Remove vulnerable log4j dependency
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3310
Change-Id: I1c31ab30efa7a3d03a08f512024a3967ce024237
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index fd25bc2..964e777 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -497,6 +497,10 @@
<groupId>xerces</groupId>
<artifactId>xercesImpl</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml
index 17942d2..65b692d 100644
--- a/catalog-fe/pom.xml
+++ b/catalog-fe/pom.xml
@@ -244,6 +244,12 @@
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>org.onap.portal.sdk</groupId>
diff --git a/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java b/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java
index 18b5a71..61c6c56 100644
--- a/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java
+++ b/integration-tests/src/test/java/org/onap/sdc/frontend/ci/tests/execute/setup/SetupCDTest.java
@@ -179,7 +179,7 @@
addTrafficFileToReport(result);
}
- if (result.getInstanceName().equals(OnboardingFlowsUi.class.getName()) && result.getStatus() == ITestResult.FAILURE) {
+ if (OnboardingFlowsUi.class.getName().equals(result.getInstanceName()) && result.getStatus() == ITestResult.FAILURE) {
final String msg = "Onboarding test failed, closing browser";
LOGGER.info(msg);
getExtendTest().log(Status.INFO, msg);
diff --git a/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml b/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml
index 8d5d2b2..fbd796e 100644
--- a/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml
+++ b/integration-tests/src/test/resources/ci/testSuites/backend/onapApiSanity.xml
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
+<!DOCTYPE suite SYSTEM "https://testng.org/testng-1.0.dtd" >
<suite name="externalApis" configfailurepolicy="continue" parallel="methods" thread-count="1" data-provider-thread-count="1">
- <parameter name="makeDistribution" value="false"/>
- <parameter name="makeToscaValidation" value="true"/>
- <test name="ExternalApis">
- <classes>
- <class name="org.onap.sdc.backend.ci.tests.sanity.Onboard"/>
- </classes>
- </test>
+ <parameter name="makeDistribution" value="false"/>
+ <parameter name="makeToscaValidation" value="true"/>
+ <test name="ExternalApis">
+ <classes>
+ <class name="org.onap.sdc.backend.ci.tests.sanity.Onboard"/>
+ </classes>
+ </test>
</suite>
\ No newline at end of file
diff --git a/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml b/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml
index 47dc9f6..48e28fc 100644
--- a/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml
+++ b/integration-tests/src/test/resources/ci/testSuites/frontend/onapUiSanity.xml
@@ -1,30 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
-<suite name="uitests" configfailurepolicy="continue" parallel="methods" thread-count="1"
- data-provider-thread-count="1">
+<!DOCTYPE suite SYSTEM "https://testng.org/testng-1.0.dtd" >
+<suite name="uitests" configfailurepolicy="continue" parallel="methods" thread-count="1" data-provider-thread-count="1">
- <parameter name="makeDistribution" value="false"/>
+ <parameter name="makeDistribution" value="false"/>
- <test name="uiSanity">
- <classes>
- <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Vf">
- <methods>
- <include name="changeInstanceNameInVfTest"/>
- </methods>
- </class>
- <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Service">
- <methods>
- <include name="updateService"/>
- </methods>
- </class>
- <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.OnboardingFlowsUi">
- <methods>
- <include name="onapOnboardVNFflow"/>
- <include name="onapOnboardVSPValidationsSanityFlow"/>
- <include name="onboardPNFSoftwareInformationFlow"/>
- </methods>
- </class>
- <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.GAB"/>
- </classes>
- </test>
+ <test name="uiSanity">
+ <classes>
+ <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Vf">
+ <methods>
+ <include name="changeInstanceNameInVfTest"/>
+ </methods>
+ </class>
+ <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.Service">
+ <methods>
+ <include name="updateService"/>
+ </methods>
+ </class>
+ <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.OnboardingFlowsUi">
+ <methods>
+ <include name="onapOnboardVNFflow"/>
+ <include name="onapOnboardVSPValidationsSanityFlow"/>
+ <include name="onboardPNFSoftwareInformationFlow"/>
+ </methods>
+ </class>
+ <class name="org.onap.sdc.frontend.ci.tests.execute.sanity.GAB"/>
+ </classes>
+ </test>
</suite>
diff --git a/pom.xml b/pom.xml
index 6d13985..213fc27 100644
--- a/pom.xml
+++ b/pom.xml
@@ -121,7 +121,7 @@
<junit.platform.version>1.6.0</junit.platform.version>
<junitJupiter.version>5.6.0</junitJupiter.version>
<assertj.version>3.16.0</assertj.version>
- <testng.version>7.2.0</testng.version>
+ <testng.version>7.3.0</testng.version>
<cucumber.version>5.6.0</cucumber.version>
<bean-matchers.version>0.11</bean-matchers.version>
<hamcrest.version>2.1</hamcrest.version>
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index 7616ebd..c3e1877 100644
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -76,15 +76,12 @@
<version>1.0.2</version>
<scope>compile</scope>
</dependency>
-
<dependency>
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-core</artifactId>
- <version>${log4j.version}</version>
- <scope>compile</scope>
+ <groupId>org.openecomp.sdc</groupId>
+ <artifactId>openecomp-sdc-logging-api</artifactId>
+ <version>${project.version}</version>
</dependency>
-
</dependencies>
<build>
<finalName>WSSimulator-${project.version}</finalName>
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
index 014b6c4..ea4203d 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
@@ -35,8 +35,8 @@
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
import org.openecomp.sdc.webseal.simulator.conf.Conf;
import javax.net.ssl.SSLContext;
@@ -75,8 +75,7 @@
private final String CONFIGURATIONS = "/configurations";
private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet());
-
- private final static Logger logger = LogManager.getLogger(SdcProxy.class);
+ private static final Logger logger = LoggerFactory.getLogger(SdcProxy.class);
public void init(ServletConfig config) throws ServletException {
super.init(config);