gerrit.onap Code Review - policy/engine.git/commit

author	liamfallon <liam.fallon@ericsson.com>
	Wed, 18 Apr 2018 20:16:52 +0000 (21:16 +0100)
committer	liamfallon <liam.fallon@ericsson.com>
	Wed, 18 Apr 2018 20:18:00 +0000 (21:18 +0100)
commit	cfd1160833ecb24c336fe6d0d197547c36ce2327
tree	26712483830422ef97e26ac79a1301eb4a2b4cad	tree \| snapshot
parent	9154e24b32e41cf987daf02da01eaca7805fc291	commit \| diff

Remove insecure dependency on PolicyEngineAPI

The insecure dependency tyrus-container-grizzly-client is
part of Tyrus, a Java web socket implementation library.

A direct substitution of this library is not available so
the code in AutoClientEnd.java and ManualClientEnd.java
was adapted to work with the library
org.java-websocket.Java-WebSocket
that does not seem to have any vulnerabilities when tested
with the org.owasp.dependency-check-maven plugin.

The purpose of this submission is to see if the new library
does indeed remove the vulnerability. If so, the implementation
in AutoClientEnd and ManualClientEnd must be cleaned up.

Change-Id: I961635aaea42c2f847edf11ee77e2961cdfb097b
Issue-ID: POLICY-744
Signed-off-by: liamfallon <liam.fallon@ericsson.com>

PolicyEngineAPI/pom.xml		diff \| blob \| history
PolicyEngineAPI/src/main/java/org/onap/policy/std/AutoClientEnd.java		diff \| blob \| history
PolicyEngineAPI/src/main/java/org/onap/policy/std/ManualClientEnd.java		diff \| blob \| history
PolicyEngineAPI/src/test/java/org/onap/policy/std/test/ManualClientEndTest.java		diff \| blob \| history