initial commit (#3254)

* initial commit * update * further updates * update * update dependencies * update * update for checkstyle * update * update * update * update * update * update * update postgresql to 15.6 * update to org.hibernate.dialect.PostgreSQL82Dialect * update to org.hibernate.dialect.PostgreSQL82Dialect * further updates * checkstyle issues * update * update * update * update * update * further updates * further updates * checkstyle * clean up * resolve conflicts * resolve CVE-2024-1597
hmcts · Apr 4, 2024 · 2b43e4f · 2b43e4f
1 parent e377899
commit 2b43e4f
Show file tree

Hide file tree

Showing 43 changed files with 200 additions and 249 deletions.
diff --git a/build.gradle b/build.gradle
@@ -5,7 +5,7 @@ plugins {
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.1.4'
   id 'org.flywaydb.flyway' version '9.22.3'
-  id 'org.springframework.boot' version '2.7.18'
+  id 'org.springframework.boot' version '3.2.3'
   id 'org.owasp.dependencycheck' version '9.0.9'
   id 'com.github.ben-manes.versions' version '0.50.0'
   id 'org.sonarqube' version '4.4.1.3373'
@@ -145,7 +145,7 @@ project.tasks['sonarqube'].dependsOn jacocoTestReport
 
 pitest {
   group = "Verification"
-  pitestVersion.set('1.15.0')
+  pitestVersion.set('1.5.1')
   junit5PluginVersion.set('0.15')
   testSourceSets = [sourceSets.test]
   mainSourceSets = [sourceSets.main]
@@ -185,7 +185,7 @@ sonarqube {
     property "sonar.coverage.jacoco.xmlReportPaths", jacocoTestReport.reports.xml.destination.path
     property "sonar.pitest.mode", "reuseReport"
     property "sonar.pitest.reportsDirectory", "build/reports/pitest"
-    property "sonar.exclusions", "**/model/out/*,**/config/**,**/LeaseAcquirer.java,**/jms/**"
+    property "sonar.exclusions", "**/model/out/*,**/config/**,**/LeaseAcquirer.java"
   }
 }
 
@@ -223,86 +223,13 @@ dependencyCheck {
 // it is important to specify logback classic and core packages explicitly as libraries like spring boot
 // enforces it's own (older) version which is not recommended.
 def versions = [
-  junit: '5.10.1',
-  junitPlatform: '1.10.1',
+  junit: '5.9.2',
+  junitPlatform: '1.9.2',
   mockitoJupiter: '3.3.3',
   reformLogging: '6.0.1',
   apiguardian     : '1.1.2'
 ]
 
-dependencyManagement {
-  dependencies {
-    // CVE-2018-10237 - Unbounded memory allocation
-    dependencySet(group: 'com.google.guava', version: '33.0.0-jre') {
-      entry 'guava'
-    }
-    // CVE-2021-22044
-    dependencySet(group: 'org.springframework.cloud', version: '3.1.8') {
-      entry 'spring-cloud-starter-openfeign'
-    }
-    // CVE-2022-22970, CVE-2022-22971
-    dependencySet(group: 'org.springframework', version: '5.3.31') {
-      entry 'spring-aop'
-      entry 'spring-aspects'
-      entry 'spring-beans'
-      entry 'spring-context'
-      entry 'spring-context-support'
-      entry 'spring-core'
-      entry 'spring-expression'
-      entry 'spring-jcl'
-      entry 'spring-jdbc'
-      entry 'spring-orm'
-      entry 'spring-tx'
-      entry 'spring-web'
-      entry 'spring-webmvc'
-    }
-    dependencySet(group: 'org.apache.logging.log4j', version: '2.20.0') {
-      entry 'log4j-api'
-      entry 'log4j-to-slf4j'
-    }
-    //CVE-2022-23181
-    dependencySet(group: 'org.apache.tomcat.embed', version: '9.0.85') {
-      entry 'tomcat-embed-core'
-      entry 'tomcat-embed-websocket'
-    }
-    dependencySet(group: 'com.fasterxml.jackson.core', version: '2.13.5') {
-      entry 'jackson-databind'
-    }
-    dependencySet(group: 'ch.qos.logback', version: '1.2.13') {
-      entry 'logback-classic'
-    }
-    //CVE-2022-24823
-    dependencySet(group: 'io.netty', version: '4.1.106.Final') {
-      entry 'netty-buffer'
-      entry 'netty-codec'
-      entry 'netty-codec-dns'
-      entry 'netty-codec-http'
-      entry 'netty-codec-http2'
-      entry 'netty-codec-socks'
-      entry 'netty-common'
-      entry 'netty-handler'
-      entry 'netty-handler-proxy'
-      entry 'netty-resolver'
-      entry 'netty-resolver-dns'
-      entry 'netty-resolver-dns-classes-macos'
-      entry 'netty-resolver-dns-native-macos'
-      entry 'netty-transport'
-      entry 'netty-transport-classes-epoll'
-      entry 'netty-transport-classes-kqueue'
-      entry 'netty-transport-native-epoll'
-      entry 'netty-transport-native-kqueue'
-      entry 'netty-transport-native-unix-common'
-    }
-    // CVE-2022-25857
-    dependencySet(group: 'org.yaml', version: '2.2') {
-      entry 'snakeyaml'
-    }
-    // CVE-2023-24998
-    dependencySet(group: 'commons-fileupload', version: '1.5') {
-      entry 'commons-fileupload'
-    }
-  }
-}
 
 repositories {
   mavenLocal()
@@ -320,6 +247,7 @@ ext.libraries = [
     "org.apiguardian:apiguardian-api:${versions.apiguardian}"
   ]
 ]
+ext["rest-assured.version"] = '5.4.0'
 
 dependencies {
 
@@ -343,30 +271,36 @@ dependencies {
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-activemq'
 
-  implementation group: 'org.apache.qpid', name: 'qpid-jms-client', version: '1.11.0'
+
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '4.1.0'
+  implementation group: 'io.github.openfeign', name: 'feign-httpclient', version: '13.1'
+  implementation group: 'io.github.openfeign', name: 'feign-jackson', version: '13.1'
 
   implementation group: 'com.github.java-json-tools', name: 'json-schema-validator', version: '2.2.14', withoutJavaxMailApi
 
   implementation group: 'org.flywaydb', name: 'flyway-core', version: '9.22.3'
-  implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.1'
+  implementation group: 'org.postgresql', name: 'postgresql', version: '42.7.3'
   // review following dependency after integrating db structure
-  implementation group: 'com.vladmihalcea', name: 'hibernate-types-52', version: '2.21.1'
+  implementation group: 'io.hypersistence', name: 'hypersistence-utils-hibernate-63', version: '3.7.3'
+
+
+
+  implementation group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: '5.3.1'
+  implementation group: 'javax.jms', name: 'javax.jms-api', version: '2.0.1'
+  implementation group: 'javax.servlet', name: 'javax.servlet-api', version: '3.1.0'
+
+  implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.3.0'
 
-  implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.7.0'
 
   implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: versions.reformLogging
   implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: versions.reformLogging
   implementation group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '7.4'
   implementation group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: '4.1.2'
   implementation group: 'com.github.hmcts', name: 'idam-java-client', version: '3.0.3'
   implementation group: 'com.github.hmcts', name: 'ccd-case-document-am-client', version: '1.59'
-  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.8'
-  implementation group: 'io.github.openfeign', name: 'feign-httpclient', version: '13.1'
 
   implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '3.1.8'
-  implementation group: 'io.github.openfeign', name: 'feign-httpclient', version: '13.1'
 
-  implementation group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jsr310', version: '2.15.3'
 
   implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
   implementation group: 'commons-io', name: 'commons-io', version: '2.13.0'
@@ -379,6 +313,7 @@ dependencies {
 
   implementation group: 'io.github.resilience4j', name: 'resilience4j-spring-boot2', version: '2.0.2'
   implementation group: 'com.launchdarkly', name: 'launchdarkly-java-server-sdk', version: '7.1.1'
+  implementation group: 'com.google.guava', name: 'guava', version: '33.0.0-jre'
 
 
   testImplementation libraries.junit5
@@ -396,18 +331,20 @@ dependencies {
     exclude group: 'commons-io', module: 'commons-io'
     exclude group: 'org.apache.commons', module: 'commons-lang3'
   }
+  testImplementation group: 'com.icegreen', name: 'greenmail', version: '2.1.0-alpha-4'
+
   testRuntimeOnly group: 'io.github.netmikey.logunit', name: 'logunit-logback', version: '2.0.0'
 
   integrationTestImplementation sourceSets.main.runtimeClasspath
   integrationTestImplementation sourceSets.test.runtimeClasspath
-  integrationTestImplementation group: 'org.springframework.cloud', name: 'spring-cloud-contract-wiremock', version: '3.1.9', {
+  integrationTestImplementation group: 'org.springframework.cloud', name: 'spring-cloud-contract-wiremock', version: '4.1.1', {
     exclude group: 'com.github.tomakehurst', module: 'wiremock-jre8-standalone'
   }
-  integrationTestImplementation group: 'com.github.tomakehurst', name: 'wiremock', version: '2.35.1'
-  integrationTestImplementation group: 'org.testcontainers', name: 'postgresql', version: '1.19.3', {
+  integrationTestImplementation group: 'org.wiremock', name: 'wiremock-standalone', version: '3.4.2'
+  integrationTestImplementation group: 'org.testcontainers', name: 'postgresql', version: '1.19.7', {
     exclude group: 'junit', module: 'junit'
   }
-  integrationTestImplementation group: 'org.testcontainers', name: 'junit-jupiter', version: '1.19.3'
+  integrationTestImplementation group: 'org.testcontainers', name: 'junit-jupiter', version: '1.19.7'
   integrationTestImplementation group: 'com.revinate', name: 'assertj-json', version: '1.2.0'
 
   functionalTestImplementation sourceSets.main.runtimeClasspath

diff --git a/.../java/uk/gov/hmcts/reform/bulkscanprocessor/config/JmsProcessedEnvelopeMessageSender.java b/.../java/uk/gov/hmcts/reform/bulkscanprocessor/config/JmsProcessedEnvelopeMessageSender.java
@@ -1,14 +1,14 @@
 package uk.gov.hmcts.reform.bulkscanprocessor.config;
 
-import org.apache.qpid.jms.JmsConnectionFactory;
-import org.apache.qpid.jms.policy.JmsDefaultRedeliveryPolicy;
+import jakarta.jms.ConnectionFactory;
+import org.apache.activemq.ActiveMQConnectionFactory;
+import org.apache.activemq.RedeliveryPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jms.connection.CachingConnectionFactory;
 import org.springframework.jms.core.JmsTemplate;
 
 import java.util.UUID;
-import javax.jms.ConnectionFactory;
 
 public class JmsProcessedEnvelopeMessageSender {
 
@@ -40,13 +40,13 @@ public void sendProcessedEnvelopeMessage(UUID envelopeId, String ccdId, String c
 
     public ConnectionFactory getTestFactory() {
         String connection = String.format("amqp://localhost:%1s?amqp.idleTimeout=%2d", "5672", 30000);
-        JmsConnectionFactory jmsConnectionFactory = new JmsConnectionFactory(connection);
-        jmsConnectionFactory.setUsername("admin");
-        jmsConnectionFactory.setPassword("admin");
-        JmsDefaultRedeliveryPolicy jmsDefaultRedeliveryPolicy = new JmsDefaultRedeliveryPolicy();
-        jmsDefaultRedeliveryPolicy.setMaxRedeliveries(3);
-        jmsConnectionFactory.setRedeliveryPolicy(jmsDefaultRedeliveryPolicy);
-        jmsConnectionFactory.setClientID(UUID.randomUUID().toString());
-        return new CachingConnectionFactory(jmsConnectionFactory);
+        ActiveMQConnectionFactory activeMQConnectionFactory = new ActiveMQConnectionFactory(connection);
+        activeMQConnectionFactory.setUserName("admin");
+        activeMQConnectionFactory.setPassword("admin");
+        RedeliveryPolicy redeliveryPolicy = new RedeliveryPolicy();
+        redeliveryPolicy.setMaximumRedeliveries(3);
+        activeMQConnectionFactory.setRedeliveryPolicy(redeliveryPolicy);
+        activeMQConnectionFactory.setClientID(UUID.randomUUID().toString());
+        return new CachingConnectionFactory(activeMQConnectionFactory);
     }
 }
diff --git a/...Test/java/uk/gov/hmcts/reform/bulkscanprocessor/config/IntegrationContextInitializer.java b/...Test/java/uk/gov/hmcts/reform/bulkscanprocessor/config/IntegrationContextInitializer.java
@@ -18,7 +18,7 @@
 import uk.gov.hmcts.reform.bulkscanprocessor.services.storage.LeaseClientProvider;
 
 import static org.mockito.Mockito.mock;
-import static org.springframework.util.SocketUtils.findAvailableTcpPort;
+import static org.springframework.test.util.TestSocketUtils.findAvailableTcpPort;
 import static uk.gov.hmcts.reform.bulkscanprocessor.config.Profiles.SERVICE_BUS_STUB;
 import static uk.gov.hmcts.reform.bulkscanprocessor.config.Profiles.STORAGE_STUB;
 

diff --git a/src/integrationTest/java/uk/gov/hmcts/reform/bulkscanprocessor/config/TestClockProvider.java b/src/integrationTest/java/uk/gov/hmcts/reform/bulkscanprocessor/config/TestClockProvider.java
@@ -1,5 +1,6 @@
 package uk.gov.hmcts.reform.bulkscanprocessor.config;
 
+import jakarta.validation.ClockProvider;
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Primary;
@@ -9,7 +10,6 @@
 import java.time.Instant;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
-import javax.validation.ClockProvider;
 
 @TestConfiguration
 public class TestClockProvider {

diff --git a/...ionTest/java/uk/gov/hmcts/reform/bulkscanprocessor/controllers/PaymentControllerTest.java b/...ionTest/java/uk/gov/hmcts/reform/bulkscanprocessor/controllers/PaymentControllerTest.java
@@ -100,8 +100,8 @@ void should_return_status_400_for_empty_payments() throws Exception {
             .content(request))
             .andDo(print())
             .andExpect(status().isBadRequest())
-            .andExpect(jsonPath("$.errors[0].field_name").value("payments"))
-            .andExpect(jsonPath("$.errors[0].message").value("Payment list can't be empty"));
+            .andExpect(jsonPath("$.detail").value("Invalid request content."))
+            .andExpect(jsonPath("$.instance").value("/payment/status"));
 
         //Then
         verify(authService, never()).authenticate("testServiceAuthHeader");
@@ -118,8 +118,8 @@ void should_return_status_400_for_payment_with_empty_dcn() throws Exception {
             .content(request))
             .andDo(print())
             .andExpect(status().isBadRequest())
-            .andExpect(jsonPath("$.errors[0].field_name").value("payments[2].documentControlNumber"))
-            .andExpect(jsonPath("$.errors[0].message").value("Document control number is empty or null"));
+            .andExpect(jsonPath("$.detail").value("Invalid request content."))
+            .andExpect(jsonPath("$.instance").value("/payment/status"));
 
         //Then
         verify(authService, never()).authenticate("testServiceAuthHeader");

diff --git a/...ionTest/java/uk/gov/hmcts/reform/bulkscanprocessor/controllers/ReportsControllerTest.java b/...ionTest/java/uk/gov/hmcts/reform/bulkscanprocessor/controllers/ReportsControllerTest.java
@@ -1,6 +1,7 @@
 package uk.gov.hmcts.reform.bulkscanprocessor.controllers;
 
 import com.google.common.io.Resources;
+import jakarta.validation.ClockProvider;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
@@ -43,7 +44,6 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.UUID;
-import javax.validation.ClockProvider;
 
 import static com.google.common.io.Resources.getResource;
 import static java.nio.charset.StandardCharsets.UTF_8;

diff --git a/...grationTest/java/uk/gov/hmcts/reform/bulkscanprocessor/entity/EnvelopeRepositoryTest.java b/...grationTest/java/uk/gov/hmcts/reform/bulkscanprocessor/entity/EnvelopeRepositoryTest.java
@@ -1,5 +1,6 @@
 package uk.gov.hmcts.reform.bulkscanprocessor.entity;
 
+import jakarta.persistence.EntityManager;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -11,10 +12,10 @@
 import uk.gov.hmcts.reform.bulkscanprocessor.model.common.Classification;
 
 import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.List;
 import java.util.UUID;
 import java.util.concurrent.TimeUnit;
-import javax.persistence.EntityManager;
 
 import static java.time.LocalDateTime.now;
 import static java.util.Arrays.asList;
@@ -271,7 +272,7 @@ public void should_not_find_complete_envelopes_by_container_if_they_do_not_exist
 
     @Test
     public void should_get_empty_result_when_no_incomplete_envelopes_are_there_in_db() {
-        assertThat(repo.getIncompleteEnvelopesBefore(now())).isEmpty();
+        assertThat(repo.getIncompleteEnvelopesBefore(Instant.now())).isEmpty();
     }
 
     @Test
@@ -289,12 +290,12 @@ public void should_get_incomplete_envelopes() {
         // and update createAt to 2h ago
         entityManager.createNativeQuery(
             "UPDATE envelopes "
-                + "SET createdat = '" + now().minusHours(2) + "' "
+                + "SET createdat = '" + Instant.now().minus(2, ChronoUnit.HOURS) + "' "
                 + "WHERE zipfilename IN ('A.zip', 'B.zip', 'D.zip')"
         ).executeUpdate();
 
         // when
-        List<Envelope> result = repo.getIncompleteEnvelopesBefore(now().minusHours(1));
+        List<Envelope> result = repo.getIncompleteEnvelopesBefore(Instant.now().minus(1, ChronoUnit.HOURS));
 
         // then
         assertThat(result)

diff --git a/...ationTest/java/uk/gov/hmcts/reform/bulkscanprocessor/services/email/ReportSenderTest.java b/...ationTest/java/uk/gov/hmcts/reform/bulkscanprocessor/services/email/ReportSenderTest.java
@@ -1,13 +1,12 @@
 package uk.gov.hmcts.reform.bulkscanprocessor.services.email;
 
+import jakarta.mail.internet.MimeMessage;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.mock.mockito.SpyBean;
 import org.springframework.mail.javamail.JavaMailSender;
 import uk.gov.hmcts.reform.bulkscanprocessor.config.IntegrationTest;
 
-import javax.mail.internet.MimeMessage;
-
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.verify;
 

diff --git a/src/integrationTest/resources/application.properties b/src/integrationTest/resources/application.properties
@@ -1,7 +1,7 @@
 management.endpoints.web.base-path=/
 
 spring.datasource.driver-class-name=org.testcontainers.jdbc.ContainerDatabaseDriver
-spring.datasource.url=jdbc:tc:postgresql:15.0://localhost/bulkscans
+spring.datasource.url=jdbc:tc:postgresql:15.6://localhost/bulkscans
 spring.jpa.show-sql=true
 
 flyway.noop.strategy=false

diff --git a/src/main/java/uk/gov/hmcts/reform/bulkscanprocessor/Application.java b/src/main/java/uk/gov/hmcts/reform/bulkscanprocessor/Application.java
@@ -8,7 +8,7 @@
 import uk.gov.hmcts.reform.bulkscanprocessor.config.ServiceBusHelpersConfiguration;
 
 @SpringBootApplication
-@EnableFeignClients
+@EnableFeignClients(basePackages = {"uk.gov.hmcts.reform"})
 @SuppressWarnings("HideUtilityClassConstructor") // Spring needs a constructor, its not a utility class
 public class Application {