From 0a4e9be259af0125c44394cb0e1463f85d1c7930 Mon Sep 17 00:00:00 2001
From: Lukasz Woznicki <lukasz.woznicki@softwareag.com>
Date: Thu, 10 Feb 2022 00:08:29 +0000
Subject: Use 'time' instead of 'chrono' due to CVE for c8y_smartrest  and all
 dependent crates

Signed-off-by: Lukasz Woznicki <lukasz.woznicki@softwareag.com>
---
 crates/core/tedge_mapper/Cargo.toml                      |  2 ++
 crates/core/tedge_mapper/src/sm_c8y_mapper/error.rs      |  9 ++++++---
 crates/core/tedge_mapper/src/sm_c8y_mapper/http_proxy.rs | 10 ++++++----
 crates/core/tedge_mapper/src/sm_c8y_mapper/mapper.rs     |  7 +++----
 4 files changed, 17 insertions(+), 11 deletions(-)

(limited to 'crates/core/tedge_mapper')

diff --git a/crates/core/tedge_mapper/Cargo.toml b/crates/core/tedge_mapper/Cargo.toml
index f6da873c..c1a13215 100644
--- a/crates/core/tedge_mapper/Cargo.toml
+++ b/crates/core/tedge_mapper/Cargo.toml
@@ -49,6 +49,7 @@ tedge_users = { path = "../../common/tedge_users" }
 tedge_utils = { path = "../../common/tedge_utils", features = ["logging"] }
 thin_edge_json = { path = "../thin_edge_json" }
 thiserror = "1.0"
+time = "0.3"
 tokio = { version = "1.8", features = ["rt", "sync", "time"] }
 toml = "0.5"
 tracing = { version = "0.1", features = ["attributes", "log"] }
@@ -62,6 +63,7 @@ serde_json = "1.0"
 serial_test = "0.5"
 tempfile = "3.2"
 test-case = "1.2"
+time = { version = "0.3", features = ["macros"] }
 tokio-test = "0.4"
 
 [features]
diff --git a/crates/core/tedge_mapper/src/sm_c8y_mapper/error.rs b/crates/core/tedge_mapper/src/sm_c8y_mapper/error.rs
index 9678a549..e3d96cab 100644
--- a/crates/core/tedge_mapper/src/sm_c8y_mapper/error.rs
+++ b/crates/core/tedge_mapper/src/sm_c8y_mapper/error.rs
@@ -29,15 +29,18 @@ pub enum SMCumulocityMapperError {
     #[error(transparent)]
     FromTedgeConfig(#[from] tedge_config::ConfigSettingError),
 
+    #[error(transparent)]
+    FromTimeFormat(#[from] time::error::Format),
+
+    #[error(transparent)]
+    FromTimeParse(#[from] time::error::Parse),
+
     #[error("Invalid date in file name: {0}")]
     InvalidDateInFileName(String),
 
     #[error("Invalid path. Not UTF-8.")]
     InvalidUtf8Path,
 
-    #[error(transparent)]
-    FromChronoParse(#[from] chrono::ParseError),
-
     #[error(transparent)]
     FromIo(#[from] std::io::Error),
 
diff --git a/crates/core/tedge_mapper/src/sm_c8y_mapper/http_proxy.rs b/crates/core/tedge_mapper/src/sm_c8y_mapper/http_proxy.rs
index cababb50..4013bc0a 100644
--- a/crates/core/tedge_mapper/src/sm_c8y_mapper/http_proxy.rs
+++ b/crates/core/tedge_mapper/src/sm_c8y_mapper/http_proxy.rs
@@ -5,7 +5,6 @@ use crate::sm_c8y_mapper::json_c8y::{
 use crate::sm_c8y_mapper::mapper::SmartRestLogEvent;
 use async_trait::async_trait;
 use c8y_smartrest::smartrest_deserializer::SmartRestJwtResponse;
-use chrono::{DateTime, Local};
 use mqtt_channel::{Connection, PubChannel, StreamExt, Topic, TopicFilter};
 use reqwest::Url;
 use std::time::Duration;
@@ -13,6 +12,7 @@ use tedge_config::{
     C8yUrlSetting, ConfigSettingAccessor, ConfigSettingAccessorStringExt, DeviceIdSetting,
     MqttPortSetting, TEdgeConfig,
 };
+use time::{format_description, OffsetDateTime};
 use tracing::{error, info, instrument};
 
 const RETRY_TIMEOUT_SECS: u64 = 60;
@@ -200,16 +200,18 @@ impl JwtAuthHttpProxy {
     /// Make a POST request to /event/events and return the event id from response body.
     /// The event id is used to upload the binary.
     fn create_log_event(&self) -> C8yCreateEvent {
-        let local: DateTime<Local> = Local::now();
+        let local = OffsetDateTime::now_utc();
 
         let c8y_managed_object = C8yManagedObject {
             id: self.end_point.c8y_internal_id.clone(),
         };
 
         C8yCreateEvent::new(
-            c8y_managed_object.to_owned(),
+            c8y_managed_object,
             "c8y_Logfile",
-            &local.format("%Y-%m-%dT%H:%M:%SZ").to_string(),
+            &local
+                .format(&format_description::well_known::Rfc3339)
+                .unwrap(),
             "software-management",
         )
     }
diff --git a/crates/core/tedge_mapper/src/sm_c8y_mapper/mapper.rs b/crates/core/tedge_mapper/src/sm_c8y_mapper/mapper.rs
index 88077a09..251e0f90 100644
--- a/crates/core/tedge_mapper/src/sm_c8y_mapper/mapper.rs
+++ b/crates/core/tedge_mapper/src/sm_c8y_mapper/mapper.rs
@@ -25,14 +25,13 @@ use c8y_smartrest::{
         SmartRestSetSupportedLogType,
     },
 };
-use chrono::{DateTime, FixedOffset};
 use download::{Auth, DownloadInfo};
 use mqtt_channel::{Config, Connection, MqttError, SinkExt, StreamExt, Topic, TopicFilter};
 use serde::{Deserialize, Serialize};
 use std::path::PathBuf;
-
 use std::{convert::TryInto, process::Stdio};
 use tedge_config::{ConfigSettingAccessor, MqttPortSetting, TEdgeConfig};
+use time::{format_description, OffsetDateTime};
 use tracing::{debug, error, info, instrument};
 
 const AGENT_LOG_DIR: &str = "/var/log/tedge/agent";
@@ -502,7 +501,7 @@ pub struct SmartRestLogEvent {
 /// ```
 fn get_datetime_from_file_path(
     log_path: &PathBuf,
-) -> Result<DateTime<FixedOffset>, SMCumulocityMapperError> {
+) -> Result<OffsetDateTime, SMCumulocityMapperError> {
     if let Some(stem_string) = log_path.file_stem().and_then(|s| s.to_str()) {
         // a typical file stem looks like this: software-list-2021-10-27T10:29:58Z.
         // to extract the date, rsplit string on "-" and take (last) 3
@@ -511,7 +510,7 @@ fn get_datetime_from_file_path(
         stem_string_vec.reverse();
         // join on '-' to get the date string
         let date_string = stem_string_vec.join("-");
-        let dt = DateTime::parse_from_rfc3339(&date_string)?;
+        let dt = OffsetDateTime::parse(&date_string, &format_description::well_known::Rfc3339)?;
 
         return Ok(dt);
     }
-- 
cgit v1.2.3