diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 860f33ad..e47c417b 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -25,17 +25,22 @@ dependencies { implementation libs.spring.boot.starter.log4j2 implementation libs.minimal.json - // pull the pci dependency and ... implementation libs.pci - // and explicitly include the patched version of the apache http client dependency + + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.protobuf.java implementation libs.spring.boot.starter.data.jpa implementation libs.spring.retry implementation libs.spring.boot.starter.web + + // explicitly include the patched version of the spring framework webmvc dependency implementation libs.spring.framework.webmvc + // explicitly include the patched version of the logback-core dependency + implementation libs.logback.classic + compileOnly libs.lombok annotationProcessor libs.lombok @@ -43,8 +48,13 @@ dependencies { annotationProcessor libs.spotbugs.annotations testImplementation libs.commons.io + + // explicitly include the patched version of the logback-core dependency + testImplementation libs.logback.classic + testImplementation libs.spring.boot.starter.test + testCompileOnly libs.lombok testAnnotationProcessor libs.lombok } diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 7de8a5dd..e404801c 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -2,7 +2,7 @@ plugins { id 'application' id 'war' id 'com.netflix.nebula.ospackage' version '11.10.0' - id 'org.springframework.boot' version '3.0.13' + id 'org.springframework.boot' version '3.1.12' id 'io.spring.dependency-management' version '1.1.7' } @@ -36,29 +36,49 @@ dependencies { implementation libs.jakarta.servlet implementation libs.jakarta.xml - // pull the pci dependency and ... implementation libs.pci - // and explicitly include the patched version of the apache http client dependency + + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.mariadb.java.client implementation libs.spring.boot.starter.web - //implementation libs.spring.framework.webmvc + + // explicitly include the patched version of the snake yaml dependency + implementation libs.snake.yaml + implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa implementation libs.spring.boot.starter.log4j2 + + // explicitly include the patched version of the spring framework jdbc dependency + implementation libs.spring.framework.jdbc + + // explicitly include the patched version of spring framework expression dependency + implementation libs.spring.framework.expression + + // explicitly include the patched version of the tomcat embed core dependency + implementation libs.tomcat.embed.core + implementation libs.tomcat.embed.jasper + // explicitly include the patched version of the tomcat embed websocket dependency + implementation libs.tomcat.embed.websocket + compileOnly libs.lombok annotationProcessor libs.lombok - providedRuntime libs.spring.boot.starter.tomcat + // explicitly include the patched version of the json path dependency + testImplementation libs.jsonPath testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok + + // explicitly include the patched version of the xmlunit-core dependency + testImplementation libs.xmlunit.core } test { diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index c870d64a..4c69c7ac 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -6,6 +6,9 @@ dependencies { testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency + testImplementation libs.logback.classic + testCompileOnly libs.lombok testAnnotationProcessor libs.lombok } diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 24471b82..0f79d21a 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -24,17 +24,18 @@ dependencies { implementation libs.spring.boot.starter.log4j2 implementation libs.minimal.json - // pull the pci dependency and ... implementation libs.pci - // and explicitly include the patched version of the apache http client dependency + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient - implementation libs.slf4j.simple - compileOnly libs.lombok annotationProcessor libs.lombok testImplementation libs.spring.boot.starter.test + + // explicitly include the patched version of the logback-core dependency + testImplementation libs.logback.classic + testImplementation project(path: ':HIRS_AttestationCA') testCompileOnly libs.lombok diff --git a/build.gradle b/build.gradle index 21837dd3..73f8a56c 100644 --- a/build.gradle +++ b/build.gradle @@ -7,6 +7,7 @@ plugins { id 'application' id 'checkstyle' id 'com.github.spotbugs' version '6.0.13' apply false + id 'org.owasp.dependencycheck' version '11.1.1' id 'java' } @@ -17,6 +18,7 @@ subprojects { apply plugin: "com.github.spotbugs" apply plugin: "java" apply plugin: "checkstyle" + apply plugin: "org.owasp.dependencycheck" repositories { flatDir { dirs "lib" } diff --git a/gradle/versions.toml b/gradle/versions.toml index 3c67dc0c..94c89894 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -7,27 +7,30 @@ commonsLang3Version = "3.17.0" gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" -guavaVersion = "33.3.1-jre" +guavaVersion = "33.4.0-jre" jacksonVersion = "2.18.2" -jakartaPersistenceApiVersion = "3.2.0" +jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "2.0" lombokVersion = "1.18.36" +logbackClassicVersion = "1.5.13" mariadbVersion = "3.5.1" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" -springBootVersion = "3.4.0" -springCoreVersion = "6.2.1" +snakeYamlVersion = "2.0" +springBootVersion = "3.4.1" +springFrameworkVersion = "6.2.1" springRetryVersion = "2.0.10" -tomcatVersion = "10.1.33" +tomcatVersion = "10.1.34" #test dependencies versions hsqldbVersion = "2.7.3" -slf4jVersion = "2.0.16" +jsonPathVersion = "2.9.0" spotBugAnnotationVersion = "4.8.6" +xmlunitCoreVersion = "2.10.0" [libraries] apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" } @@ -45,24 +48,31 @@ jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-ap jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } +logback-classic = { module = "ch.qos.logback:logback-classic", version.ref = "logbackClassicVersion" } lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" } mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" } minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" } pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" } protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" } -slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" } +snake-yaml = { module = "org.yaml:snakeyaml", version.ref = "snakeYamlVersion" } spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" } spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" } -spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" } spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" } -spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" } +spring-framework-expression = { module = "org.springframework:spring-expression", version.ref = "springFrameworkVersion" } +spring-framework-jdbc = { module = "org.springframework:spring-jdbc", version.ref = "springFrameworkVersion" } +spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springFrameworkVersion" } spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } +tomcat-embed-core = { module = "org.apache.tomcat.embed:tomcat-embed-core", version.ref = "tomcatVersion" } tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } +tomcat-embed-websocket = { module = "org.apache.tomcat.embed:tomcat-embed-websocket", version.ref = "tomcatVersion" } + # test dependencies hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" } +jsonPath = { module = "com.jayway.jsonpath:json-path", version.ref = "jsonPathVersion" } spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" } spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" } +xmlunit-core = { module = "org.xmlunit:xmlunit-core", version.ref = "xmlunitCoreVersion" } [plugins] \ No newline at end of file diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 820c55ee..4c63d0a7 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -21,6 +21,7 @@ dependencies { implementation libs.jakarta.xml implementation libs.spring.boot.starter.log4j2 implementation libs.spring.boot.starter.data.jpa + implementation libs.logback.classic compileOnly libs.lombok annotationProcessor libs.lombok