Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: migrating report generator on Java scheduled job #16

Open
wants to merge 24 commits into
base: main
Choose a base branch
from

Conversation

andrea-deri
Copy link
Contributor

List of Changes

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@andrea-deri andrea-deri self-assigned this Jan 13, 2025
Copy link

This pull request does not contain a valid label. Please add one of the following labels: [patch, ignore-for-release]

Copy link

The default action is to increase the PATCH number of SEMVER. Set IGNORE-FOR-RELEASE if you want to skip SEMVER bump. BREAKING-CHANGE and NEW-RELEASE must be run from GH Actions section manually.

Copy link

The default action is to increase the PATCH number of SEMVER. Set IGNORE-FOR-RELEASE if you want to skip SEMVER bump. BREAKING-CHANGE and NEW-RELEASE must be run from GH Actions section manually.


public void generateDailyReport(String day) {

log.info("[Report Generation][Start] Started report generation for {}.", day);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.

Copilot Autofix AI 4 days ago

To fix the log injection issue, we need to sanitize the day parameter before using it in log messages. Specifically, we should remove any new-line characters and other potentially harmful characters from the day parameter. This can be done using the replaceAll method to replace any non-alphanumeric characters with an empty string.

The best way to fix the problem without changing existing functionality is to sanitize the day parameter in the generateDailyReport, generateWeeklyReport, and generateMonthlyReport methods before logging it. This ensures that any potentially harmful characters are removed before the parameter is used in log messages.

Suggested changeset 1
src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
--- a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
+++ b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
@@ -118,3 +118,3 @@
     public void generateDailyReport(String day) {
-
+        day = day.replaceAll("[^\\w-]", "");
         log.info("[Report Generation][Start] Started report generation for {}.", day);
@@ -200,3 +200,3 @@
     public void generateWeeklyReport(String dayOfThisWeek) {
-
+        dayOfThisWeek = dayOfThisWeek.replaceAll("[^\\w-]", "");
         log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
@@ -208,3 +208,3 @@
     public void generateMonthlyReport(String dayOfThisMonth) {
-
+        dayOfThisMonth = dayOfThisMonth.replaceAll("[^\\w-]", "");
         log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
EOF
@@ -118,3 +118,3 @@
public void generateDailyReport(String day) {

day = day.replaceAll("[^\\w-]", "");
log.info("[Report Generation][Start] Started report generation for {}.", day);
@@ -200,3 +200,3 @@
public void generateWeeklyReport(String dayOfThisWeek) {

dayOfThisWeek = dayOfThisWeek.replaceAll("[^\\w-]", "");
log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
@@ -208,3 +208,3 @@
public void generateMonthlyReport(String dayOfThisMonth) {

dayOfThisMonth = dayOfThisMonth.replaceAll("[^\\w-]", "");
log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
pairs.forEach((sessionId, businessProcess) -> rptStats.addNotCompletedTriggeredPrimitives(businessProcess.replace("-", "_")));

reportRepository.save(reportMapper.toEntity(rptStats));
log.info("[Report Generation][End ] Ended report generation for {}.", day);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.

Copilot Autofix AI 4 days ago

To fix the log injection issue, we need to sanitize the day parameter before logging it. Since the day parameter is expected to be a date in the format yyyy-MM-dd, we can validate it using a regular expression to ensure it matches the expected format. This will prevent any malicious input from being logged.

  1. Add a method to validate the day parameter using a regular expression.
  2. Use this method to validate the day parameter before logging it in the generateDailyReport, generateWeeklyReport, and generateMonthlyReport methods.
Suggested changeset 1
src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
--- a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
+++ b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
@@ -25,2 +25,6 @@
 @Slf4j
+
+private boolean isValidDate(String date) {
+    return date != null && date.matches("\\d{4}-\\d{2}-\\d{2}");
+}
 @RequiredArgsConstructor
@@ -119,2 +123,6 @@
 
+        if (!isValidDate(day)) {
+            log.warn("[Report Generation][Start] Invalid date format for day: {}", day);
+            return;
+        }
         log.info("[Report Generation][Start] Started report generation for {}.", day);
@@ -201,2 +209,6 @@
 
+        if (!isValidDate(dayOfThisWeek)) {
+            log.warn("[Report Generation][Start] Invalid date format for day: {}", dayOfThisWeek);
+            return;
+        }
         log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
@@ -209,2 +221,6 @@
 
+        if (!isValidDate(dayOfThisMonth)) {
+            log.warn("[Report Generation][Start] Invalid date format for day: {}", dayOfThisMonth);
+            return;
+        }
         log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
EOF
@@ -25,2 +25,6 @@
@Slf4j

private boolean isValidDate(String date) {
return date != null && date.matches("\\d{4}-\\d{2}-\\d{2}");
}
@RequiredArgsConstructor
@@ -119,2 +123,6 @@

if (!isValidDate(day)) {
log.warn("[Report Generation][Start] Invalid date format for day: {}", day);
return;
}
log.info("[Report Generation][Start] Started report generation for {}.", day);
@@ -201,2 +209,6 @@

if (!isValidDate(dayOfThisWeek)) {
log.warn("[Report Generation][Start] Invalid date format for day: {}", dayOfThisWeek);
return;
}
log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
@@ -209,2 +221,6 @@

if (!isValidDate(dayOfThisMonth)) {
log.warn("[Report Generation][Start] Invalid date format for day: {}", dayOfThisMonth);
return;
}
log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options

public void generateWeeklyReport(String dayOfThisWeek) {

log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.

Copilot Autofix AI 4 days ago

To fix the log injection issue, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the dayOfThisWeek parameter to prevent log forging. Additionally, we should ensure that the input is clearly marked in the log entry to avoid confusion.

The best way to fix this problem is to use the String.replace method to remove newline characters from the dayOfThisWeek parameter before logging it. This can be done in the generateWeeklyReport method of the ReportGenerationService class.

Suggested changeset 1
src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
--- a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
+++ b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
@@ -201,6 +201,7 @@
 
-        log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
-        String yesterday = CommonUtility.getYesterday(dayOfThisWeek);
+        String sanitizedDayOfThisWeek = dayOfThisWeek.replace("\n", "").replace("\r", "");
+        log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", sanitizedDayOfThisWeek);
+        String yesterday = CommonUtility.getYesterday(sanitizedDayOfThisWeek);
         mergeMultipleReports(CommonUtility.getWeekInDate(yesterday), ReportType.WEEKLY);
-        log.info("[Report Generation][End  ] Ended monthly report generation for week that includes day {}.", dayOfThisWeek);
+        log.info("[Report Generation][End  ] Ended monthly report generation for week that includes day {}.", sanitizedDayOfThisWeek);
     }
EOF
@@ -201,6 +201,7 @@

log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
String yesterday = CommonUtility.getYesterday(dayOfThisWeek);
String sanitizedDayOfThisWeek = dayOfThisWeek.replace("\n", "").replace("\r", "");
log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", sanitizedDayOfThisWeek);
String yesterday = CommonUtility.getYesterday(sanitizedDayOfThisWeek);
mergeMultipleReports(CommonUtility.getWeekInDate(yesterday), ReportType.WEEKLY);
log.info("[Report Generation][End ] Ended monthly report generation for week that includes day {}.", dayOfThisWeek);
log.info("[Report Generation][End ] Ended monthly report generation for week that includes day {}.", sanitizedDayOfThisWeek);
}
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
String yesterday = CommonUtility.getYesterday(dayOfThisWeek);
mergeMultipleReports(CommonUtility.getWeekInDate(yesterday), ReportType.WEEKLY);
log.info("[Report Generation][End ] Ended monthly report generation for week that includes day {}.", dayOfThisWeek);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.

Copilot Autofix AI 4 days ago

To fix the log injection issue, we need to sanitize the user-provided input before logging it. Specifically, we should remove any newline characters or other potentially harmful characters from the input. This can be done using the String.replace method to replace newline characters with an empty string. Additionally, we should ensure that the input is clearly marked in the log entries to prevent any confusion.

Suggested changeset 1
src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
--- a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
+++ b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
@@ -196,3 +196,4 @@
         reportRepository.save(reportMapper.toEntity(rptStats));
-        log.info("[Report Generation][End  ] Ended report generation for {}.", day);
+        String sanitizedDay = day.replace("\n", "").replace("\r", "");
+        log.info("[Report Generation][End  ] Ended report generation for {}.", sanitizedDay);
     }
@@ -201,6 +202,7 @@
 
-        log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
-        String yesterday = CommonUtility.getYesterday(dayOfThisWeek);
+        String sanitizedDayOfThisWeek = dayOfThisWeek.replace("\n", "").replace("\r", "");
+        log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", sanitizedDayOfThisWeek);
+        String yesterday = CommonUtility.getYesterday(sanitizedDayOfThisWeek);
         mergeMultipleReports(CommonUtility.getWeekInDate(yesterday), ReportType.WEEKLY);
-        log.info("[Report Generation][End  ] Ended monthly report generation for week that includes day {}.", dayOfThisWeek);
+        log.info("[Report Generation][End  ] Ended monthly report generation for week that includes day {}.", sanitizedDayOfThisWeek);
     }
@@ -209,6 +211,7 @@
 
-        log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
-        String yesterday = CommonUtility.getYesterday(dayOfThisMonth);
+        String sanitizedDayOfThisMonth = dayOfThisMonth.replace("\n", "").replace("\r", "");
+        log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", sanitizedDayOfThisMonth);
+        String yesterday = CommonUtility.getYesterday(sanitizedDayOfThisMonth);
         mergeMultipleReports(CommonUtility.getMonthInDate(yesterday), ReportType.MONTHLY);
-        log.info("[Report Generation][End  ] Ended monthly report generation for month that includes day {}.", dayOfThisMonth);
+        log.info("[Report Generation][End  ] Ended monthly report generation for month that includes day {}.", sanitizedDayOfThisMonth);
     }
EOF
@@ -196,3 +196,4 @@
reportRepository.save(reportMapper.toEntity(rptStats));
log.info("[Report Generation][End ] Ended report generation for {}.", day);
String sanitizedDay = day.replace("\n", "").replace("\r", "");
log.info("[Report Generation][End ] Ended report generation for {}.", sanitizedDay);
}
@@ -201,6 +202,7 @@

log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", dayOfThisWeek);
String yesterday = CommonUtility.getYesterday(dayOfThisWeek);
String sanitizedDayOfThisWeek = dayOfThisWeek.replace("\n", "").replace("\r", "");
log.info("[Report Generation][Start] Started weekly report generation for week previous than day {}.", sanitizedDayOfThisWeek);
String yesterday = CommonUtility.getYesterday(sanitizedDayOfThisWeek);
mergeMultipleReports(CommonUtility.getWeekInDate(yesterday), ReportType.WEEKLY);
log.info("[Report Generation][End ] Ended monthly report generation for week that includes day {}.", dayOfThisWeek);
log.info("[Report Generation][End ] Ended monthly report generation for week that includes day {}.", sanitizedDayOfThisWeek);
}
@@ -209,6 +211,7 @@

log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
String yesterday = CommonUtility.getYesterday(dayOfThisMonth);
String sanitizedDayOfThisMonth = dayOfThisMonth.replace("\n", "").replace("\r", "");
log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", sanitizedDayOfThisMonth);
String yesterday = CommonUtility.getYesterday(sanitizedDayOfThisMonth);
mergeMultipleReports(CommonUtility.getMonthInDate(yesterday), ReportType.MONTHLY);
log.info("[Report Generation][End ] Ended monthly report generation for month that includes day {}.", dayOfThisMonth);
log.info("[Report Generation][End ] Ended monthly report generation for month that includes day {}.", sanitizedDayOfThisMonth);
}
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options

public void generateMonthlyReport(String dayOfThisMonth) {

log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.

Copilot Autofix AI 4 days ago

To fix the log injection issue, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the user input to prevent log forgery. Additionally, we should ensure that the input conforms to the expected date format.

The best way to fix this problem is to sanitize the dayOfThisMonth parameter in the generateMonthlyReport method of the ReportGenerationService class. We can use the replace method to remove any newline characters from the input.

Suggested changeset 1
src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
--- a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
+++ b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
@@ -209,6 +209,7 @@
 
-        log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
-        String yesterday = CommonUtility.getYesterday(dayOfThisMonth);
+        String sanitizedDay = dayOfThisMonth.replace("\n", "").replace("\r", "");
+        log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", sanitizedDay);
+        String yesterday = CommonUtility.getYesterday(sanitizedDay);
         mergeMultipleReports(CommonUtility.getMonthInDate(yesterday), ReportType.MONTHLY);
-        log.info("[Report Generation][End  ] Ended monthly report generation for month that includes day {}.", dayOfThisMonth);
+        log.info("[Report Generation][End  ] Ended monthly report generation for month that includes day {}.", sanitizedDay);
     }
EOF
@@ -209,6 +209,7 @@

log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
String yesterday = CommonUtility.getYesterday(dayOfThisMonth);
String sanitizedDay = dayOfThisMonth.replace("\n", "").replace("\r", "");
log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", sanitizedDay);
String yesterday = CommonUtility.getYesterday(sanitizedDay);
mergeMultipleReports(CommonUtility.getMonthInDate(yesterday), ReportType.MONTHLY);
log.info("[Report Generation][End ] Ended monthly report generation for month that includes day {}.", dayOfThisMonth);
log.info("[Report Generation][End ] Ended monthly report generation for month that includes day {}.", sanitizedDay);
}
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
String yesterday = CommonUtility.getYesterday(dayOfThisMonth);
mergeMultipleReports(CommonUtility.getMonthInDate(yesterday), ReportType.MONTHLY);
log.info("[Report Generation][End ] Ended monthly report generation for month that includes day {}.", dayOfThisMonth);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.

Copilot Autofix AI 4 days ago

To fix the log injection issue, we need to sanitize the user input before logging it. Since the input is expected to be a date, we can ensure it matches the expected date format (yyyy-MM-dd). If the input does not match the expected format, we can log a sanitized version or an error message.

The best way to fix this problem without changing existing functionality is to use a regular expression to validate the date format and replace any invalid characters. We will update the generateMonthlyReport method in the ReportGenerationService class to include this validation and sanitization.

Suggested changeset 1
src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
--- a/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
+++ b/src/main/java/it/gov/pagopa/wispconverter/technicalsupport/service/ReportGenerationService.java
@@ -209,2 +209,7 @@
 
+        if (!dayOfThisMonth.matches("\\d{4}-\\d{2}-\\d{2}")) {
+            log.warn("[Report Generation][Start] Invalid date format for day: {}. Expected format: yyyy-MM-dd", dayOfThisMonth.replaceAll("[\r\n]", ""));
+            return;
+        }
+
         log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
EOF
@@ -209,2 +209,7 @@

if (!dayOfThisMonth.matches("\\d{4}-\\d{2}-\\d{2}")) {
log.warn("[Report Generation][Start] Invalid date format for day: {}. Expected format: yyyy-MM-dd", dayOfThisMonth.replaceAll("[\r\n]", ""));
return;
}

log.info("[Report Generation][Start] Started monthly report generation for month previous than day {}.", dayOfThisMonth);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link

This PR exceeds the recommended size of 400 lines. Please make sure you are NOT addressing multiple issues with one PR. Note this PR might be rejected due to its size.

Copy link

Comment this PR with update_code to format the code. Consider to use pre-commit to format the code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants