From: jz385p <jz385p@us.att.com>
Date: Wed, 3 Jun 2020 07:20:14 +0000 (+0530)
Subject: Fixed few security issues from the dependencies
X-Git-Tag: 3.4.0~53^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=portal.git;a=commitdiff_plain;h=cfc431ee10a83ccc0a170ec4f8e674f6ccb63a8d

Fixed few security issues from the dependencies

Fixed security vulnerable issues

Issue-ID: PORTAL-916
Change-Id: Icbc99c29f04f6390ab2903249ce92f25e2fb0fd2
Signed-off-by: jz385p <jegadeesh.babu@att.com>
---

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 82e9827c..526619fa 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -184,17 +184,7 @@
 			<artifactId>jaxb-api</artifactId>
 			<version>2.4.0-b180830.0359</version>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter</artifactId>
-			<version>1.3.1.RELEASE</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.slf4j</groupId>
-					<artifactId>log4j-over-slf4j</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
+		
 		<!-- Hibernate -->
 		<dependency>
 			<groupId>org.hibernate</groupId>
@@ -290,17 +280,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.8.10</version>
+			<version>2.10.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.8.10</version>
+			<version>2.10.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.8.11.4</version>
+			<version>2.10.0</version>
 		</dependency>
 		<dependency>
 			<groupId>postgresql</groupId>
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
index 134d99ef..9b03b46f 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
@@ -105,9 +105,16 @@ public class MicroserviceProxyController extends EPUnRestrictedBaseController {
 	 */
 	private boolean isValidJSON(String response) {
 		try {
+			if(response != null && !response.isEmpty())
+			{
 			final ObjectMapper mapper = new ObjectMapper();
 			mapper.readTree(response);
 			return true;
+			}
+			else
+			{
+			return false;
+			}
 		} catch (IOException e) {
 			logger.debug(EELFLoggerDelegate.debugLogger, "isValidJSON failed", e);
 			return false;
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
index 6b06ee22..b40b8db6 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
@@ -661,7 +661,7 @@ public class ExternalAccessRolesControllerTest {
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
 		PortalRestResponse<String> portalRestResponse = null;
 		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
-		expectedportalRestResponse.setMessage(null);
+		expectedportalRestResponse.setMessage("argument \"content\" is null");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
 		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index 398520cb..41615df5 100644
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -251,21 +251,7 @@
 			<artifactId>spring-test</artifactId>
 			<version>${springframework.version}</version>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter</artifactId>
-			<version>1.3.0.RELEASE</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.slf4j</groupId>
-					<artifactId>log4j-over-slf4j</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>ch.qos.logback</groupId>
-					<artifactId>logback-classic</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
+		
 		<!-- Hibernate -->
 		<dependency>
 			<groupId>org.hibernate</groupId>
@@ -315,21 +301,7 @@
 			<version>3.0.5</version>
 		</dependency>
 		<!-- Mapper -->
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-annotations</artifactId>
-			<version>2.8.10</version>
-		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-core</artifactId>
-			<version>2.8.10</version>
-		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-databind</artifactId>
-			<version>2.8.10</version>
-		</dependency>
+		
 		<dependency>
 			<groupId>com.fasterxml</groupId>
 			<artifactId>classmate</artifactId>
diff --git a/pom.xml b/pom.xml
index e988633d..157db9ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
 		<hibernate.version>4.3.11.Final</hibernate.version>
 		<fasterxml.version>2.8.11.4</fasterxml.version>
 		<!-- NOT provided by OParent, unfortunately -->
-		<jacocoVersion>0.7.6.201602180812</jacocoVersion>
+		<jacocoVersion>0.8.1</jacocoVersion>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<encoding>UTF-8</encoding>
 		<!-- <sonar.exclusions>**/scripts/**/*,**.js</sonar.exclusions>  -->