From: RehanRaza <muhammad.rehan.raza@est.tech>
Date: Fri, 13 Mar 2020 15:51:37 +0000 (+0100)
Subject: Fix Sonar security vulnerabilities
X-Git-Tag: 2.0.0~121
X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=1f0eaf77b131fe5757bae47fbdd64e691a9c2053;p=nonrtric.git

Fix Sonar security vulnerabilities

Change-Id: I33e94fe2701508216c2389db75e826f2cc705f15
Issue-ID: NONRTRIC-141
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
---

diff --git a/dashboard/webapp-backend/pom.xml b/dashboard/webapp-backend/pom.xml
index bbbf2a40..e8475613 100644
--- a/dashboard/webapp-backend/pom.xml
+++ b/dashboard/webapp-backend/pom.xml
@@ -36,6 +36,7 @@ limitations under the License.
     <properties>
         <springfox.version>2.9.2</springfox.version>
         <immutable.version>2.7.1</immutable.version>
+        <apache-axis2.version>1.7.9</apache-axis2.version>
         <formatter-maven-plugin.version>2.8.1</formatter-maven-plugin.version>
         <spotless-maven-plugin.version>1.18.0</spotless-maven-plugin.version>
         <!-- Set by Jenkins -->
@@ -107,6 +108,11 @@ limitations under the License.
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.axis2</groupId>
+            <artifactId>axis2-kernel</artifactId>
+            <version>${apache-axis2.version}</version>
+        </dependency>
         <!-- Bridge uses of Apache commons logging, like EPSDK-FW -->
         <dependency>
             <groupId>org.slf4j</groupId>
diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
index a4fbcea4..f687483d 100644
--- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
+++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
@@ -23,13 +23,13 @@ package org.oransc.ric.portal.dashboard.util;
 
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+
+import org.apache.axis2.java.security.TrustAllTrustManager;
 
 /**
  * Disables and enables certificate and host-name checking in
@@ -45,22 +45,7 @@ public final class HttpsURLConnectionUtils {
     private static final HostnameVerifier trivialHostnameVerifier =
         (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
 
-    private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new X509TrustManager() {
-        @Override
-        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-            return new java.security.cert.X509Certificate[0];
-        }
-
-        @Override
-        public void checkClientTrusted(X509Certificate[] certs, String authType) {
-            // Do nothing.
-        }
-
-        @Override
-        public void checkServerTrusted(X509Certificate[] certs, String authType) {
-            // Do nothing.
-        }
-    }};
+    private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new TrustAllTrustManager()};
 
     public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
         HttpsURLConnection.setDefaultHostnameVerifier(trivialHostnameVerifier);