Merge pull request #63 from contentstack/fix/dx-1018

Fix/dx 1018

README.md

@@ -41,7 +41,7 @@ Or,
 
 To add the Contentstack Android SDK to your existing project manually, perform the steps given below:
 
-1. [Download the Android SDK](https://docs.contentstack.com/platforms/android/android_sdk_latest)
+1. [Download the Android SDK](https://github.com/contentstack/contentstack-android/archive/refs/heads/master.zip)
    and extract the ZIP file to your local disk.
 2. Add references/dependencies using Eclipse/Android Studio:
 

contentstack/build.gradle

@@ -160,10 +160,25 @@ dependencies {
     implementation 'com.github.rjeschke:txtmark:0.12'
     // // Retrofit
     implementation("com.squareup.retrofit2:retrofit:2.9.0")
-    implementation 'com.squareup.retrofit2:converter-gson:2.9.0'
+    implementation 'com.squareup.retrofit2:converter-gson'
     // // OkHttp
-    implementation 'com.squareup.okhttp3:okhttp:4.9.3'
+    implementation 'com.squareup.okhttp3:okhttp'
     // implementation 'com.squareup.okhttp3:logging-interceptor:4.9.3'
+
+    constraints {
+        implementation('com.squareup.retrofit2:converter-gson:2.9.0') {
+            because 'gson 2.8.5 used by retrofit has a vulnerability'
+        }
+        implementation('com.google.code.gson:[email protected]') {
+            because 'gson 2.8.5 used by retrofit has a vulnerability'
+        }
+        implementation('com.squareup.okhttp3:okhttp:4.9.3') {
+            because 'kotlin stdlib 1.4.10 used by okhttp has a vulnerability'
+        }
+        implementation('org.jetbrains.kotlin:[email protected]') {
+            because 'kotlin stdlib 1.4.10 used by okhttp has a vulnerability'
+        }
+    }
 }
 tasks.register('clearJar', Delete) { delete 'build/libs/contentstack.jar' }
 tasks.register('unzip', Copy) {

contentstack/src/main/java/com/contentstack/sdk/Asset.java

@@ -385,8 +385,8 @@ public void fetch(FetchResultCallback callback) {
                 urlQueries.put("environment", headers.get("environment"));
             }
             String mainStringForMD5 = urlEndpoint + new JSONObject().toString() + headers.toString();
-            String md5Value = new SDKUtil().getMD5FromString(mainStringForMD5.trim());
-            File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + md5Value);
+            String shaValue = new SDKUtil().getSHAFromString(mainStringForMD5.trim());
+            File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + shaValue);
 
             switch (cachePolicyForCall) {
                 case IGNORE_CACHE:

contentstack/src/main/java/com/contentstack/sdk/AssetLibrary.java

@@ -215,8 +215,8 @@ public void fetchAll(FetchAssetsCallback assetsCallback) {
                 urlQueries.put("environment", headers.get("environment"));
             }
             String mainStringForMD5 = URL + new JSONObject().toString() + headers.toString();
-            String md5Value = new SDKUtil().getMD5FromString(mainStringForMD5.trim());
-            File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + md5Value);
+            String shaValue = new SDKUtil().getSHAFromString(mainStringForMD5.trim());
+            File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + shaValue);
             switch (cachePolicyForCall) {
                 case IGNORE_CACHE:
                     fetchFromNetwork(URL, urlQueries, headers, cacheFile.getPath(), assetsCallback);

contentstack/src/main/java/com/contentstack/sdk/Entry.java

@@ -1087,9 +1087,9 @@ public void fetch(EntryResultCallBack callBack) {
                 }
 
                 String mainStringForMD5 = URL + new JSONObject().toString() + headerAll.toString();
-                String md5Value = new SDKUtil().getMD5FromString(mainStringForMD5.trim());
+                String shaValue = new SDKUtil().getSHAFromString(mainStringForMD5.trim());
 
-                File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + md5Value);
+                File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + shaValue);
 
 
                 switch (cachePolicyForCall) {

contentstack/src/main/java/com/contentstack/sdk/Query.java

@@ -1595,8 +1595,8 @@ protected void execQuery(SingleQueryResultCallback callBack, QueryResultsCallBac
                 mainJSON.put("query", urlQueries);
                 mainJSON.put("_method", SDKConstant.RequestMethod.GET.toString());
                 String mainStringForMD5 = URL + mainJSON.toString() + headers.toString();
-                String md5Value = new SDKUtil().getMD5FromString(mainStringForMD5.trim());
-                File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + md5Value);
+                String shaValue = new SDKUtil().getSHAFromString(mainStringForMD5.trim());
+                File cacheFile = new File(SDKConstant.cacheFolderName + File.separator + shaValue);
                 CachePolicy cachePolicy = CachePolicy.NETWORK_ONLY;//contentTypeInstance.stackInstance.globalCachePolicyForCall;
                 if (cachePolicyForCall != null) {
                     cachePolicy = cachePolicyForCall;

contentstack/src/main/java/com/contentstack/sdk/SDKUtil.java

@@ -134,15 +134,15 @@ public static JSONObject getJsonFromCacheFile(File file) {
      * To encrypt given value.
      *
      * @param value string
-     * @return MD5 value
+     * @return SHA-256 value
      */
-    public String getMD5FromString(String value) {
+    public String getSHAFromString(String value) {
         String output;
         output = value.toString().trim();
         if (value.length() > 0) {
             try {
                 // Create MD5 Hash
-                MessageDigest digest = java.security.MessageDigest.getInstance("MD5");
+                MessageDigest digest = java.security.MessageDigest.getInstance("SHA-256");
                 digest.reset();
                 digest.update(output.getBytes());
                 byte messageDigest[] = digest.digest();