Skip to content

Commit

Permalink
ADM: Fix CVE Issues (#55)
Browse files Browse the repository at this point in the history
* Upgrade Spring Boot and Gson

* Fixed CVE Issues

* Resolved okhttp cve

Co-authored-by: Yogesh Prasad Kurmi <ykurmi@ykurmi-a01.vmware.com>
  • Loading branch information
yogeshprasad and Yogesh Prasad Kurmi committed Oct 4, 2022
1 parent 1ed520d commit 8555b3c
Show file tree
Hide file tree
Showing 7 changed files with 90 additions and 70 deletions.
23 changes: 17 additions & 6 deletions adm/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,24 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.4.RELEASE</version>
<version>2.7.3</version>
</parent>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>1.33</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand All @@ -28,14 +39,14 @@
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.squareup.okhttp</groupId>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>2.7.5</version>
<version>4.10.0</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp</groupId>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>logging-interceptor</artifactId>
<version>2.7.5</version>
<version>4.10.0</version>
</dependency>
<dependency>
<groupId>org.threeten</groupId>
Expand All @@ -45,7 +56,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.5</version>
<version>2.9.1</version>
</dependency>
<dependency>
<groupId>io.gsonfire</groupId>
Expand Down
72 changes: 38 additions & 34 deletions adm/src/main/java/com/wavefront/rest/api/ApiClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,24 @@
* Do not edit the class manually.
*/


package com.wavefront.rest.api;

import com.squareup.okhttp.*;
import com.squareup.okhttp.internal.http.HttpMethod;
import com.squareup.okhttp.logging.HttpLoggingInterceptor;
import com.squareup.okhttp.logging.HttpLoggingInterceptor.Level;

import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.FormBody;
import okhttp3.Headers;
import okhttp3.MediaType;
import okhttp3.MultipartBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.internal.http.HttpMethod;
import okhttp3.logging.HttpLoggingInterceptor;
import okio.BufferedSink;
import okio.Okio;

import org.jetbrains.annotations.NotNull;
import org.threeten.bp.LocalDate;
import org.threeten.bp.OffsetDateTime;
import org.threeten.bp.format.DateTimeFormatter;
Expand Down Expand Up @@ -67,7 +74,7 @@ public class ApiClient {
private boolean verifyingSsl;
private KeyManager[] keyManagers;

private OkHttpClient httpClient;
private OkHttpClient.Builder httpClient;
private JSON json;

private HttpLoggingInterceptor loggingInterceptor;
Expand All @@ -76,7 +83,7 @@ public class ApiClient {
* Constructor for ApiClient
*/
public ApiClient() {
httpClient = new OkHttpClient();
httpClient = new OkHttpClient().newBuilder();


verifyingSsl = true;
Expand Down Expand Up @@ -119,7 +126,7 @@ public ApiClient setBasePath(String basePath) {
* @return An instance of OkHttpClient
*/
public OkHttpClient getHttpClient() {
return httpClient;
return httpClient.build();
}

/**
Expand All @@ -129,7 +136,7 @@ public OkHttpClient getHttpClient() {
* @return Api Client
*/
public ApiClient setHttpClient(OkHttpClient httpClient) {
this.httpClient = httpClient;
this.httpClient = httpClient.newBuilder();
return this;
}

Expand Down Expand Up @@ -380,7 +387,7 @@ public ApiClient setDebugging(boolean debugging) {
if (debugging != this.debugging) {
if (debugging) {
loggingInterceptor = new HttpLoggingInterceptor();
loggingInterceptor.setLevel(Level.BODY);
loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
httpClient.interceptors().add(loggingInterceptor);
} else {
httpClient.interceptors().remove(loggingInterceptor);
Expand Down Expand Up @@ -420,7 +427,7 @@ public ApiClient setTempFolderPath(String tempFolderPath) {
* @return Timeout in milliseconds
*/
public int getConnectTimeout() {
return httpClient.getConnectTimeout();
return httpClient.build().connectTimeoutMillis();
}

/**
Expand All @@ -432,7 +439,7 @@ public int getConnectTimeout() {
* @return Api client
*/
public ApiClient setConnectTimeout(int connectionTimeout) {
httpClient.setConnectTimeout(connectionTimeout, TimeUnit.MILLISECONDS);
httpClient.connectTimeout(connectionTimeout, TimeUnit.MILLISECONDS);
return this;
}

Expand All @@ -442,7 +449,7 @@ public ApiClient setConnectTimeout(int connectionTimeout) {
* @return Timeout in milliseconds
*/
public int getReadTimeout() {
return httpClient.getReadTimeout();
return httpClient.build().readTimeoutMillis();
}

/**
Expand All @@ -454,7 +461,7 @@ public int getReadTimeout() {
* @return Api client
*/
public ApiClient setReadTimeout(int readTimeout) {
httpClient.setReadTimeout(readTimeout, TimeUnit.MILLISECONDS);
httpClient.readTimeout(readTimeout, TimeUnit.MILLISECONDS);
return this;
}

Expand All @@ -464,7 +471,7 @@ public ApiClient setReadTimeout(int readTimeout) {
* @return Timeout in milliseconds
*/
public int getWriteTimeout() {
return httpClient.getWriteTimeout();
return httpClient.build().writeTimeoutMillis();
}

/**
Expand All @@ -476,7 +483,7 @@ public int getWriteTimeout() {
* @return Api client
*/
public ApiClient setWriteTimeout(int writeTimeout) {
httpClient.setWriteTimeout(writeTimeout, TimeUnit.MILLISECONDS);
httpClient.writeTimeout(writeTimeout, TimeUnit.MILLISECONDS);
return this;
}

Expand Down Expand Up @@ -871,12 +878,7 @@ public <T> void executeAsync(Call call, ApiCallback<T> callback) {
public <T> void executeAsync(Call call, final Type returnType, final ApiCallback<T> callback) {
call.enqueue(new Callback() {
@Override
public void onFailure(Request request, IOException e) {
callback.onFailure(new ApiException(e), 0, null);
}

@Override
public void onResponse(Response response) throws IOException {
public void onResponse(@NotNull Call call, @NotNull Response response) throws IOException {
T result;
try {
result = (T) handleResponse(response, returnType);
Expand All @@ -886,6 +888,12 @@ public void onResponse(Response response) throws IOException {
}
callback.onSuccess(result, response.code(), response.headers().toMultimap());
}

@Override
public void onFailure(@NotNull Call call, @NotNull IOException e) {
callback.onFailure(new ApiException(e), 0, null);
}

});
}

Expand All @@ -905,11 +913,7 @@ public <T> T handleResponse(Response response, Type returnType) throws ApiExcept
// returning null if the returnType is not defined,
// or the status code is 204 (No Content)
if (response.body() != null) {
try {
response.body().close();
} catch (IOException e) {
throw new ApiException(response.message(), e, response.code(), response.headers().toMultimap());
}
response.body().close();
}
return null;
} else {
Expand Down Expand Up @@ -946,7 +950,7 @@ public <T> T handleResponse(Response response, Type returnType) throws ApiExcept
public Call buildCall(String path, String method, List<Pair> queryParams, List<Pair> collectionQueryParams, Object body, Map<String, String> headerParams, Map<String, Object> formParams, String[] authNames, ProgressRequestBody.ProgressRequestListener progressRequestListener) throws ApiException {
Request request = buildRequest(path, method, queryParams, collectionQueryParams, body, headerParams, formParams, authNames, progressRequestListener);

return httpClient.newCall(request);
return httpClient.build().newCall(request);
}

/**
Expand Down Expand Up @@ -1096,7 +1100,7 @@ public void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<
* @return RequestBody
*/
public RequestBody buildRequestBodyFormEncoding(Map<String, Object> formParams) {
FormEncodingBuilder formBuilder = new FormEncodingBuilder();
FormBody.Builder formBuilder = new FormBody.Builder();
for (Entry<String, Object> param : formParams.entrySet()) {
formBuilder.add(param.getKey(), parameterToString(param.getValue()));
}
Expand All @@ -1111,7 +1115,7 @@ public RequestBody buildRequestBodyFormEncoding(Map<String, Object> formParams)
* @return RequestBody
*/
public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
MultipartBuilder mpBuilder = new MultipartBuilder().type(MultipartBuilder.FORM);
MultipartBody.Builder mpBuilder = new MultipartBody.Builder().setType(MultipartBody.FORM);
for (Entry<String, Object> param : formParams.entrySet()) {
if (param.getValue() instanceof File) {
File file = (File) param.getValue();
Expand Down Expand Up @@ -1193,11 +1197,11 @@ public boolean verify(String hostname, SSLSession session) {
if (keyManagers != null || trustManagers != null) {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
httpClient.setSslSocketFactory(sslContext.getSocketFactory());
httpClient.sslSocketFactory(sslContext.getSocketFactory());
} else {
httpClient.setSslSocketFactory(null);
httpClient.sslSocketFactory(null);
}
httpClient.setHostnameVerifier(hostnameVerifier);
httpClient.hostnameVerifier(hostnameVerifier);
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,11 @@

package com.wavefront.rest.api;

import com.squareup.okhttp.*;

import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okio.Buffer;
import okio.BufferedSink;
import okio.GzipSink;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,10 @@

package com.wavefront.rest.api;

import com.squareup.okhttp.MediaType;
import com.squareup.okhttp.RequestBody;

import java.io.IOException;

import okhttp3.MediaType;
import okhttp3.RequestBody;
import okio.Buffer;
import okio.BufferedSink;
import okio.ForwardingSink;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,10 @@

package com.wavefront.rest.api;

import com.squareup.okhttp.MediaType;
import com.squareup.okhttp.ResponseBody;

import java.io.IOException;

import okhttp3.MediaType;
import okhttp3.ResponseBody;
import okio.Buffer;
import okio.BufferedSource;
import okio.ForwardingSource;
Expand Down Expand Up @@ -45,12 +44,12 @@ public MediaType contentType() {
}

@Override
public long contentLength() throws IOException {
public long contentLength() {
return responseBody.contentLength();
}

@Override
public BufferedSource source() throws IOException {
public BufferedSource source() {
if (bufferedSource == null) {
bufferedSource = Okio.buffer(source(responseBody.source()));
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@

import com.wavefront.rest.api.Pair;

import com.squareup.okhttp.Credentials;

import java.util.Map;
import java.util.List;

import okhttp3.Credentials;

public class HttpBasicAuth implements Authentication {
private String username;
private String password;
Expand Down

0 comments on commit 8555b3c

Please sign in to comment.