data associated
 
 INSERT INTO YANG_RESOURCE (ID, NAME, CONTENT, CHECKSUM) VALUES
-    (3001, 'module1@2020-02-02.yang', 'CONTENT-001', '877e65a9f36d54e7702c3f073f6bc42b'),
-    (3002, 'module2@2020-02-02.yang', 'CONTENT-002', '88892586b1f23fe8c1595759784a18f8'),
-    (3003, 'module3@2020-02-02.yang', 'CONTENT-003', 'fc5740499a09a48e0c95d6fc45d4bde8'),
-    (3004, 'module4@2020-02-02.yang', 'CONTENT-004', '3801280fe532f5cbf535695cf6122026'),
+    (3001, 'module1@2020-02-02.yang', 'CONTENT-001', 'e8bdda931099310de66532e08c3fafec391db29f55c81927b168f6aa8f81b73b'),
+    (3002, 'module2@2020-02-02.yang', 'CONTENT-002', '7e7d48afbe066ed0a890a09081859046d3dde52300dfcdb13be5b20780353a11'),
+    (3003, 'module3@2020-02-02.yang', 'CONTENT-003', 'ca20c45fec8547633f05ff8905c48ffa7b02b94ec3ad4ed79922e6ba40779df3'),
+    (3004, 'module4@2020-02-02.yang', 'CONTENT-004', 'f6ed09d343562e4d4ae5140f3c6a55df9c53f6da8e30dda8cbd9eaf9cd449be0'),
     (3100, 'orphan@2020-02-02.yang', 'ORPHAN', 'checksum'); -- for auto-removal as orphan
 
 INSERT INTO SCHEMA_SET_YANG_RESOURCES (SCHEMA_SET_ID, YANG_RESOURCE_ID) VALUES