Security Fix
Introduce a centralized ObjectMapper for Resteasy and Clamp code
so that the automatic Ser/deserialization of all classes is disabled.
Issue-ID: CLAMP-135
Change-Id: I1fb11c8fc8e7a53ef832774fa8c06af1c70d3dad
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
diff --git a/pom.xml b/pom.xml
index 86461c5..4b19b80 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@
By Default "mvn clean install" command will execute also the unit tests
and the integration tests. The integration tests require a docker engine running.
- If you want to skip the intergation test you can by doing:
+ If you want to skip the integration test you can by doing:
"mvn clean install -DskipITs=true"
For Spring it's possible to specify the application.properties location
@@ -472,26 +472,6 @@
<artifactId>jboss-jaxrs-api_2.0_spec</artifactId>
<version>1.0.1.Final</version>
</dependency>
- <dependency>
- <artifactId>jackson-databind</artifactId>
- <groupId>com.fasterxml.jackson.core</groupId>
- <version>2.9.4</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-annotations</artifactId>
- <version>2.9.4</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- <version>2.9.4</version>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.dataformat</groupId>
- <artifactId>jackson-dataformat-yaml</artifactId>
- <version>2.9.4</version>
- </dependency>
<!-- Remove the MYSQL connector and replace it by Mariadb -->
<dependency>
<groupId>org.mariadb.jdbc</groupId>
diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java
index 9226604..f20668e 100644
--- a/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java
+++ b/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java
@@ -152,6 +152,8 @@
* The deployment ID
* @param serviceTypeId
* Service type ID
+ * @param blueprintInput
+ * The value for each blueprint parameters in a flat JSON
* @return The status URL
*/
public String createNewDeployment(String deploymentId, String serviceTypeId) {
diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java
index d501504..ffc9b8e 100644
--- a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java
+++ b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java
@@ -26,7 +26,6 @@
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
@@ -47,6 +46,7 @@
import org.onap.clamp.clds.model.dcae.DcaeInventoryResponse;
import org.onap.clamp.clds.model.properties.Global;
import org.onap.clamp.clds.model.properties.ModelProperties;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.onap.clamp.clds.util.LoggingUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -182,7 +182,7 @@
LoggingUtils.setResponseContext("0", "Get Dcae Information success", this.getClass().getName());
LoggingUtils.setTimeContext(startTime, new Date());
metricsLogger.info("getDcaeInformation complete: number services returned=" + numServices);
- return new ObjectMapper().readValue(dcaeInventoryResponse, DcaeInventoryResponse.class);
+ return JacksonUtils.getObjectMapperInstance().readValue(dcaeInventoryResponse, DcaeInventoryResponse.class);
}
/**
@@ -210,8 +210,7 @@
LoggingUtils.setTargetContext("DCAE", "createDCAEServiceType");
String typeId = null;
try {
- ObjectMapper mapper = new ObjectMapper();
- ObjectNode dcaeServiceTypeRequest = mapper.createObjectNode();
+ ObjectNode dcaeServiceTypeRequest = JacksonUtils.getObjectMapperInstance().createObjectNode();
dcaeServiceTypeRequest.put("blueprintTemplate", blueprintTemplate);
dcaeServiceTypeRequest.put("owner", owner);
dcaeServiceTypeRequest.put("typeName", typeName);
diff --git a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java
index fd7d096..ce3c8ba 100644
--- a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java
+++ b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java
@@ -74,6 +74,7 @@
import org.onap.clamp.clds.model.sdc.SdcServiceInfo;
import org.onap.clamp.clds.service.CldsService;
import org.onap.clamp.clds.util.CryptoUtils;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.onap.clamp.clds.util.LoggingUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -284,13 +285,12 @@
* an empty list
*/
private List<SdcServiceInfo> getCldsSdcServicesListFromJson(String jsonStr) {
- ObjectMapper objectMapper = new ObjectMapper();
if (StringUtils.isBlank(jsonStr)) {
return new ArrayList<>();
}
try {
- return objectMapper.readValue(jsonStr,
- objectMapper.getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));
+ return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, JacksonUtils.getObjectMapperInstance()
+ .getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));
} catch (IOException e) {
logger.error("Error when attempting to decode the JSON containing CldsSdcServiceInfo", e);
return new ArrayList<>();
@@ -306,13 +306,12 @@
* issues
*/
private List<SdcResourceBasicInfo> getAllSdcResourcesListFromJson(String jsonStr) {
- ObjectMapper objectMapper = new ObjectMapper();
if (StringUtils.isBlank(jsonStr)) {
return new ArrayList<>();
}
try {
- return objectMapper.readValue(jsonStr,
- objectMapper.getTypeFactory().constructCollectionType(List.class, SdcResourceBasicInfo.class));
+ return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, JacksonUtils.getObjectMapperInstance()
+ .getTypeFactory().constructCollectionType(List.class, SdcResourceBasicInfo.class));
} catch (IOException e) {
logger.error("Exception occurred when attempting to decode the list of CldsSdcResourceBasicInfo JSON", e);
return new ArrayList<>();
@@ -326,9 +325,8 @@
* @return
*/
public SdcServiceDetail decodeCldsSdcServiceDetailFromJson(String jsonStr) {
- ObjectMapper objectMapper = new ObjectMapper();
try {
- return objectMapper.readValue(jsonStr, SdcServiceDetail.class);
+ return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, SdcServiceDetail.class);
} catch (IOException e) {
logger.error("Exception when attempting to decode the CldsSdcServiceDetail JSON", e);
return null;
@@ -470,12 +468,12 @@
String serviceUuid = getServiceUuidFromServiceInvariantId(invariantServiceUuid);
String serviceDetailUrl = url + "/" + serviceUuid + SDC_METADATA_URL_PREFIX;
String responseStr = getCldsServicesOrResourcesBasedOnURL(serviceDetailUrl);
- ObjectMapper objectMapper = new ObjectMapper();
CldsServiceData cldsServiceData = new CldsServiceData();
if (responseStr != null) {
SdcServiceDetail cldsSdcServiceDetail;
try {
- cldsSdcServiceDetail = objectMapper.readValue(responseStr, SdcServiceDetail.class);
+ cldsSdcServiceDetail = JacksonUtils.getObjectMapperInstance().readValue(responseStr,
+ SdcServiceDetail.class);
} catch (IOException e) {
logger.error("Exception when decoding the CldsServiceData JSON from SDC", e);
throw new SdcCommunicationException("Exception when decoding the CldsServiceData JSON from SDC", e);
@@ -568,11 +566,10 @@
}
}
- private List<CldsVfcData> getVfcDataListFromVfResponse(String vfResponse) throws GeneralSecurityException {
- ObjectMapper mapper = new ObjectMapper();
+ private List<CldsVfcData> getVfcDataListFromVfResponse(String vfResponse) {
ObjectNode vfResponseNode;
try {
- vfResponseNode = (ObjectNode) mapper.readTree(vfResponse);
+ vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfResponse);
} catch (IOException e) {
logger.error("Exception when decoding the JSON list of CldsVfcData", e);
return new ArrayList<>();
@@ -614,8 +611,7 @@
String vfcResourceUUIDUrl = catalogUrl + RESOURCE_URL_PREFIX + "/" + resourceUUID + SDC_METADATA_URL_PREFIX;
try {
String vfcResponse = getCldsServicesOrResourcesBasedOnURL(vfcResourceUUIDUrl);
- ObjectMapper mapper = new ObjectMapper();
- ObjectNode vfResponseNode = (ObjectNode) mapper.readTree(vfcResponse);
+ ObjectNode vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfcResponse);
ArrayNode vfcArrayNode = (ArrayNode) vfResponseNode.get("resources");
if (vfcArrayNode != null) {
for (JsonNode vfcjsonNode : vfcArrayNode) {
@@ -639,10 +635,9 @@
private List<CldsAlarmCondition> getAlarmCondtionsFromVfc(String vfcResponse) throws GeneralSecurityException {
List<CldsAlarmCondition> cldsAlarmConditionList = new ArrayList<>();
- ObjectMapper mapper = new ObjectMapper();
ObjectNode vfcResponseNode;
try {
- vfcResponseNode = (ObjectNode) mapper.readTree(vfcResponse);
+ vfcResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfcResponse);
} catch (IOException e) {
logger.error("Exception when decoding the JSON list of CldsAlarmCondition", e);
return cldsAlarmConditionList;
@@ -684,10 +679,9 @@
// Method to get the artifact for any particular VF
private List<CldsVfKPIData> getFieldPathFromVF(String vfResponse) throws GeneralSecurityException {
List<CldsVfKPIData> cldsVfKPIDataList = new ArrayList<>();
- ObjectMapper mapper = new ObjectMapper();
ObjectNode vfResponseNode;
try {
- vfResponseNode = (ObjectNode) mapper.readTree(vfResponse);
+ vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfResponse);
} catch (IOException e) {
logger.error("Exception when decoding the JSON list of CldsVfKPIData", e);
return cldsVfKPIDataList;
@@ -846,24 +840,23 @@
*/
public String createPropertiesObjectByUUID(CldsServiceData cldsServiceData) throws IOException {
String totalPropsStr;
- ObjectMapper mapper = new ObjectMapper();
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode globalPropsJson = (ObjectNode) refProp.getJsonTemplate(CldsService.GLOBAL_PROPERTIES_KEY);
if (cldsServiceData != null && cldsServiceData.getServiceUUID() != null) {
// Objectnode to save all byservice, byvf , byvfc and byalarm nodes
ObjectNode byIdObjectNode = mapper.createObjectNode();
// To create vf ResourceUUID node with serviceInvariantUUID
- ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(mapper,
- cldsServiceData);
+ ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(cldsServiceData);
byIdObjectNode.putPOJO("byService", invariantUuidObjectNodeWithVf);
// To create byVf and vfcResourceNode with vfResourceUUID
- ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(mapper, cldsServiceData.getCldsVfs());
+ ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(cldsServiceData.getCldsVfs());
byIdObjectNode.putPOJO("byVf", vfcObjectNodeByVfUuid);
// To create byKpi
ObjectNode kpiObjectNode = mapper.createObjectNode();
if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) {
for (CldsVfData currCldsVfData : cldsServiceData.getCldsVfs()) {
if (currCldsVfData != null) {
- createKpiObjectNodeByVfUuid(mapper, kpiObjectNode, currCldsVfData.getCldsKPIList());
+ createKpiObjectNodeByVfUuid(kpiObjectNode, currCldsVfData.getCldsKPIList());
}
}
}
@@ -873,8 +866,7 @@
if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) {
for (CldsVfData currCldsVfData : cldsServiceData.getCldsVfs()) {
if (currCldsVfData != null) {
- createAlarmCondObjectNodeByVfcUuid(mapper, vfcResourceUuidObjectNode,
- currCldsVfData.getCldsVfcs());
+ createAlarmCondObjectNodeByVfcUuid(vfcResourceUuidObjectNode, currCldsVfData.getCldsVfcs());
}
}
}
@@ -882,12 +874,12 @@
// To create byAlarmCondition with alarmConditionKey
List<CldsAlarmCondition> allAlarmConditions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData,
"alarmCondition");
- ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(mapper, allAlarmConditions);
+ ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(allAlarmConditions);
byIdObjectNode.putPOJO("byAlarmCondition", alarmCondObjectNodeByAlarmKey);
// To create byAlertDescription with AlertDescription
List<CldsAlarmCondition> allAlertDescriptions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData,
"alertDescription");
- ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(mapper, allAlertDescriptions);
+ ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(allAlertDescriptions);
byIdObjectNode.putPOJO("byAlertDescription", alertDescObjectNodeByAlert);
globalPropsJson.putPOJO("shared", byIdObjectNode);
logger.info("Global properties JSON created with SDC info:" + globalPropsJson);
@@ -963,8 +955,8 @@
return alarmCondList;
}
- private ObjectNode createAlarmCondObjectNodeByAlarmKey(ObjectMapper mapper,
- List<CldsAlarmCondition> cldsAlarmCondList) {
+ private ObjectNode createAlarmCondObjectNodeByAlarmKey(List<CldsAlarmCondition> cldsAlarmCondList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode alarmCondKeyNode = mapper.createObjectNode();
if (cldsAlarmCondList != null && !cldsAlarmCondList.isEmpty()) {
for (CldsAlarmCondition currCldsAlarmCondition : cldsAlarmCondList) {
@@ -984,7 +976,8 @@
return alarmCondKeyNode;
}
- private ObjectNode createVfObjectNodeByServiceInvariantUuid(ObjectMapper mapper, CldsServiceData cldsServiceData) {
+ private ObjectNode createVfObjectNodeByServiceInvariantUuid(CldsServiceData cldsServiceData) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode invariantUuidObjectNode = mapper.createObjectNode();
ObjectNode vfObjectNode = mapper.createObjectNode();
ObjectNode vfUuidNode = mapper.createObjectNode();
@@ -1003,8 +996,9 @@
return invariantUuidObjectNode;
}
- private void createKpiObjectNodeByVfUuid(ObjectMapper mapper, ObjectNode vfResourceUuidObjectNode,
+ private void createKpiObjectNodeByVfUuid(ObjectNode vfResourceUuidObjectNode,
List<CldsVfKPIData> cldsVfKpiDataList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
if (cldsVfKpiDataList != null && !cldsVfKpiDataList.isEmpty()) {
for (CldsVfKPIData currCldsVfKpiData : cldsVfKpiDataList) {
if (currCldsVfKpiData != null) {
@@ -1022,8 +1016,9 @@
}
}
- private void createAlarmCondObjectNodeByVfcUuid(ObjectMapper mapper, ObjectNode vfcResourceUuidObjectNode,
+ private void createAlarmCondObjectNodeByVfcUuid(ObjectNode vfcResourceUuidObjectNode,
List<CldsVfcData> cldsVfcDataList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode vfcObjectNode = mapper.createObjectNode();
ObjectNode alarmCondNode = mapper.createObjectNode();
ObjectNode alertDescNode = mapper.createObjectNode();
@@ -1063,7 +1058,8 @@
* @param cldsVfDataList
* @return
*/
- private ObjectNode createVfcObjectNodeByVfUuid(ObjectMapper mapper, List<CldsVfData> cldsVfDataList) {
+ private ObjectNode createVfcObjectNodeByVfUuid(List<CldsVfData> cldsVfDataList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode vfUuidObjectNode = mapper.createObjectNode();
if (cldsVfDataList != null && !cldsVfDataList.isEmpty()) {
for (CldsVfData currCldsVfData : cldsVfDataList) {
diff --git a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java
index e34b7e9..c76607a 100644
--- a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java
+++ b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java
@@ -47,6 +47,7 @@
import org.onap.clamp.clds.model.properties.Tca;
import org.onap.clamp.clds.model.sdc.SdcResource;
import org.onap.clamp.clds.model.sdc.SdcServiceDetail;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -95,7 +96,7 @@
* @return SDC Locations request in the JSON Format
*/
public String formatSdcLocationsReq(ModelProperties prop, String artifactName) {
- ObjectMapper objectMapper = new ObjectMapper();
+ ObjectMapper objectMapper = JacksonUtils.getObjectMapperInstance();
Global global = prop.getGlobal();
List<String> locationsList = global.getLocation();
ArrayNode locationsArrayNode = objectMapper.createArrayNode();
@@ -203,9 +204,8 @@
* In case of issues with the Json parser
*/
protected String getYamlvalue(String jsonGlobal) throws IOException {
- ObjectMapper objectMapper = new ObjectMapper();
String yamlFileValue = "";
- ObjectNode root = objectMapper.readValue(jsonGlobal, ObjectNode.class);
+ ObjectNode root = JacksonUtils.getObjectMapperInstance().readValue(jsonGlobal, ObjectNode.class);
Iterator<Entry<String, JsonNode>> entryItr = root.fields();
while (entryItr.hasNext()) {
Entry<String, JsonNode> entry = entryItr.next();
diff --git a/src/main/java/org/onap/clamp/clds/config/ClampProperties.java b/src/main/java/org/onap/clamp/clds/config/ClampProperties.java
index 66f35ac..1c1bd7f 100644
--- a/src/main/java/org/onap/clamp/clds/config/ClampProperties.java
+++ b/src/main/java/org/onap/clamp/clds/config/ClampProperties.java
@@ -24,13 +24,13 @@
package org.onap.clamp.clds.config;
import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import org.apache.commons.io.IOUtils;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.core.env.Environment;
@@ -88,9 +88,10 @@
* In case of issues with the JSON parser
*/
public JsonNode getJsonTemplate(String key) throws IOException {
- ObjectMapper objectMapper = new ObjectMapper();
String fileReference = getStringValue(key);
- return (fileReference != null) ? objectMapper.readValue(getFileContentFromPath(fileReference), JsonNode.class)
+ return (fileReference != null)
+ ? JacksonUtils.getObjectMapperInstance().readValue(getFileContentFromPath(fileReference),
+ JsonNode.class)
: null;
}
@@ -108,9 +109,10 @@
* In case of issues with the JSON parser
*/
public JsonNode getJsonTemplate(String key1, String key2) throws IOException {
- ObjectMapper objectMapper = new ObjectMapper();
String fileReference = getStringValue(key1, key2);
- return (fileReference != null) ? objectMapper.readValue(getFileContentFromPath(fileReference), JsonNode.class)
+ return (fileReference != null)
+ ? JacksonUtils.getObjectMapperInstance().readValue(getFileContentFromPath(fileReference),
+ JsonNode.class)
: null;
}
diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
index bb1b9d1..28f9e94 100644
--- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
+++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -23,8 +23,6 @@
package org.onap.clamp.clds.config;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
@@ -32,6 +30,7 @@
import org.apache.commons.io.IOUtils;
import org.onap.clamp.clds.exception.CldsUsersException;
import org.onap.clamp.clds.service.CldsUser;
+import org.onap.clamp.clds.util.JacksonUtils;
public class CldsUserJsonDecoder {
@@ -56,7 +55,7 @@
try {
// the ObjectMapper readValue method closes the stream no need to do
// it
- return new ObjectMapper().readValue(cldsUsersString, CldsUser[].class);
+ return JacksonUtils.getObjectMapperInstance().readValue(cldsUsersString, CldsUser[].class);
} catch (IOException e) {
throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e);
}
diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java
index a78e895..9274f82 100644
--- a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java
+++ b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java
@@ -24,12 +24,13 @@
package org.onap.clamp.clds.config.sdc;
import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
+import org.onap.clamp.clds.util.JacksonUtils;
+
/**
* This class is used to decode the configuration found in
* application.properties, this is related to the blueprint mapping
@@ -65,6 +66,6 @@
public static List<BlueprintParserMappingConfiguration> createFromJson(InputStream json) throws IOException {
TypeReference<List<BlueprintParserMappingConfiguration>> mapType = new TypeReference<List<BlueprintParserMappingConfiguration>>() {
};
- return new ObjectMapper().readValue(json, mapType);
+ return JacksonUtils.getObjectMapperInstance().readValue(json, mapType);
}
}
diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java
index f5c658c..fdc0074 100644
--- a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java
+++ b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java
@@ -26,7 +26,6 @@
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.HashMap;
@@ -35,6 +34,7 @@
import javax.annotation.PostConstruct;
import org.onap.clamp.clds.exception.sdc.controller.SdcParametersException;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
@@ -65,7 +65,7 @@
public void loadConfiguration() throws IOException {
Resource resource = appContext.getResource(sdcControllerFile);
// Try to load json tree
- jsonRootNode = new ObjectMapper().readValue(resource.getInputStream(), JsonNode.class);
+ jsonRootNode = JacksonUtils.getObjectMapperInstance().readValue(resource.getInputStream(), JsonNode.class);
}
public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) {
diff --git a/src/main/java/org/onap/clamp/clds/model/CldsModel.java b/src/main/java/org/onap/clamp/clds/model/CldsModel.java
index 34876bb..a2c8f72 100644
--- a/src/main/java/org/onap/clamp/clds/model/CldsModel.java
+++ b/src/main/java/org/onap/clamp/clds/model/CldsModel.java
@@ -26,7 +26,6 @@
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.ArrayList;
@@ -37,6 +36,7 @@
import javax.ws.rs.NotFoundException;
import org.onap.clamp.clds.dao.CldsDao;
+import org.onap.clamp.clds.util.JacksonUtils;
/**
* Represent a CLDS Model.
@@ -239,7 +239,7 @@
boolean result = false;
try {
if (propText != null) {
- JsonNode modelJson = new ObjectMapper().readTree(propText);
+ JsonNode modelJson = JacksonUtils.getObjectMapperInstance().readTree(propText);
JsonNode simpleModelJson = modelJson.get("simpleModel");
if (simpleModelJson != null && simpleModelJson.asBoolean()) {
result = true;
diff --git a/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java b/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java
index 2b86b3f..89883c4 100644
--- a/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java
+++ b/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java
@@ -26,7 +26,6 @@
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -40,6 +39,7 @@
import org.onap.clamp.clds.exception.ModelBpmnException;
import org.onap.clamp.clds.service.CldsService;
+import org.onap.clamp.clds.util.JacksonUtils;
/**
* Parse Model BPMN properties.
@@ -47,15 +47,15 @@
* Example json: {"policy" :[{"id":"Policy_0oxeocn", "from":"StartEvent_1"}]}
*/
public class ModelBpmn {
- protected static final EELFLogger logger = EELFManager.getInstance()
- .getLogger(CldsService.class);
- protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger();
+
+ protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsService.class);
+ protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger();
// for each type, an array of entries
private final Map<String, List<ModelBpmnEntry>> entriesByType = new HashMap<>();
// for each id, an array of entries
- private final Map<String, List<ModelBpmnEntry>> entriesById = new HashMap<>();
+ private final Map<String, List<ModelBpmnEntry>> entriesById = new HashMap<>();
// List of all elementIds
- private List<String> bpmnElementIds;
+ private List<String> bpmnElementIds;
/**
* Create ModelBpmn and populate maps from json
@@ -66,8 +66,7 @@
public static ModelBpmn create(String modelBpmnPropText) {
try {
ModelBpmn modelBpmn = new ModelBpmn();
- ObjectMapper objectMapper = new ObjectMapper();
- ObjectNode root = objectMapper.readValue(modelBpmnPropText, ObjectNode.class);
+ ObjectNode root = JacksonUtils.getObjectMapperInstance().readValue(modelBpmnPropText, ObjectNode.class);
// iterate over each entry like:
// "Policy":[{"id":"Policy","from":"StartEvent_1"}]
Iterator<Entry<String, JsonNode>> entryItr = root.fields();
diff --git a/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java b/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java
index f9b1c25..cc6f02d 100644
--- a/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java
+++ b/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java
@@ -26,7 +26,6 @@
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
@@ -41,6 +40,7 @@
import org.onap.clamp.clds.model.CldsEvent;
import org.onap.clamp.clds.model.CldsModel;
import org.onap.clamp.clds.service.CldsService;
+import org.onap.clamp.clds.util.JacksonUtils;
/**
* Parse model properties.
@@ -96,7 +96,7 @@
this.actionCd = actionCd;
this.testOnly = isATest;
modelBpmn = ModelBpmn.create(modelBpmnText);
- modelJson = new ObjectMapper().readTree(modelPropText);
+ modelJson = JacksonUtils.getObjectMapperInstance().readTree(modelPropText);
instantiateMissingModelElements();
} catch (IOException e) {
throw new ModelBpmnException("Exception occurred when trying to decode the BPMN Properties JSON", e);
@@ -141,8 +141,7 @@
public static String getVf(CldsModel model) {
List<String> vfs = null;
try {
- ObjectMapper mapper = new ObjectMapper();
- JsonNode modelJson = mapper.readTree(model.getPropText());
+ JsonNode modelJson = JacksonUtils.getObjectMapperInstance().readTree(model.getPropText());
Global global = new Global(modelJson);
vfs = global.getResourceVf();
} catch (IOException e) {
diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java
index c23d2ec..e828f84 100644
--- a/src/main/java/org/onap/clamp/clds/service/CldsService.java
+++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java
@@ -85,6 +85,7 @@
import org.onap.clamp.clds.model.sdc.SdcServiceDetail;
import org.onap.clamp.clds.model.sdc.SdcServiceInfo;
import org.onap.clamp.clds.transform.XslTransformer;
+import org.onap.clamp.clds.util.JacksonUtils;
import org.onap.clamp.clds.util.LoggingUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
@@ -426,7 +427,8 @@
if (template != null) {
model.setTemplateId(template.getId());
model.setDocText(template.getPropText());
- // This is to provide the Bpmn XML when Template part in UI is
+ // This is to provide the Bpmn XML when Template part in UI
+ // is
// disabled
model.setBpmnText(template.getBpmnText());
}
@@ -441,7 +443,8 @@
String controlName = model.getControlName();
String bpmnJson = cldsBpmnTransformer.doXslTransformToString(bpmn);
logger.info("PUT bpmnJson={}", bpmnJson);
- // Flag indicates whether it is triggered by Validation Test button from
+ // Flag indicates whether it is triggered by Validation Test button
+ // from
// UI
boolean isTest = false;
if (test != null && test.equalsIgnoreCase("true")) {
@@ -466,8 +469,8 @@
logger.info("modelProp - " + prop);
logger.info("docText - " + docText);
try {
- String result = camelProxy.submit(actionCd, prop, bpmnJson, modelName, controlName, docText, isTest, userId,
- isInsertTestEvent);
+ String result = camelProxy.submit(actionCd, prop, bpmnJson, modelName, controlName, docText, isTest,
+ userId, isInsertTestEvent);
logger.info("Starting Camel flow on request, result is: ", result);
} catch (SdcCommunicationException | PolicyClientException | BadRequestException e) {
errorCase = true;
@@ -478,7 +481,8 @@
if (!isTest && (actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMIT)
|| actionCd.equalsIgnoreCase(CldsEvent.ACTION_RESUBMIT)
|| actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMITDCAE))) {
- // To verify inventory status and modify model status to distribute
+ // To verify inventory status and modify model status to
+ // distribute
dcaeInventoryServices.setEventInventory(retrievedModel, getUserId());
retrievedModel.save(cldsDao, getUserId());
}
@@ -490,7 +494,6 @@
errorCase = true;
logger.error("Exception occured during putModelAndProcessAction", e);
}
-
if (errorCase) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(retrievedModel).build();
}
@@ -675,7 +678,7 @@
if (StringUtils.isBlank(responseStr)) {
return "";
}
- ObjectMapper objectMapper = new ObjectMapper();
+ ObjectMapper objectMapper = JacksonUtils.getObjectMapperInstance();
List<SdcServiceInfo> rawList = objectMapper.readValue(responseStr,
objectMapper.getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));
ObjectNode invariantIdServiceNode = objectMapper.createObjectNode();
@@ -695,26 +698,26 @@
}
private String createPropertiesObjectByUUID(String cldsResponseStr) throws IOException {
- ObjectMapper mapper = new ObjectMapper();
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
SdcServiceDetail cldsSdcServiceDetail = mapper.readValue(cldsResponseStr, SdcServiceDetail.class);
ObjectNode globalPropsJson = (ObjectNode) refProp.getJsonTemplate(GLOBAL_PROPERTIES_KEY);
if (cldsSdcServiceDetail != null && cldsSdcServiceDetail.getUuid() != null) {
/**
* to create json with vf, alarm and locations
*/
- ObjectNode serviceObjectNode = createEmptyVfAlarmObject(mapper);
+ ObjectNode serviceObjectNode = createEmptyVfAlarmObject();
ObjectNode vfObjectNode = mapper.createObjectNode();
/**
* to create json with vf and vfresourceId
*/
- createVfObjectNode(vfObjectNode, mapper, cldsSdcServiceDetail.getResources());
+ createVfObjectNode(vfObjectNode, cldsSdcServiceDetail.getResources());
serviceObjectNode.putPOJO(cldsSdcServiceDetail.getInvariantUUID(), vfObjectNode);
ObjectNode byServiceBasicObjetNode = mapper.createObjectNode();
byServiceBasicObjetNode.putPOJO("byService", serviceObjectNode);
/**
* to create json with VFC Node
*/
- ObjectNode emptyvfcobjectNode = createByVFCObjectNode(mapper, cldsSdcServiceDetail.getResources());
+ ObjectNode emptyvfcobjectNode = createByVFCObjectNode(cldsSdcServiceDetail.getResources());
byServiceBasicObjetNode.putPOJO("byVf", emptyvfcobjectNode);
globalPropsJson.putPOJO("shared", byServiceBasicObjetNode);
logger.info("valuie of objNode: {}", globalPropsJson);
@@ -722,7 +725,8 @@
return globalPropsJson.toString();
}
- private ObjectNode createEmptyVfAlarmObject(ObjectMapper mapper) {
+ private ObjectNode createEmptyVfAlarmObject() {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode emptyObjectNode = mapper.createObjectNode();
emptyObjectNode.put("", "");
ObjectNode vfObjectNode = mapper.createObjectNode();
@@ -734,8 +738,8 @@
return emptyServiceObjectNode;
}
- private void createVfObjectNode(ObjectNode vfObjectNode2, ObjectMapper mapper,
- List<SdcResource> rawCldsSdcResourceList) {
+ private void createVfObjectNode(ObjectNode vfObjectNode2, List<SdcResource> rawCldsSdcResourceList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode vfNode = mapper.createObjectNode();
vfNode.put("", "");
// To remove repeated resource instance name from
@@ -782,7 +786,8 @@
vfObjectNode2.putPOJO("alarmCondition", alarmStringJsonNode);
}
- private ObjectNode createByVFCObjectNode(ObjectMapper mapper, List<SdcResource> cldsSdcResourceList) {
+ private ObjectNode createByVFCObjectNode(List<SdcResource> cldsSdcResourceList) {
+ ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
ObjectNode emptyObjectNode = mapper.createObjectNode();
ObjectNode emptyvfcobjectNode = mapper.createObjectNode();
ObjectNode vfCObjectNode = mapper.createObjectNode();
@@ -804,8 +809,7 @@
@Path("/deploy/{modelName}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
- public Response deployModel(@PathParam("modelName") String modelName,
- CldsModel model) {
+ public Response deployModel(@PathParam("modelName") String modelName, CldsModel model) {
Date startTime = new Date();
LoggingUtils.setRequestContext("CldsService: Deploy model", getPrincipalName());
Boolean errorCase = false;
@@ -861,7 +865,6 @@
errorCase = true;
logger.error("Exception occured during deployModel", e);
}
-
if (errorCase) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build();
}
@@ -872,11 +875,9 @@
@Path("/undeploy/{modelName}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
- public Response unDeployModel(@PathParam("modelName") String modelName,
- CldsModel model) {
+ public Response unDeployModel(@PathParam("modelName") String modelName, CldsModel model) {
Date startTime = new Date();
LoggingUtils.setRequestContext("CldsService: Undeploy model", getPrincipalName());
-
Boolean errorCase = false;
try {
String operationStatusUndeployUrl = dcaeDispatcherServices.deleteExistingDeployment(model.getDeploymentId(),
@@ -916,7 +917,6 @@
errorCase = true;
logger.error("Exception occured during unDeployModel", e);
}
-
if (errorCase) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build();
}
@@ -924,15 +924,13 @@
}
private void checkForDuplicateServiceVf(String modelName, String modelPropText) throws IOException {
- JsonNode modelJson = new ObjectMapper().readTree(modelPropText);
- JsonNode globalNode = modelJson.get("global");
+ JsonNode globalNode = JacksonUtils.getObjectMapperInstance().readTree(modelPropText).get("global");
String service = AbstractModelElement.getValueByName(globalNode, "service");
List<String> resourceVf = AbstractModelElement.getValuesByName(globalNode, "vf");
if (service != null && resourceVf != null && !resourceVf.isEmpty()) {
List<CldsModelProp> cldsModelPropList = cldsDao.getDeployedModelProperties();
for (CldsModelProp cldsModelProp : cldsModelPropList) {
- JsonNode currentJson = new ObjectMapper().readTree(cldsModelProp.getPropText());
- JsonNode currentNode = currentJson.get("global");
+ JsonNode currentNode = JacksonUtils.getObjectMapperInstance().readTree(cldsModelProp.getPropText()).get("global");
String currentService = AbstractModelElement.getValueByName(currentNode, "service");
List<String> currentVf = AbstractModelElement.getValuesByName(currentNode, "vf");
if (currentVf != null && !currentVf.isEmpty()) {
diff --git a/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java b/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java
new file mode 100644
index 0000000..87f8273
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java
@@ -0,0 +1,51 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.service;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import javax.ws.rs.ext.ContextResolver;
+
+import org.onap.clamp.clds.util.JacksonUtils;
+
+/**
+ * This class is to restrcit the class type that can be de-serialized.
+ */
+public class JacksonObjectMapperProvider implements ContextResolver<ObjectMapper> {
+
+ private final ObjectMapper defaultObjectMapper;
+
+ public JacksonObjectMapperProvider() {
+ defaultObjectMapper = createDefaultMapper();
+ }
+
+ @Override
+ public ObjectMapper getContext(Class<?> type) {
+ return defaultObjectMapper;
+ }
+
+ private static ObjectMapper createDefaultMapper() {
+ return JacksonUtils.getObjectMapperInstance();
+ }
+}
diff --git a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java b/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java
index 702e064..d3c212c 100644
--- a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java
+++ b/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java
@@ -32,6 +32,7 @@
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
+
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
@@ -45,7 +46,6 @@
public class JaxrsApplication extends Application {
private static final EELFLogger logger = EELFManager.getInstance().getLogger(JaxrsApplication.class);
-
private Function<BeanDefinition, Optional<Class<?>>> beanDefinitionToClass = b -> {
try {
return Optional.of(Class.forName(b.getBeanClassName()));
@@ -58,6 +58,7 @@
@Override
public Set<Class<?>> getClasses() {
Set<Class<?>> resources = new HashSet<>();
+ resources.add(JacksonObjectMapperProvider.class);
resources.add(io.swagger.v3.jaxrs2.integration.resources.OpenApiResource.class);
resources.addAll(scan());
return resources;
@@ -66,11 +67,7 @@
private List<Class<?>> scan() {
ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(false);
scanner.addIncludeFilter(new AnnotationTypeFilter(javax.ws.rs.Path.class));
- return scanner.findCandidateComponents("org.onap.clamp.clds").stream()
- .map(beanDefinitionToClass)
- .filter(Optional::isPresent)
- .map(Optional::get)
- .collect(Collectors.toList());
+ return scanner.findCandidateComponents("org.onap.clamp.clds").stream().map(beanDefinitionToClass)
+ .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList());
}
-
}
\ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java b/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java
new file mode 100644
index 0000000..9d743f2
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java
@@ -0,0 +1,53 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+/**
+ * This class is used to access the jackson with restricted type access.
+ */
+public class JacksonUtils {
+
+ private static ObjectMapper objectMapper;
+
+ private JacksonUtils() {
+ }
+
+ /**
+ * Call this method to retrieve a secure ObjectMapper.
+ *
+ * @return an ObjectMapper instance (same for clamp)
+ */
+ public static synchronized ObjectMapper getObjectMapperInstance() {
+ if (objectMapper == null) {
+ objectMapper = new ObjectMapper();
+ // This is to disable the security hole that could be opened for
+ // json deserialization, if needed do this
+ // objectMapper.enableDefaultTyping(DefaultTyping.NON_FINAL);
+ objectMapper.disableDefaultTyping();
+ }
+ return objectMapper;
+ }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/JacksonUtilsTest.java b/src/test/java/org/onap/clamp/clds/util/JacksonUtilsTest.java
new file mode 100644
index 0000000..d8774af
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/util/JacksonUtilsTest.java
@@ -0,0 +1,95 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+
+import java.io.IOException;
+
+import org.junit.Test;
+
+public class JacksonUtilsTest {
+
+ public static class TestClass extends TestObject {
+
+ String test2;
+ TestObject2 object2;
+
+ public TestClass(String value1, String value2) {
+ super(value1);
+ test2 = value2;
+ }
+
+ public TestClass() {
+ }
+
+ public String getTest2() {
+ return test2;
+ }
+
+ public void setTest2(String test2) {
+ this.test2 = test2;
+ }
+
+ public TestObject2 getObject2() {
+ return object2;
+ }
+
+ public void setObject2(TestObject2 object2) {
+ this.object2 = object2;
+ }
+ }
+
+ @Test
+ public void testGetObjectMapperInstance() {
+ assertNotNull(JacksonUtils.getObjectMapperInstance());
+ }
+
+ /**
+ * This method test that the security hole in Jackson is not enabled in the
+ * default ObjectMapper.
+ *
+ * @throws JsonParseException
+ * In case of issues
+ * @throws JsonMappingException
+ * In case of issues
+ * @throws IOException
+ * In case of issues
+ */
+ @Test
+ public void testCreateBeanDeserializer() throws JsonParseException, JsonMappingException, IOException {
+ TestClass test = new TestClass("value1", "value2");
+ test.setObject2(new TestObject2("test3"));
+ Object testObject = JacksonUtils.getObjectMapperInstance().readValue(
+ "[\"org.onap.clamp.clds.util.JacksonUtilsTest$TestClass\",{\"test\":\"value1\",\"test2\":\"value2\",\"object2\":[\"org.onap.clamp.clds.util.TestObject2\",{\"test3\":\"test3\"}]}]",
+ Object.class);
+ assertNotNull(testObject);
+ assertFalse(testObject instanceof TestObject);
+ assertFalse(testObject instanceof TestClass);
+ }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/TestObject.java b/src/test/java/org/onap/clamp/clds/util/TestObject.java
new file mode 100644
index 0000000..cf8d302
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/util/TestObject.java
@@ -0,0 +1,45 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+public class TestObject {
+
+ private String test;
+
+ public String getTest() {
+ return test;
+ }
+
+ public void setTest(String test) {
+ this.test = test;
+ }
+
+ // @JsonProperty("test"), @JsonCreator
+ public TestObject(String theString) {
+ this.setTest(theString);
+ }
+
+ public TestObject() {
+ }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/TestObject2.java b/src/test/java/org/onap/clamp/clds/util/TestObject2.java
new file mode 100644
index 0000000..d8d2d01
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/util/TestObject2.java
@@ -0,0 +1,44 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+public class TestObject2 {
+
+ private String test3;
+
+ public String getTest3() {
+ return test3;
+ }
+
+ public void setTest3(String test) {
+ this.test3 = test;
+ }
+
+ public TestObject2(String theString) {
+ this.setTest3(theString);
+ }
+
+ public TestObject2() {
+ }
+}