Uploaded image for project: 'Data Collection, Analytics, and Events'
  1. Data Collection, Analytics, and Events
  2. DCAEGEN2-2656

fix CRITICAL weak-cryptography issues identified in sonarcloud

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: High High
    • Honolulu Release
    • Honolulu Release
    • None

      Sonarcloud identified the following security bugs in your project and, as agreed by the TSC, should be fixed within the Honolulu release. Any not finished in Honolulu must be fixed within the Istanbul release. Follow each of the URLs for details on each each bug, along with recommended fixes.

       
      If any of the links below fail, please find your code on the master list found at <https://sonarcloud.io/organizations/onap/issues?resolved=false&sonarsourceSecurity=weak-cryptography>.
       

      Project: onap_dcaegen2-collectors-datafile
      Component: onap_dcaegen2-collectors-datafile:datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java
      Message: Enable server hostname verification on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 87
      Effort: 5min
      Creation-Date: 2021-02-11T12:56:20+0100
      URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-datafile&issues=AXeZ0zkEzHG09p-BZq_d&open=AXeZ0zkEzHG09p-BZq_d

       

      The following are covered by DCAEGEN2-2518:

       

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
      Message: Enable server hostname verification on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 328
      Effort: 5min
      Creation-Date: 2018-10-03T08:38:26+0200
      _-URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnTx&open=AXBW0hh9uzrOmaQIlnTx-_

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
      Message: Enable server certificate validation on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 340
      Effort: 5min
      Creation-Date: 2019-04-26T13:50:44+0200
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnTy&open=AXBW0hh9uzrOmaQIlnTy_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
      Message: Enable server certificate validation on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 342
      Effort: 5min
      Creation-Date: 2019-04-26T13:50:44+0200
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnTz&open=AXBW0hh9uzrOmaQIlnTz_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
      Message: Change this code to use a stronger protocol.
      Severity: MAJOR
      Line: 348
      Effort: 2min
      Creation-Date: 2019-04-26T13:50:44+0200
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AW6lUCkHk4KhMkVz6Qd8&open=AW6lUCkHk4KhMkVz6Qd8_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
      Message: Enable server hostname verification on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 355
      Effort: 5min
      Creation-Date: 2019-04-26T13:50:44+0200
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnT0&open=AXBW0hh9uzrOmaQIlnT0_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/common/RestapiCallNode.java
      Message: Enable server hostname verification on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 451
      Effort: 5min
      Creation-Date: 2018-10-03T08:38:26+0200
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hh9uzrOmaQIlnT1&open=AXBW0hh9uzrOmaQIlnT1_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/controller/PersistentEventConnection.java
      Message: Enable server certificate validation on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 303
      Effort: 5min
      Creation-Date: 2019-03-18T10:55:23+0100
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hbDuzrOmaQIlnTu&open=AXBW0hbDuzrOmaQIlnTu_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/controller/PersistentEventConnection.java
      Message: Enable server certificate validation on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 307
      Effort: 5min
      Creation-Date: 2019-03-18T10:55:23+0100
      -_URL: https://sonarcloud.io/project/issues?id=onap_dcaegen2-collectors-restconf&issues=AXBW0hbDuzrOmaQIlnTv&open=AXBW0hbDuzrOmaQIlnTv_-

      Project: onap_dcaegen2-collectors-restconf
      Component: onap_dcaegen2-collectors-restconf:src/main/java/org/onap/dcae/controller/PersistentEventConnection.java
      Message: Enable server hostname verification on this SSL/TLS connection.
      Severity: CRITICAL
      Line: 319
      Effort: 5min
      Creation-Date: 2019-03-18T10:55:23+0100

       

            rjanecze rjanecze
            tonylhansen tonylhansen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: