From 21624789d0e3bac144d6c1e7f8f65657c94d965f Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:07:57 -0500 Subject: [PATCH 01/34] issue_863: Successfully moved all the dependencies to toml file and currently replacing dependencies listed in the build.gradle file with the ones referenced in the toml file --- HIRS_AttestationCA/build.gradle | 31 +++---- HIRS_AttestationCAPortal/build.gradle | 34 ++++---- HIRS_Structs/build.gradle | 8 +- HIRS_Utils/build.gradle | 18 ++-- gradle.properties | 4 +- gradle/versions.toml | 87 +++++++++++++++++++ settings.gradle | 32 +------ tools/tcg_rim_tool/build.gradle | 118 +++++++++++++------------- 8 files changed, 197 insertions(+), 135 deletions(-) create mode 100644 gradle/versions.toml diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 28a586b2..09dc726e 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -27,15 +27,16 @@ dependencies { implementation project(':HIRS_Utils') implementation project(':HIRS_Structs') - implementation 'org.springframework.boot:spring-boot-starter-data-jpa:3.0.1' - implementation 'com.github.darrachequesne:spring-data-jpa-datatables:6.0.1' - implementation 'org.springframework.retry:spring-retry:2.0.0' - implementation libs.springdatajpa + + implementation libs.spring.data.jpa.datatables + implementation libs.spring.boot.starter.data.jpa + implementation libs.spring.retry + implementation libs.spring.boot.starter.web implementation libs.bouncycastle implementation libs.commons.codec implementation libs.commons.lang3 - implementation libs.jakarta.api + implementation libs.jakarta.persistence.api implementation libs.jakarta.xml implementation libs.hibernate.core implementation libs.pci @@ -44,18 +45,18 @@ dependencies { implementation libs.jackson.databind implementation libs.minimal.json implementation libs.protobuf.java - implementation 'org.apache.logging.log4j:log4j-core:2.19.0' - implementation 'org.apache.logging.log4j:log4j-api:2.19.0' + implementation libs.log4j.api + implementation libs.log4j.core - testImplementation 'org.apache.directory.studio:org.apache.commons.io:2.4' - testImplementation 'org.hamcrest:hamcrest:2.2' - testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3' - testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3' - testImplementation 'org.mockito:mockito-core:4.2.0' - testImplementation 'org.springframework:spring-test:6.0.8' + testImplementation libs.apache.commons.io + testImplementation libs.hamcrest + testImplementation libs.junit.jupiter + testImplementation libs.junit.platform.launcher + testImplementation libs.mockito.core + testImplementation libs.spring.test - compileOnly "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}" - annotationProcessor "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}" + compileOnly libs.spotbugs.annotations + annotationProcessor libs.spotbugs.annotations // spring management compileOnly libs.lombok diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 310f0834..9e629013 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -47,26 +47,28 @@ dependencies { implementation libs.bouncycastle implementation libs.guava implementation libs.jakarta.servlet - implementation libs.jakarta.api + implementation libs.jakarta.persistence.api implementation libs.jakarta.xml - implementation 'org.springframework.boot:spring-boot-starter-web' - implementation 'org.springframework.boot:spring-boot-starter-validation' - implementation 'org.springframework.boot:spring-boot-starter-data-jpa' - implementation 'org.springframework.boot:spring-boot-starter-log4j2' - implementation 'org.apache.logging.log4j:log4j-spring-boot' - implementation 'org.projectlombok:lombok' - implementation 'commons-fileupload:commons-fileupload:1.5' - implementation 'org.apache.tomcat.embed:tomcat-embed-jasper:10.1.5' + //implementation libs. - compileOnly 'org.projectlombok:lombok' - implementation 'org.mariadb.jdbc:mariadb-java-client:3.1.4' - annotationProcessor 'org.projectlombok:lombok' - providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat' + implementation libs.spring.boot.starter.web + implementation libs.spring.boot.starter.validation + implementation libs.spring.boot.starter.data.jpa + implementation libs.spring.boot.starter.log4j2 + implementation libs.log4j.spring.boot + implementation libs.lombok + implementation libs.commons.fileupload + implementation libs.tomcat.embed.jasper - testImplementation 'org.springframework.boot:spring-boot-starter-test' - testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3' - testImplementation 'org.hsqldb:hsqldb' + compileOnly libs.lombok + implementation libs.mariadb.java.client + annotationProcessor libs.lombok + providedRuntime libs.spring.boot.starter.tomcat + + testImplementation libs.spring.boot.starter.test + testImplementation libs.junit.jupiter + testImplementation libs.hsqldb } checkstyle { diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index b3c6a5f9..b363392b 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -16,12 +16,12 @@ repositories { } dependencies { - implementation 'org.apache.commons:commons-lang3:3.13.0' + implementation libs.commons.lang3 // testCompile libs.mockito - testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3' - testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3' - testImplementation 'org.hamcrest:hamcrest:2.2' + testImplementation libs.junit.jupiter + testImplementation libs.junit.platform.launcher + testImplementation libs.hamcrest } test { diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 4a2dad4f..6f1d0695 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -31,7 +31,7 @@ dependencies { implementation libs.lombok implementation libs.jackson.core implementation libs.jackson.databind - implementation libs.jakarta.api + implementation libs.jakarta.persistence.api implementation libs.jakarta.xml implementation libs.guava implementation libs.commons.codec @@ -40,15 +40,15 @@ dependencies { implementation libs.minimal.json implementation libs.pci - implementation 'org.apache.logging.log4j:log4j-core:2.19.0' - implementation 'org.apache.logging.log4j:log4j-api:2.19.0' - implementation 'org.glassfish.jaxb:jaxb-runtime:4.0.1' - implementation 'org.slf4j:slf4j-simple:1.7.30' + implementation libs.log4j.core + implementation libs.log4j.api + implementation libs.glassfish.jaxb.runtime + implementation libs.slf4j.simple - testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3' - testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3' - testImplementation 'org.hamcrest:hamcrest:2.2' - testImplementation 'org.mockito:mockito-core:4.2.0' + testImplementation libs.junit.jupiter + testImplementation libs.junit.platform.launcher + testImplementation libs.hamcrest + testImplementation libs.mockito.core testImplementation project(path: ':HIRS_AttestationCA') compileOnly libs.lombok diff --git a/gradle.properties b/gradle.properties index b4b6c6a7..ebee5b8e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -2,6 +2,4 @@ excludeGroups=rhel-6,performance includeGroups= org.gradle.daemon=true org.gradle.jvmargs=-Xms256m -Xmx1024m -org.gradle.caching=true -#dependency versions -spotBugAnnotationVersion=4.8.6 \ No newline at end of file +org.gradle.caching=true \ No newline at end of file diff --git a/gradle/versions.toml b/gradle/versions.toml new file mode 100644 index 00000000..60b9e22e --- /dev/null +++ b/gradle/versions.toml @@ -0,0 +1,87 @@ +[versions] +bouncyCastleVersion = "1.77" +commonsCodecVersion = "1.15" +commonsFileuploadVersion = "1.5" +commonsIoVersion = "2.11.0" +commonsLang3Version = "3.13.0" +gsonVersion = "2.10.1" +glassfishJsonVersion = "1.1.4" +glassfishJaxbRuntimeVersion = "2.3.1" +guavaVersion = "31.1-jre" +hibernateCoreVersion = "6.1.7.Final" +jacksonVersion = "2.14.2" +jakartaApiVersion = "3.1.0" +jakartaServletVersion = "3.0.0" +jakartaXmlVersion = "4.0.0" +jcommanderVersion = "1.83" +log4jVersion = "2.19.0" +lombokVersion = "1.18.26" +mariadbVersion = "3.1.4" +minimalJsonVersion = "0.9.5" +ospackageVersion = "11.2.0" +pciVersion = "0.3" +protobufJavaVersion = "3.24.1" +springBootVersion = "3.0.1" +springDataJpaDatatablesVersion = "6.0.1" +springRetryVersion = "2.0.0" +testngVersion = "7.4.0" +tomcatVersion = "10.1.5" + +#test dependencies versions +apacheCommonsVersion = "2.4" +hamcrestVersion = "2.2" +hsqldbVersion = "2.7.2" +junitJupiterVersion = "5.9.3" +junitPlatformVersion = "1.9.3" +mockitoVersion = "4.2.0" +slf4jVersion = "1.7.30" +springTestVersion = "6.0.8" +spotBugAnnotationVersion = "4.8.6" + +[libraries] +bouncycastle = { module = "org.bouncycastle:bcmail-jdk18on", version.ref = "bouncyCastleVersion" } +commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" } +commons-fileupload = { module = "commons-fileupload:commons-fileupload", version.ref = "commonsFileuploadVersion" } +commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } +commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } +gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } +glassfish-javax-json = { module = "org.glassfish:javax.json", version.ref = "glassfishJsonVersion" } +glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } +guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } +hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } +jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" } +jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" } +jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaApiVersion" } +jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } +jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } +jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } +log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" } +log4j-core = { module = "org.apache.logging.log4j:log4j-core", version.ref = "log4jVersion" } +log4j-spring-boot = { module = "org.apache.logging.log4j:log4j-spring-boot", version.ref = "log4jVersion" } +lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" } +mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" } +minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" } +ospackage = { module = "com.netflix.nebula:gradle-ospackage-plugin", version.ref = "ospackageVersion" } +pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" } +protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" } +slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" } +spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" } +spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" } +spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } +spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" } +spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" } +spring-data-jpa-datatables = { module = "com.github.darrachequesne:spring-data-jpa-datatables", version.ref = "springDataJpaDatatablesVersion" } +spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } +tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } +testng = { module = "org.testng:testng", version.ref = "testngVersion" } + +# test dependencies +apache-commons-io = { module = "org.apache.directory.studio:org.apache.commons.io", version.ref = "apacheCommonsVersion" } +hamcrest = { module = "org.hamcrest:hamcrest", version.ref = "hamcrestVersion" } +hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" } +junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junitJupiterVersion" } +junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher", version.ref = "junitPlatformVersion" } +mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockitoVersion" } +spring-test = { module = "org.springframework:spring-test", version.ref = "springTestVersion" } +spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" } +spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" } \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index 1d09049c..591b9bb8 100644 --- a/settings.gradle +++ b/settings.gradle @@ -9,34 +9,8 @@ include 'HIRS_Utils', dependencyResolutionManagement { versionCatalogs { - libs { - version('springboot', '3.0.1') - version('jackson', '2.14.2') - library('commons-codec', 'commons-codec:commons-codec:1.15') - library('commons_io', 'commons-io:commons-io:2.11.0') - library('commons-lang3', 'org.apache.commons:commons-lang3:3.13.0') - library('bouncycastle', 'org.bouncycastle:bcmail-jdk18on:1.77') - library('glassfish_json', 'org.glassfish:javax.json:1.1.4') - library('glassfish_jaxb_runtime', 'org.glassfish.jaxb:jaxb-runtime:2.3.1') - library('gson', 'com.google.code.gson:gson:2.10.1') - library('guava', 'com.google.guava:guava:31.1-jre') - library('minimal-json', 'com.eclipsesource.minimal-json:minimal-json:0.9.5') - library('protobuf-java', 'com.google.protobuf:protobuf-java:3.24.1') - library('jakarta-servlet', 'org.glassfish.web:jakarta.servlet.jsp.jstl:3.0.0') - library('jakarta-api', 'jakarta.persistence:jakarta.persistence-api:3.1.0') - library('jakarta-xml', 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0') - library('jcommander', 'org.jcommander:jcommander:1.83') - library('hibernate-core', 'org.hibernate:hibernate-core:6.1.7.Final') - library('jackson-core', 'com.fasterxml.jackson.core', 'jackson-core').versionRef('jackson') - library('jackson-databind', 'com.fasterxml.jackson.core', 'jackson-databind').versionRef('jackson') - library('pci', 'com.github.marandus:pci-ids:0.3') - library('ospackage', 'com.netflix.nebula:gradle-ospackage-plugin:11.2.0') - library('springdatajpa', 'org.springframework.boot:spring-boot-starter-web:3.0.1') -// library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-data-jpa').version('springboot') -// library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-web').version('springboot') -// library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-validation').version('springboot') - library('lombok', 'org.projectlombok:lombok:1.18.26') - library('testng', 'org.testng:testng:7.4.0') + create("libs") { + from(files("gradle/versions.toml")) } } -} +} \ No newline at end of file diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 92921f72..101c5e52 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -1,8 +1,8 @@ plugins { - id "java" - id 'com.netflix.nebula.ospackage' version '11.4.0' - id 'com.intershop.gradle.jaxb' version '5.1.0' - id 'checkstyle' + id "java" + id 'com.netflix.nebula.ospackage' version '11.4.0' + id 'com.intershop.gradle.jaxb' version '5.1.0' + id 'checkstyle' } // Get version from main project gradle @@ -16,33 +16,33 @@ java { } repositories { - mavenCentral() - flatDir { dirs "lib" } + mavenCentral() + flatDir { dirs "lib" } } dependencies { - implementation project(':HIRS_Utils') + implementation project(':HIRS_Utils') - implementation libs.bouncycastle - implementation libs.glassfish.json - implementation libs.glassfish.jaxb.runtime - implementation libs.jcommander - implementation libs.jakarta.api - implementation libs.jakarta.xml - implementation libs.commons.codec - implementation libs.hibernate.core - implementation libs.jackson.databind - implementation 'org.apache.logging.log4j:log4j-core:2.19.0' - implementation libs.guava + implementation libs.bouncycastle + implementation libs.glassfish.javax.json + implementation libs.glassfish.jaxb.runtime + implementation libs.jcommander + implementation libs.jakarta.persistence.api + implementation libs.jakarta.xml + implementation libs.commons.codec + implementation libs.hibernate.core + implementation libs.jackson.databind + implementation libs.log4j.core + implementation libs.guava - compileOnly libs.lombok + compileOnly libs.lombok implementation libs.lombok annotationProcessor libs.lombok testImplementation libs.testng } test { - testLogging.showStandardStreams true + testLogging.showStandardStreams true } checkstyle { @@ -56,7 +56,7 @@ configurations.checkstyle { } } checkstyleMain { - source ='src/main/java' + source = 'src/main/java' } tasks.withType(Checkstyle) { reports { @@ -68,16 +68,16 @@ tasks.withType(Checkstyle) { jar { exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF' duplicatesStrategy = DuplicatesStrategy.EXCLUDE - manifest { - attributes "Main-Class": "hirs.swid.Main" - - } + manifest { + attributes "Main-Class": "hirs.swid.Main" - from { - configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } - } - //jar name format: [archiveBaseName]-[archiveAppendix]-[archiveVersion]-[archiveClassifier].[archiveExtension] - archiveVersion = jarVersion + } + + from { + configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } + } + //jar name format: [archiveBaseName]-[archiveAppendix]-[archiveVersion]-[archiveClassifier].[archiveExtension] + archiveVersion = jarVersion } ospackage { @@ -90,32 +90,32 @@ ospackage { user 'root' fileMode = 0755 - into ('/opt/rimtool/lib') { + into('/opt/rimtool/lib') { from jar.outputs.files from configurations.runtimeClasspath from 'libs' } - into ('/opt/rimtool/scripts') { - from ('scripts') { - exclude { - FileTreeElement details -> - details.file.name.endsWith('.bat') + into('/opt/rimtool/scripts') { + from('scripts') { + exclude { + FileTreeElement details -> + details.file.name.endsWith('.bat') + } + } + } + into('/opt/rimtool/docs') { + from('./') { + include { + FileTreeElement details -> + details.file.name.endsWith('.md') + } + } + } + into('/opt/rimtool/data') { + from('src/test/resources/') { } - } } - into ('/opt/rimtool/docs') { - from('./') { - include { - FileTreeElement details -> - details.file.name.endsWith('.md') - } - } - } - into ('/opt/rimtool/data') { - from('src/test/resources/') { - } - } link("/usr/local/bin/rim", "/opt/rimtool/scripts/rimtool.sh", 0x755) // Post Install @@ -125,37 +125,37 @@ ospackage { } buildRpm { - arch = X86_64 + arch = X86_64 } buildDeb { arch = 'amd64' } -task buildZip(type: Zip){ +task buildZip(type: Zip) { dependsOn jar dependsOn jar - from(tasks.jar.archiveFile){ - rename( filename -> + from(tasks.jar.archiveFile) { + rename(filename -> "${project.name}.jar") into '/' } - from('./build/resources/test/rim_fields.json'){ + from('./build/resources/test/rim_fields.json') { into '/' } - from('../../.ci/tcg-rim-tool/configs/Base_Rim_Config.json'){ + from('../../.ci/tcg-rim-tool/configs/Base_Rim_Config.json') { into '/' } - from('../../.ci/tcg-rim-tool/eventlogs/TpmLog.bin'){ + from('../../.ci/tcg-rim-tool/eventlogs/TpmLog.bin') { into '/' } - from('../../.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_rsa_3k_sha384.key'){ + from('../../.ci/tcg-rim-tool/keys/PC_OEM1_rim_signer_rsa_3k_sha384.key') { into '/' } - from('../../.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem'){ + from('../../.ci/tcg-rim-tool/certs/PC_OEM1_rim_signer_rsa_3k_sha384.pem') { into '/' } - from('../../.ci/tcg-rim-tool/certs/PC_OEM1_Cert_Chain.pem'){ + from('../../.ci/tcg-rim-tool/certs/PC_OEM1_Cert_Chain.pem') { into '/' } From 3307cddb9e72aaef6dbfe98b61f52246f775d3ac Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Fri, 22 Nov 2024 10:58:20 -0500 Subject: [PATCH 02/34] issue_863: finished updating dependency versions. Ready for PR --- HIRS_AttestationCA/build.gradle | 45 +++++----- HIRS_AttestationCAPortal/build.gradle | 22 ++--- HIRS_Structs/build.gradle | 6 ++ HIRS_Utils/build.gradle | 25 +++--- gradle/versions.toml | 70 +++++++-------- tools/tcg_eventlog_tool/build.gradle | 87 +++++++++---------- tools/tcg_rim_tool/build.gradle | 15 ++-- .../main/java/hirs/swid/SwidTagGateway.java | 20 +++-- 8 files changed, 152 insertions(+), 138 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 09dc726e..5c245f20 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -28,40 +28,41 @@ dependencies { implementation project(':HIRS_Structs') + implementation libs.bouncycastle + implementation libs.commons.codec + implementation libs.commons.io + implementation libs.commons.lang3 + implementation libs.hibernate.core + implementation libs.guava + implementation libs.jackson.core + implementation libs.jackson.databind + implementation libs.jakarta.persistence.api + implementation libs.jakarta.xml + implementation libs.log4j.api + implementation libs.log4j.core + implementation libs.minimal.json + implementation libs.pci + implementation libs.protobuf.java implementation libs.spring.data.jpa.datatables implementation libs.spring.boot.starter.data.jpa implementation libs.spring.retry implementation libs.spring.boot.starter.web - implementation libs.bouncycastle - implementation libs.commons.codec - implementation libs.commons.lang3 - implementation libs.jakarta.persistence.api - implementation libs.jakarta.xml - implementation libs.hibernate.core - implementation libs.pci - implementation libs.guava - implementation libs.jackson.core - implementation libs.jackson.databind - implementation libs.minimal.json - implementation libs.protobuf.java - implementation libs.log4j.api - implementation libs.log4j.core + compileOnly libs.lombok + annotationProcessor libs.lombok - testImplementation libs.apache.commons.io + compileOnly libs.spotbugs.annotations + annotationProcessor libs.spotbugs.annotations + + testImplementation libs.commons.io testImplementation libs.hamcrest testImplementation libs.junit.jupiter testImplementation libs.junit.platform.launcher testImplementation libs.mockito.core testImplementation libs.spring.test - compileOnly libs.spotbugs.annotations - annotationProcessor libs.spotbugs.annotations - - // spring management - compileOnly libs.lombok - implementation libs.lombok - annotationProcessor libs.lombok + testCompileOnly libs.lombok + testAnnotationProcessor libs.lombok } checkstyle { toolVersion = '10.12.7' diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 9e629013..9f10098a 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -42,33 +42,33 @@ dependencies { implementation project(':HIRS_Utils') implementation project(':HIRS_AttestationCA') - implementation libs.pci - implementation libs.gson implementation libs.bouncycastle + implementation libs.commons.fileupload + implementation libs.gson implementation libs.guava - implementation libs.jakarta.servlet implementation libs.jakarta.persistence.api + implementation libs.jakarta.servlet implementation libs.jakarta.xml - - //implementation libs. - + implementation libs.log4j.spring.boot + implementation libs.mariadb.java.client + implementation libs.pci implementation libs.spring.boot.starter.web implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa implementation libs.spring.boot.starter.log4j2 - implementation libs.log4j.spring.boot - implementation libs.lombok - implementation libs.commons.fileupload implementation libs.tomcat.embed.jasper compileOnly libs.lombok - implementation libs.mariadb.java.client annotationProcessor libs.lombok + providedRuntime libs.spring.boot.starter.tomcat - testImplementation libs.spring.boot.starter.test testImplementation libs.junit.jupiter testImplementation libs.hsqldb + testImplementation libs.spring.boot.starter.test + + testCompileOnly libs.lombok + testAnnotationProcessor libs.lombok } checkstyle { diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index b363392b..d55c57bf 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -18,10 +18,16 @@ repositories { dependencies { implementation libs.commons.lang3 + compileOnly libs.lombok + annotationProcessor libs.lombok + // testCompile libs.mockito testImplementation libs.junit.jupiter testImplementation libs.junit.platform.launcher testImplementation libs.hamcrest + + testCompileOnly libs.lombok + testAnnotationProcessor libs.lombok } test { diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 6f1d0695..2b58380e 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -28,31 +28,32 @@ configurations { dependencies { implementation libs.bouncycastle - implementation libs.lombok + implementation libs.commons.codec + implementation libs.commons.lang3 + implementation libs.commons.io + implementation libs.glassfish.jaxb.runtime + implementation libs.guava implementation libs.jackson.core implementation libs.jackson.databind implementation libs.jakarta.persistence.api implementation libs.jakarta.xml - implementation libs.guava - implementation libs.commons.codec - implementation libs.commons.lang3 - implementation libs.commons.io - implementation libs.minimal.json - implementation libs.pci - implementation libs.log4j.core implementation libs.log4j.api - implementation libs.glassfish.jaxb.runtime + implementation libs.minimal.json + implementation libs.pci implementation libs.slf4j.simple + compileOnly libs.lombok + annotationProcessor libs.lombok + testImplementation libs.junit.jupiter testImplementation libs.junit.platform.launcher testImplementation libs.hamcrest testImplementation libs.mockito.core testImplementation project(path: ':HIRS_AttestationCA') - - compileOnly libs.lombok - annotationProcessor libs.lombok + + testCompileOnly libs.lombok + testAnnotationProcessor libs.lombok } checkstyle { diff --git a/gradle/versions.toml b/gradle/versions.toml index 60b9e22e..ac359dd9 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -1,57 +1,56 @@ [versions] -bouncyCastleVersion = "1.77" -commonsCodecVersion = "1.15" -commonsFileuploadVersion = "1.5" -commonsIoVersion = "2.11.0" -commonsLang3Version = "3.13.0" -gsonVersion = "2.10.1" -glassfishJsonVersion = "1.1.4" -glassfishJaxbRuntimeVersion = "2.3.1" -guavaVersion = "31.1-jre" -hibernateCoreVersion = "6.1.7.Final" -jacksonVersion = "2.14.2" -jakartaApiVersion = "3.1.0" +bouncyCastleVersion = "1.78.1" +commonsCodecVersion = "1.17.1" +commonsFileUploadVersion = "1.5" +commonsIoVersion = "2.17.0" +commonsLang3Version = "3.17.0" +gsonVersion = "2.11.0" +glassfishJakartaJsonVersion = "2.0.1" +glassfishJaxbRuntimeVersion = "4.0.5" +guavaVersion = "33.3.0-jre" +hibernateCoreVersion = "6.5.2.Final" +jacksonVersion = "2.17.2" +jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" -jakartaXmlVersion = "4.0.0" -jcommanderVersion = "1.83" -log4jVersion = "2.19.0" -lombokVersion = "1.18.26" -mariadbVersion = "3.1.4" +jakartaXmlVersion = "4.0.2" +jcommanderVersion = "2.0" +log4jVersion = "2.23.1" +lombokVersion = "1.18.34" +mariadbVersion = "3.4.0" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" -protobufJavaVersion = "3.24.1" -springBootVersion = "3.0.1" +protobufJavaVersion = "3.25.5" +springBootVersion = "3.3.4" springDataJpaDatatablesVersion = "6.0.1" -springRetryVersion = "2.0.0" -testngVersion = "7.4.0" -tomcatVersion = "10.1.5" +springRetryVersion = "2.0.10" +testngVersion = "7.10.2" +tomcatVersion = "11.0.1" #test dependencies versions -apacheCommonsVersion = "2.4" -hamcrestVersion = "2.2" -hsqldbVersion = "2.7.2" -junitJupiterVersion = "5.9.3" -junitPlatformVersion = "1.9.3" -mockitoVersion = "4.2.0" -slf4jVersion = "1.7.30" -springTestVersion = "6.0.8" +hamcrestVersion = "3.0" +hsqldbVersion = "2.7.3" +junitJupiterVersion = "5.11.0" +junitPlatformVersion = "1.11.0" +mockitoVersion = "5.14.2" +slf4jVersion = "2.0.16" +springTestVersion = "6.1.13" spotBugAnnotationVersion = "4.8.6" [libraries] bouncycastle = { module = "org.bouncycastle:bcmail-jdk18on", version.ref = "bouncyCastleVersion" } commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" } -commons-fileupload = { module = "commons-fileupload:commons-fileupload", version.ref = "commonsFileuploadVersion" } +commons-fileupload = { module = "commons-fileupload:commons-fileupload", version.ref = "commonsFileUploadVersion" } commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } -glassfish-javax-json = { module = "org.glassfish:javax.json", version.ref = "glassfishJsonVersion" } +glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" } glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" } jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" } -jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaApiVersion" } +jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" } jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } @@ -76,7 +75,6 @@ tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", testng = { module = "org.testng:testng", version.ref = "testngVersion" } # test dependencies -apache-commons-io = { module = "org.apache.directory.studio:org.apache.commons.io", version.ref = "apacheCommonsVersion" } hamcrest = { module = "org.hamcrest:hamcrest", version.ref = "hamcrestVersion" } hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" } junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junitJupiterVersion" } @@ -84,4 +82,6 @@ junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockitoVersion" } spring-test = { module = "org.springframework:spring-test", version.ref = "springTestVersion" } spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" } -spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" } \ No newline at end of file +spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" } + +[plugins] \ No newline at end of file diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index 04640f51..82fc3b25 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -1,8 +1,7 @@ -import java.util.concurrent.TimeUnit plugins { - id "java" - id "com.netflix.nebula.ospackage" version "11.4.0" - id 'checkstyle' + id "java" + id "com.netflix.nebula.ospackage" version "11.4.0" + id 'checkstyle' } // Get version from main project gradle def packVersion = properties.get("packageVersion"); @@ -19,10 +18,10 @@ repositories { flatDir { dirs "lib" } } -dependencies { +dependencies { implementation project(':HIRS_Utils') - implementation libs.jcommander implementation libs.commons.io + implementation libs.jcommander } ext.configDir = new File(projectDir, 'config') @@ -38,7 +37,7 @@ configurations.checkstyle { } } checkstyleMain { - source ='src/main/java' + source = 'src/main/java' } tasks.withType(Checkstyle) { reports { @@ -53,15 +52,15 @@ jar { duplicatesStrategy = DuplicatesStrategy.EXCLUDE manifest { attributes( - "Main-Class": "hirs.tcg_eventlog.Main", - 'Class-Path':configurations.runtimeClasspath.files.collect { it.getName() }.join(' ') - ) - } - from { - configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } - } - //jar name format: [archiveBaseName]-[archiveAppendix]-[archiveVersion]-[archiveClassifier].[archiveExtension] - archiveVersion = jarVersion + "Main-Class": "hirs.tcg_eventlog.Main", + 'Class-Path': configurations.runtimeClasspath.files.collect { it.getName() }.join(' ') + ) + } + from { + configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } + } + //jar name format: [archiveBaseName]-[archiveAppendix]-[archiveVersion]-[archiveClassifier].[archiveExtension] + archiveVersion = jarVersion } // Produce packages @@ -75,37 +74,37 @@ ospackage { user 'root' fileMode = 0755 - into ('/opt/eltool/lib') { - from jar.outputs.files - from configurations.runtimeClasspath + into('/opt/eltool/lib') { + from jar.outputs.files + from configurations.runtimeClasspath } - into ('/opt/eltool/scripts') { - from ('scripts') { - exclude { - FileTreeElement details -> - details.file.name.endsWith('.bat') + into('/opt/eltool/scripts') { + from('scripts') { + exclude { + FileTreeElement details -> + details.file.name.endsWith('.bat') + } } - } } - into ('/opt/eltool/docs') { - from ('docs') { - exclude { - FileTreeElement details -> - details.file.name.endsWith('.odt') - } + into('/opt/eltool/docs') { + from('docs') { + exclude { + FileTreeElement details -> + details.file.name.endsWith('.odt') + } + } + from('./') { + include { + FileTreeElement details -> + details.file.name.endsWith('.md') + } } - from('./') { - include { - FileTreeElement details -> - details.file.name.endsWith('.md') - } - } } // Copy vendor-table into /tmp to avoid conflict with the ACA into('/opt/eltool/default-properties') { - from ('../../HIRS_Utils/src/main/resources/vendor-table.json') { - fileMode 0664 - addParentDirs = true + from('../../HIRS_Utils/src/main/resources/vendor-table.json') { + fileMode 0664 + addParentDirs = true } } @@ -129,11 +128,11 @@ ospackage { } -task buildZip(type: Zip){ +task buildZip(type: Zip) { dependsOn jar - from(tasks.jar.archiveFile){ - rename( filename -> - "${project.name}.jar") + from(tasks.jar.archiveFile) { + rename(filename -> + "${project.name}.jar") into '/' } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 101c5e52..3da0d87c 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -24,22 +24,25 @@ dependencies { implementation project(':HIRS_Utils') implementation libs.bouncycastle - implementation libs.glassfish.javax.json + implementation libs.commons.codec + implementation libs.glassfish.jakarta.json implementation libs.glassfish.jaxb.runtime + implementation libs.guava + implementation libs.hibernate.core implementation libs.jcommander + implementation libs.jackson.databind implementation libs.jakarta.persistence.api implementation libs.jakarta.xml - implementation libs.commons.codec - implementation libs.hibernate.core - implementation libs.jackson.databind implementation libs.log4j.core - implementation libs.guava compileOnly libs.lombok - implementation libs.lombok annotationProcessor libs.lombok testImplementation libs.testng + + testCompileOnly libs.lombok + testAnnotationProcessor libs.lombok + } test { testLogging.showStandardStreams true diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 3239a9d2..2e3e3e25 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -9,6 +9,10 @@ import hirs.utils.xjc.ObjectFactory; import hirs.utils.xjc.ResourceCollection; import hirs.utils.xjc.SoftwareIdentity; import hirs.utils.xjc.SoftwareMeta; +import jakarta.json.Json; +import jakarta.json.JsonException; +import jakarta.json.JsonObject; +import jakarta.json.JsonReader; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBElement; import jakarta.xml.bind.JAXBException; @@ -17,10 +21,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import javax.json.Json; -import javax.json.JsonException; -import javax.json.JsonObject; -import javax.json.JsonReader; import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dom.DOMStructure; @@ -190,6 +190,7 @@ public class SwidTagGateway { /** * Setter for timestamp format in XML signature + * * @param timestampFormat */ public void setTimestampFormat(String timestampFormat) { @@ -198,6 +199,7 @@ public class SwidTagGateway { /** * Setter for timestamp input - RFC3852 + file or RFC3339 + value + * * @param timestampArgument */ public void setTimestampArgument(String timestampArgument) { @@ -269,7 +271,7 @@ public class SwidTagGateway { writeSwidTagFile(signedSoftwareIdentity, filename); } else { System.out.println("The following fields cannot be empty or null: " - + errorRequiredFields.substring(0, errorRequiredFields.length()-2)); + + errorRequiredFields.substring(0, errorRequiredFields.length() - 2)); System.exit(1); } } catch (JsonException e) { @@ -555,6 +557,7 @@ public class SwidTagGateway { addNonNullAttribute(attributes, key, value); } } + /** * This utility method checks if an attribute value is empty before adding it to the map. * @@ -707,7 +710,8 @@ public class SwidTagGateway { /** * This method creates a timestamp element and populates it with data according to * the RFC format set in timestampFormat. The element is returned within an XMLObject. - * @param doc the Document representing the XML to be signed + * + * @param doc the Document representing the XML to be signed * @param sigFactory the SignatureFactory object * @return an XMLObject containing the timestamp element */ @@ -735,7 +739,7 @@ public class SwidTagGateway { timeStampElement = doc.createElementNS(SwidTagConstants.RFC3339_NS, SwidTagConstants.RFC3339_PFX + ":TimeStamp"); timeStampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", - "xmlns:" + SwidTagConstants.RFC3339_PFX, SwidTagConstants.RFC3339_NS); + "xmlns:" + SwidTagConstants.RFC3339_PFX, SwidTagConstants.RFC3339_NS); if (timestampArgument.isEmpty()) { timeStampElement.setAttributeNS(SwidTagConstants.RFC3339_NS, SwidTagConstants.RFC3339_PFX + ":" + SwidTagConstants.DATETIME, @@ -754,7 +758,7 @@ public class SwidTagGateway { SignatureProperties signatureProperties = sigFactory.newSignatureProperties( Collections.singletonList(signatureProperty), null); XMLObject xmlObject = sigFactory.newXMLObject( - Collections.singletonList(signatureProperties), null,null,null); + Collections.singletonList(signatureProperties), null, null, null); return xmlObject; } From ce78c75506f71b38cbd2abc3376d1800ce860abd Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Mon, 25 Nov 2024 08:54:25 -0500 Subject: [PATCH 03/34] issue_863: downgraded versions since there was an issue with the dependencies versions and the ci/cd pipeline in git. will update each depedency slowly to ensure that upgrades are down correctly. --- gradle/versions.toml | 52 +++++++++---------- .../main/java/hirs/swid/SwidTagGateway.java | 8 +-- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index ac359dd9..77a3be72 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -1,40 +1,40 @@ [versions] -bouncyCastleVersion = "1.78.1" -commonsCodecVersion = "1.17.1" +bouncyCastleVersion = "1.77" +commonsCodecVersion = "1.15" commonsFileUploadVersion = "1.5" -commonsIoVersion = "2.17.0" -commonsLang3Version = "3.17.0" -gsonVersion = "2.11.0" -glassfishJakartaJsonVersion = "2.0.1" -glassfishJaxbRuntimeVersion = "4.0.5" -guavaVersion = "33.3.0-jre" -hibernateCoreVersion = "6.5.2.Final" -jacksonVersion = "2.17.2" +commonsIoVersion = "2.4" +commonsLang3Version = "3.13.0" +gsonVersion = "2.10.1" +glassfishJakartaJsonVersion = "1.1.4" +glassfishJaxbRuntimeVersion = "2.3.1" +guavaVersion = "31.1-jre" +hibernateCoreVersion = "6.1.7.Final" +jacksonVersion = "2.14.2" jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" -jakartaXmlVersion = "4.0.2" -jcommanderVersion = "2.0" -log4jVersion = "2.23.1" +jakartaXmlVersion = "4.0.0" +jcommanderVersion = "1.83" +log4jVersion = "2.19.0" lombokVersion = "1.18.34" -mariadbVersion = "3.4.0" +mariadbVersion = "3.1.4" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" -protobufJavaVersion = "3.25.5" -springBootVersion = "3.3.4" +protobufJavaVersion = "3.24.1" +springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" -springRetryVersion = "2.0.10" -testngVersion = "7.10.2" -tomcatVersion = "11.0.1" +springRetryVersion = "2.0.0" +testngVersion = "7.4.0" +tomcatVersion = "10.1.5" #test dependencies versions -hamcrestVersion = "3.0" +hamcrestVersion = "2.2" hsqldbVersion = "2.7.3" -junitJupiterVersion = "5.11.0" -junitPlatformVersion = "1.11.0" -mockitoVersion = "5.14.2" -slf4jVersion = "2.0.16" -springTestVersion = "6.1.13" +junitJupiterVersion = "5.9.3" +junitPlatformVersion = "1.9.3" +mockitoVersion = "4.2.0" +slf4jVersion = "1.7.30" +springTestVersion = "6.0.8" spotBugAnnotationVersion = "4.8.6" [libraries] @@ -44,7 +44,7 @@ commons-fileupload = { module = "commons-fileupload:commons-fileupload", version commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } -glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" } +glassfish-jakarta-json = { module = "org.glassfish:javax.json", version.ref = "glassfishJakartaJsonVersion" } glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 2e3e3e25..b3aad0cf 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -9,10 +9,6 @@ import hirs.utils.xjc.ObjectFactory; import hirs.utils.xjc.ResourceCollection; import hirs.utils.xjc.SoftwareIdentity; import hirs.utils.xjc.SoftwareMeta; -import jakarta.json.Json; -import jakarta.json.JsonException; -import jakarta.json.JsonObject; -import jakarta.json.JsonReader; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBElement; import jakarta.xml.bind.JAXBException; @@ -21,6 +17,10 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import javax.json.Json; +import javax.json.JsonException; +import javax.json.JsonObject; +import javax.json.JsonReader; import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dom.DOMStructure; From 548c203c18fe17d6d4f6df45aad99a0962eeeeb3 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Mon, 25 Nov 2024 15:34:27 -0500 Subject: [PATCH 04/34] issue_863: upgrading this slowly but surely --- HIRS_AttestationCA/build.gradle | 24 +---------------- .../persist/entity/UserDefinedEntity.java | 4 +-- HIRS_AttestationCAPortal/build.gradle | 24 ----------------- HIRS_Structs/build.gradle | 24 ----------------- HIRS_Utils/build.gradle | 26 +------------------ build.gradle | 23 ++++++++++++++-- gradle.properties | 2 +- gradle/versions.toml | 22 ++++++++-------- tools/tcg_eventlog_tool/build.gradle | 21 --------------- tools/tcg_rim_tool/build.gradle | 21 --------------- 10 files changed, 37 insertions(+), 154 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 5c245f20..d3f24d91 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -2,7 +2,6 @@ plugins { id 'java' id 'io.spring.dependency-management' version '1.1.0' id 'com.google.protobuf' version '0.9.4' - id 'checkstyle' } java { @@ -64,28 +63,7 @@ dependencies { testCompileOnly libs.lombok testAnnotationProcessor libs.lombok } -checkstyle { - toolVersion = '10.12.7' - configFile file("${rootDir}/config/checkstyle/checkstyle.xml") -} -// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948 -configurations.checkstyle { - resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") { - select("com.google.guava:guava:0") - } -} -checkstyleMain { - source = 'src/main/java' -} -checkstyleTest { - source = 'src/test/java' -} -tasks.withType(Checkstyle) { - reports { - xml.required = false - html.required = true - } -} + protobuf { protoc { artifact = 'com.google.protobuf:protoc:3.24.3' diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java index f061a8f0..fe3dae50 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java @@ -19,10 +19,10 @@ public abstract class UserDefinedEntity extends ArchivableEntity { @Column(nullable = false, unique = true) @NonNull - private String name; + private String name = ""; @ToString.Exclude - @Column(nullable = false, unique = false) + @Column(nullable = false) @NonNull private String description = ""; diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 9f10098a..bec8a53c 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -5,7 +5,6 @@ plugins { id 'com.netflix.nebula.ospackage' version '11.8.0' id 'org.springframework.boot' version '3.0.6' id 'io.spring.dependency-management' version '1.1.0' - id 'checkstyle' } // Get version from main project gradle @@ -71,29 +70,6 @@ dependencies { testAnnotationProcessor libs.lombok } -checkstyle { - toolVersion = '10.12.7' - configFile file("${rootDir}/config/checkstyle/checkstyle.xml") -} -// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948 -configurations.checkstyle { - resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") { - select("com.google.guava:guava:0") - } -} -checkstyleMain { - source = 'src/main/java' -} -checkstyleTest { - source = 'src/test/java' -} -tasks.withType(Checkstyle) { - reports { - xml.required = false - html.required = true - } -} - test { useJUnitPlatform() } diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index d55c57bf..42c44c25 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -1,6 +1,5 @@ plugins { id 'java' - id 'checkstyle' } java { @@ -34,29 +33,6 @@ test { useJUnitPlatform() } -checkstyle { - toolVersion = '10.12.7' - configFile file("${rootDir}/config/checkstyle/checkstyle.xml") -} -// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948 -configurations.checkstyle { - resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") { - select("com.google.guava:guava:0") - } -} -checkstyleMain { - source = 'src/main/java' -} -checkstyleTest { - source = 'src/test/java' -} -tasks.withType(Checkstyle) { - reports { - xml.required = false - html.required = true - } -} - //publishing { // publications { // maven(MavenPublication) { diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 2b58380e..f51a8c78 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -1,6 +1,5 @@ plugins { id 'java' - id 'checkstyle' } // Get version from main project gradle def packVersion = properties.get("packageVersion") @@ -51,34 +50,11 @@ dependencies { testImplementation libs.hamcrest testImplementation libs.mockito.core testImplementation project(path: ':HIRS_AttestationCA') - + testCompileOnly libs.lombok testAnnotationProcessor libs.lombok } -checkstyle { - toolVersion = '10.12.7' - configFile file("${rootDir}/config/checkstyle/checkstyle.xml") -} -// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948 -configurations.checkstyle { - resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") { - select("com.google.guava:guava:0") - } -} -checkstyleMain { - source = 'src/main/java' -} -checkstyleTest { - source = 'src/test/java' -} -tasks.withType(Checkstyle) { - reports { - xml.required = false - html.required = true - } -} - test { useJUnitPlatform() } diff --git a/build.gradle b/build.gradle index 20ff3ab6..86138e28 100644 --- a/build.gradle +++ b/build.gradle @@ -3,7 +3,8 @@ import java.util.concurrent.TimeUnit plugins { // Apply the application plugin to add support for building a CLI application in Java. id 'application' - id 'com.github.spotbugs' version '6.0.4' apply false + id 'com.github.spotbugs' version '6.0.4' + id 'checkstyle' } // Global checkstyle file @@ -12,11 +13,29 @@ ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml" subprojects { apply plugin: "com.github.spotbugs" + checkstyle { + toolVersion = '10.20.0' + configFile file("${rootDir}/config/checkstyle/checkstyle.xml") + } + + checkstyleMain { + source = 'src/main/java' + } + checkstyleTest { + source = 'src/test/java' + } + tasks.withType(Checkstyle).configureEach { + reports { + xml.required = false + html.required = true + } + } + spotbugs { excludeFilter = file('config/spotbugs/spotbugs-exclude.xml') } - tasks.withType(com.github.spotbugs.snom.SpotBugsTask) { + tasks.withType(com.github.spotbugs.snom.SpotBugsTask).configureEach { reports { html.required = true } diff --git a/gradle.properties b/gradle.properties index ebee5b8e..b79ec6e0 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,5 +1,5 @@ excludeGroups=rhel-6,performance includeGroups= org.gradle.daemon=true -org.gradle.jvmargs=-Xms256m -Xmx1024m +org.gradle.jvmargs=-Xms512m -Xmx2048m org.gradle.caching=true \ No newline at end of file diff --git a/gradle/versions.toml b/gradle/versions.toml index 77a3be72..f616dc6f 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -1,9 +1,9 @@ [versions] -bouncyCastleVersion = "1.77" -commonsCodecVersion = "1.15" +bouncyCastleVersion = "1.79" +commonsCodecVersion = "1.17.1" commonsFileUploadVersion = "1.5" -commonsIoVersion = "2.4" -commonsLang3Version = "3.13.0" +commonsIoVersion = "2.18.0" +commonsLang3Version = "3.16.0" gsonVersion = "2.10.1" glassfishJakartaJsonVersion = "1.1.4" glassfishJaxbRuntimeVersion = "2.3.1" @@ -14,7 +14,7 @@ jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.0" jcommanderVersion = "1.83" -log4jVersion = "2.19.0" +log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.1.4" minimalJsonVersion = "0.9.5" @@ -28,17 +28,17 @@ testngVersion = "7.4.0" tomcatVersion = "10.1.5" #test dependencies versions -hamcrestVersion = "2.2" +hamcrestVersion = "3.0" hsqldbVersion = "2.7.3" -junitJupiterVersion = "5.9.3" -junitPlatformVersion = "1.9.3" -mockitoVersion = "4.2.0" -slf4jVersion = "1.7.30" +junitJupiterVersion = "5.11.3" +junitPlatformVersion = "1.11.3" +mockitoVersion = "5.14.2" +slf4jVersion = "2.0.16" springTestVersion = "6.0.8" spotBugAnnotationVersion = "4.8.6" [libraries] -bouncycastle = { module = "org.bouncycastle:bcmail-jdk18on", version.ref = "bouncyCastleVersion" } +bouncycastle = { module = "org.bouncycastle:bcmail-jdk15to18", version.ref = "bouncyCastleVersion" } commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" } commons-fileupload = { module = "commons-fileupload:commons-fileupload", version.ref = "commonsFileUploadVersion" } commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index 82fc3b25..2e535eb0 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -1,7 +1,6 @@ plugins { id "java" id "com.netflix.nebula.ospackage" version "11.4.0" - id 'checkstyle' } // Get version from main project gradle def packVersion = properties.get("packageVersion"); @@ -26,26 +25,6 @@ dependencies { ext.configDir = new File(projectDir, 'config') -checkstyle { - toolVersion = '10.12.7' - configFile file("${rootDir}/config/checkstyle/checkstyle.xml") -} -// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948 -configurations.checkstyle { - resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") { - select("com.google.guava:guava:0") - } -} -checkstyleMain { - source = 'src/main/java' -} -tasks.withType(Checkstyle) { - reports { - xml.required = false - html.required = true - } -} - jar { // Keep jar clean: exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF' diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 3da0d87c..97eed621 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -2,7 +2,6 @@ plugins { id "java" id 'com.netflix.nebula.ospackage' version '11.4.0' id 'com.intershop.gradle.jaxb' version '5.1.0' - id 'checkstyle' } // Get version from main project gradle @@ -48,26 +47,6 @@ test { testLogging.showStandardStreams true } -checkstyle { - toolVersion = '10.12.7' - configFile file("${rootDir}/config/checkstyle/checkstyle.xml") -} -// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948 -configurations.checkstyle { - resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") { - select("com.google.guava:guava:0") - } -} -checkstyleMain { - source = 'src/main/java' -} -tasks.withType(Checkstyle) { - reports { - xml.required = false - html.required = true - } -} - jar { exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF' duplicatesStrategy = DuplicatesStrategy.EXCLUDE From d831d021232690d3f6302144352c6f6f797f8145 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 14:37:57 -0500 Subject: [PATCH 05/34] issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes. --- HIRS_AttestationCA/build.gradle | 7 ----- HIRS_AttestationCAPortal/build.gradle | 1 - HIRS_Structs/build.gradle | 12 -------- HIRS_Utils/build.gradle | 10 ------- build.gradle | 16 ++++++++-- gradle.properties | 5 ++-- gradle/versions.toml | 30 +++++++++---------- tools/tcg_eventlog_tool/build.gradle | 7 ----- tools/tcg_rim_tool/build.gradle | 7 ----- .../main/java/hirs/swid/SwidTagGateway.java | 8 ++--- 10 files changed, 36 insertions(+), 67 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index d3f24d91..7fbcbdea 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -1,15 +1,8 @@ plugins { - id 'java' id 'io.spring.dependency-management' version '1.1.0' id 'com.google.protobuf' version '0.9.4' } -java { - toolchain { - languageVersion = JavaLanguageVersion.of(17) - } -} - repositories { mavenCentral() diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index bec8a53c..914afa26 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -1,6 +1,5 @@ plugins { id 'application' - id 'java' id 'war' id 'com.netflix.nebula.ospackage' version '11.8.0' id 'org.springframework.boot' version '3.0.6' diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index 42c44c25..25795719 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -1,13 +1,3 @@ -plugins { - id 'java' -} - -java { - toolchain { - languageVersion = JavaLanguageVersion.of(17) - } -} - repositories { mavenCentral() @@ -41,5 +31,3 @@ test { // } // } //} - - diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index f51a8c78..8e3aae77 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -1,18 +1,8 @@ -plugins { - id 'java' -} // Get version from main project gradle def packVersion = properties.get("packageVersion") def jarVersion = properties.get("jarVersion") //println "packageVersion is ${projVersion}" - -java { - toolchain { - languageVersion = JavaLanguageVersion.of(17) - } -} - repositories { mavenCentral() flatDir { dirs "lib" } diff --git a/build.gradle b/build.gradle index 86138e28..f554b504 100644 --- a/build.gradle +++ b/build.gradle @@ -1,10 +1,13 @@ +import com.github.spotbugs.snom.SpotBugsTask + import java.util.concurrent.TimeUnit plugins { // Apply the application plugin to add support for building a CLI application in Java. id 'application' - id 'com.github.spotbugs' version '6.0.4' + id 'com.github.spotbugs' version '6.0.4' apply false id 'checkstyle' + id 'java' } // Global checkstyle file @@ -12,6 +15,14 @@ ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml" subprojects { apply plugin: "com.github.spotbugs" + apply plugin: "java" + apply plugin: "checkstyle" + + java { + toolchain { + languageVersion = JavaLanguageVersion.of(17) + } + } checkstyle { toolVersion = '10.20.0' @@ -24,6 +35,7 @@ subprojects { checkstyleTest { source = 'src/test/java' } + tasks.withType(Checkstyle).configureEach { reports { xml.required = false @@ -35,7 +47,7 @@ subprojects { excludeFilter = file('config/spotbugs/spotbugs-exclude.xml') } - tasks.withType(com.github.spotbugs.snom.SpotBugsTask).configureEach { + tasks.withType(SpotBugsTask).configureEach { reports { html.required = true } diff --git a/gradle.properties b/gradle.properties index b79ec6e0..066b32fe 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,5 +1,6 @@ excludeGroups=rhel-6,performance includeGroups= org.gradle.daemon=true -org.gradle.jvmargs=-Xms512m -Xmx2048m -org.gradle.caching=true \ No newline at end of file +org.gradle.jvmargs=-Xms1g -Xmx4g +org.gradle.caching=true +org.gradle.parallel=true \ No newline at end of file diff --git a/gradle/versions.toml b/gradle/versions.toml index f616dc6f..b4a34f49 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -3,29 +3,29 @@ bouncyCastleVersion = "1.79" commonsCodecVersion = "1.17.1" commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" -commonsLang3Version = "3.16.0" -gsonVersion = "2.10.1" -glassfishJakartaJsonVersion = "1.1.4" -glassfishJaxbRuntimeVersion = "2.3.1" -guavaVersion = "31.1-jre" +commonsLang3Version = "3.17.0" +gsonVersion = "2.11.0" +glassfishJakartaJsonVersion = "2.0.1" +glassfishJaxbRuntimeVersion = "4.0.5" +guavaVersion = "33.3.0-jre" hibernateCoreVersion = "6.1.7.Final" -jacksonVersion = "2.14.2" -jakartaPersistenceApiVersion = "3.1.0" -jakartaServletVersion = "3.0.0" -jakartaXmlVersion = "4.0.0" -jcommanderVersion = "1.83" +jacksonVersion = "2.17.2" +jakartaPersistenceApiVersion = "3.2.0" +jakartaServletVersion = "3.0.1" +jakartaXmlVersion = "4.0.2" +jcommanderVersion = "2.0" log4jVersion = "2.24.2" lombokVersion = "1.18.34" -mariadbVersion = "3.1.4" +mariadbVersion = "3.4.0" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" -protobufJavaVersion = "3.24.1" +protobufJavaVersion = "3.25.5" springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" -testngVersion = "7.4.0" -tomcatVersion = "10.1.5" +testngVersion = "7.10.2" +tomcatVersion = "11.0.1" #test dependencies versions hamcrestVersion = "3.0" @@ -44,7 +44,7 @@ commons-fileupload = { module = "commons-fileupload:commons-fileupload", version commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } -glassfish-jakarta-json = { module = "org.glassfish:javax.json", version.ref = "glassfishJakartaJsonVersion" } +glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" } glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index 2e535eb0..cc664763 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -1,17 +1,10 @@ plugins { - id "java" id "com.netflix.nebula.ospackage" version "11.4.0" } // Get version from main project gradle def packVersion = properties.get("packageVersion"); def jarVersion = properties.get("jarVersion"); -java { - toolchain { - languageVersion = JavaLanguageVersion.of(17) - } -} - repositories { mavenCentral() flatDir { dirs "lib" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 97eed621..af335903 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -1,5 +1,4 @@ plugins { - id "java" id 'com.netflix.nebula.ospackage' version '11.4.0' id 'com.intershop.gradle.jaxb' version '5.1.0' } @@ -8,12 +7,6 @@ plugins { def packVersion = properties.get("packageVersion"); def jarVersion = properties.get("jarVersion"); -java { - toolchain { - languageVersion = JavaLanguageVersion.of(17) - } -} - repositories { mavenCentral() flatDir { dirs "lib" } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index b3aad0cf..2e3e3e25 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -9,6 +9,10 @@ import hirs.utils.xjc.ObjectFactory; import hirs.utils.xjc.ResourceCollection; import hirs.utils.xjc.SoftwareIdentity; import hirs.utils.xjc.SoftwareMeta; +import jakarta.json.Json; +import jakarta.json.JsonException; +import jakarta.json.JsonObject; +import jakarta.json.JsonReader; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBElement; import jakarta.xml.bind.JAXBException; @@ -17,10 +21,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import javax.json.Json; -import javax.json.JsonException; -import javax.json.JsonObject; -import javax.json.JsonReader; import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dom.DOMStructure; From fea59607f0470decf0b42b0ddef84cb69b3a59a3 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 14:57:32 -0500 Subject: [PATCH 06/34] issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) --- gradle/versions.toml | 6 +++--- .../src/main/java/hirs/swid/SwidTagGateway.java | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index b4a34f49..91d5c1a1 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -5,8 +5,8 @@ commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" commonsLang3Version = "3.17.0" gsonVersion = "2.11.0" -glassfishJakartaJsonVersion = "2.0.1" -glassfishJaxbRuntimeVersion = "4.0.5" +glassfishJakartaJsonVersion = "1.1.4" +glassfishJaxbRuntimeVersion = "2.3.1" guavaVersion = "33.3.0-jre" hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.17.2" @@ -44,7 +44,7 @@ commons-fileupload = { module = "commons-fileupload:commons-fileupload", version commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } -glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" } +glassfish-jakarta-json = { module = "org.glassfish:javax.json", version.ref = "glassfishJakartaJsonVersion" } glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 2e3e3e25..b3aad0cf 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -9,10 +9,6 @@ import hirs.utils.xjc.ObjectFactory; import hirs.utils.xjc.ResourceCollection; import hirs.utils.xjc.SoftwareIdentity; import hirs.utils.xjc.SoftwareMeta; -import jakarta.json.Json; -import jakarta.json.JsonException; -import jakarta.json.JsonObject; -import jakarta.json.JsonReader; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBElement; import jakarta.xml.bind.JAXBException; @@ -21,6 +17,10 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import javax.json.Json; +import javax.json.JsonException; +import javax.json.JsonObject; +import javax.json.JsonReader; import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dom.DOMStructure; From 3c0b2cbce562017479f10f7c2febb8d23869b8f0 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:15:57 -0500 Subject: [PATCH 07/34] issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) partIII --- gradle/versions.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 91d5c1a1..bd012b7f 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -3,7 +3,7 @@ bouncyCastleVersion = "1.79" commonsCodecVersion = "1.17.1" commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" -commonsLang3Version = "3.17.0" +commonsLang3Version = "3.16.0" gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "1.1.4" glassfishJaxbRuntimeVersion = "2.3.1" @@ -13,10 +13,10 @@ jacksonVersion = "2.17.2" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.1" jakartaXmlVersion = "4.0.2" -jcommanderVersion = "2.0" +jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" -mariadbVersion = "3.4.0" +mariadbVersion = "3.1.4" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" @@ -25,7 +25,7 @@ springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" testngVersion = "7.10.2" -tomcatVersion = "11.0.1" +tomcatVersion = "10.1.5" #test dependencies versions hamcrestVersion = "3.0" From 3698ffc63a799e542f934a63cdfe705433a5a3d6 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:30:09 -0500 Subject: [PATCH 08/34] issue_863: Part IV of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) --- gradle/versions.toml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index bd012b7f..f616dc6f 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -4,15 +4,15 @@ commonsCodecVersion = "1.17.1" commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" commonsLang3Version = "3.16.0" -gsonVersion = "2.11.0" +gsonVersion = "2.10.1" glassfishJakartaJsonVersion = "1.1.4" glassfishJaxbRuntimeVersion = "2.3.1" -guavaVersion = "33.3.0-jre" +guavaVersion = "31.1-jre" hibernateCoreVersion = "6.1.7.Final" -jacksonVersion = "2.17.2" -jakartaPersistenceApiVersion = "3.2.0" -jakartaServletVersion = "3.0.1" -jakartaXmlVersion = "4.0.2" +jacksonVersion = "2.14.2" +jakartaPersistenceApiVersion = "3.1.0" +jakartaServletVersion = "3.0.0" +jakartaXmlVersion = "4.0.0" jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" @@ -20,11 +20,11 @@ mariadbVersion = "3.1.4" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" -protobufJavaVersion = "3.25.5" +protobufJavaVersion = "3.24.1" springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" -testngVersion = "7.10.2" +testngVersion = "7.4.0" tomcatVersion = "10.1.5" #test dependencies versions From e70cdbcea162c558c8e7d73a56cb6094d8073cd8 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:40:45 -0500 Subject: [PATCH 09/34] issue_863: Part V of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) --- gradle/versions.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index f616dc6f..da0a7178 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -9,10 +9,10 @@ glassfishJakartaJsonVersion = "1.1.4" glassfishJaxbRuntimeVersion = "2.3.1" guavaVersion = "31.1-jre" hibernateCoreVersion = "6.1.7.Final" -jacksonVersion = "2.14.2" -jakartaPersistenceApiVersion = "3.1.0" -jakartaServletVersion = "3.0.0" -jakartaXmlVersion = "4.0.0" +jacksonVersion = "2.17.2" +jakartaPersistenceApiVersion = "3.2.0" +jakartaServletVersion = "3.0.1" +jakartaXmlVersion = "4.0.2" jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" From cd7a7e198872128d4ccc8230588bea37fe4bd78b Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:54:22 -0500 Subject: [PATCH 10/34] issue_863: Part VI of updating dependencies slowly --- gradle/versions.toml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index da0a7178..cc8fc4b7 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -7,12 +7,12 @@ commonsLang3Version = "3.16.0" gsonVersion = "2.10.1" glassfishJakartaJsonVersion = "1.1.4" glassfishJaxbRuntimeVersion = "2.3.1" -guavaVersion = "31.1-jre" +guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.1.7.Final" -jacksonVersion = "2.17.2" -jakartaPersistenceApiVersion = "3.2.0" -jakartaServletVersion = "3.0.1" -jakartaXmlVersion = "4.0.2" +jacksonVersion = "2.18.0" +jakartaPersistenceApiVersion = "3.1.0" +jakartaServletVersion = "3.0.0" +jakartaXmlVersion = "4.0.0" jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" From 7b0486f266d375992314f689b7786a5da1b4f87a Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 16:07:51 -0500 Subject: [PATCH 11/34] issue_863: Part VII of updating dependencies --- gradle/versions.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index cc8fc4b7..1e1ea85e 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -3,10 +3,10 @@ bouncyCastleVersion = "1.79" commonsCodecVersion = "1.17.1" commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" -commonsLang3Version = "3.16.0" -gsonVersion = "2.10.1" +commonsLang3Version = "3.17.0" +gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "1.1.4" -glassfishJaxbRuntimeVersion = "2.3.1" +glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.18.0" @@ -16,7 +16,7 @@ jakartaXmlVersion = "4.0.0" jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" -mariadbVersion = "3.1.4" +mariadbVersion = "3.4.0" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" From 637ec53940c1d89f26b37655c36de5eb766572bd Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 16:18:17 -0500 Subject: [PATCH 12/34] issue_863: Part 8 of updating dependencies --- gradle/versions.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 1e1ea85e..c3957549 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -13,19 +13,19 @@ jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.0" -jcommanderVersion = "1.83" +jcommanderVersion = "2.0" log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.4.0" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" -protobufJavaVersion = "3.24.1" +protobufJavaVersion = "3.25.5" springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" -testngVersion = "7.4.0" -tomcatVersion = "10.1.5" +testngVersion = "7.10.2" +tomcatVersion = "11.0.1" #test dependencies versions hamcrestVersion = "3.0" From 7cef3ac49556fae1d4377d8ea36581723e4e74fc Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 16:27:46 -0500 Subject: [PATCH 13/34] issue_863: Part 9 of updating dependencies --- gradle/versions.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index c3957549..4206771a 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -13,18 +13,18 @@ jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.0" -jcommanderVersion = "2.0" +jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.4.0" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" -protobufJavaVersion = "3.25.5" +protobufJavaVersion = "4.28.3" springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" -testngVersion = "7.10.2" +testngVersion = "7.4.0" tomcatVersion = "11.0.1" #test dependencies versions From 17375bcf0067a734fedf6212093fde23b6f13c5a Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 16:35:41 -0500 Subject: [PATCH 14/34] issue_863: Part 10 of updating dependencies --- gradle/versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 4206771a..6b151854 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -25,7 +25,7 @@ springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" testngVersion = "7.4.0" -tomcatVersion = "11.0.1" +tomcatVersion = "10.1.5" #test dependencies versions hamcrestVersion = "3.0" From 77a31fef3c375c1ce66f7f53a7d85cd2e21e27fa Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 17:05:28 -0500 Subject: [PATCH 15/34] issue_863: Part 12 of updating dependencies --- gradle/versions.toml | 10 +++++----- .../src/main/java/hirs/swid/SwidTagGateway.java | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 6b151854..2bf5e060 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -5,15 +5,15 @@ commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" commonsLang3Version = "3.17.0" gsonVersion = "2.11.0" -glassfishJakartaJsonVersion = "1.1.4" +glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.1.0" -jakartaServletVersion = "3.0.0" -jakartaXmlVersion = "4.0.0" -jcommanderVersion = "1.83" +jakartaServletVersion = "3.0.1" +jakartaXmlVersion = "4.0.2" +jcommanderVersion = "2.0" log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.4.0" @@ -44,7 +44,7 @@ commons-fileupload = { module = "commons-fileupload:commons-fileupload", version commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } -glassfish-jakarta-json = { module = "org.glassfish:javax.json", version.ref = "glassfishJakartaJsonVersion" } +glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" } glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index b3aad0cf..2e3e3e25 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -9,6 +9,10 @@ import hirs.utils.xjc.ObjectFactory; import hirs.utils.xjc.ResourceCollection; import hirs.utils.xjc.SoftwareIdentity; import hirs.utils.xjc.SoftwareMeta; +import jakarta.json.Json; +import jakarta.json.JsonException; +import jakarta.json.JsonObject; +import jakarta.json.JsonReader; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBElement; import jakarta.xml.bind.JAXBException; @@ -17,10 +21,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import javax.json.Json; -import javax.json.JsonException; -import javax.json.JsonObject; -import javax.json.JsonReader; import javax.xml.crypto.MarshalException; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dom.DOMStructure; From 8d62d85d22ae91f8de36465d8c7a7c6afbfd4224 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 17:12:31 -0500 Subject: [PATCH 16/34] issue_863: Part 13 of updating dependencies --- gradle/versions.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 2bf5e060..72c6c4e7 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -11,9 +11,9 @@ guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.1.0" -jakartaServletVersion = "3.0.1" -jakartaXmlVersion = "4.0.2" -jcommanderVersion = "2.0" +jakartaServletVersion = "3.0.0" +jakartaXmlVersion = "4.0.0" +jcommanderVersion = "1.83" log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.4.0" From d396ace4393d836a02d69657c121f6dc2e2e8b87 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 17:21:27 -0500 Subject: [PATCH 17/34] issue_863: Part 14 of updating dependencies --- gradle/versions.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 72c6c4e7..dfaad75c 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -12,8 +12,8 @@ hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" -jakartaXmlVersion = "4.0.0" -jcommanderVersion = "1.83" +jakartaXmlVersion = "4.0.2" +jcommanderVersion = "1.85" log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.4.0" From c8d53cd037c6ba92b4734c3392ae48a0304c5382 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 17:32:28 -0500 Subject: [PATCH 18/34] issue_863: Part 15 of updating dependencies --- gradle/versions.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index dfaad75c..7410dd2a 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -10,7 +10,7 @@ glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.18.0" -jakartaPersistenceApiVersion = "3.1.0" +jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "1.85" @@ -24,7 +24,7 @@ protobufJavaVersion = "4.28.3" springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" -testngVersion = "7.4.0" +testngVersion = "7.10.2" tomcatVersion = "10.1.5" #test dependencies versions From 8008c4df74cd81e3c51e690d33ae1d9a146348c6 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 17:45:57 -0500 Subject: [PATCH 19/34] issue_863: Updating tomcat core. --- gradle/versions.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index 7410dd2a..05fa2f76 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -25,7 +25,7 @@ springBootVersion = "3.0.1" springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" testngVersion = "7.10.2" -tomcatVersion = "10.1.5" +tomcatVersion = "10.1.33" #test dependencies versions hamcrestVersion = "3.0" From bc25d6a1497d281c39cbbaf56f3fb4b11fe7dba5 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 19:08:04 -0500 Subject: [PATCH 20/34] issue_863: removed some critical vulnerable dependencies --- HIRS_AttestationCA/build.gradle | 11 +++++++++-- HIRS_AttestationCAPortal/build.gradle | 10 +++++++++- HIRS_Utils/build.gradle | 10 +++++++++- gradle/versions.toml | 4 ++-- 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 7fbcbdea..4436ca81 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -33,9 +33,16 @@ dependencies { implementation libs.log4j.api implementation libs.log4j.core implementation libs.minimal.json - implementation libs.pci + + // pull the pci dependency and ... + implementation(libs.pci) { + // replace the default apache http client transitive dependency + exclude group: 'org.apache.httpcomponents', module: 'httpclient' + } + // with the non-vulnerable version of the apache http client dependency + implementation libs.apacheHttpClient + implementation libs.protobuf.java - implementation libs.spring.data.jpa.datatables implementation libs.spring.boot.starter.data.jpa implementation libs.spring.retry implementation libs.spring.boot.starter.web diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 914afa26..b7acec46 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -49,7 +49,15 @@ dependencies { implementation libs.jakarta.xml implementation libs.log4j.spring.boot implementation libs.mariadb.java.client - implementation libs.pci + + // pull the pci dependency and ... + implementation(libs.pci) { + // replace the default apache http client transitive dependency + exclude group: 'org.apache.httpcomponents', module: 'httpclient' + } + // with the non-vulnerable version of the apache http client dependency + implementation libs.apacheHttpClient + implementation libs.spring.boot.starter.web implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 8e3aae77..26bcb752 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -29,7 +29,15 @@ dependencies { implementation libs.log4j.core implementation libs.log4j.api implementation libs.minimal.json - implementation libs.pci + + // pull the pci dependency and ... + implementation(libs.pci) { + // replace the default apache http client transitive dependency + exclude group: 'org.apache.httpcomponents', module: 'httpclient' + } + // with the non-vulnerable version of the apache http client dependency + implementation libs.apacheHttpClient + implementation libs.slf4j.simple compileOnly libs.lombok diff --git a/gradle/versions.toml b/gradle/versions.toml index 05fa2f76..d441e33a 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -1,4 +1,5 @@ [versions] +apacheHttpClientVersion = "4.5.14" bouncyCastleVersion = "1.79" commonsCodecVersion = "1.17.1" commonsFileUploadVersion = "1.5" @@ -22,7 +23,6 @@ ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" springBootVersion = "3.0.1" -springDataJpaDatatablesVersion = "6.0.1" springRetryVersion = "2.0.0" testngVersion = "7.10.2" tomcatVersion = "10.1.33" @@ -38,6 +38,7 @@ springTestVersion = "6.0.8" spotBugAnnotationVersion = "4.8.6" [libraries] +apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" } bouncycastle = { module = "org.bouncycastle:bcmail-jdk15to18", version.ref = "bouncyCastleVersion" } commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" } commons-fileupload = { module = "commons-fileupload:commons-fileupload", version.ref = "commonsFileUploadVersion" } @@ -69,7 +70,6 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" } spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" } -spring-data-jpa-datatables = { module = "com.github.darrachequesne:spring-data-jpa-datatables", version.ref = "springDataJpaDatatablesVersion" } spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } testng = { module = "org.testng:testng", version.ref = "testngVersion" } From 4798b16a47d5acc2af27e555093deb440b7b983f Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 19:49:30 -0500 Subject: [PATCH 21/34] issue_863: updated spring boot version. second try at it. --- HIRS_AttestationCA/build.gradle | 6 ------ HIRS_AttestationCAPortal/build.gradle | 7 +------ HIRS_Structs/build.gradle | 6 ------ HIRS_Utils/build.gradle | 7 +------ build.gradle | 5 +++++ gradle/versions.toml | 8 ++++---- tools/tcg_eventlog_tool/build.gradle | 5 ----- tools/tcg_rim_tool/build.gradle | 5 ----- 8 files changed, 11 insertions(+), 38 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 4436ca81..42d0fa7f 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -3,12 +3,6 @@ plugins { id 'com.google.protobuf' version '0.9.4' } -repositories { - mavenCentral() - - flatDir { dirs "lib" } -} - configurations { compileOnly { extendsFrom annotationProcessor diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index b7acec46..65ab00ed 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -2,7 +2,7 @@ plugins { id 'application' id 'war' id 'com.netflix.nebula.ospackage' version '11.8.0' - id 'org.springframework.boot' version '3.0.6' + id 'org.springframework.boot' version '3.3.5' id 'io.spring.dependency-management' version '1.1.0' } @@ -31,11 +31,6 @@ configurations { all*.exclude module: 'spring-boot-starter-logging' } -repositories { - flatDir { dirs "lib" } - mavenCentral() -} - dependencies { implementation project(':HIRS_Utils') implementation project(':HIRS_AttestationCA') diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index 25795719..46630b14 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -1,9 +1,3 @@ -repositories { - mavenCentral() - - flatDir { dirs "lib" } -} - dependencies { implementation libs.commons.lang3 diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 26bcb752..44e7a6b4 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -3,11 +3,6 @@ def packVersion = properties.get("packageVersion") def jarVersion = properties.get("jarVersion") //println "packageVersion is ${projVersion}" -repositories { - mavenCentral() - flatDir { dirs "lib" } -} - configurations { compileOnly { extendsFrom annotationProcessor @@ -37,7 +32,7 @@ dependencies { } // with the non-vulnerable version of the apache http client dependency implementation libs.apacheHttpClient - + implementation libs.slf4j.simple compileOnly libs.lombok diff --git a/build.gradle b/build.gradle index f554b504..b7eec514 100644 --- a/build.gradle +++ b/build.gradle @@ -18,6 +18,11 @@ subprojects { apply plugin: "java" apply plugin: "checkstyle" + repositories { + flatDir { dirs "lib" } + mavenCentral() + } + java { toolchain { languageVersion = JavaLanguageVersion.of(17) diff --git a/gradle/versions.toml b/gradle/versions.toml index d441e33a..a0d685f9 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -9,7 +9,7 @@ gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" -hibernateCoreVersion = "6.1.7.Final" +hibernateCoreVersion = "6.6.2.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" @@ -22,8 +22,8 @@ minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" -springBootVersion = "3.0.1" -springRetryVersion = "2.0.0" +springBootVersion = "3.3.5" +springRetryVersion = "2.0.10" testngVersion = "7.10.2" tomcatVersion = "10.1.33" @@ -34,7 +34,7 @@ junitJupiterVersion = "5.11.3" junitPlatformVersion = "1.11.3" mockitoVersion = "5.14.2" slf4jVersion = "2.0.16" -springTestVersion = "6.0.8" +springTestVersion = "6.1.15" spotBugAnnotationVersion = "4.8.6" [libraries] diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index cc664763..756214ed 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -5,11 +5,6 @@ plugins { def packVersion = properties.get("packageVersion"); def jarVersion = properties.get("jarVersion"); -repositories { - mavenCentral() - flatDir { dirs "lib" } -} - dependencies { implementation project(':HIRS_Utils') implementation libs.commons.io diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index af335903..d92ba70a 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -7,11 +7,6 @@ plugins { def packVersion = properties.get("packageVersion"); def jarVersion = properties.get("jarVersion"); -repositories { - mavenCentral() - flatDir { dirs "lib" } -} - dependencies { implementation project(':HIRS_Utils') From e32a9b66dbcf9bb9bf0f00132dc8f33fbd303c8e Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 26 Nov 2024 20:07:14 -0500 Subject: [PATCH 22/34] issue_863: undid spring update. need to figure out how to smoothly transition to newer spring. --- HIRS_AttestationCAPortal/build.gradle | 2 +- gradle/versions.toml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 65ab00ed..e68d1733 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -2,7 +2,7 @@ plugins { id 'application' id 'war' id 'com.netflix.nebula.ospackage' version '11.8.0' - id 'org.springframework.boot' version '3.3.5' + id 'org.springframework.boot' version '3.0.1' id 'io.spring.dependency-management' version '1.1.0' } diff --git a/gradle/versions.toml b/gradle/versions.toml index a0d685f9..d441e33a 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -9,7 +9,7 @@ gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" -hibernateCoreVersion = "6.6.2.Final" +hibernateCoreVersion = "6.1.7.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" @@ -22,8 +22,8 @@ minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" -springBootVersion = "3.3.5" -springRetryVersion = "2.0.10" +springBootVersion = "3.0.1" +springRetryVersion = "2.0.0" testngVersion = "7.10.2" tomcatVersion = "10.1.33" @@ -34,7 +34,7 @@ junitJupiterVersion = "5.11.3" junitPlatformVersion = "1.11.3" mockitoVersion = "5.14.2" slf4jVersion = "2.0.16" -springTestVersion = "6.1.15" +springTestVersion = "6.0.8" spotBugAnnotationVersion = "4.8.6" [libraries] From a57cd0964974a6aed345ec49be58c47d89ca2589 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:32:21 -0500 Subject: [PATCH 23/34] issue_863: updated spring boot, hibernate, and spring retry. Removed an unused dependency. --- HIRS_AttestationCAPortal/build.gradle | 15 ++++----------- gradle/versions.toml | 8 +++----- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index e68d1733..a1223ed9 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -2,22 +2,16 @@ plugins { id 'application' id 'war' id 'com.netflix.nebula.ospackage' version '11.8.0' - id 'org.springframework.boot' version '3.0.1' + id 'org.springframework.boot' version '3.0.8' id 'io.spring.dependency-management' version '1.1.0' } // Get version from main project gradle -def packVersion = properties.get("packageVersion"); -def jarVersion = properties.get("jarVersion"); -def projVersion = properties.get("projVersion"); +def packVersion = properties.get("packageVersion") +def jarVersion = properties.get("jarVersion") +def projVersion = properties.get("projVersion") //println "packageVersion is ${projVersion}" -java { - toolchain { - languageVersion = JavaLanguageVersion.of(17) - } -} - bootRun { if (project.hasProperty('debug')) { jvmArgs project.debug @@ -36,7 +30,6 @@ dependencies { implementation project(':HIRS_AttestationCA') implementation libs.bouncycastle - implementation libs.commons.fileupload implementation libs.gson implementation libs.guava implementation libs.jakarta.persistence.api diff --git a/gradle/versions.toml b/gradle/versions.toml index d441e33a..4a2f203c 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -2,14 +2,13 @@ apacheHttpClientVersion = "4.5.14" bouncyCastleVersion = "1.79" commonsCodecVersion = "1.17.1" -commonsFileUploadVersion = "1.5" commonsIoVersion = "2.18.0" commonsLang3Version = "3.17.0" gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" -hibernateCoreVersion = "6.1.7.Final" +hibernateCoreVersion = "6.2.32.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" @@ -22,8 +21,8 @@ minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" -springBootVersion = "3.0.1" -springRetryVersion = "2.0.0" +springBootVersion = "3.0.8" +springRetryVersion = "2.0.10" testngVersion = "7.10.2" tomcatVersion = "10.1.33" @@ -41,7 +40,6 @@ spotBugAnnotationVersion = "4.8.6" apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" } bouncycastle = { module = "org.bouncycastle:bcmail-jdk15to18", version.ref = "bouncyCastleVersion" } commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" } -commons-fileupload = { module = "commons-fileupload:commons-fileupload", version.ref = "commonsFileUploadVersion" } commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } From 028a52183c7ab99c60cbcd9d4b860cc8730ba8b6 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:05:42 -0500 Subject: [PATCH 24/34] issue_863: removed unused dependencies and am currently resolving critical vulnerable dependendcies --- HIRS_AttestationCAPortal/build.gradle | 10 ++++------ build.gradle | 4 +++- gradle/versions.toml | 2 -- tools/tcg_rim_tool/build.gradle | 1 - 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index a1223ed9..47529409 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -31,12 +31,9 @@ dependencies { implementation libs.bouncycastle implementation libs.gson - implementation libs.guava implementation libs.jakarta.persistence.api - implementation libs.jakarta.servlet implementation libs.jakarta.xml implementation libs.log4j.spring.boot - implementation libs.mariadb.java.client // pull the pci dependency and ... implementation(libs.pci) { @@ -49,20 +46,21 @@ dependencies { implementation libs.spring.boot.starter.web implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa - implementation libs.spring.boot.starter.log4j2 - implementation libs.tomcat.embed.jasper + runtimeOnly libs.tomcat.embed.jasper compileOnly libs.lombok annotationProcessor libs.lombok providedRuntime libs.spring.boot.starter.tomcat + runtimeOnly libs.mariadb.java.client testImplementation libs.junit.jupiter - testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok + + testRuntimeOnly libs.hsqldb } test { diff --git a/build.gradle b/build.gradle index b7eec514..9c2150e4 100644 --- a/build.gradle +++ b/build.gradle @@ -5,8 +5,9 @@ import java.util.concurrent.TimeUnit plugins { // Apply the application plugin to add support for building a CLI application in Java. id 'application' - id 'com.github.spotbugs' version '6.0.4' apply false + id 'com.autonomousapps.dependency-analysis' version "2.5.0" id 'checkstyle' + id 'com.github.spotbugs' version "6.0.4" apply false id 'java' } @@ -14,6 +15,7 @@ plugins { ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml") subprojects { + apply plugin: 'com.autonomousapps.dependency-analysis' apply plugin: "com.github.spotbugs" apply plugin: "java" apply plugin: "checkstyle" diff --git a/gradle/versions.toml b/gradle/versions.toml index 4a2f203c..f4e668b7 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -11,7 +11,6 @@ guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.2.32.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.2.0" -jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "1.85" log4jVersion = "2.24.2" @@ -50,7 +49,6 @@ hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hiber jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" } jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" } jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" } -jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index d92ba70a..d41567b4 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -14,7 +14,6 @@ dependencies { implementation libs.commons.codec implementation libs.glassfish.jakarta.json implementation libs.glassfish.jaxb.runtime - implementation libs.guava implementation libs.hibernate.core implementation libs.jcommander implementation libs.jackson.databind From 301689ddb6cde346bd2dd53f1e471e23f33c372d Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:53:35 -0500 Subject: [PATCH 25/34] issue_863: reverted changes from last commit. let's see if that makes a difference --- HIRS_AttestationCAPortal/build.gradle | 9 ++++++--- build.gradle | 8 ++------ gradle/versions.toml | 2 ++ tools/tcg_rim_tool/build.gradle | 2 ++ 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 47529409..03e8190c 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -30,8 +30,10 @@ dependencies { implementation project(':HIRS_AttestationCA') implementation libs.bouncycastle + implementation libs.guava implementation libs.gson implementation libs.jakarta.persistence.api + implementation libs.jakarta.servlet implementation libs.jakarta.xml implementation libs.log4j.spring.boot @@ -43,24 +45,25 @@ dependencies { // with the non-vulnerable version of the apache http client dependency implementation libs.apacheHttpClient + implementation libs.mariadb.java.client implementation libs.spring.boot.starter.web implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa - runtimeOnly libs.tomcat.embed.jasper + implementation libs.spring.boot.starter.log4j2 + implementation libs.tomcat.embed.jasper compileOnly libs.lombok annotationProcessor libs.lombok providedRuntime libs.spring.boot.starter.tomcat - runtimeOnly libs.mariadb.java.client testImplementation libs.junit.jupiter + testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok - testRuntimeOnly libs.hsqldb } test { diff --git a/build.gradle b/build.gradle index 9c2150e4..258a2b9e 100644 --- a/build.gradle +++ b/build.gradle @@ -1,13 +1,10 @@ -import com.github.spotbugs.snom.SpotBugsTask - import java.util.concurrent.TimeUnit plugins { // Apply the application plugin to add support for building a CLI application in Java. id 'application' - id 'com.autonomousapps.dependency-analysis' version "2.5.0" id 'checkstyle' - id 'com.github.spotbugs' version "6.0.4" apply false + id 'com.github.spotbugs' version '6.0.4' apply false id 'java' } @@ -15,7 +12,6 @@ plugins { ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml") subprojects { - apply plugin: 'com.autonomousapps.dependency-analysis' apply plugin: "com.github.spotbugs" apply plugin: "java" apply plugin: "checkstyle" @@ -54,7 +50,7 @@ subprojects { excludeFilter = file('config/spotbugs/spotbugs-exclude.xml') } - tasks.withType(SpotBugsTask).configureEach { + tasks.withType(com.github.spotbugs.snom.SpotBugsTask).configureEach { reports { html.required = true } diff --git a/gradle/versions.toml b/gradle/versions.toml index f4e668b7..4a2f203c 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -11,6 +11,7 @@ guavaVersion = "33.3.1-jre" hibernateCoreVersion = "6.2.32.Final" jacksonVersion = "2.18.0" jakartaPersistenceApiVersion = "3.2.0" +jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "1.85" log4jVersion = "2.24.2" @@ -49,6 +50,7 @@ hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hiber jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" } jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" } jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" } +jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index d41567b4..9a1ac809 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -10,10 +10,12 @@ def jarVersion = properties.get("jarVersion"); dependencies { implementation project(':HIRS_Utils') + implementation libs.bouncycastle implementation libs.commons.codec implementation libs.glassfish.jakarta.json implementation libs.glassfish.jaxb.runtime + implementation libs.guava implementation libs.hibernate.core implementation libs.jcommander implementation libs.jackson.databind From 1c39f8d9d525029ba236b8c74f135cf3d5068671 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Tue, 17 Dec 2024 14:58:41 -0500 Subject: [PATCH 26/34] issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. --- HIRS_AttestationCA/build.gradle | 20 ++++++++------------ HIRS_AttestationCAPortal/build.gradle | 13 +++++++------ HIRS_Structs/build.gradle | 5 +---- HIRS_Utils/build.gradle | 12 ++++-------- build.gradle | 4 +++- gradle.properties | 3 +-- gradle/versions.toml | 23 +++++------------------ gradle/wrapper/gradle-wrapper.properties | 2 +- tools/tcg_rim_tool/build.gradle | 4 ++-- 9 files changed, 32 insertions(+), 54 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 42d0fa7f..be30e03a 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -1,5 +1,5 @@ plugins { - id 'io.spring.dependency-management' version '1.1.0' + id 'io.spring.dependency-management' version '1.1.2' id 'com.google.protobuf' version '0.9.4' } @@ -18,28 +18,28 @@ dependencies { implementation libs.commons.codec implementation libs.commons.io implementation libs.commons.lang3 - implementation libs.hibernate.core implementation libs.guava implementation libs.jackson.core implementation libs.jackson.databind implementation libs.jakarta.persistence.api implementation libs.jakarta.xml - implementation libs.log4j.api - implementation libs.log4j.core + implementation libs.spring.boot.starter.log4j2 implementation libs.minimal.json // pull the pci dependency and ... implementation(libs.pci) { - // replace the default apache http client transitive dependency + // explicitly exclude the default apache http client transitive dependency exclude group: 'org.apache.httpcomponents', module: 'httpclient' } - // with the non-vulnerable version of the apache http client dependency + // and explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.protobuf.java implementation libs.spring.boot.starter.data.jpa implementation libs.spring.retry - implementation libs.spring.boot.starter.web + + // pull the spring-boot-starter-web dependency and ... + implementation(libs.spring.boot.starter.web) compileOnly libs.lombok annotationProcessor libs.lombok @@ -48,11 +48,7 @@ dependencies { annotationProcessor libs.spotbugs.annotations testImplementation libs.commons.io - testImplementation libs.hamcrest - testImplementation libs.junit.jupiter - testImplementation libs.junit.platform.launcher - testImplementation libs.mockito.core - testImplementation libs.spring.test + testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 03e8190c..ca998e5d 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -3,7 +3,7 @@ plugins { id 'war' id 'com.netflix.nebula.ospackage' version '11.8.0' id 'org.springframework.boot' version '3.0.8' - id 'io.spring.dependency-management' version '1.1.0' + id 'io.spring.dependency-management' version '1.1.2' } // Get version from main project gradle @@ -35,18 +35,20 @@ dependencies { implementation libs.jakarta.persistence.api implementation libs.jakarta.servlet implementation libs.jakarta.xml - implementation libs.log4j.spring.boot // pull the pci dependency and ... implementation(libs.pci) { - // replace the default apache http client transitive dependency + // explicitly exclude the default apache http client transitive dependency exclude group: 'org.apache.httpcomponents', module: 'httpclient' } - // with the non-vulnerable version of the apache http client dependency + // and explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.mariadb.java.client - implementation libs.spring.boot.starter.web + + // pull the spring-boot-starter-web dependency and ... + implementation(libs.spring.boot.starter.web) + implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa implementation libs.spring.boot.starter.log4j2 @@ -57,7 +59,6 @@ dependencies { providedRuntime libs.spring.boot.starter.tomcat - testImplementation libs.junit.jupiter testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index 46630b14..c870d64a 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -4,10 +4,7 @@ dependencies { compileOnly libs.lombok annotationProcessor libs.lombok -// testCompile libs.mockito - testImplementation libs.junit.jupiter - testImplementation libs.junit.platform.launcher - testImplementation libs.hamcrest + testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 44e7a6b4..c2204cbf 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -21,16 +21,15 @@ dependencies { implementation libs.jackson.databind implementation libs.jakarta.persistence.api implementation libs.jakarta.xml - implementation libs.log4j.core - implementation libs.log4j.api + implementation libs.spring.boot.starter.log4j2 implementation libs.minimal.json // pull the pci dependency and ... implementation(libs.pci) { - // replace the default apache http client transitive dependency + // explicitly exclude the default apache http client transitive dependency exclude group: 'org.apache.httpcomponents', module: 'httpclient' } - // with the non-vulnerable version of the apache http client dependency + // and explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.slf4j.simple @@ -38,10 +37,7 @@ dependencies { compileOnly libs.lombok annotationProcessor libs.lombok - testImplementation libs.junit.jupiter - testImplementation libs.junit.platform.launcher - testImplementation libs.hamcrest - testImplementation libs.mockito.core + testImplementation libs.spring.boot.starter.test testImplementation project(path: ':HIRS_AttestationCA') testCompileOnly libs.lombok diff --git a/build.gradle b/build.gradle index 258a2b9e..e341703d 100644 --- a/build.gradle +++ b/build.gradle @@ -1,3 +1,5 @@ +import com.github.spotbugs.snom.SpotBugsTask + import java.util.concurrent.TimeUnit plugins { @@ -50,7 +52,7 @@ subprojects { excludeFilter = file('config/spotbugs/spotbugs-exclude.xml') } - tasks.withType(com.github.spotbugs.snom.SpotBugsTask).configureEach { + tasks.withType(SpotBugsTask).configureEach { reports { html.required = true } diff --git a/gradle.properties b/gradle.properties index 066b32fe..4e01828d 100644 --- a/gradle.properties +++ b/gradle.properties @@ -2,5 +2,4 @@ excludeGroups=rhel-6,performance includeGroups= org.gradle.daemon=true org.gradle.jvmargs=-Xms1g -Xmx4g -org.gradle.caching=true -org.gradle.parallel=true \ No newline at end of file +org.gradle.caching=true \ No newline at end of file diff --git a/gradle/versions.toml b/gradle/versions.toml index 4a2f203c..945790d5 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -8,32 +8,26 @@ gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.3.1-jre" -hibernateCoreVersion = "6.2.32.Final" -jacksonVersion = "2.18.0" +jacksonVersion = "2.18.2" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "1.85" -log4jVersion = "2.24.2" lombokVersion = "1.18.34" mariadbVersion = "3.4.0" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" -springBootVersion = "3.0.8" +springBootVersion = "3.4.0" springRetryVersion = "2.0.10" +springCoreVersion = "6.2.1" testngVersion = "7.10.2" tomcatVersion = "10.1.33" #test dependencies versions -hamcrestVersion = "3.0" hsqldbVersion = "2.7.3" -junitJupiterVersion = "5.11.3" -junitPlatformVersion = "1.11.3" -mockitoVersion = "5.14.2" slf4jVersion = "2.0.16" -springTestVersion = "6.0.8" spotBugAnnotationVersion = "4.8.6" [libraries] @@ -46,16 +40,12 @@ gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" } glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" } glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" } guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" } -hibernate-core = { module = "org.hibernate:hibernate-core", version.ref = "hibernateCoreVersion" } jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" } jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" } jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" } jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } -log4j-api = { module = "org.apache.logging.log4j:log4j-api", version.ref = "log4jVersion" } -log4j-core = { module = "org.apache.logging.log4j:log4j-core", version.ref = "log4jVersion" } -log4j-spring-boot = { module = "org.apache.logging.log4j:log4j-spring-boot", version.ref = "log4jVersion" } lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" } mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" } minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" } @@ -68,17 +58,14 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" } spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" } +#spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" } +#spring-framework-web = { module = "org.springframework:spring-web", version.ref = "springCoreVersion" } spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } testng = { module = "org.testng:testng", version.ref = "testngVersion" } # test dependencies -hamcrest = { module = "org.hamcrest:hamcrest", version.ref = "hamcrestVersion" } hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" } -junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junitJupiterVersion" } -junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher", version.ref = "junitPlatformVersion" } -mockito-core = { module = "org.mockito:mockito-core", version.ref = "mockitoVersion" } -spring-test = { module = "org.springframework:spring-test", version.ref = "springTestVersion" } spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" } spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index c30b486a..4eaec467 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip networkTimeout=10000 zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 9a1ac809..fa4423b6 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -16,12 +16,12 @@ dependencies { implementation libs.glassfish.jakarta.json implementation libs.glassfish.jaxb.runtime implementation libs.guava - implementation libs.hibernate.core implementation libs.jcommander implementation libs.jackson.databind implementation libs.jakarta.persistence.api implementation libs.jakarta.xml - implementation libs.log4j.core + implementation libs.spring.boot.starter.log4j2 + implementation libs.spring.boot.starter.data.jpa compileOnly libs.lombok annotationProcessor libs.lombok From 3d795a56eee02200d5ee51515b923bc87809c973 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 18 Dec 2024 16:44:41 -0500 Subject: [PATCH 27/34] issue_863: Updated gradle plugins version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. --- HIRS_AttestationCA/build.gradle | 13 ++++--------- HIRS_AttestationCAPortal/build.gradle | 18 ++++++------------ HIRS_Utils/build.gradle | 5 +---- build.gradle | 2 +- gradle/versions.toml | 5 ++--- tools/tcg_rim_tool/build.gradle | 5 ++--- 6 files changed, 16 insertions(+), 32 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index be30e03a..860f33ad 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -1,5 +1,5 @@ plugins { - id 'io.spring.dependency-management' version '1.1.2' + id 'io.spring.dependency-management' version '1.1.7' id 'com.google.protobuf' version '0.9.4' } @@ -13,7 +13,6 @@ dependencies { implementation project(':HIRS_Utils') implementation project(':HIRS_Structs') - implementation libs.bouncycastle implementation libs.commons.codec implementation libs.commons.io @@ -27,19 +26,15 @@ dependencies { implementation libs.minimal.json // pull the pci dependency and ... - implementation(libs.pci) { - // explicitly exclude the default apache http client transitive dependency - exclude group: 'org.apache.httpcomponents', module: 'httpclient' - } + implementation libs.pci // and explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.protobuf.java implementation libs.spring.boot.starter.data.jpa implementation libs.spring.retry - - // pull the spring-boot-starter-web dependency and ... - implementation(libs.spring.boot.starter.web) + implementation libs.spring.boot.starter.web + implementation libs.spring.framework.webmvc compileOnly libs.lombok annotationProcessor libs.lombok diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index ca998e5d..7de8a5dd 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -1,9 +1,9 @@ plugins { id 'application' id 'war' - id 'com.netflix.nebula.ospackage' version '11.8.0' - id 'org.springframework.boot' version '3.0.8' - id 'io.spring.dependency-management' version '1.1.2' + id 'com.netflix.nebula.ospackage' version '11.10.0' + id 'org.springframework.boot' version '3.0.13' + id 'io.spring.dependency-management' version '1.1.7' } // Get version from main project gradle @@ -37,18 +37,13 @@ dependencies { implementation libs.jakarta.xml // pull the pci dependency and ... - implementation(libs.pci) { - // explicitly exclude the default apache http client transitive dependency - exclude group: 'org.apache.httpcomponents', module: 'httpclient' - } + implementation libs.pci // and explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.mariadb.java.client - - // pull the spring-boot-starter-web dependency and ... - implementation(libs.spring.boot.starter.web) - + implementation libs.spring.boot.starter.web + //implementation libs.spring.framework.webmvc implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa implementation libs.spring.boot.starter.log4j2 @@ -64,7 +59,6 @@ dependencies { testCompileOnly libs.lombok testAnnotationProcessor libs.lombok - } test { diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index c2204cbf..24471b82 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -25,10 +25,7 @@ dependencies { implementation libs.minimal.json // pull the pci dependency and ... - implementation(libs.pci) { - // explicitly exclude the default apache http client transitive dependency - exclude group: 'org.apache.httpcomponents', module: 'httpclient' - } + implementation libs.pci // and explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient diff --git a/build.gradle b/build.gradle index e341703d..21837dd3 100644 --- a/build.gradle +++ b/build.gradle @@ -6,7 +6,7 @@ plugins { // Apply the application plugin to add support for building a CLI application in Java. id 'application' id 'checkstyle' - id 'com.github.spotbugs' version '6.0.4' apply false + id 'com.github.spotbugs' version '6.0.13' apply false id 'java' } diff --git a/gradle/versions.toml b/gradle/versions.toml index 945790d5..fb19dc1b 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -20,8 +20,8 @@ ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" springBootVersion = "3.4.0" -springRetryVersion = "2.0.10" springCoreVersion = "6.2.1" +springRetryVersion = "2.0.10" testngVersion = "7.10.2" tomcatVersion = "10.1.33" @@ -58,8 +58,7 @@ spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-st spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" } spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" } -#spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" } -#spring-framework-web = { module = "org.springframework:spring-web", version.ref = "springCoreVersion" } +spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" } spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } testng = { module = "org.testng:testng", version.ref = "testngVersion" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index fa4423b6..0820beee 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -1,6 +1,6 @@ plugins { - id 'com.netflix.nebula.ospackage' version '11.4.0' - id 'com.intershop.gradle.jaxb' version '5.1.0' + id 'com.netflix.nebula.ospackage' version '11.10.0' + id 'com.intershop.gradle.jaxb' version '7.0.1' } // Get version from main project gradle @@ -10,7 +10,6 @@ def jarVersion = properties.get("jarVersion"); dependencies { implementation project(':HIRS_Utils') - implementation libs.bouncycastle implementation libs.commons.codec implementation libs.glassfish.jakarta.json From d470fd85bc381bf8da94bfc499d4477d8f44b168 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Thu, 19 Dec 2024 09:37:06 -0500 Subject: [PATCH 28/34] issue_863: Updated gradle plugins version again. Ready for PR. Vulnerability issues will be addressed in another PR. I've cut down vulnerabilities by quite a lot and I want to test the new OWASP plugin against the remaining vulnerabilities. --- tools/tcg_eventlog_tool/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index 756214ed..b9890f71 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -1,5 +1,5 @@ plugins { - id "com.netflix.nebula.ospackage" version "11.4.0" + id "com.netflix.nebula.ospackage" version "11.10.0" } // Get version from main project gradle def packVersion = properties.get("packageVersion"); From e49f7fd5ce1c0f9435e5321acddacdb51ab1f62e Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Thu, 19 Dec 2024 15:59:17 -0500 Subject: [PATCH 29/34] issue_863: Finishing touches to the PR. Upgraded some more dependencies and removed unused one. --- gradle/versions.toml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index fb19dc1b..c5d37b37 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -12,9 +12,9 @@ jacksonVersion = "2.18.2" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" -jcommanderVersion = "1.85" -lombokVersion = "1.18.34" -mariadbVersion = "3.4.0" +jcommanderVersion = "2.0" +lombokVersion = "1.18.36" +mariadbVersion = "3.5.1" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" @@ -32,7 +32,7 @@ spotBugAnnotationVersion = "4.8.6" [libraries] apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" } -bouncycastle = { module = "org.bouncycastle:bcmail-jdk15to18", version.ref = "bouncyCastleVersion" } +bouncycastle = { module = "org.bouncycastle:bcmail-jdk18on", version.ref = "bouncyCastleVersion" } commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" } commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" } commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" } @@ -49,7 +49,6 @@ jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVe lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" } mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" } minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" } -ospackage = { module = "com.netflix.nebula:gradle-ospackage-plugin", version.ref = "ospackageVersion" } pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" } protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" } slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" } From 9606b2abe0713c2eb86ce9a7c6cd95ff4f7cfac8 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:17:43 -0500 Subject: [PATCH 30/34] issue_887: Added OWASP plugin. First run took about 40 minutes. Subsequent runs took about 2-4 minutes. Plugin downloads the NVD (National Vulnerability Database) the very first time the user runs the analyzeDependency command (assuming said user does not already have it cached somewhereon their system. Once downloaded, the plugin checks the subprojects dependenies against that of the NVD's and creates an HTML report per subproject on all the critical dependencies subproject has. --- build.gradle | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.gradle b/build.gradle index 21837dd3..73f8a56c 100644 --- a/build.gradle +++ b/build.gradle @@ -7,6 +7,7 @@ plugins { id 'application' id 'checkstyle' id 'com.github.spotbugs' version '6.0.13' apply false + id 'org.owasp.dependencycheck' version '11.1.1' id 'java' } @@ -17,6 +18,7 @@ subprojects { apply plugin: "com.github.spotbugs" apply plugin: "java" apply plugin: "checkstyle" + apply plugin: "org.owasp.dependencycheck" repositories { flatDir { dirs "lib" } From 616fc0686f7dfad3afc67af0a6a41cc60947114c Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Mon, 23 Dec 2024 10:12:31 -0500 Subject: [PATCH 31/34] issue_863: Removed testng from codebase. Has been officially replaced with spring junit. --- gradle/versions.toml | 2 - tools/tcg_rim_tool/build.gradle | 2 +- .../java/hirs/swid/TestSwidTagGateway.java | 374 +++++++++--------- 3 files changed, 189 insertions(+), 189 deletions(-) diff --git a/gradle/versions.toml b/gradle/versions.toml index c5d37b37..3c67dc0c 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -22,7 +22,6 @@ protobufJavaVersion = "4.28.3" springBootVersion = "3.4.0" springCoreVersion = "6.2.1" springRetryVersion = "2.0.10" -testngVersion = "7.10.2" tomcatVersion = "10.1.33" #test dependencies versions @@ -60,7 +59,6 @@ spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-start spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" } spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } -testng = { module = "org.testng:testng", version.ref = "testngVersion" } # test dependencies hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 0820beee..820c55ee 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -25,7 +25,7 @@ dependencies { compileOnly libs.lombok annotationProcessor libs.lombok - testImplementation libs.testng + testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok diff --git a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java index 73285964..06254b4c 100644 --- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java +++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java @@ -1,208 +1,210 @@ package hirs.swid; import hirs.utils.rim.ReferenceManifestValidator; +import org.junit.jupiter.api.Test; +import org.springframework.test.context.event.annotation.AfterTestClass; +import org.springframework.test.context.event.annotation.BeforeTestClass; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; -import org.testng.Assert; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.AfterClass; -import org.testng.annotations.Test; +import static org.junit.jupiter.api.Assertions.assertTrue; + public class TestSwidTagGateway { - private SwidTagGateway gateway; - private ReferenceManifestValidator validator; - private final String DEFAULT_OUTPUT = "generated_swidTag.swidtag"; - private final String BASE_USER_CERT = "generated_user_cert.swidtag"; - private final String BASE_USER_CERT_EMBED = "generated_user_cert_embed.swidtag"; - private final String BASE_DEFAULT_CERT = "generated_default_cert.swidtag"; - private final String BASE_RFC3339_TIMESTAMP = "generated_timestamp_rfc3339.swidtag"; - private final String BASE_RFC3852_TIMESTAMP = "generated_timestamp_rfc3852.swidtag"; - private final String ATTRIBUTES_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("rim_fields.json").getPath(); - private final String JKS_KEYSTORE_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("keystore.jks").getPath(); - private final String SIGNING_CERT_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("RimSignCert.pem").getPath(); - private final String PRIVATE_KEY_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("privateRimKey.pem").getPath(); - private final String CA_CHAIN_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("RimCertChain.pem").getPath(); - private final String SUPPORT_RIM_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("TpmLog.bin").getPath(); - private final String RFC3852_COUNTERSIGNATURE_FILE = TestSwidTagGateway.class.getClassLoader() - .getResource("counterSignature.file").getPath(); - private InputStream expectedFile; + private final String DEFAULT_OUTPUT = "generated_swidTag.swidtag"; + private final String BASE_USER_CERT = "generated_user_cert.swidtag"; + private final String BASE_USER_CERT_EMBED = "generated_user_cert_embed.swidtag"; + private final String BASE_DEFAULT_CERT = "generated_default_cert.swidtag"; + private final String BASE_RFC3339_TIMESTAMP = "generated_timestamp_rfc3339.swidtag"; + private final String BASE_RFC3852_TIMESTAMP = "generated_timestamp_rfc3852.swidtag"; + private final String ATTRIBUTES_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("rim_fields.json").getPath(); + private final String JKS_KEYSTORE_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("keystore.jks").getPath(); + private final String SIGNING_CERT_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("RimSignCert.pem").getPath(); + private final String PRIVATE_KEY_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("privateRimKey.pem").getPath(); + private final String CA_CHAIN_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("RimCertChain.pem").getPath(); + private final String SUPPORT_RIM_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("TpmLog.bin").getPath(); + private final String RFC3852_COUNTERSIGNATURE_FILE = TestSwidTagGateway.class.getClassLoader() + .getResource("counterSignature.file").getPath(); + private SwidTagGateway gateway; + private ReferenceManifestValidator validator; + private InputStream expectedFile; - @BeforeClass - public void setUp() throws Exception { - gateway = new SwidTagGateway(); - gateway.setRimEventLog(SUPPORT_RIM_FILE); - gateway.setAttributesFile(ATTRIBUTES_FILE); - validator = new ReferenceManifestValidator(); - validator.setRimEventLog(SUPPORT_RIM_FILE); - validator.setTrustStoreFile(CA_CHAIN_FILE); - } + @BeforeTestClass + public void setUp() throws Exception { + gateway = new SwidTagGateway(); + gateway.setRimEventLog(SUPPORT_RIM_FILE); + gateway.setAttributesFile(ATTRIBUTES_FILE); + validator = new ReferenceManifestValidator(); + validator.setRimEventLog(SUPPORT_RIM_FILE); + validator.setTrustStoreFile(CA_CHAIN_FILE); + } - @AfterClass - public void tearDown() throws Exception { - if (expectedFile != null) { - expectedFile.close(); - } - } + @AfterTestClass + public void tearDown() throws Exception { + if (expectedFile != null) { + expectedFile.close(); + } + } - /** - * This test corresponds to the arguments: - * -c base -l TpmLog.bin -k privateRimKey.pem -p RimSignCert.pem - * where RimSignCert.pem has the AIA extension. - */ - @Test - public void testCreateBaseUserCertNotEmbedded() { - gateway.setDefaultCredentials(false); - gateway.setPemCertificateFile(SIGNING_CERT_FILE); - gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE); - gateway.setEmbeddedCert(false); - gateway.generateSwidTag(DEFAULT_OUTPUT); - expectedFile = TestSwidTagGateway.class.getClassLoader() - .getResourceAsStream(BASE_USER_CERT); - Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); - validator.setRim(DEFAULT_OUTPUT); - Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE)); - } + /** + * This test corresponds to the arguments: + * -c base -l TpmLog.bin -k privateRimKey.pem -p RimSignCert.pem + * where RimSignCert.pem has the AIA extension. + */ + @Test + public void testCreateBaseUserCertNotEmbedded() { + gateway.setDefaultCredentials(false); + gateway.setPemCertificateFile(SIGNING_CERT_FILE); + gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE); + gateway.setEmbeddedCert(false); + gateway.generateSwidTag(DEFAULT_OUTPUT); + expectedFile = TestSwidTagGateway.class.getClassLoader() + .getResourceAsStream(BASE_USER_CERT); + assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); + validator.setRim(DEFAULT_OUTPUT); + assertTrue(validator.validateRim(SIGNING_CERT_FILE)); + } - /** - * This test creates the following base RIM: - * -c base -l TpmLog.bin -k privateRimKey.pem -p RimSignCert.pem -e - * And then validates it: - * -v [base RIM] -l TpmLog.bin -t RimCertChain.pem - */ - @Test - public void testCreateBaseUserCertEmbedded() { - gateway.setDefaultCredentials(false); - gateway.setPemCertificateFile(SIGNING_CERT_FILE); - gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE); - gateway.setEmbeddedCert(true); - gateway.generateSwidTag(DEFAULT_OUTPUT); - expectedFile = TestSwidTagGateway.class.getClassLoader() - .getResourceAsStream(BASE_USER_CERT_EMBED); - Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); - validator.setRim(DEFAULT_OUTPUT); - Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE)); - } + /** + * This test creates the following base RIM: + * -c base -l TpmLog.bin -k privateRimKey.pem -p RimSignCert.pem -e + * And then validates it: + * -v [base RIM] -l TpmLog.bin -t RimCertChain.pem + */ + @Test + public void testCreateBaseUserCertEmbedded() { + gateway.setDefaultCredentials(false); + gateway.setPemCertificateFile(SIGNING_CERT_FILE); + gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE); + gateway.setEmbeddedCert(true); + gateway.generateSwidTag(DEFAULT_OUTPUT); + expectedFile = TestSwidTagGateway.class.getClassLoader() + .getResourceAsStream(BASE_USER_CERT_EMBED); + assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); + validator.setRim(DEFAULT_OUTPUT); + assertTrue(validator.validateRim(SIGNING_CERT_FILE)); + } - /** - * This test corresponds to the arguments: - * -c base -l TpmLog.bin -d - */ - @Test - public void testCreateBaseDefaultCert() { - gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE); - gateway.generateSwidTag(DEFAULT_OUTPUT); - expectedFile = TestSwidTagGateway.class.getClassLoader() - .getResourceAsStream(BASE_DEFAULT_CERT); - Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); - validator.setRim(DEFAULT_OUTPUT); - Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE)); - } + /** + * This test corresponds to the arguments: + * -c base -l TpmLog.bin -d + */ + @Test + public void testCreateBaseDefaultCert() { + gateway.setDefaultCredentials(true); + gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE); + gateway.generateSwidTag(DEFAULT_OUTPUT); + expectedFile = TestSwidTagGateway.class.getClassLoader() + .getResourceAsStream(BASE_DEFAULT_CERT); + assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); + validator.setRim(DEFAULT_OUTPUT); + assertTrue(validator.validateRim(SIGNING_CERT_FILE)); + } - /** - * This test corresponds to the arguments: - * -c base -l TpmLog.bin -d --timestamp rfc3339 2023-01-01T00:00:00Z - */ - @Test - public void testCreateTimestampRfc3339() { - gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE); - gateway.setTimestampFormat("RFC3339"); - gateway.setTimestampArgument("2023-01-01T00:00:00Z"); - gateway.generateSwidTag(DEFAULT_OUTPUT); - expectedFile = TestSwidTagGateway.class.getClassLoader() - .getResourceAsStream(BASE_RFC3339_TIMESTAMP); - Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); - validator.setRim(DEFAULT_OUTPUT); - Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE)); - } + /** + * This test corresponds to the arguments: + * -c base -l TpmLog.bin -d --timestamp rfc3339 2023-01-01T00:00:00Z + */ + @Test + public void testCreateTimestampRfc3339() { + gateway.setDefaultCredentials(true); + gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE); + gateway.setTimestampFormat("RFC3339"); + gateway.setTimestampArgument("2023-01-01T00:00:00Z"); + gateway.generateSwidTag(DEFAULT_OUTPUT); + expectedFile = TestSwidTagGateway.class.getClassLoader() + .getResourceAsStream(BASE_RFC3339_TIMESTAMP); + assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); + validator.setRim(DEFAULT_OUTPUT); + assertTrue(validator.validateRim(SIGNING_CERT_FILE)); + } - /** - * This test corresponds to the arguments: - * -c base -l TpmLog.bin -d --timestamp rfc3852 countersignature.file - */ - @Test - public void testCreateTimestampRfc3852() { - gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE); - gateway.setTimestampFormat("RFC3852"); - gateway.setTimestampArgument(RFC3852_COUNTERSIGNATURE_FILE); - gateway.generateSwidTag(DEFAULT_OUTPUT); - expectedFile = TestSwidTagGateway.class.getClassLoader() - .getResourceAsStream(BASE_RFC3852_TIMESTAMP); - Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); - validator.setRim(DEFAULT_OUTPUT); - Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE)); - } + /** + * This test corresponds to the arguments: + * -c base -l TpmLog.bin -d --timestamp rfc3852 countersignature.file + */ + @Test + public void testCreateTimestampRfc3852() { + gateway.setDefaultCredentials(true); + gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE); + gateway.setTimestampFormat("RFC3852"); + gateway.setTimestampArgument(RFC3852_COUNTERSIGNATURE_FILE); + gateway.generateSwidTag(DEFAULT_OUTPUT); + expectedFile = TestSwidTagGateway.class.getClassLoader() + .getResourceAsStream(BASE_RFC3852_TIMESTAMP); + assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); + validator.setRim(DEFAULT_OUTPUT); + assertTrue(validator.validateRim(SIGNING_CERT_FILE)); + } - /** - * This test corresponds to the arguments: - * -v - */ + /** + * This test corresponds to the arguments: + * -v + */ - public void testvalidateSwidtagFile() { - String filepath = TestSwidTagGateway.class.getClassLoader() - .getResource(BASE_USER_CERT).getPath(); - System.out.println("Validating file at " + filepath); - validator.setRim(DEFAULT_OUTPUT); - Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE)); - } + public void testvalidateSwidtagFile() { + String filepath = TestSwidTagGateway.class.getClassLoader() + .getResource(BASE_USER_CERT).getPath(); + System.out.println("Validating file at " + filepath); + validator.setRim(DEFAULT_OUTPUT); + assertTrue(validator.validateRim(SIGNING_CERT_FILE)); + } - /** - * This method compares two files by bytes to determine if they are the same or not. - * @param file to be compared to the expected value. - * @return true if they are equal, false if not. - */ - private boolean compareFileBytesToExpectedFile(String file) { - FileInputStream testFile = null; - try { - int data; - testFile = new FileInputStream(file); - while ((data = testFile.read()) != -1) { - int expected = expectedFile.read(); - if (data != expected) { - System.out.println("Expected: " + expected); - System.out.println("Got: " + data); - return false; - } - } - } catch (FileNotFoundException e) { - e.printStackTrace(); - return false; - } catch (IOException e) { - e.printStackTrace(); - return false; - } catch (NullPointerException e) { - e.printStackTrace(); - return false; - } finally { - if (testFile != null) { - try { - testFile.close(); - } catch (IOException e) { - e.printStackTrace(); - return false; - } - } - if (expectedFile != null) { - try { - expectedFile.close(); - } catch (IOException e) { - e.printStackTrace(); - return false; - } - } - } - return true; - } + /** + * This method compares two files by bytes to determine if they are the same or not. + * + * @param file to be compared to the expected value. + * @return true if they are equal, false if not. + */ + private boolean compareFileBytesToExpectedFile(String file) { + FileInputStream testFile = null; + try { + int data; + testFile = new FileInputStream(file); + while ((data = testFile.read()) != -1) { + int expected = expectedFile.read(); + if (data != expected) { + System.out.println("Expected: " + expected); + System.out.println("Got: " + data); + return false; + } + } + } catch (FileNotFoundException e) { + e.printStackTrace(); + return false; + } catch (IOException e) { + e.printStackTrace(); + return false; + } catch (NullPointerException e) { + e.printStackTrace(); + return false; + } finally { + if (testFile != null) { + try { + testFile.close(); + } catch (IOException e) { + e.printStackTrace(); + return false; + } + } + if (expectedFile != null) { + try { + expectedFile.close(); + } catch (IOException e) { + e.printStackTrace(); + return false; + } + } + } + return true; + } } From 1b9df78238402ae4c06eeed12313c2144b7bca69 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Mon, 6 Jan 2025 17:40:26 -0500 Subject: [PATCH 32/34] issue_863: Fixed some critical dependencies in all of the modules except for HIRS_CA and HIRS_CAportal modules. --- HIRS_AttestationCA/build.gradle | 7 +++++-- HIRS_AttestationCAPortal/build.gradle | 9 +++++---- HIRS_Structs/build.gradle | 2 ++ HIRS_Utils/build.gradle | 5 +++-- gradle/versions.toml | 10 +++++++--- tools/tcg_rim_tool/build.gradle | 1 + 6 files changed, 23 insertions(+), 11 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 860f33ad..91e2fad0 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -25,9 +25,8 @@ dependencies { implementation libs.spring.boot.starter.log4j2 implementation libs.minimal.json - // pull the pci dependency and ... implementation libs.pci - // and explicitly include the patched version of the apache http client dependency + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.protobuf.java @@ -35,6 +34,8 @@ dependencies { implementation libs.spring.retry implementation libs.spring.boot.starter.web implementation libs.spring.framework.webmvc + // explicitly include the patched version of the logback-core dependency + //implementation libs.logback.classic compileOnly libs.lombok annotationProcessor libs.lombok @@ -44,6 +45,8 @@ dependencies { testImplementation libs.commons.io testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency + testImplementation libs.logback.classic testCompileOnly libs.lombok testAnnotationProcessor libs.lombok diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 7de8a5dd..18c8a3d0 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -36,24 +36,25 @@ dependencies { implementation libs.jakarta.servlet implementation libs.jakarta.xml - // pull the pci dependency and ... implementation libs.pci - // and explicitly include the patched version of the apache http client dependency + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.mariadb.java.client implementation libs.spring.boot.starter.web + // explicitly include the patched version of the snake yaml dependency + implementation libs.snake.yaml //implementation libs.spring.framework.webmvc + //implementation libs.logback.classic implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa implementation libs.spring.boot.starter.log4j2 implementation libs.tomcat.embed.jasper + //implementation "org.apache.tomcat.embed:tomcat-embed-core:11.0.0" compileOnly libs.lombok annotationProcessor libs.lombok - providedRuntime libs.spring.boot.starter.tomcat - testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index c870d64a..ffb949f9 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -5,6 +5,8 @@ dependencies { annotationProcessor libs.lombok testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency + testImplementation libs.logback.classic testCompileOnly libs.lombok testAnnotationProcessor libs.lombok diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 24471b82..a0fe5c75 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -24,9 +24,8 @@ dependencies { implementation libs.spring.boot.starter.log4j2 implementation libs.minimal.json - // pull the pci dependency and ... implementation libs.pci - // and explicitly include the patched version of the apache http client dependency + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.slf4j.simple @@ -35,6 +34,8 @@ dependencies { annotationProcessor libs.lombok testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency + testImplementation libs.logback.classic testImplementation project(path: ':HIRS_AttestationCA') testCompileOnly libs.lombok diff --git a/gradle/versions.toml b/gradle/versions.toml index 3c67dc0c..6e5d4fec 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -7,22 +7,24 @@ commonsLang3Version = "3.17.0" gsonVersion = "2.11.0" glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" -guavaVersion = "33.3.1-jre" +guavaVersion = "33.4.0-jre" jacksonVersion = "2.18.2" jakartaPersistenceApiVersion = "3.2.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "2.0" lombokVersion = "1.18.36" +logbackClassicVersion = "1.5.13" mariadbVersion = "3.5.1" minimalJsonVersion = "0.9.5" ospackageVersion = "11.2.0" pciVersion = "0.3" protobufJavaVersion = "4.28.3" -springBootVersion = "3.4.0" +snakeYamlVersion = "2.0" +springBootVersion = "3.4.1" springCoreVersion = "6.2.1" springRetryVersion = "2.0.10" -tomcatVersion = "10.1.33" +tomcatVersion = "10.1.34" #test dependencies versions hsqldbVersion = "2.7.3" @@ -45,12 +47,14 @@ jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-ap jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" } jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" } jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" } +logback-classic = { module = "ch.qos.logback:logback-classic", version.ref = "logbackClassicVersion" } lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" } mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" } minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" } pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" } protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" } slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" } +snake-yaml = { module = "org.yaml:snakeyaml", version.ref = "snakeYamlVersion" } spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" } spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" } spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 820c55ee..4c63d0a7 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -21,6 +21,7 @@ dependencies { implementation libs.jakarta.xml implementation libs.spring.boot.starter.log4j2 implementation libs.spring.boot.starter.data.jpa + implementation libs.logback.classic compileOnly libs.lombok annotationProcessor libs.lombok From f1c430eb463896ed042d3a99f3ca422dbc27a5c0 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 8 Jan 2025 17:30:09 -0500 Subject: [PATCH 33/34] issue_863: All critical dependencies listed inthe gradle check analysis are found in just the CA Portal dependency. While the appliation builds and runs well as a service, currently running into issues with fixing these dependencies. --- HIRS_AttestationCA/build.gradle | 11 +++++++++-- HIRS_AttestationCAPortal/build.gradle | 25 ++++++++++++++++++++++--- HIRS_Structs/build.gradle | 1 + HIRS_Utils/build.gradle | 4 ++-- gradle/versions.toml | 16 +++++++++++----- 5 files changed, 45 insertions(+), 12 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 91e2fad0..e47c417b 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -26,6 +26,7 @@ dependencies { implementation libs.minimal.json implementation libs.pci + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient @@ -33,9 +34,12 @@ dependencies { implementation libs.spring.boot.starter.data.jpa implementation libs.spring.retry implementation libs.spring.boot.starter.web + + // explicitly include the patched version of the spring framework webmvc dependency implementation libs.spring.framework.webmvc + // explicitly include the patched version of the logback-core dependency - //implementation libs.logback.classic + implementation libs.logback.classic compileOnly libs.lombok annotationProcessor libs.lombok @@ -44,10 +48,13 @@ dependencies { annotationProcessor libs.spotbugs.annotations testImplementation libs.commons.io - testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency testImplementation libs.logback.classic + testImplementation libs.spring.boot.starter.test + + testCompileOnly libs.lombok testAnnotationProcessor libs.lombok } diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 18c8a3d0..7d8d60ce 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -37,29 +37,48 @@ dependencies { implementation libs.jakarta.xml implementation libs.pci + // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient implementation libs.mariadb.java.client implementation libs.spring.boot.starter.web + // explicitly include the patched version of the snake yaml dependency implementation libs.snake.yaml - //implementation libs.spring.framework.webmvc - //implementation libs.logback.classic + implementation libs.spring.boot.starter.validation implementation libs.spring.boot.starter.data.jpa implementation libs.spring.boot.starter.log4j2 + + // explicitly include the patched version of the spring framework jdbc dependency + implementation libs.spring.framework.jdbc + + // explicitly include the patched version of spring framework expression dependency + implementation libs.spring.framework.expression + + // explicitly include the patched version of the tomcat embed core dependency + implementation libs.tomcat.embed.core + implementation libs.tomcat.embed.jasper - //implementation "org.apache.tomcat.embed:tomcat-embed-core:11.0.0" + + // explicitly include the patched version of the tomcat embed websocket dependency + implementation libs.tomcat.embed.websocket compileOnly libs.lombok annotationProcessor libs.lombok + // explicitly include the patched version of the json path dependency + testImplementation libs.jsonPath + testImplementation libs.hsqldb testImplementation libs.spring.boot.starter.test testCompileOnly libs.lombok testAnnotationProcessor libs.lombok + + // explicitly include the patched version of the xmlunit-core dependency + testImplementation libs.xmlunit.core } test { diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle index ffb949f9..4c69c7ac 100644 --- a/HIRS_Structs/build.gradle +++ b/HIRS_Structs/build.gradle @@ -5,6 +5,7 @@ dependencies { annotationProcessor libs.lombok testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency testImplementation libs.logback.classic diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index a0fe5c75..0f79d21a 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -28,14 +28,14 @@ dependencies { // explicitly include the patched version of the apache http client dependency implementation libs.apacheHttpClient - implementation libs.slf4j.simple - compileOnly libs.lombok annotationProcessor libs.lombok testImplementation libs.spring.boot.starter.test + // explicitly include the patched version of the logback-core dependency testImplementation libs.logback.classic + testImplementation project(path: ':HIRS_AttestationCA') testCompileOnly libs.lombok diff --git a/gradle/versions.toml b/gradle/versions.toml index 6e5d4fec..0e823bf2 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -22,14 +22,15 @@ pciVersion = "0.3" protobufJavaVersion = "4.28.3" snakeYamlVersion = "2.0" springBootVersion = "3.4.1" -springCoreVersion = "6.2.1" +springFrameworkVersion = "6.2.1" springRetryVersion = "2.0.10" tomcatVersion = "10.1.34" #test dependencies versions hsqldbVersion = "2.7.3" -slf4jVersion = "2.0.16" +jsonPathVersion = "2.9.0" spotBugAnnotationVersion = "4.8.6" +xmlunitCoreVersion = "2.10.0" [libraries] apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" } @@ -53,20 +54,25 @@ mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" } pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" } protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" } -slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" } snake-yaml = { module = "org.yaml:snakeyaml", version.ref = "snakeYamlVersion" } spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" } spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" } -spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" } spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" } spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" } -spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" } +spring-framework-expression = { module = "org.springframework:spring-expression", version.ref = "springFrameworkVersion" } +spring-framework-jdbc = { module = "org.springframework:spring-jdbc", version.ref = "springFrameworkVersion" } +spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springFrameworkVersion" } spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" } +tomcat-embed-core = { module = "org.apache.tomcat.embed:tomcat-embed-core", version.ref = "tomcatVersion" } tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" } +tomcat-embed-websocket = { module = "org.apache.tomcat.embed:tomcat-embed-websocket", version.ref = "tomcatVersion" } + # test dependencies hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" } +jsonPath = { module = "com.jayway.jsonpath:json-path", version.ref = "jsonPathVersion" } spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" } spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" } +xmlunit-core = { module = "org.xmlunit:xmlunit-core", version.ref = "xmlunitCoreVersion" } [plugins] \ No newline at end of file From 4b7de1e49ad4de5cc77434e631c7331a682f0056 Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Fri, 10 Jan 2025 15:59:20 -0500 Subject: [PATCH 34/34] issue_863: Finished fixing as many dependency issues as possible. Certain vulnerabilites can't be fixed due to the fact that they have to be fixed by outside entities. --- HIRS_AttestationCAPortal/build.gradle | 2 +- gradle/versions.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 7d8d60ce..e404801c 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -2,7 +2,7 @@ plugins { id 'application' id 'war' id 'com.netflix.nebula.ospackage' version '11.10.0' - id 'org.springframework.boot' version '3.0.13' + id 'org.springframework.boot' version '3.1.12' id 'io.spring.dependency-management' version '1.1.7' } diff --git a/gradle/versions.toml b/gradle/versions.toml index 0e823bf2..94c89894 100644 --- a/gradle/versions.toml +++ b/gradle/versions.toml @@ -9,7 +9,7 @@ glassfishJakartaJsonVersion = "2.0.1" glassfishJaxbRuntimeVersion = "4.0.5" guavaVersion = "33.4.0-jre" jacksonVersion = "2.18.2" -jakartaPersistenceApiVersion = "3.2.0" +jakartaPersistenceApiVersion = "3.1.0" jakartaServletVersion = "3.0.0" jakartaXmlVersion = "4.0.2" jcommanderVersion = "2.0"