ADM: Fix CVE Issues

adm/pom.xml

@@ -10,13 +10,24 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.1.4.RELEASE</version>
+        <version>2.7.3</version>
     </parent>
 
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>1.33</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -28,14 +39,14 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.squareup.okhttp</groupId>
+            <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
-            <version>2.7.5</version>
+            <version>4.10.0</version>
         </dependency>
         <dependency>
-            <groupId>com.squareup.okhttp</groupId>
+            <groupId>com.squareup.okhttp3</groupId>
             <artifactId>logging-interceptor</artifactId>
-            <version>2.7.5</version>
+            <version>4.10.0</version>
         </dependency>
         <dependency>
             <groupId>org.threeten</groupId>
@@ -45,7 +56,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.5</version>
+            <version>2.9.1</version>
         </dependency>
         <dependency>
             <groupId>io.gsonfire</groupId>

adm/src/main/java/com/wavefront/rest/api/ApiClient.java

@@ -10,17 +10,24 @@
  * Do not edit the class manually.
  */
 
-
 package com.wavefront.rest.api;
 
-import com.squareup.okhttp.*;
-import com.squareup.okhttp.internal.http.HttpMethod;
-import com.squareup.okhttp.logging.HttpLoggingInterceptor;
-import com.squareup.okhttp.logging.HttpLoggingInterceptor.Level;
-
+import okhttp3.Call;
+import okhttp3.Callback;
+import okhttp3.FormBody;
+import okhttp3.Headers;
+import okhttp3.MediaType;
+import okhttp3.MultipartBody;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+import okhttp3.internal.http.HttpMethod;
+import okhttp3.logging.HttpLoggingInterceptor;
 import okio.BufferedSink;
 import okio.Okio;
 
+import org.jetbrains.annotations.NotNull;
 import org.threeten.bp.LocalDate;
 import org.threeten.bp.OffsetDateTime;
 import org.threeten.bp.format.DateTimeFormatter;
@@ -67,7 +74,7 @@ public class ApiClient {
   private boolean verifyingSsl;
   private KeyManager[] keyManagers;
 
-  private OkHttpClient httpClient;
+  private OkHttpClient.Builder httpClient;
   private JSON json;
 
   private HttpLoggingInterceptor loggingInterceptor;
@@ -76,7 +83,7 @@ public class ApiClient {
    * Constructor for ApiClient
    */
   public ApiClient() {
-    httpClient = new OkHttpClient();
+    httpClient = new OkHttpClient().newBuilder();
 
 
     verifyingSsl = true;
@@ -119,7 +126,7 @@ public ApiClient setBasePath(String basePath) {
    * @return An instance of OkHttpClient
    */
   public OkHttpClient getHttpClient() {
-    return httpClient;
+    return httpClient.build();
   }
 
   /**
@@ -129,7 +136,7 @@ public OkHttpClient getHttpClient() {
    * @return Api Client
    */
   public ApiClient setHttpClient(OkHttpClient httpClient) {
-    this.httpClient = httpClient;
+    this.httpClient = httpClient.newBuilder();
     return this;
   }
 
@@ -380,7 +387,7 @@ public ApiClient setDebugging(boolean debugging) {
     if (debugging != this.debugging) {
       if (debugging) {
         loggingInterceptor = new HttpLoggingInterceptor();
-        loggingInterceptor.setLevel(Level.BODY);
+        loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
         httpClient.interceptors().add(loggingInterceptor);
       } else {
         httpClient.interceptors().remove(loggingInterceptor);
@@ -420,7 +427,7 @@ public ApiClient setTempFolderPath(String tempFolderPath) {
    * @return Timeout in milliseconds
    */
   public int getConnectTimeout() {
-    return httpClient.getConnectTimeout();
+    return httpClient.build().connectTimeoutMillis();
   }
 
   /**
@@ -432,7 +439,7 @@ public int getConnectTimeout() {
    * @return Api client
    */
   public ApiClient setConnectTimeout(int connectionTimeout) {
-    httpClient.setConnectTimeout(connectionTimeout, TimeUnit.MILLISECONDS);
+    httpClient.connectTimeout(connectionTimeout, TimeUnit.MILLISECONDS);
     return this;
   }
 
@@ -442,7 +449,7 @@ public ApiClient setConnectTimeout(int connectionTimeout) {
    * @return Timeout in milliseconds
    */
   public int getReadTimeout() {
-    return httpClient.getReadTimeout();
+    return httpClient.build().readTimeoutMillis();
   }
 
   /**
@@ -454,7 +461,7 @@ public int getReadTimeout() {
    * @return Api client
    */
   public ApiClient setReadTimeout(int readTimeout) {
-    httpClient.setReadTimeout(readTimeout, TimeUnit.MILLISECONDS);
+    httpClient.readTimeout(readTimeout, TimeUnit.MILLISECONDS);
     return this;
   }
 
@@ -464,7 +471,7 @@ public ApiClient setReadTimeout(int readTimeout) {
    * @return Timeout in milliseconds
    */
   public int getWriteTimeout() {
-    return httpClient.getWriteTimeout();
+    return httpClient.build().writeTimeoutMillis();
   }
 
   /**
@@ -476,7 +483,7 @@ public int getWriteTimeout() {
    * @return Api client
    */
   public ApiClient setWriteTimeout(int writeTimeout) {
-    httpClient.setWriteTimeout(writeTimeout, TimeUnit.MILLISECONDS);
+    httpClient.writeTimeout(writeTimeout, TimeUnit.MILLISECONDS);
     return this;
   }
 
@@ -871,12 +878,7 @@ public <T> void executeAsync(Call call, ApiCallback<T> callback) {
   public <T> void executeAsync(Call call, final Type returnType, final ApiCallback<T> callback) {
     call.enqueue(new Callback() {
       @Override
-      public void onFailure(Request request, IOException e) {
-        callback.onFailure(new ApiException(e), 0, null);
-      }
-
-      @Override
-      public void onResponse(Response response) throws IOException {
+      public void onResponse(@NotNull Call call, @NotNull Response response) throws IOException {
         T result;
         try {
           result = (T) handleResponse(response, returnType);
@@ -886,6 +888,12 @@ public void onResponse(Response response) throws IOException {
         }
         callback.onSuccess(result, response.code(), response.headers().toMultimap());
       }
+
+      @Override
+      public void onFailure(@NotNull Call call, @NotNull IOException e) {
+        callback.onFailure(new ApiException(e), 0, null);
+      }
+
     });
   }
 
@@ -905,11 +913,7 @@ public <T> T handleResponse(Response response, Type returnType) throws ApiExcept
         // returning null if the returnType is not defined,
         // or the status code is 204 (No Content)
         if (response.body() != null) {
-          try {
-            response.body().close();
-          } catch (IOException e) {
-            throw new ApiException(response.message(), e, response.code(), response.headers().toMultimap());
-          }
+          response.body().close();
         }
         return null;
       } else {
@@ -946,7 +950,7 @@ public <T> T handleResponse(Response response, Type returnType) throws ApiExcept
   public Call buildCall(String path, String method, List<Pair> queryParams, List<Pair> collectionQueryParams, Object body, Map<String, String> headerParams, Map<String, Object> formParams, String[] authNames, ProgressRequestBody.ProgressRequestListener progressRequestListener) throws ApiException {
     Request request = buildRequest(path, method, queryParams, collectionQueryParams, body, headerParams, formParams, authNames, progressRequestListener);
 
-    return httpClient.newCall(request);
+    return httpClient.build().newCall(request);
   }
 
   /**
@@ -1096,7 +1100,7 @@ public void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<
    * @return RequestBody
    */
   public RequestBody buildRequestBodyFormEncoding(Map<String, Object> formParams) {
-    FormEncodingBuilder formBuilder = new FormEncodingBuilder();
+    FormBody.Builder formBuilder = new FormBody.Builder();
     for (Entry<String, Object> param : formParams.entrySet()) {
       formBuilder.add(param.getKey(), parameterToString(param.getValue()));
     }
@@ -1111,7 +1115,7 @@ public RequestBody buildRequestBodyFormEncoding(Map<String, Object> formParams)
    * @return RequestBody
    */
   public RequestBody buildRequestBodyMultipart(Map<String, Object> formParams) {
-    MultipartBuilder mpBuilder = new MultipartBuilder().type(MultipartBuilder.FORM);
+    MultipartBody.Builder mpBuilder = new MultipartBody.Builder().setType(MultipartBody.FORM);
     for (Entry<String, Object> param : formParams.entrySet()) {
       if (param.getValue() instanceof File) {
         File file = (File) param.getValue();
@@ -1193,11 +1197,11 @@ public boolean verify(String hostname, SSLSession session) {
       if (keyManagers != null || trustManagers != null) {
         SSLContext sslContext = SSLContext.getInstance("TLS");
         sslContext.init(keyManagers, trustManagers, new SecureRandom());
-        httpClient.setSslSocketFactory(sslContext.getSocketFactory());
+        httpClient.sslSocketFactory(sslContext.getSocketFactory());
       } else {
-        httpClient.setSslSocketFactory(null);
+        httpClient.sslSocketFactory(null);
       }
-      httpClient.setHostnameVerifier(hostnameVerifier);
+      httpClient.hostnameVerifier(hostnameVerifier);
     } catch (GeneralSecurityException e) {
       throw new RuntimeException(e);
     }

adm/src/main/java/com/wavefront/rest/api/GzipRequestInterceptor.java

@@ -13,8 +13,11 @@
 
 package com.wavefront.rest.api;
 
-import com.squareup.okhttp.*;
-
+import okhttp3.Interceptor;
+import okhttp3.MediaType;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
 import okio.Buffer;
 import okio.BufferedSink;
 import okio.GzipSink;

adm/src/main/java/com/wavefront/rest/api/ProgressRequestBody.java

@@ -13,11 +13,10 @@
 
 package com.wavefront.rest.api;
 
-import com.squareup.okhttp.MediaType;
-import com.squareup.okhttp.RequestBody;
-
 import java.io.IOException;
 
+import okhttp3.MediaType;
+import okhttp3.RequestBody;
 import okio.Buffer;
 import okio.BufferedSink;
 import okio.ForwardingSink;

adm/src/main/java/com/wavefront/rest/api/ProgressResponseBody.java

@@ -13,11 +13,10 @@
 
 package com.wavefront.rest.api;
 
-import com.squareup.okhttp.MediaType;
-import com.squareup.okhttp.ResponseBody;
-
 import java.io.IOException;
 
+import okhttp3.MediaType;
+import okhttp3.ResponseBody;
 import okio.Buffer;
 import okio.BufferedSource;
 import okio.ForwardingSource;
@@ -45,12 +44,12 @@ public MediaType contentType() {
   }
 
   @Override
-  public long contentLength() throws IOException {
+  public long contentLength() {
     return responseBody.contentLength();
   }
 
   @Override
-  public BufferedSource source() throws IOException {
+  public BufferedSource source() {
     if (bufferedSource == null) {
       bufferedSource = Okio.buffer(source(responseBody.source()));
     }

adm/src/main/java/com/wavefront/rest/api/auth/HttpBasicAuth.java

@@ -15,11 +15,11 @@
 
 import com.wavefront.rest.api.Pair;
 
-import com.squareup.okhttp.Credentials;
-
 import java.util.Map;
 import java.util.List;
 
+import okhttp3.Credentials;
+
 public class HttpBasicAuth implements Authentication {
   private String username;
   private String password;