fix all vulnerabilities in the production code (#817)

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>

lib/util/bundletool.js

@@ -1,7 +1,10 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var cp = require('child_process')
 var fs = require('fs')
 var path = require('path')
-var request = require('request')
 
 var Promise = require('bluebird')
 var yauzl = require('yauzl')

lib/util/download.js

@@ -1,7 +1,11 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var fs = require('fs')
 
 var Promise = require('bluebird')
-var request = require('request')
+var request = require('@cypress/request')
 var progress = require('request-progress')
 var temp = require('temp')
 

lib/util/requtil.js

@@ -1,3 +1,7 @@
+/**
+* Copyright © 2024 contains code contributed by Orange SA, authors: Denis Barbaron - Licensed under the Apache license 2.0
+**/
+
 var util = require('util')
 
 var Promise = require('bluebird')
@@ -11,14 +15,28 @@ function ValidationError(message, errors) {
 
 util.inherits(ValidationError, Error)
 
+const {body, validationResult} = require('express-validator')
+module.exports.validators = {
+  mockLoginValidator: [
+    body('name', 'Invalid name').not().isEmpty()
+  , body('email', 'Invalid email').isEmail()
+  ]
+, ldapLoginValidator: [
+    body('username', 'Invalid username').not().isEmpty()
+  , body('password', 'Invalid password').not().isEmpty()
+  ]
+, tempUrlValidator: [
+    body('url', 'Invalid url').not().isEmpty()
+  ]
+}
+
 module.exports.ValidationError = ValidationError
 
-module.exports.validate = function(req, rules) {
+module.exports.validate = function(req) {
   return new Promise(function(resolve, reject) {
-    rules()
+    const errors = validationResult(req)
 
-    var errors = req.validationErrors()
-    if (!errors) {
+    if (errors.isEmpty()) {
       resolve()
     }
     else {