-
Bug
-
Resolution: Won't Do
-
High
-
Honolulu Release
-
None
Sonarcloud identified the following security bugs in your project and, as agreed by the TSC, should be fixed within the Honolulu release. Any not finished in Honolulu must be fixed within the Istanbul release. Follow each of the URLs for details on each each bug, along with recommended fixes.
If any of the links below fail, please find your code on the master list found at <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=weak-cryptography>.
Project: onap_appc
Component: onap_appc:appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java
Message: Change this code to use a stronger protocol.
Severity: MAJOR
Line: 59
Effort: 2min
Creation-Date: 2018-02-10T00:50:24+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AW6lYVskgYcRdnXY2UZi&open=AW6lYVskgYcRdnXY2UZi
Project: onap_appc
Component: onap_appc:appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/RestExecutor.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 89
Effort: 5min
Creation-Date: 2018-02-10T00:50:24+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1Y9TESIQDDjOvZEl&open=AXBX1Y9TESIQDDjOvZEl
Project: onap_appc
Component: onap_appc:appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/SecureRestClientTrustManager.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 32
Effort: 5min
Creation-Date: 2017-08-17T08:15:50+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1Y80ESIQDDjOvZEj&open=AXBX1Y80ESIQDDjOvZEj
Project: onap_appc
Component: onap_appc:appc-config/appc-flow-controller/provider/src/main/java/org/onap/appc/flow/controller/executorImpl/SecureRestClientTrustManager.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 37
Effort: 5min
Creation-Date: 2017-08-17T08:15:50+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1Y80ESIQDDjOvZEk&open=AXBX1Y80ESIQDDjOvZEk
Project: onap_appc
Component: onap_appc:appc-core/appc-common-bundle/src/main/java/org/onap/appc/util/HttpClientUtil.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 103
Effort: 5min
Creation-Date: 2019-02-18T16:43:31+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1cktESIQDDjOvZEu&open=AXBX1cktESIQDDjOvZEu
Project: onap_appc
Component: onap_appc:appc-core/appc-common-bundle/src/main/java/org/onap/appc/util/HttpClientUtil.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 108
Effort: 5min
Creation-Date: 2019-02-18T16:43:31+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1cktESIQDDjOvZEv&open=AXBX1cktESIQDDjOvZEv
Project: onap_appc
Component: onap_appc:appc-inbound/appc-design-services/provider/src/main/java/org/onap/appc/design/services/util/ArtifactHandlerClient.java
Message: Change this code to use a stronger protocol.
Severity: MAJOR
Line: 117
Effort: 2min
Creation-Date: 2017-08-18T07:46:15+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AW6lYWqsgYcRdnXY2Urn&open=AW6lYWqsgYcRdnXY2Urn
Project: onap_appc
Component: onap_appc:appc-inbound/appc-design-services/provider/src/main/java/org/onap/appc/design/services/util/ArtifactHandlerClient.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 161
Effort: 5min
Creation-Date: 2018-02-22T18:20:11+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1cAAESIQDDjOvZEr&open=AXBX1cAAESIQDDjOvZEr
Project: onap_appc
Component: onap_appc:appc-inbound/appc-design-services/provider/src/main/java/org/onap/appc/design/services/util/SecureRestClientTrustManager.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 35
Effort: 5min
Creation-Date: 2017-08-18T07:46:15+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1cAiESIQDDjOvZEs&open=AXBX1cAiESIQDDjOvZEs
Project: onap_appc
Component: onap_appc:appc-inbound/appc-design-services/provider/src/main/java/org/onap/appc/design/services/util/SecureRestClientTrustManager.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 40
Effort: 5min
Creation-Date: 2017-08-18T07:46:15+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1cAiESIQDDjOvZEt&open=AXBX1cAiESIQDDjOvZEt
Project: onap_appc
Component: onap_appc:appc-outbound/appc-network-inventory-client/provider/src/main/java/org/onap/appc/instar/dme2client/Dme2Client.java
Message: Change this code to use a stronger protocol.
Severity: MAJOR
Line: 115
Effort: 2min
Creation-Date: 2017-08-15T18:33:24+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AW6lYWkZgYcRdnXY2UpJ&open=AW6lYWkZgYcRdnXY2UpJ
Project: onap_appc
Component: onap_appc:appc-outbound/appc-network-inventory-client/provider/src/main/java/org/onap/appc/instar/dme2client/Dme2Client.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 193
Effort: 5min
Creation-Date: 2018-02-22T18:34:54+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1bFFESIQDDjOvZEo&open=AXBX1bFFESIQDDjOvZEo
Project: onap_appc
Component: onap_appc:appc-outbound/appc-network-inventory-client/provider/src/main/java/org/onap/appc/instar/dme2client/SecureRestClientTrustManager.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 34
Effort: 5min
Creation-Date: 2017-08-15T18:33:24+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1bybESIQDDjOvZEp&open=AXBX1bybESIQDDjOvZEp
Project: onap_appc
Component: onap_appc:appc-outbound/appc-network-inventory-client/provider/src/main/java/org/onap/appc/instar/dme2client/SecureRestClientTrustManager.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 38
Effort: 5min
Creation-Date: 2017-08-15T18:33:24+0200
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1bybESIQDDjOvZEq&open=AXBX1bybESIQDDjOvZEq
Project: onap_appc
Component: onap_appc:appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/appc/sdc/listener/ProviderOperations.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 187
Effort: 5min
Creation-Date: 2020-01-29T20:44:48+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1a4kESIQDDjOvZEm&open=AXBX1a4kESIQDDjOvZEm
Project: onap_appc
Component: onap_appc:appc-sdc-listener/appc-sdc-listener-bundle/src/main/java/org/onap/appc/sdc/listener/ProviderOperations.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 190
Effort: 5min
Creation-Date: 2020-01-29T20:44:48+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1a4kESIQDDjOvZEn&open=AXBX1a4kESIQDDjOvZEn
Project: onap_appc
Component: onap_appc:services/appc-dmaap-service/appc-event-listener-bundle/src/main/java/org/onap/appc/listener/LCM/operation/ProviderOperations.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 246
Effort: 5min
Creation-Date: 2019-11-08T17:38:47+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1YerESIQDDjOvZEf&open=AXBX1YerESIQDDjOvZEf
Project: onap_appc
Component: onap_appc:services/appc-dmaap-service/appc-event-listener-bundle/src/main/java/org/onap/appc/listener/LCM/operation/ProviderOperations.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 250
Effort: 5min
Creation-Date: 2019-11-08T17:38:47+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1YerESIQDDjOvZEg&open=AXBX1YerESIQDDjOvZEg
Project: onap_appc
Component: onap_appc:services/appc-dmaap-service/appc-event-listener-bundle/src/main/java/org/onap/appc/listener/util/HttpClientUtil.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 99
Effort: 5min
Creation-Date: 2019-11-08T17:38:47+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1YkdESIQDDjOvZEh&open=AXBX1YkdESIQDDjOvZEh
Project: onap_appc
Component: onap_appc:services/appc-dmaap-service/appc-event-listener-bundle/src/main/java/org/onap/appc/listener/util/HttpClientUtil.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 103
Effort: 5min
Creation-Date: 2019-11-08T17:38:47+0100
URL: https://sonarcloud.io/project/issues?id=onap_appc&issues=AXBX1YkdESIQDDjOvZEi&open=AXBX1YkdESIQDDjOvZEi
- clones
-
VFC-1827 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
- is cloned by
-
VFC-1860 fix CRITICAL command-injection issues identified in sonarcloud
- Closed
-
OPTFRA-924 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
- relates to
-
REQ-443 CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
- In Progress