From ae14ef2d1fc22e6de70a1d924bf1e3769616b3ac Mon Sep 17 00:00:00 2001
From: exceptionfactory <exceptionfactory@apache.org>
Date: Mon, 12 Sep 2022 10:47:49 -0500
Subject: [PATCH] NIFI-10373 Set managed version for AWS 1 and 2 SDK

- Replaced individual AWS SDK versions with root managed dependency version
- Set AWS SDK 1 version to 1.12.299
- Set AWS SDK 2 version to 2.17.270
- Suppressed false positive dependency vulnerability for aws-sdk-swf-libraries

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6405.
---
 .../minifi-c2-cache-s3/pom.xml                |  1 -
 minifi/pom.xml                                |  1 -
 .../nifi-property-protection-aws/pom.xml      |  6 ----
 nifi-dependency-check-maven/suppressions.xml  |  5 +++
 nifi-nar-bundles/nifi-aws-bundle/pom.xml      | 25 ---------------
 .../nifi-registry-aws/pom.xml                 | 16 ----------
 pom.xml                                       | 32 +++++++++++++++++++
 7 files changed, 37 insertions(+), 49 deletions(-)

diff --git a/minifi/minifi-c2/minifi-c2-cache/minifi-c2-cache-s3/pom.xml b/minifi/minifi-c2/minifi-c2-cache/minifi-c2-cache-s3/pom.xml
index b13bba93fa09..68b285815f3f 100644
--- a/minifi/minifi-c2/minifi-c2-cache/minifi-c2-cache-s3/pom.xml
+++ b/minifi/minifi-c2/minifi-c2-cache/minifi-c2-cache-s3/pom.xml
@@ -34,7 +34,6 @@ limitations under the License.
         <dependency>
              <groupId>com.amazonaws</groupId>
              <artifactId>aws-java-sdk-s3</artifactId>
-             <version>${aws.sdk.version}</version>
              <exclusions>
                  <exclusion>
                      <groupId>commons-logging</groupId>
diff --git a/minifi/pom.xml b/minifi/pom.xml
index bf0c402b5565..fb90e0d7128e 100644
--- a/minifi/pom.xml
+++ b/minifi/pom.xml
@@ -41,7 +41,6 @@ limitations under the License.
     </modules>
     <properties>
         <system.rules.version>1.19.0</system.rules.version>
-        <aws.sdk.version>1.12.267</aws.sdk.version>
         <yammer.metrics.version>2.2.0</yammer.metrics.version>
     </properties>
 
diff --git a/nifi-commons/nifi-property-protection-aws/pom.xml b/nifi-commons/nifi-property-protection-aws/pom.xml
index 46ba7b2f1877..c1d241633d24 100644
--- a/nifi-commons/nifi-property-protection-aws/pom.xml
+++ b/nifi-commons/nifi-property-protection-aws/pom.xml
@@ -21,9 +21,6 @@
         <version>1.18.0-SNAPSHOT</version>
     </parent>
     <artifactId>nifi-property-protection-aws</artifactId>
-    <properties>
-        <aws.sdk.version>2.17.106</aws.sdk.version>
-    </properties>
     <dependencies>
         <dependency>
             <groupId>org.apache.nifi</groupId>
@@ -46,12 +43,10 @@
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>url-connection-client</artifactId>
-            <version>${aws.sdk.version}</version>
         </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>kms</artifactId>
-            <version>${aws.sdk.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>software.amazon.awssdk</groupId>
@@ -66,7 +61,6 @@
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>secretsmanager</artifactId>
-            <version>${aws.sdk.version}</version>
             <exclusions>
                 <exclusion>
                     <groupId>software.amazon.awssdk</groupId>
diff --git a/nifi-dependency-check-maven/suppressions.xml b/nifi-dependency-check-maven/suppressions.xml
index 4397a9a5a3b9..90d67d1063a7 100644
--- a/nifi-dependency-check-maven/suppressions.xml
+++ b/nifi-dependency-check-maven/suppressions.xml
@@ -199,4 +199,9 @@
         <packageUrl regex="true">^pkg:maven/org\.apache\.avro/avro@.*$</packageUrl>
         <cve>CVE-2021-43045</cve>
     </suppress>
+    <suppress>
+        <notes>CVE-2022-31159 applies to AWS S3 library not the SWF libraries</notes>
+        <packageUrl regex="true">^pkg:maven/com\.amazonaws/aws\-java\-sdk\-swf\-libraries@.*$</packageUrl>
+        <cve>CVE-2022-31159</cve>
+    </suppress>
 </suppressions>
diff --git a/nifi-nar-bundles/nifi-aws-bundle/pom.xml b/nifi-nar-bundles/nifi-aws-bundle/pom.xml
index 529b9f23ce7e..a6ab4fc31e22 100644
--- a/nifi-nar-bundles/nifi-aws-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-aws-bundle/pom.xml
@@ -26,35 +26,10 @@
     <packaging>pom</packaging>
 
     <properties>
-        <!-- keep AWS 1.x until NIFI-8287 -->
-        <aws-java-sdk-version>1.12.267</aws-java-sdk-version>
         <!-- keep KCL 1.x until NIFI-8531 (blocked by NIFI-8287) -->
         <aws-kinesis-client-library-version>1.14.8</aws-kinesis-client-library-version>
     </properties>
 
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>com.amazonaws</groupId>
-                <artifactId>aws-java-sdk-bom</artifactId>
-                <version>${aws-java-sdk-version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-            <dependency>
-                <groupId>com.amazonaws</groupId>
-                <artifactId>aws-java-sdk-core</artifactId>
-                <version>${aws-java-sdk-version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>commons-logging</groupId>
-                        <artifactId>commons-logging</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <modules>
         <module>nifi-aws-processors</module>
         <module>nifi-aws-nar</module>
diff --git a/nifi-registry/nifi-registry-extensions/nifi-registry-aws/pom.xml b/nifi-registry/nifi-registry-extensions/nifi-registry-aws/pom.xml
index f3620feb61e0..3900e33f9203 100644
--- a/nifi-registry/nifi-registry-extensions/nifi-registry-aws/pom.xml
+++ b/nifi-registry/nifi-registry-extensions/nifi-registry-aws/pom.xml
@@ -28,20 +28,4 @@
         <module>nifi-registry-aws-assembly</module>
         <module>nifi-registry-aws-extensions</module>
     </modules>
-
-    <properties>
-        <aws-java-sdk-version>2.5.9</aws-java-sdk-version>
-    </properties>
-
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>software.amazon.awssdk</groupId>
-                <artifactId>bom</artifactId>
-                <version>${aws-java-sdk-version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
 </project>
diff --git a/pom.xml b/pom.xml
index c2832538c8b7..80d07832046c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,6 +104,8 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <inceptionYear>2014</inceptionYear>
+        <com.amazonaws.version>1.12.299</com.amazonaws.version>
+        <software.amazon.awssdk.version>2.17.270</software.amazon.awssdk.version>
         <gson.version>2.9.1</gson.version>
         <kotlin.version>1.7.10</kotlin.version>
         <okhttp.version>4.10.0</okhttp.version>
@@ -516,6 +518,36 @@
                 <artifactId>snakeyaml</artifactId>
                 <version>${snakeyaml.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.amazonaws</groupId>
+                <artifactId>aws-java-sdk-bom</artifactId>
+                <version>${com.amazonaws.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>com.amazonaws</groupId>
+                <artifactId>aws-java-sdk-core</artifactId>
+                <version>${com.amazonaws.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>commons-logging</groupId>
+                        <artifactId>commons-logging</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+            <dependency>
+                <groupId>com.amazonaws</groupId>
+                <artifactId>aws-java-sdk-bundle</artifactId>
+                <version>${com.amazonaws.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>bom</artifactId>
+                <version>${software.amazon.awssdk.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson</groupId>
                 <artifactId>jackson-bom</artifactId>