Solve nexus IQ security issue

Upgrade the jackson-core to the latest version to solve SONATYPE-2017-0355

Issue-ID: MSB-131
Change-Id: I9a7fc431a07533c47fe56bd69b18012cf9d7216c
Signed-off-by: HuabingZhao <zhao.huabing@zte.com.cn>

diff --git a/example/pom.xml b/example/pom.xml
index 26ce5a4..81dc972 100644 (file)
--- a/example/pom.xml
+++ b/example/pom.xml
@@ -23,7 +23,7 @@
         <dependency>
             <groupId>io.dropwizard</groupId>
             <artifactId>dropwizard-core</artifactId>
-            <version>0.8.0</version>
+            <version>1.2.4</version>
         </dependency>
     </dependencies>
     <build>

diff --git a/pom.xml b/pom.xml
index 18530f4..5ce0f08 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -37,11 +37,6 @@
       <artifactId>commons-lang3</artifactId>
       <version>3.0</version>
     </dependency>
-    <dependency>
-      <groupId>com.eclipsesource.jaxrs</groupId>
-      <artifactId>consumer</artifactId>
-      <version>5.0</version>
-    </dependency>
     <dependency>
       <groupId>org.apache.httpcomponents</groupId>
       <artifactId>httpclient</artifactId>
@@ -65,6 +60,21 @@
       <version>1.6.6</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-databind</artifactId>
+        <version>2.9.3</version>
+    </dependency>
+    <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-core</artifactId>
+        <version>2.9.3</version>
+    </dependency>
+    <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>19.0</version>
+    </dependency>
   </dependencies>
   <build>
     <plugins>

diff --git a/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java b/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java
index 74096e7..085a35f 100644 (file)
--- a/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java
+++ b/src/main/java/org/onap/msb/sdk/httpclient/handler/RetrofitServiceHandler.java
@@ -28,7 +28,7 @@ import org.onap.msb.sdk.httpclient.lb.LoadBalanceContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import jersey.repackaged.com.google.common.collect.Lists;
+import com.google.common.collect.Lists;
 import retrofit2.Call;
 
 /**
@@ -37,125 +37,123 @@ import retrofit2.Call;
  */
 public class RetrofitServiceHandler implements InvocationHandler {
 
-  private final static Logger logger = LoggerFactory.getLogger(RetrofitServiceHandler.class);
-  private static long periodTime = 60;
+    private final static Logger logger = LoggerFactory.getLogger(RetrofitServiceHandler.class);
+    private static long periodTime = 60;
 
-  static {
-    try {
-      String periodStr = System.getenv("retrofit_route_cache_refresh_period");
-      periodTime = periodStr != null ? Long.valueOf(periodStr) : 60;
-      logger.info("retrofit_route_cache_refresh_period:" + periodTime);
-    } catch (Exception e) {
-      logger.warn("", e);
-    }
+    static {
+        try {
+            String periodStr = System.getenv("retrofit_route_cache_refresh_period");
+            periodTime = periodStr != null ? Long.valueOf(periodStr) : 60;
+            logger.info("retrofit_route_cache_refresh_period:" + periodTime);
+        } catch (Exception e) {
+            logger.warn("", e);
+        }
 
-  }
+    }
 
 
 
-  private RetrofitServiceHandlerContext flowContext;
+    private RetrofitServiceHandlerContext flowContext;
 
-  private AtomicReference<Map<ServiceHttpEndPointObject, Object>> endPointToRetrofitRef =
-      new AtomicReference();
+    private AtomicReference<Map<ServiceHttpEndPointObject, Object>> endPointToRetrofitRef = new AtomicReference();
 
-  public RetrofitServiceHandler(RetrofitServiceHandlerContext flowContext) {
-    super();
-    this.flowContext = flowContext;
-    logger.info("retrofit_route_cache_refresh_period:" + periodTime);
-  }
+    public RetrofitServiceHandler(RetrofitServiceHandlerContext flowContext) {
+        super();
+        this.flowContext = flowContext;
+        logger.info("retrofit_route_cache_refresh_period:" + periodTime);
+    }
 
 
-  /*
-   * (non-Javadoc)
-   * 
-   * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object, java.lang.reflect.Method,
-   * java.lang.Object[])
-   */
-  @Override
-  public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
+    /*
+     * (non-Javadoc)
+     * 
+     * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object, java.lang.reflect.Method,
+     * java.lang.Object[])
+     */
+    @Override
+    public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
 
-    Object retrofitObject = null;
-    ServiceHttpEndPointObjectWapper wapper = null;
+        Object retrofitObject = null;
+        ServiceHttpEndPointObjectWapper wapper = null;
 
-    updateMsbInfo();
-    wapper = selectRetrofitObjectByLBStrategy(
-        flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, null),
-        method, args);
-    retrofitObject = wapper.retrofitObject;
+        updateMsbInfo();
+        wapper = selectRetrofitObjectByLBStrategy(
+                        flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, null), method,
+                        args);
+        retrofitObject = wapper.retrofitObject;
 
-    Object resultObjecct = method.invoke(retrofitObject, args);
+        Object resultObjecct = method.invoke(retrofitObject, args);
 
-    if (resultObjecct instanceof Call) {
-      Call targetCall = (Call) resultObjecct;
-      return new ProxyRetrofitCall(targetCall, this, wapper.endPoint, proxy, method, args);
+        if (resultObjecct instanceof Call) {
+            Call targetCall = (Call) resultObjecct;
+            return new ProxyRetrofitCall(targetCall, this, wapper.endPoint, proxy, method, args);
+        }
+        return resultObjecct;
     }
-    return resultObjecct;
-  }
 
 
-  public Object reInvoke(Object proxy, Method method, Object[] args,
-      ServiceHttpEndPointObject endPoint) throws Throwable {
+    public Object reInvoke(Object proxy, Method method, Object[] args, ServiceHttpEndPointObject endPoint)
+                    throws Throwable {
 
 
-    Object retrofitObject = null;
-    ServiceHttpEndPointObjectWapper wapper = null;
+        Object retrofitObject = null;
+        ServiceHttpEndPointObjectWapper wapper = null;
 
-    updateMsbInfo();
+        updateMsbInfo();
 
-    Map<ServiceHttpEndPointObject, Object> serviceHttpEndPointObjectMap =
-        flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, endPoint);
+        Map<ServiceHttpEndPointObject, Object> serviceHttpEndPointObjectMap =
+                        flowContext.getRetrofitObjectBuilder().buildRetrofitObject(endPointToRetrofitRef, endPoint);
 
-    wapper = selectRetrofitObjectByLBStrategy(serviceHttpEndPointObjectMap, method, args);
+        wapper = selectRetrofitObjectByLBStrategy(serviceHttpEndPointObjectMap, method, args);
 
 
 
-    retrofitObject = wapper.retrofitObject;
+        retrofitObject = wapper.retrofitObject;
 
-    Object resultObjecct = method.invoke(retrofitObject, args);
+        Object resultObjecct = method.invoke(retrofitObject, args);
 
-    return resultObjecct;
+        return resultObjecct;
 
-  }
+    }
 
-  private void updateMsbInfo() {
+    private void updateMsbInfo() {
 
 
 
-    if (System.currentTimeMillis() - flowContext.getLastUpdateMsbTime() > periodTime * 1000) {
-      clean();
+        if (System.currentTimeMillis() - flowContext.getLastUpdateMsbTime() > periodTime * 1000) {
+            clean();
+        }
     }
-  }
 
-  public void clean() {
-    endPointToRetrofitRef.set(null);
-  }
+    public void clean() {
+        endPointToRetrofitRef.set(null);
+    }
 
 
-  private ServiceHttpEndPointObjectWapper selectRetrofitObjectByLBStrategy(
-      Map<ServiceHttpEndPointObject, Object> srvEndPointToRetrofit, Method method, Object[] args)
-      throws RetrofitServiceRuntimeException {
+    private ServiceHttpEndPointObjectWapper selectRetrofitObjectByLBStrategy(
+                    Map<ServiceHttpEndPointObject, Object> srvEndPointToRetrofit, Method method, Object[] args)
+                    throws RetrofitServiceRuntimeException {
 
-    LoadBalanceContext ctx = new LoadBalanceContext();
-    ctx.setEndPoints(Lists.newArrayList(srvEndPointToRetrofit.keySet()));
-    ctx.setArgs(args);
-    ctx.setMethod(method);
-    ServiceHttpEndPointObject endPoint = flowContext.getLbStrategy().chooseEndPointObject(ctx);
-    return new ServiceHttpEndPointObjectWapper(endPoint, srvEndPointToRetrofit.get(endPoint));
-  }
+        LoadBalanceContext ctx = new LoadBalanceContext();
+        ctx.setEndPoints(Lists.newArrayList(srvEndPointToRetrofit.keySet()));
+        ctx.setArgs(args);
+        ctx.setMethod(method);
+        ServiceHttpEndPointObject endPoint = flowContext.getLbStrategy().chooseEndPointObject(ctx);
+        return new ServiceHttpEndPointObjectWapper(endPoint, srvEndPointToRetrofit.get(endPoint));
+    }
 
 }
 
 
 class ServiceHttpEndPointObjectWapper {
 
-  protected ServiceHttpEndPointObject endPoint;
-  protected Object retrofitObject;
+    protected ServiceHttpEndPointObject endPoint;
+    protected Object retrofitObject;
 
-  public ServiceHttpEndPointObjectWapper(ServiceHttpEndPointObject endPoint,
-      Object retrofitObject) {
-    super();
-    this.endPoint = endPoint;
-    this.retrofitObject = retrofitObject;
-  }
+    public ServiceHttpEndPointObjectWapper(ServiceHttpEndPointObject endPoint, Object retrofitObject) {
+        super();
+        this.endPoint = endPoint;
+        this.retrofitObject = retrofitObject;
+    }
 
 }