From 95b4f4645fe544c8f11651d7aa78381b24fc3769 Mon Sep 17 00:00:00 2001 From: GuangrongFu Date: Mon, 24 Aug 2020 20:03:30 +0800 Subject: [PATCH] Fixed Some Vulnerability Issues Fixed the fastjson issue Fixed the retrofit issue Change-Id: Ife7dca0f0aeaf09c753615ef870b84867a970c8d Issue-ID: HOLMES-345 Signed-off-by: GuangrongFu --- pom.xml | 16 +++++++++++++--- .../holmes/rulemgt/bolt/enginebolt/EngineWrapper.java | 16 ++++++++-------- .../holmes/rulemgt/dcae/DcaeConfigurationPolling.java | 18 +++++++++--------- .../rulemgt/dcae/DcaeConfigurationPollingTest.java | 6 +++--- 4 files changed, 33 insertions(+), 23 deletions(-) diff --git a/pom.xml b/pom.xml index cb7bf34..9abc7e5 100644 --- a/pom.xml +++ b/pom.xml @@ -107,8 +107,17 @@ org.checkerframework checker-qual + + com.squareup.retrofit2 + retrofit + + + com.squareup.retrofit2 + retrofit + 2.5.0 + org.reflections reflections @@ -313,10 +322,11 @@ 3.2.2 - com.alibaba - fastjson - 1.2.49 + com.google.code.gson + gson + 2.8.6 + org.glassfish.jersey.core jersey-server diff --git a/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java b/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java index b0bd1f5..479437e 100644 --- a/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java +++ b/rulemgt/src/main/java/org/onap/holmes/rulemgt/bolt/enginebolt/EngineWrapper.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 ZTE Corporation. + * Copyright 2017-2020 ZTE Corporation. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,17 +15,18 @@ */ package org.onap.holmes.rulemgt.bolt.enginebolt; -import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONObject; -import javax.inject.Inject; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; import lombok.extern.slf4j.Slf4j; import org.apache.http.HttpResponse; import org.jvnet.hk2.annotations.Service; +import org.onap.holmes.common.exception.CorrelationException; import org.onap.holmes.common.utils.HttpsUtils; import org.onap.holmes.rulemgt.bean.request.CorrelationCheckRule4Engine; import org.onap.holmes.rulemgt.bean.request.CorrelationDeployRule4Engine; import org.onap.holmes.rulemgt.constant.RuleMgtConstant; -import org.onap.holmes.common.exception.CorrelationException; + +import javax.inject.Inject; @Service @Slf4j @@ -44,9 +45,8 @@ public class EngineWrapper { if (response.getStatusLine().getStatusCode() == RuleMgtConstant.RESPONSE_STATUS_OK) { log.info("Succeeded in calling the rule deployment RESTful API from the engine management service."); try { - // JSONObject json = JSONObject.fromObject(HttpsUtils.extractResponseEntity(response)); - JSONObject json= JSON.parseObject(HttpsUtils.extractResponseEntity(response)); - return json.get(RuleMgtConstant.PACKAGE).toString(); + JsonObject json = JsonParser.parseString(HttpsUtils.extractResponseEntity(response)).getAsJsonObject(); + return json.get(RuleMgtConstant.PACKAGE).getAsString(); } catch (Exception e) { throw new CorrelationException("Failed to parse the value returned by the engine management service.", e); } diff --git a/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java b/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java index dcd530c..e6bc790 100644 --- a/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java +++ b/rulemgt/src/main/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPolling.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 ZTE Corporation. + * Copyright 2017-2020 ZTE Corporation. *

* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except * in compliance with the License. You may obtain a copy of the License at @@ -13,14 +13,8 @@ */ package org.onap.holmes.rulemgt.dcae; -import com.alibaba.fastjson.JSONObject; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.util.HashMap; -import java.util.List; -import javax.ws.rs.core.MediaType; +import com.google.gson.Gson; import lombok.extern.slf4j.Slf4j; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpDelete; @@ -39,6 +33,12 @@ import org.onap.holmes.rulemgt.bean.request.RuleCreateRequest; import org.onap.holmes.rulemgt.bean.response.RuleQueryListResponse; import org.onap.holmes.rulemgt.bean.response.RuleResult4API; +import javax.ws.rs.core.MediaType; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.HashMap; +import java.util.List; + @Slf4j public class DcaeConfigurationPolling implements Runnable { @@ -106,7 +106,7 @@ public class DcaeConfigurationPolling implements Runnable { httpClient = HttpsUtils.getConditionalHttpsClient(HttpsUtils.DEFUALT_TIMEOUT); HttpResponse httpResponse = HttpsUtils.get(httpGet, headers, httpClient); String response = HttpsUtils.extractResponseEntity(httpResponse); - return JSONObject.parseObject(response, RuleQueryListResponse.class); + return GsonUtil.jsonToBean(response, RuleQueryListResponse.class); } finally { httpGet.releaseConnection(); closeHttpClient(httpClient); diff --git a/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java b/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java index 53e60c8..6b640b2 100644 --- a/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java +++ b/rulemgt/src/test/java/org/onap/holmes/rulemgt/dcae/DcaeConfigurationPollingTest.java @@ -1,5 +1,5 @@ /** - * Copyright 2017 ZTE Corporation. + * Copyright 2017-2020 ZTE Corporation. *

* Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,7 +15,6 @@ */ package org.onap.holmes.rulemgt.dcae; -import com.alibaba.fastjson.JSONObject; import org.apache.http.HttpResponse; import org.apache.http.StatusLine; import org.apache.http.client.methods.HttpDelete; @@ -31,6 +30,7 @@ import org.junit.runner.RunWith; import org.onap.holmes.common.dcae.DcaeConfigurationQuery; import org.onap.holmes.common.dcae.entity.DcaeConfigurations; import org.onap.holmes.common.dcae.entity.Rule; +import org.onap.holmes.common.utils.GsonUtil; import org.onap.holmes.common.utils.HttpsUtils; import org.onap.holmes.rulemgt.bean.response.RuleQueryListResponse; import org.onap.holmes.rulemgt.bean.response.RuleResult4API; @@ -82,7 +82,7 @@ public class DcaeConfigurationPollingTest { expect(HttpsUtils.getConditionalHttpsClient(30000)).andReturn(clientMock); expect(HttpsUtils.get(anyObject(HttpGet.class), anyObject(HashMap.class), anyObject(CloseableHttpClient.class))) .andReturn(httpResponseMock); - expect(HttpsUtils.extractResponseEntity(httpResponseMock)).andReturn(JSONObject.toJSONString(ruleQueryListResponse)); + expect(HttpsUtils.extractResponseEntity(httpResponseMock)).andReturn(GsonUtil.beanToJson(ruleQueryListResponse)); clientMock.close(); expectLastCall(); -- 2.16.6