- CPS-1169Getting issue details... STATUS
Overview:
Within the CPS, the current version of the OpenDaylight Yang-Tools being used is 6.0.1. There was a vulnerability detected within this library and it was raised as a bug in the following Jira ticket:
- CPS-1150Getting issue details... STATUS
Due to the latest versions of this library not being compatible with CPS, this bug has been closed with an exemption being raised, but we decided to investigate upgrading open daylight regardless, to prevent future vulnerabilities like this from happening.
Incompatible Objects:
Incompatible objects currently being used within CPS with latest open daylight version
Object in OpenDaylight 6.0.1 | Differences in OpenDaylight 8.0.6 | Potential Solutions |
---|---|---|
NormalizedNode<?,?> | Now takes no wild card arguments | Remove wild card arguments |
ValueNode<?,?> | Now takes one wild card arguments Currently uses getValue() to retrieve list of normalized node values, no longer available in latest version. | Remove unnecessary wild card arguments Wild card is value of the node, could get body and value from that. |
YangTextSchemaSource | Abstract class now contains new getSymbolicName() method of type Optional String must be implemented. | Implement new method as mentioned. Can return empty. |
DataContainerNode<?> | No longer takes any arguments. | Remove wild card arguments |
DataContainerChild<?,?> | No longer takes any arguments. | Remove wild card arguments |
LeafSetNode | Currently uses getNodeType().getLocalName() to get the leaf list name, which has moved in latest version. Currently uses getValue() to retrieve list list values, no longer available in latest version. | getNodeType().getLocalName() is found under getIdentifier().getNodeType().getLocalName Alternative to getValue() could be body() - returns all child nodes, may have to be re-written to accommodate this. |
MapNode | Currently uses getValue() to get a collection of MapEntryNodes, which is not available in latest version. | Alternative to above could be mapNode.asMap().values() |
YangSyntaxErrorException | Has moved to new location. | Import exception from new location. |
JsonParserStream | Overridden method which can take two or three arguments, currently is implemented as JsonParserStream.create(NormailzedStreamWriter, codecFactory, SchemaNode). Latest version uses different object for third argument JsonParserStream.create(NormailzedStreamWriter, codecFactory, EffectiveStatementInference). | Not sure yet, the Schema Node object is used in many places for assigning node values, would have to potentially complete rewrite this to use to EffectiveStatementInterface. |
JsonParserStream
- As outlined above, jsonParserStream's third parameter is EffectiveStatementInference
- Migration from SchemaNode to EffectiveStatementInference is possible according to their documentation on https://docs.opendaylight.org/en/stable-phosphorus/release-notes/upgrade-process.html#schemacontextutil-has-been-removed
- An initial POC of this migration was created as shown below:
- Using the above POC, the following existing test passes for 2 out of 3
- Below shows the exception that is thrown for the failing test