From: Sunil Unnava <su622b@att.com>
Date: Tue, 27 Feb 2018 08:09:04 +0000 (-0500)
Subject: Security issues fixes
X-Git-Tag: v1.1.1^0
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fmessagerouter%2Fmsgrtr.git;a=commitdiff_plain;h=907bb776273e1bf41331609c51dc520c3d4fa181

Security issues fixes

Issue-ID: DMAAP-207
Change-Id: I8c95f2647676fc4c2e754bdc280b97886f53403f
Signed-off-by: Sunil Unnava <su622b@att.com>
---

diff --git a/.project b/.project
index 885141a..13ca257 100644
--- a/.project
+++ b/.project
@@ -10,13 +10,30 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>net.sf.eclipsecs.core.CheckstyleBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.springframework.ide.eclipse.core.springbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.springframework.ide.eclipse.boot.validation.springbootbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
+		<nature>org.springframework.ide.eclipse.core.springnature</nature>
+		<nature>net.sf.eclipsecs.core.CheckstyleNature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
 	</natures>
diff --git a/pom.xml b/pom.xml
index 90ae0fe..2630493 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.onap.dmaap.messagerouter.msgrtr</groupId>
 	<artifactId>msgrtr</artifactId>
-	<version>1.1.0-SNAPSHOT</version>
+	<version>1.1.1-SNAPSHOT</version>
 	<packaging>jar</packaging>
 	<name>dmaap-messagerouter-msgrtr</name>
 	<description>Message Router - Restful interface built for kafka</description>
@@ -36,7 +36,7 @@
 	</parent>
 	
 	<properties>
-		<spring.version>3.2.14.RELEASE</spring.version>
+		<spring.version>3.2.15.RELEASE</spring.version>
 		<cxf.version>3.0.4</cxf.version>
 		<jstl.version>1.2</jstl.version>
 		<maven.compiler.target>1.7</maven.compiler.target>
@@ -90,13 +90,62 @@
 	 </developers>
 
 	<dependencies>
-
+	<dependency>
+		<groupId>commons-collections</groupId>
+		<artifactId>commons-collections</artifactId>
+		<version>3.2.2</version>
+	</dependency>
+	<dependency>
+		<groupId>ch.qos.logback</groupId>
+		<artifactId>logback-core</artifactId>
+		<version>1.2.0</version>
+	</dependency>
+	<dependency>
+		<groupId>ch.qos.logback</groupId>
+		<artifactId>logback-classic</artifactId>
+		<version>1.2.0</version>
+	</dependency>
+	<dependency>
+		<groupId>commons-beanutils</groupId>
+		<artifactId>commons-beanutils</artifactId>
+		<version>1.9.2</version>
+		<exclusions>
+			<!-- We have JCL-over-SLF4J instead. -->
+			<exclusion>
+				<groupId>commons-logging</groupId>
+				<artifactId>commons-logging</artifactId>
+			</exclusion>
+		</exclusions>
+	</dependency>
+	<dependency>
+		<groupId>org.codehaus.groovy</groupId>
+		<artifactId>groovy-all</artifactId>
+		<version>2.4.4</version>
+		<scope>compile</scope>
+		<exclusions>
+			<exclusion>
+				<artifactId>jline</artifactId>
+				<groupId>jline</groupId>
+			</exclusion>
+		</exclusions>
+	</dependency>
+	<dependency>
+		<groupId>commons-fileupload</groupId>
+		<artifactId>commons-fileupload</artifactId>
+		<version>1.3.3</version>
+	</dependency>
+    
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
 			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>com.att.aft</groupId>
+			<artifactId>dme2</artifactId>
+			<version>3.1.200-oss</version>
+			</dependency>
 
 		<!-- slf4j logger -->
 		<dependency>
@@ -233,15 +282,21 @@
 			</exclusions>
 		</dependency>
 		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-					<artifactId>httpclient</artifactId>
-					<version>4.4.1</version>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-					<artifactId>httpclient-cache</artifactId>
-					<version>4.4.1</version>
-		</dependency>
+	<groupId>org.apache.httpcomponents</groupId>
+	<artifactId>httpclient</artifactId>
+	<version>4.5.3</version>
+</dependency>
+	<dependency>
+		<groupId>org.apache.httpcomponents</groupId>
+		<artifactId>httpclient-cache</artifactId>
+		<version>4.5.3</version>
+	</dependency>
+	<dependency>
+		<groupId>org.apache.httpcomponents</groupId>
+		<artifactId>httpcore</artifactId>
+		<version>4.4.1</version>
+	</dependency>
+		
 		
 		<!-- explicit jline add b/c it conflicts with the zk client -->
 		<dependency>
@@ -262,24 +317,12 @@
 			<version>2.6.0</version>
 		</dependency>
 
-		<dependency>
-			<groupId>com.att.aft</groupId>
-			<artifactId>dme2</artifactId>
-			<version>3.1.200</version>
-		</dependency>
 
 	<dependency>
 	    <groupId>com.google.code.gson</groupId>
 	    <artifactId>gson</artifactId>
 	    <version>2.8.0</version>
 	</dependency>
-		<dependency>
-			<groupId>org.mockito</groupId>
-			<artifactId>mockito-all</artifactId>
-			<version>1.9.5</version>
-			<scope>test</scope>
-		</dependency>
-
 
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
diff --git a/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java b/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java
index b2db07e..df486d5 100644
--- a/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java
+++ b/src/test/java/com/att/nsa/cambria/service/impl/AdminServiceImplemTest.java
@@ -25,23 +25,51 @@ package com.att.nsa.cambria.service.impl;
 import static org.junit.Assert.*;
 
 import java.io.IOException;
+import java.util.Date;
 
 import com.att.nsa.cambria.beans.DMaaPContext;
+import com.att.nsa.cambria.embed.EmbedConfigurationReader;
+import com.att.nsa.cambria.utils.ConfigurationReader;
 import com.att.nsa.configs.ConfigDbException;
+import com.att.nsa.drumlin.till.data.sha1HmacSigner;
 import com.att.nsa.security.ReadWriteSecuredResource.AccessDeniedException;
 
-import org.junit.After;
-import org.junit.Before;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
 import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
 
 public class AdminServiceImplemTest {
+	
+	private static  DMaaPContext context = new DMaaPContext();
+	
+	private static EmbedConfigurationReader embedConfigurationReader = new EmbedConfigurationReader();
+
+	@BeforeClass
+	public static void setUp() throws Exception {
+
+		final long nowMs = System.currentTimeMillis();
+		Date date = new Date(nowMs + 10000);
+
+		final String serverCalculatedSignature = sha1HmacSigner.sign(date.toString(), "password");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addHeader("X-Auth", "admin:" + serverCalculatedSignature);
+
+		//NsaSimpleApiKey apiKey = new NsaSimpleApiKey("admin", "password");
+	//	PowerMockito.when(baseNsaApiDbImpl.loadApiKey("b/7ouTn9FfEw2PQwL0ov/Q==")).thenReturn(apiKey);
 
-	@Before
-	public void setUp() throws Exception {
+		request.addHeader("X-Date", date);
+		request.addHeader("Date", date);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		context.setRequest(request);
+		context.setResponse(response);
+		context.setConfigReader(embedConfigurationReader.buildConfigurationReader());
 	}
 
-	@After
-	public void tearDown() throws Exception {
+	@AfterClass
+	public static void tearDown() throws Exception {
+		embedConfigurationReader.tearDown();
 	}
 
 	
@@ -51,7 +79,7 @@ public class AdminServiceImplemTest {
 		
 		AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
 		try {
-			adminServiceImpl.showConsumerCache(new DMaaPContext());
+			adminServiceImpl.showConsumerCache(context);
 		} catch (IOException | AccessDeniedException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
@@ -73,7 +101,7 @@ public class AdminServiceImplemTest {
 		
 		AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
 		try {
-			adminServiceImpl.dropConsumerCache(new DMaaPContext());
+			adminServiceImpl.dropConsumerCache(context);
 		} catch (IOException | AccessDeniedException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
@@ -95,7 +123,7 @@ public class AdminServiceImplemTest {
 		
 		AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
 		try {
-			adminServiceImpl.getBlacklist(new DMaaPContext());
+			adminServiceImpl.getBlacklist(context);
 		} catch (IOException | AccessDeniedException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
@@ -117,7 +145,7 @@ public class AdminServiceImplemTest {
 		
 		AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
 		try {
-			adminServiceImpl.addToBlacklist(new DMaaPContext(), "120.120.120.120");
+			adminServiceImpl.addToBlacklist(context, "120.120.120.120");
 		} catch (IOException | AccessDeniedException | ConfigDbException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
@@ -139,7 +167,7 @@ public class AdminServiceImplemTest {
 		
 		AdminServiceImpl adminServiceImpl = new AdminServiceImpl();
 		try {
-			adminServiceImpl.addToBlacklist(new DMaaPContext(), "120.120.120.120");
+			adminServiceImpl.addToBlacklist(context, "120.120.120.120");
 		} catch (IOException | AccessDeniedException | ConfigDbException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
diff --git a/version.properties b/version.properties
index d6e413c..e1118ab 100644
--- a/version.properties
+++ b/version.properties
@@ -27,7 +27,7 @@
 
 major=1
 minor=1
-patch=0
+patch=1
 
 base_version=${major}.${minor}.${patch}