Merge pull request #135 from Onlineberatung/VIC-1849-fix-critical-cves

fix: fix critical cves

pom.xml

@@ -27,7 +27,7 @@
     <keycloak.version>17.0.0</keycloak.version>
     <!-- force at least version 2.16 due to https://logging.apache.org/log4j/2.x/security.html -->
     <log4j.version>2.17.1</log4j.version>
-    <openapi.generator.maven.version>6.2.0</openapi.generator.maven.version>
+    <openapi.generator.maven.version>6.2.1</openapi.generator.maven.version>
     <hibernate-search-orm.version>5.11.10.Final</hibernate-search-orm.version>
     <jackson-databind-nullable.version>0.2.3</jackson-databind-nullable.version>
     <javax.ws.rs-api.version>2.1.1</javax.ws.rs-api.version>
@@ -70,6 +70,11 @@
       <artifactId>spring-boot-starter-validation</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-config</artifactId>
+      <version>${spring-security-core.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.springframework.security</groupId>
       <artifactId>spring-security-core</artifactId>
@@ -94,13 +99,31 @@
       <artifactId>jackson-databind-nullable</artifactId>
       <version>${jackson-databind-nullable.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-utils</artifactId>
+      <version>3.3.0</version>
+    </dependency>
     <!-- SpringFox: generate YAML file from POJOs and generate documentation -->
     <dependency>
       <groupId>io.springfox</groupId>
       <artifactId>springfox-boot-starter</artifactId>
       <version>${springfox-boot-starter.version}</version>
     </dependency>
 
+    <dependency>
+      <groupId>org.sonatype.plexus</groupId>
+      <artifactId>plexus-build-api</artifactId>
+      <version>0.0.7</version>
+      <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-utils</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+
     <!-- Keycloak dependencies -->
     <dependency>
       <groupId>org.keycloak</groupId>

src/test/java/de/caritas/cob/agencyservice/api/admin/hallink/AgencyLinksBuilderTest.java

@@ -28,19 +28,19 @@ void buildAgencyLinks_Should_returnAgencyLinks_When_AgencyIsSet() {
     assertThat(agencyLinks.getSelf(), notNullValue());
     assertThat(agencyLinks.getSelf().getMethod(), is(MethodEnum.GET));
     assertThat(agencyLinks.getSelf().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies/%s", agency.getId())));
+        is(String.format("/agencyadmin/agencies/%s", agency.getId())));
     assertThat(agencyLinks.getDelete(), notNullValue());
     assertThat(agencyLinks.getDelete().getMethod(), is(MethodEnum.DELETE));
     assertThat(agencyLinks.getDelete().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies/%s", agency.getId())));
+        is(String.format("/agencyadmin/agencies/%s", agency.getId())));
     assertThat(agencyLinks.getUpdate(), notNullValue());
     assertThat(agencyLinks.getUpdate().getMethod(), is(MethodEnum.PUT));
     assertThat(agencyLinks.getUpdate().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies/%s", agency.getId())));
+        is(String.format("/agencyadmin/agencies/%s", agency.getId())));
     assertThat(agencyLinks.getPostcodeRanges(), notNullValue());
     assertThat(agencyLinks.getPostcodeRanges().getMethod(), is(MethodEnum.GET));
     assertThat(agencyLinks.getPostcodeRanges().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/postcoderanges/%s", agency.getId())));
+        is(String.format("/agencyadmin/postcoderanges/%s", agency.getId())));
   }
 
   @Test

src/test/java/de/caritas/cob/agencyservice/api/admin/hallink/DiocesePaginationLinkBuilderTest.java

@@ -26,15 +26,15 @@ void buildPaginationLinks_Should_returnPaginationLinks_When_allParametersAreSet(
     assertThat(paginationLinks.getSelf(), notNullValue());
     assertThat(paginationLinks.getSelf().getMethod(), is(MethodEnum.GET));
     assertThat(paginationLinks.getSelf().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=2&perPage=20"));
+        is("/agencyadmin/dioceses?page=2&perPage=20"));
     assertThat(paginationLinks.getPrevious(), notNullValue());
     assertThat(paginationLinks.getPrevious().getMethod(), is(MethodEnum.GET));
     assertThat(paginationLinks.getPrevious().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=1&perPage=20"));
+        is("/agencyadmin/dioceses?page=1&perPage=20"));
     assertThat(paginationLinks.getNext(), notNullValue());
     assertThat(paginationLinks.getNext().getMethod(), is(MethodEnum.GET));
     assertThat(paginationLinks.getNext().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=3&perPage=20"));
+        is("/agencyadmin/dioceses?page=3&perPage=20"));
   }
 
   @Test
@@ -47,7 +47,7 @@ void buildPaginationLinks_Should_havePreviousLink_When_currentPageIsNotTheFirst(
 
     assertThat(paginationLinks.getPrevious(), notNullValue());
     assertThat(paginationLinks.getPrevious().getHref(),
-        endsWith("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=1&perPage=20"));
+        endsWith("/agencyadmin/dioceses?page=1&perPage=20"));
   }
 
   @Test
@@ -71,7 +71,7 @@ void buildPaginationLinks_Should_haveNextLink_When_currentPageIsNotTheLast() {
 
     assertThat(paginationLinks.getNext(), notNullValue());
     assertThat(paginationLinks.getNext().getHref(),
-        endsWith("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=3&perPage=20"));
+        endsWith("/agencyadmin/dioceses?page=3&perPage=20"));
   }
 
   @Test
@@ -94,7 +94,7 @@ void buildPaginationLinks_Should_returnSelfLink() {
 
     assertThat(paginationLinks, notNullValue());
     assertThat(paginationLinks.getSelf().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=1&perPage=20"));
+        is("/agencyadmin/dioceses?page=1&perPage=20"));
   }
 
   @Test
@@ -104,6 +104,6 @@ void buildPaginationLinks_Should_returnDefaultPaginationValues_When_noParameters
 
     assertThat(paginationLinks, notNullValue());
     assertThat(paginationLinks.getSelf().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=1&perPage=20"));
+        is("/agencyadmin/dioceses?page=1&perPage=20"));
   }
 }

src/test/java/de/caritas/cob/agencyservice/api/admin/hallink/RootDTOBuilderTest.java

@@ -22,17 +22,17 @@ void buildRootDTO_Should_returnRootDTOWithHalLinks() {
     assertThat(rootLinks, notNullValue());
     assertThat(rootLinks.getAgencies(), notNullValue());
     assertThat(rootLinks.getAgencies().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=1&perPage=20{&q}"));
+        is("/agencyadmin/agencies?page=1&perPage=20{&q}"));
     assertThat(rootLinks.getAgencies().getMethod(), is(MethodEnum.GET));
-    assertThat(rootLinks.getSelf().getHref(), is("/${openapi.willBeReplaced.base-path}/agencyadmin"));
+    assertThat(rootLinks.getSelf().getHref(), is("/agencyadmin"));
     assertThat(rootLinks.getSelf().getMethod(), is(MethodEnum.GET));
     assertThat(rootLinks.getAgencypostcodes(), notNullValue());
     assertThat(rootLinks.getAgencypostcodes().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/postcoderanges/{agencyId}"));
+        is("/agencyadmin/postcoderanges/{agencyId}"));
     assertThat(rootLinks.getAgencypostcodes().getMethod(), is(MethodEnum.GET));
     assertThat(rootLinks.getDioceses(), notNullValue());
     assertThat(rootLinks.getDioceses().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/dioceses?page=1&perPage=20"));
+        is("/agencyadmin/dioceses?page=1&perPage=20"));
     assertThat(rootLinks.getAgencypostcodes().getMethod(), is(MethodEnum.GET));
   }
 

src/test/java/de/caritas/cob/agencyservice/api/admin/hallink/SearchResultLinkBuilderTest.java

@@ -27,19 +27,19 @@ void buildSearchResultLinks_Should_returnSearchResultLinks_When_allParametersAre
     assertThat(searchResultLinks.getSelf(), notNullValue());
     assertThat(searchResultLinks.getSelf().getMethod(), is(MethodEnum.GET));
     assertThat(searchResultLinks.getSelf().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=2&perPage=20&q=keyword"));
+        is("/agencyadmin/agencies?page=2&perPage=20&q=keyword"));
     assertThat(searchResultLinks.getPrevious(), notNullValue());
     assertThat(searchResultLinks.getPrevious().getMethod(), is(MethodEnum.GET));
     assertThat(searchResultLinks.getPrevious().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=1&perPage=20&q=keyword"));
+        is("/agencyadmin/agencies?page=1&perPage=20&q=keyword"));
     assertThat(searchResultLinks.getNext(), notNullValue());
     assertThat(searchResultLinks.getNext().getMethod(), is(MethodEnum.GET));
     assertThat(searchResultLinks.getNext().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=3&perPage=20&q=keyword"));
+        is("/agencyadmin/agencies?page=3&perPage=20&q=keyword"));
     assertThat(searchResultLinks.getSearch(), notNullValue());
     assertThat(searchResultLinks.getSearch().getMethod(), is(MethodEnum.GET));
     assertThat(searchResultLinks.getSearch().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=2&perPage=20{&q}"));
+        is("/agencyadmin/agencies?page=2&perPage=20{&q}"));
   }
 
   @Test
@@ -53,7 +53,7 @@ void buildAgencyAdminSearchResult_Should_havePreviousLink_When_currentPageIsNotT
 
     assertThat(searchResultLinks.getPrevious(), notNullValue());
     assertThat(searchResultLinks.getPrevious().getHref(),
-        endsWith("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=1&perPage=20&q=keyword"));
+        endsWith("/agencyadmin/agencies?page=1&perPage=20&q=keyword"));
   }
 
   @Test
@@ -79,7 +79,7 @@ void buildAgencyAdminSearchResult_Should_haveNextLink_When_currentPageIsNotTheLa
 
     assertThat(searchResultLinks.getNext(), notNullValue());
     assertThat(searchResultLinks.getNext().getHref(),
-        endsWith("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=3&perPage=20&q=keyword"));
+        endsWith("/agencyadmin/agencies?page=3&perPage=20&q=keyword"));
   }
 
   @Test
@@ -103,7 +103,7 @@ void buildSearchResultLinks_Should_returnPlaceHolderSelfLink_When_keywordIsNotSe
 
     assertThat(searchResultLinks, notNullValue());
     assertThat(searchResultLinks.getSelf().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=1&perPage=20{&q}"));
+        is("/agencyadmin/agencies?page=1&perPage=20{&q}"));
   }
 
   @Test
@@ -113,7 +113,7 @@ void buildSearchResultLinks_Should_returnDefaultPaginationValues_When_noParamete
 
     assertThat(searchResultLinks, notNullValue());
     assertThat(searchResultLinks.getSelf().getHref(),
-        is("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies?page=1&perPage=20{&q}"));
+        is("/agencyadmin/agencies?page=1&perPage=20{&q}"));
   }
 
 }

src/test/java/de/caritas/cob/agencyservice/api/admin/service/agency/AgencyAdminFullResponseDTOBuilderTest.java

@@ -97,19 +97,19 @@ void fromAgency_Should_Return_ValidHalLinks() {
     assertThat(agencyLinks.getSelf(), notNullValue());
     assertThat(agencyLinks.getSelf().getMethod(), is(MethodEnum.GET));
     assertThat(agencyLinks.getSelf().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies/%s", agency.getId())));
+        is(String.format("/agencyadmin/agencies/%s", agency.getId())));
     assertThat(agencyLinks.getDelete(), notNullValue());
     assertThat(agencyLinks.getDelete().getMethod(), is(MethodEnum.DELETE));
     assertThat(agencyLinks.getDelete().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies/%s", agency.getId())));
+        is(String.format("/agencyadmin/agencies/%s", agency.getId())));
     assertThat(agencyLinks.getUpdate(), notNullValue());
     assertThat(agencyLinks.getUpdate().getMethod(), is(MethodEnum.PUT));
     assertThat(agencyLinks.getUpdate().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/agencies/%s", agency.getId())));
+        is(String.format("/agencyadmin/agencies/%s", agency.getId())));
     assertThat(agencyLinks.getPostcodeRanges(), notNullValue());
     assertThat(agencyLinks.getPostcodeRanges().getMethod(), is(MethodEnum.GET));
     assertThat(agencyLinks.getPostcodeRanges().getHref(),
-        is(String.format("/${openapi.willBeReplaced.base-path}/agencyadmin/postcoderanges/%s", this.agency.getId())));
+        is(String.format("/agencyadmin/postcoderanges/%s", this.agency.getId())));
   }
 
 }