From 1e7e19b4d1ddf05309e3e43d5ecb9138902b19b8 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Wed, 22 Mar 2023 23:14:29 +0000
Subject: [PATCH] Upgrade vulnerable dependencies

Fix missing default no-args constructor

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Icfcbe0ec577b2d629179fa46e42141c196e08970
Issue-ID: SDC-4287
Issue-ID: SDC-4446
---
 common-app-api/pom.xml                             |  2 +-
 common-be-tests-utils/pom.xml                      |  4 ++
 common-be/pom.xml                                  |  4 ++
 .../org/onap/sdc/tosca/services/StrictMap.java     | 55 ++++++++++++++++++++++
 .../services/StrictMapAppenderConstructor.java     | 19 +-------
 integration-tests/pom.xml                          |  2 +-
 pom.xml                                            | 42 +++++++++++++++--
 utils/webseal-simulator/pom.xml                    |  8 ++++
 8 files changed, 112 insertions(+), 24 deletions(-)
 create mode 100644 common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java

diff --git a/common-app-api/pom.xml b/common-app-api/pom.xml
index 7f137acbb2..7e4baae68a 100644
--- a/common-app-api/pom.xml
+++ b/common-app-api/pom.xml
@@ -334,7 +334,7 @@
         <dependency>
             <groupId>org.codehaus.jettison</groupId>
             <artifactId>jettison</artifactId>
-            <version>1.3.3</version>
+            <version>1.5.3</version>
         </dependency>
 
         <dependency>
diff --git a/common-be-tests-utils/pom.xml b/common-be-tests-utils/pom.xml
index aa67b004f2..aeca54688f 100644
--- a/common-be-tests-utils/pom.xml
+++ b/common-be-tests-utils/pom.xml
@@ -28,6 +28,10 @@
                     <groupId>com.squareup.okhttp3</groupId>
                     <artifactId>okhttp</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/common-be/pom.xml b/common-be/pom.xml
index 0a57575916..74321488a1 100644
--- a/common-be/pom.xml
+++ b/common-be/pom.xml
@@ -32,6 +32,10 @@
                     <groupId>com.squareup.okhttp3</groupId>
                     <artifactId>okhttp</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java
new file mode 100644
index 0000000000..52cda7651a
--- /dev/null
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMap.java
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.sdc.tosca.services;
+
+import java.util.AbstractMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor
+public class StrictMap extends AbstractMap {
+
+    private Map<Object, Object> delegate;
+
+    public StrictMap(Map<Object, Object> delegate) {
+        this.delegate = delegate;
+    }
+
+    @Override
+    public Object put(Object key, Object value) {
+        if (delegate == null) {
+            delegate = new LinkedHashMap<>();
+        }
+        if (delegate.containsKey(key)) {
+            throw new IllegalStateException("duplicate key: " + key);
+        }
+        return delegate.put(key, value);
+    }
+
+    @Override
+    public Set<Entry<Object, Object>> entrySet() {
+        if (delegate == null) {
+            delegate = new LinkedHashMap<>();
+        }
+        return delegate.entrySet();
+    }
+}
diff --git a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
index 678ba00724..08af90a768 100644
--- a/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
+++ b/common/onap-tosca-datatype/src/main/java/org/onap/sdc/tosca/services/StrictMapAppenderConstructor.java
@@ -19,9 +19,7 @@
  */
 package org.onap.sdc.tosca.services;
 
-import java.util.AbstractMap;
 import java.util.Map;
-import java.util.Set;
 import org.yaml.snakeyaml.constructor.Constructor;
 import org.yaml.snakeyaml.nodes.MappingNode;
 import org.yaml.snakeyaml.parser.ParserException;
@@ -39,21 +37,7 @@ public class StrictMapAppenderConstructor extends Constructor {
 
     @Override
     protected Map<Object, Object> createDefaultMap(int initSize) {
-        final Map<Object, Object> delegate = super.createDefaultMap(initSize);
-        return new AbstractMap<>() {
-            @Override
-            public Object put(Object key, Object value) {
-                if (delegate.containsKey(key)) {
-                    throw new IllegalStateException("duplicate key: " + key);
-                }
-                return delegate.put(key, value);
-            }
-
-            @Override
-            public Set<Entry<Object, Object>> entrySet() {
-                return delegate.entrySet();
-            }
-        };
+        return new StrictMap(super.createDefaultMap(initSize));
     }
 
     @Override
@@ -64,4 +48,5 @@ public class StrictMapAppenderConstructor extends Constructor {
             throw new ParserException("while parsing MappingNode", node.getStartMark(), exception.getMessage(), node.getEndMark());
         }
     }
+
 }
diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml
index eea5c5afc7..3b47304c08 100644
--- a/integration-tests/pom.xml
+++ b/integration-tests/pom.xml
@@ -55,7 +55,7 @@ limitations under the License.
         <it.helm-validator.version>1.3.1</it.helm-validator.version>
 
         <!-- parser-->
-        <sdc-tosca-parser.version>1.7.0</sdc-tosca-parser.version>
+        <sdc-tosca-parser.version>1.8.0</sdc-tosca-parser.version>
         <docker.showLogs>false</docker.showLogs>
     </properties>
 
diff --git a/pom.xml b/pom.xml
index a211a0daac..ba2b8a7bf9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,7 +47,7 @@ Modifications copyright (c) 2018-2019 Nokia
         <lang3.version>3.10</lang3.version>
         <guava.version>30.1-jre</guava.version>
         <janusgraph.version>0.3.3</janusgraph.version>
-        <spring.version>5.3.20</spring.version>
+        <spring.version>5.3.25</spring.version>
         <spring.boot.version>2.2.13.RELEASE</spring.boot.version>
 
         <!-- update to 2.36 bring error-->
@@ -91,14 +91,14 @@ Modifications copyright (c) 2018-2019 Nokia
         <keycloak.version>18.0.0</keycloak.version>
 
         <!-- JSON and YAML Parsing -->
-        <jackson.version>2.12.7</jackson.version>
+        <jackson.version>2.14.2</jackson.version>
         <jackson-annotations.version>${jackson.version}</jackson-annotations.version>
 
         <clearspring.version>2.1.1</clearspring.version>
         <skipYamlJsonValidator>false</skipYamlJsonValidator>
 
         <!-- Yaml for properties -->
-        <snakeyaml.version>1.29</snakeyaml.version>
+        <snakeyaml.version>1.33</snakeyaml.version>
         <functionaljava.version>4.9</functionaljava.version>
         <httpclient.version>4.5.13</httpclient.version>
         <httpcore.version>4.4.15</httpcore.version>
@@ -172,12 +172,12 @@ Modifications copyright (c) 2018-2019 Nokia
         <sitePath>/content/sites/site/org/openecomp/sdc/${project.version}</sitePath>
         <staging.profile.id>176c31dfe190a</staging.profile.id>
         <!--togglz version-->
-        <togglz.version>2.6.1.Final</togglz.version>
+        <togglz.version>3.3.3</togglz.version>
 
         <joda.time.version>2.9.9</joda.time.version>
 
         <!--sdc-security-utils-->
-        <security.util.lib.version>1.7.1</security.util.lib.version>
+        <security.util.lib.version>1.8.0</security.util.lib.version>
         <!--jacoco-->
         <jacoco.version>0.8.7</jacoco.version>
 
@@ -337,6 +337,18 @@ Modifications copyright (c) 2018-2019 Nokia
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>*</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
@@ -353,6 +365,18 @@ Modifications copyright (c) 2018-2019 Nokia
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>*</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-annotations</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
@@ -364,6 +388,14 @@ Modifications copyright (c) 2018-2019 Nokia
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>*</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index d9790e4708..73f22ef1da 100644
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -65,6 +65,14 @@
                     <groupId>org.apache.httpcomponents</groupId>
                     <artifactId>httpcore</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
-- 
2.16.6