From 37d0c0c97ed16679760dd87482dbfe35058bb20a Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Tue, 15 Nov 2022 17:14:00 +0100 Subject: [PATCH 1/7] fix: fix plexus dependency version --- pom.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pom.xml b/pom.xml index 58cd4c9..44ac5ff 100644 --- a/pom.xml +++ b/pom.xml @@ -60,6 +60,25 @@ ${spring-security.version} + + org.codehaus.plexus + plexus-utils + 3.3.0 + + + + org.sonatype.plexus + plexus-build-api + 0.0.7 + provided + + + org.codehaus.plexus + plexus-utils + + + + org.openapitools From 2196ac03b167164abc6c7785332d67987bb35047 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Wed, 16 Nov 2022 14:52:09 +0100 Subject: [PATCH 2/7] fix: fix commons-text cve --- pom.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pom.xml b/pom.xml index 44ac5ff..3aeaa40 100644 --- a/pom.xml +++ b/pom.xml @@ -66,6 +66,12 @@ 3.3.0 + + com.github.jknack + handlebars + 4.3.1 + + org.sonatype.plexus plexus-build-api @@ -133,6 +139,11 @@ commons-lang3 3.11 + + org.apache.commons + commons-text + 1.10.0 + org.apache.commons From de03a882d924d5cf178b3f3a569a0a2b64379139 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Thu, 17 Nov 2022 09:27:33 +0100 Subject: [PATCH 3/7] fix: increase timeout for tests --- .../de/caritas/cob/liveservice/StompClientIntegrationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java index 58acad1..f5a6b1c 100644 --- a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java +++ b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java @@ -48,7 +48,7 @@ public abstract class StompClientIntegrationTest extends AbstractJUnit4SpringContextTests { protected static final String SUBSCRIPTION_ENDPOINT = "/user/events"; - protected static final int MESSAGE_TIMEOUT = 5; + protected static final int MESSAGE_TIMEOUT = 8; protected static final String FIRST_VALID_USER = "firstValidUser"; static final String SECOND_VALID_USER = "secondValidUser"; static final String THIRD_VALID_USER = "thirdValidUser"; From 1f1096ae297f057729b482adbea0a3ad2725fb40 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Thu, 17 Nov 2022 09:52:22 +0100 Subject: [PATCH 4/7] fix: change timeout for tests --- .../de/caritas/cob/liveservice/StompClientIntegrationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java index f5a6b1c..816b01c 100644 --- a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java +++ b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java @@ -48,7 +48,7 @@ public abstract class StompClientIntegrationTest extends AbstractJUnit4SpringContextTests { protected static final String SUBSCRIPTION_ENDPOINT = "/user/events"; - protected static final int MESSAGE_TIMEOUT = 8; + protected static final int MESSAGE_TIMEOUT = 2; protected static final String FIRST_VALID_USER = "firstValidUser"; static final String SECOND_VALID_USER = "secondValidUser"; static final String THIRD_VALID_USER = "thirdValidUser"; From 6ff9ff73c9ba303feb953e82d1b4a288266da748 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Thu, 17 Nov 2022 10:02:16 +0100 Subject: [PATCH 5/7] fix: change timeout for tests --- .../de/caritas/cob/liveservice/LiveServiceApplicationIT.java | 5 +++-- .../caritas/cob/liveservice/StompClientIntegrationTest.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java b/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java index c718968..1c0c62c 100644 --- a/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java +++ b/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java @@ -98,10 +98,11 @@ void subscribe_Should_subscribeUser() throws Exception { var stompSession = performConnect(FIRST_VALID_USER); final Subscription subscription = performSubscribe(stompSession); + assertThat(this.socketUserRegistry.retrieveAllUsers(), hasSize(1)); WebSocketUserSession registeredUser = this.socketUserRegistry.retrieveAllUsers().get(0); await() - .atMost(MESSAGE_TIMEOUT, SECONDS) + .atMost(15, SECONDS) .until(registeredUser::getSubscriptionId, notNullValue()); assertThat(registeredUser, notNullValue()); @@ -110,11 +111,11 @@ void subscribe_Should_subscribeUser() throws Exception { assertThat(registeredUser.getSubscriptionId(), notNullValue()); assertThat(subscription.getSubscriptionHeaders().get("destination"), contains(SUBSCRIPTION_ENDPOINT)); - performDisconnect(stompSession); } @Test void disconnect_Should_removeUserFromRegistry() throws Exception { + var stompSession = performConnect(FIRST_VALID_USER); assertThat(this.socketUserRegistry.retrieveAllUsers(), hasSize(1)); diff --git a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java index 816b01c..58acad1 100644 --- a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java +++ b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java @@ -48,7 +48,7 @@ public abstract class StompClientIntegrationTest extends AbstractJUnit4SpringContextTests { protected static final String SUBSCRIPTION_ENDPOINT = "/user/events"; - protected static final int MESSAGE_TIMEOUT = 2; + protected static final int MESSAGE_TIMEOUT = 5; protected static final String FIRST_VALID_USER = "firstValidUser"; static final String SECOND_VALID_USER = "secondValidUser"; static final String THIRD_VALID_USER = "thirdValidUser"; From 4ca879af5668122675013599bde9142bd55f5676 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Thu, 17 Nov 2022 10:17:19 +0100 Subject: [PATCH 6/7] fix: change timeout for tests --- .../de/caritas/cob/liveservice/LiveServiceApplicationIT.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java b/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java index 1c0c62c..24cb2d9 100644 --- a/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java +++ b/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java @@ -188,7 +188,7 @@ void sendLiveEvent_Should_sendVideoDenyRequestMessageEventToUser_When_userIsSubs .andExpect(status().isOk()); await() - .atMost(MESSAGE_TIMEOUT, SECONDS) + .atMost(15, SECONDS) .until(receivedMessages::size, is(1)); var resultMessage = receivedMessages.iterator().next(); assertThat(resultMessage, notNullValue()); From b245e9afc29e882d17ae25a2ea330324e048d3d3 Mon Sep 17 00:00:00 2001 From: tkuzynow Date: Thu, 24 Nov 2022 11:28:22 +0100 Subject: [PATCH 7/7] chore: add trivy sec scanner --- .github/workflows/dockerImage.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/dockerImage.yml b/.github/workflows/dockerImage.yml index f305198..068810f 100644 --- a/.github/workflows/dockerImage.yml +++ b/.github/workflows/dockerImage.yml @@ -61,6 +61,7 @@ jobs: run: | echo "DOCKER_REGISTRY=$(echo "${{ matrix.registry }}/${{ github.repository }}" | awk '{print tolower($0)}')" >> $GITHUB_ENV echo "DOCKER_IMAGE=$(echo "${{ github.repository }}" | awk -F / '{print tolower($2)}')" >> $GITHUB_ENV + echo "REPO_NAME_WITHOUT_PREFIX"=$(echo "${{ github.repository }}" | sed "s/.*\///" | awk -F / '{print tolower($0)}') >> $GITHUB_ENV echo CLEAN_REF=$(echo "${GITHUB_REF_NAME#refs/heads/}") >> $GITHUB_ENV echo TYPE=$(echo -n "${GITHUB_REF_TYPE}") >> $GITHUB_ENV echo TIME_STAMP=$(echo -n "${{ steps.time.outputs.time }}") >> $GITHUB_ENV @@ -94,3 +95,12 @@ jobs: echo "### Publish Docker image :x:" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "- It seems that something has gone wrong" >> $GITHUB_STEP_SUMMARY + - name: Run Trivy vulnerability image scanner + if: ${{ (matrix.registry == 'ghcr.io') }} + uses: aquasecurity/trivy-action@master + with: + image-ref: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}:${{ env.DOCKER_IMAGE_TAG }}' + format: 'table' + exit-code: '1' + vuln-type: 'os,library' + severity: 'CRITICAL'