-
Bug
-
Resolution: Done
-
High
-
Honolulu Release
-
None
Sonarcloud identified the following security bugs in your project and, as agreed by the TSC, should be fixed within the Honolulu release. Any not finished in Honolulu must be fixed within the Istanbul release. Follow each of the URLs for details on each each bug, along with recommended fixes.
If any of the links below fail, please find your code on the master list found at <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=weak-cryptography>.
Project: onap_dcaegen2-collectors-datafile
Component: onap_dcaegen2-collectors-datafile:datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 87
Effort: 5min
Creation-Date: 2021-02-11T12:56:20+0100
URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-datafile&issues=AXeZ0zkEzHG09p-BZq_d&open=AXeZ0zkEzHG09p-BZq_d
The following are covered by DCAEGEN2-2518:
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 328
Effort: 5min
Creation-Date: 2018-10-03T08:38:26+0200
_-URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnTx&open=AXBW0hh9uzrOmaQIlnTx-_
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 340
Effort: 5min
Creation-Date: 2019-04-26T13:50:44+0200
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnTy&open=AXBW0hh9uzrOmaQIlnTy_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 342
Effort: 5min
Creation-Date: 2019-04-26T13:50:44+0200
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnTz&open=AXBW0hh9uzrOmaQIlnTz_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
Message: Change this code to use a stronger protocol.
Severity: MAJOR
Line: 348
Effort: 2min
Creation-Date: 2019-04-26T13:50:44+0200
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AW6lUCkHk4KhMkVz6Qd8&open=AW6lUCkHk4KhMkVz6Qd8_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 355
Effort: 5min
Creation-Date: 2019-04-26T13:50:44+0200
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnT0&open=AXBW0hh9uzrOmaQIlnT0_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 451
Effort: 5min
Creation-Date: 2018-10-03T08:38:26+0200
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnT1&open=AXBW0hh9uzrOmaQIlnT1_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/controller/PersistentEventConnection.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 303
Effort: 5min
Creation-Date: 2019-03-18T10:55:23+0100
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hbDuzrOmaQIlnTu&open=AXBW0hbDuzrOmaQIlnTu_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/controller/PersistentEventConnection.java
Message: Enable server certificate validation on this SSL/TLS connection.
Severity: CRITICAL
Line: 307
Effort: 5min
Creation-Date: 2019-03-18T10:55:23+0100
-_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hbDuzrOmaQIlnTv&open=AXBW0hbDuzrOmaQIlnTv_-
Project: onap_dcaegen2-collectors-restconf
Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/controller/PersistentEventConnection.java
Message: Enable server hostname verification on this SSL/TLS connection.
Severity: CRITICAL
Line: 319
Effort: 5min
Creation-Date: 2019-03-18T10:55:23+0100
- clones
-
AAI-3292 fix CRITICAL weak-cryptography issues identified in sonarcloud
- In Progress
- is cloned by
-
AAF-1211 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
- relates to
-
REQ-443 CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
- In Progress
-
DCAEGEN2-2518 security blocker in restconf collector
- Closed