Commit Graph

399 Commits

Author SHA1 Message Date
James Brown
c205a10ec0
ENT-2684 Fix owasp dependency checker to fail builds based on CVSS level (#4169)
OWASP Dependency Checker has been updated so that it can be configured to automatically fail a build when a vulnerable dependency is detected. This option is exposed through gradle settings, so that a build can be configured in TeamCity to pass/fail. This change is backward-compatible - i.e. it does not affect a build by default unless configured to do so.

Ability to fail a build is exposed by the new owasp.failBuildOnCVSS gradle property
By default this is set to '11.0' which will always pass a build even if a vulnerability is found (so will not affect anything by default)
Reduce the CVSS level between 0-10 to indicate what level to fail a build on
Example usage to catch Medium severity (and above) issues:

Configure gradle with the option -Powasp.failBuildOnCVSS=4
2018-11-07 09:00:19 +00:00
bpaunescu
16453ebfcc
update OWASP to latest version after kotlin update (#4109) 2018-10-24 14:36:01 +01:00
Anthony Keenan
0ab644783e CORDA-1838: Add subcommands to node (#4091)
* Tidy up

* Add install-shell-extensions command

* Make cli tests use same version of picocli as everything else

* Remove initLogging from NodeStartup, it is ran earlier by CordaCLIWrapper

* Use picocli snapshot for testing

* Use RunLast() parser to invoke correct subcommands

* Deprecate old clear-network-map-cache parameter

* Restructure NodeStartup for commands

* Get rid of -c option since the flag method has been deprecated and that didn't exist in last release

* Update documentation

* Update backwards compatibility test

* Get all subcommands working

* Refactor sub commands into seperate classes

* Update docs and fix some tests

* Docs changes

* Fix merge conflicts with master

* Fix renamed parameters

* Fix test failure

* Fix compatibility tests

* Add missing compatibility test for blob inspector

* Remove blob inspector compatibility test as there are import conflicts

* Assorted doc fixes

* Addressing review comments

* More review comments

* Couple more bits

* Fix broken tests

* Fix compilation error

* More merge conflicts

* Make startup logging function a bit more sensible

* Fix broken shell extensions

* Make shell extensions work with subcommands

* Make sure parameters for deprecated options are carried through

* More review comments

* Adding some s's

* One last go

* Fix compilation error on Windows

* Revert logging changes

* Revert docs back to their original imperatively moody state
2018-10-24 13:58:19 +01:00
Tudor Malene
391c6bf66f
Feature/corda 1947/add package ownership (#4097)
* Upgrade hibernate and fix tests

CORDA-1947 Address code review changes

CORDA-1947 Address code review changes

(cherry picked from commit ab98c03d1a)

* ENT-2506 Changes signers field type

ENT-2506 Clean up some docs

ENT-2506 Fix tests and api

ENT-2506 Fix compilation error

ENT-2506 Fix compilation error

(cherry picked from commit 32f279a243)

* CORDA-1947 added packageOwnership parameter

CORDA-1947 add signers field to DbAttachment. Add check when importing attachments

CORDA-1947 add signers field to DbAttachment. Add check when importing attachments

CORDA-1947 add tests

CORDA-1947 fix comment

CORDA-1947 Fix test

CORDA-1947 fix serialiser

CORDA-1947 fix tests

CORDA-1947 fix tests

CORDA-1947 fix serialiser

CORDA-1947 Address code review changes

CORDA-1947 Address code review changes

CORDA-1947 Revert test fixes

CORDA-1947 address code review comments

CORDA-1947 move verification logic to LedgerTransaction.verify

CORDA-1947 fix test

CORDA-1947 fix tests

CORDA-1947 fix tests

CORDA-1947 address code review comments

CORDA-1947 address code review comments

(cherry picked from commit 86bc0d9606)

CORDA-1947 fix merge
2018-10-22 15:00:08 +01:00
Shams Asari
aced03df54
CORDA-1274: Migrated usage of FastClasspathScanner to ClassGraph (#4060)
FastClasspathScanner was renamed to ClassGraph for the version 4 release
2018-10-11 19:50:26 +01:00
Andrius Dagys
9ebeac1ad8
CORDA-535: Extract notary implementations into CorDapps (#3978)
* Move Raft and BFT notaries into separate modules

* Move schemas

* Fix tests & demos

* Modified logic for creating notary services:

Added a new field 'className' to the notary configuration. The node now
loads the specified implementation via reflection. The default className
value points to the simple notary implementation for backwards compatibility.
Relevant schemas are loaded in a similar fashion.

For backwards compatibility purposes the default SimpleNotaryService will
remain built-in to node, but its cordapp will be generated on startup – so
the loading of notary services is streamlined.

* Move test namedcache factory to test utils
2018-10-10 10:04:22 +01:00
Shams Asari
bffac331a3
Moved the PLATFORM_VERSION constant to core and added some missing usages (#4026) 2018-10-05 09:28:00 +01:00
Christian Sailer
92d2e4ae38
Corda-1931 Asynchronous logging (#3989)
* Provide AsyncLoggingContextSelector that inhibits use of thread local storage

* Turn on async logging via log4j properties file

* Mention async logging in the documentation and also explain how to turn it off when required.

* Formatting

* Typo

* Add shutdown hook to flush loggers.

* code review rework

* Ring buffer size to 256kB

* Set maximal log file size to 100MB - should slow down the rolling of log files and give us a bit more history on the cluster.
The old limit of max 10GB of compressed log files still stands.
2018-10-02 10:33:17 +01:00
josecoll
6f27898664
CORDA-1509 Configure and enable Gradle Build Cache (#3908)
* Fix to enable gradle build caching of test runs.

* Configure gradle build caching to be enabled.

* Generate dependency report and graph:
1) ./gradlew htmlDependencyReport
2) ./gradlew generateDependencyGraphCorda

* Strip out all Jacoco references to prevent Gradle Build Cache error:
"Caching disabled for task ':<module>:test': 'JaCoCo agent configured with `append = true`' satisfied"

* Revert jacoco back into jarFilter gradle build file.
Disable building deterministic modules (including jarFilter).

* Added Gradle build scan plugin.

* Set file encoding to prevent incorrect Gradle build cache keys across different machines.
https://guides.gradle.org/using-build-cache/#system_file_encoding

* Apply gradle build cache settings to buildSrc.

* Added targetted gradle build tasks to leverage cache.

* Updated URL's of several different test Gradle Cache instances.

* Updated CI batch build scripts.

* Updated script perms to be executable.

* Added CI smoke tests batch script.

* Use TestDev Labs gradle cache.

* Echo URL of Gradle Build Repository.
Echo exit status of each Gradle build command.

* Use environment variables to define Gradle Build Cache usage and URL.

* Customisation through parameters.

* Remove dependency graph generation plugin.
Align build cache settings across project and buildSrc gradle files.

* Remove buildSrc gradle build cache config.

* Revert definition of gradle build cache variables back to settings.gradle.

* Fix incorrect path.

* Aligned gradle build cache configuration across buildSrc and project.

* Minor updates to test scope.

* Minor updates to test scope.

* Update scripts to use GRADLE_HOME

* Exit on unset GRADLE_HOME

* Remove duplication following rebase from master.

* Remove fine-grained build task scripts.

* Added back Jacoco reporting.

* Revert jdk8u-deterministic module.

* Incorporating changes from PR review feedback.

* Workaround Jacoco issue associated with Gradle Build Cache test task.

* Update init script.

* Remove redundant build-scan declarations.

* Updates from PR review feedback.

* Remove GRADLE_HOME as no longer needed - everything is driven via gradle wrapper.

* Use CORDA prefix in system environment variable.
2018-09-26 13:38:23 +01:00
Dan Newton
6775ffa2e6 Check java version is above 1.8.0_171 on node startup (#3870) 2018-09-19 16:34:03 +01:00
Chris Rankin
df4699c69a
CORDA-1985: Configure Gradle capsule plugin to use Capsule 1.0.3. (#3949) 2018-09-17 13:55:31 +01:00
Chris Rankin
7e4c5d4bb0
CORDA-1983: Upgrade to Gradle 4.10.1. (#3947) 2018-09-15 14:23:16 +01:00
Anthony Keenan
ec0fc849ed
Publish cliutils package (#3930) 2018-09-13 11:14:19 +01:00
Chris Rankin
1c7dfd4b7b
CORDA-1964: Unify versioning of the shadow plugin, and resolve more issues for Gradle 5.0. (#3918) 2018-09-13 10:55:52 +01:00
Anthony Keenan
97cd2fcd3a
Publish cliutils (#3927) 2018-09-11 13:36:38 +01:00
Chris Rankin
4183d55650
ENT-1906: Publish corda-deterministic-verifier artifact for testing cordapps. (#3910) 2018-09-07 15:07:06 +01:00
Chris Rankin
ca9649ec0f
CORDA-1964: Upgrade to Gradle 4.10 (#3903) 2018-09-06 12:48:31 +01:00
Chris Rankin
5b255c81a8
ENT-1906: Trivial tweaks to DJVM code. (#3890)
* Trivial tweaks to DJVM code.
  - Use ASM Type.getInternalName()
  - Use @JvmDefault annotation
  - Declare test base class as abstract
  - Ensure test Log4J configuration has precedence
  - Replace assert() with require()
  - Replace simple lambdas with function references
* Publish corda-djvm artifact.
* Migrate Utilities class into the CLI tool.
* Configure unit tests for console logging.
2018-09-05 10:12:48 +01:00
Clinton Alexander
a28fa69865 Updated repository lists to reduce dependency on Jitpack and removed unused repositories. 2018-09-04 11:19:03 +01:00
Mike Hearn
2e943d089b Update RxJava to the last 1.x release so we get JavaDocs back. 2018-08-29 15:02:23 +02:00
PokeyBot
9259f6c05e
Merge pull request #3858 from corda/bugs/CORDA-1940-remove-logback-dependency
CORDA-1940 Liquibase imports logback which is redundant and conflicts with log4j2
2018-08-29 11:51:32 +01:00
Clinton Alexander
e87b33d1e8 Added extra logging to build.gradle when maxParallelForks system property is set 2018-08-29 12:38:24 +02:00
szymonsztuka
040c4a0fe3 CORDA-1940 remove any transitive dependency on Logabck (brougth by Liquibase 3.X)
Change to older Liquibase 3.5.5 version to align with Enterprise repo - Liquibase 3.6.X changed schema case sensitivity behaviour and it's brakes in Corda for one database vendor.
2018-08-28 18:40:10 +01:00
Clinton
3594ccd89b
CORDA-1924: Remove references to Cordform definition and cordform-common (#3842) 2018-08-24 16:29:14 +01:00
szymonsztuka
487cad7d06
CORDA-1471 Database schema setup for internal tables via Liquibase (#3815)
Internal tables (the tables from node and finance modules) are now tracked /created by Liquibase script.
Tables backing MappedSchemma in Cordapps are created by Hibernate (as before). 
The PR scope added Liquibase library, setup code SchemaMigration and XML scripts and from Enterprise.
For existing database installation - the node will auto-upgrade to use Liquibase.
Method migrateOlderDatabaseToUseLiquibase checks for any 3.X existing Corda database to upgrade database to use Liquibase. When the existing database without Liquibase integral tables is detected, the node (at startup) will create Liquibase tracking tables and fill them with all migration scripts (marked as done), this ensure the database will look as it would use Liquibase from the beginning.
The database changes gradually introduced by the subsequent 3.X releases (3.1, 3.2) are conditionally run by Liquibase.
2018-08-23 16:30:02 +01:00
Michele Sollecito
57e188a5a8
Disabled allWarningsAsErrors for compilation and failFast for tests locally, after TC was updated to override them to enabled. (#3838) 2018-08-23 09:57:05 +01:00
Anthony Keenan
bcfadfeebf
CORDA-1833: Create a picocli base class (#3826)
* Add shell extensions to CLI utils class and move into its own module

* Fix issue with completion script generation and slight refactor

* Fix autocompletion for logging level

* Delete uneeded comment

* More tidying up

* Make run function final

* Fixed an issue with the program being run twice.

* Address review comments
2018-08-22 21:51:25 +01:00
Tommy Lillehagen
66739c138c NOTICK - Fix version reference for New Relic dependency (#3765) 2018-08-09 18:17:20 +01:00
Viktor Kolomeyko
441fe78e41
CORDA-1568: Change Java source files encoding for all the projects. (#3707)
* CORDA-1568: Change Java source files encoding for all the projects.

See: https://ci-master.corda.r3cev.com/viewLog.html?buildId=103073&tab=buildResultsDiv&buildTypeId=Corda_BuildWindowsTest

```
InteractiveShellJavaTest.flowStartWithComplexTypes
show details
No applicable constructor for flow. Problems were:
[party: Party]: missing parameter party
[pair: Pair]: missing parameter pair
[Amount]: Could not parse as a command: Did not recognise the currency in £10 or could not parse
```
2018-08-06 11:59:30 +01:00
Katarzyna Streich
df4833d448 Some base picocli classes used in network services (#3706)
* Some base picocli classes used in network services

* Fix broken logger init

* Small fix
2018-07-27 18:25:22 +01:00
Michele Sollecito
94fb5a6538
Defaulting values to true for now. (#3668) 2018-07-23 12:18:28 +01:00
Michele Sollecito
abc1d99eaa
[CORDA-1799]: Avoid generating test CorDapp JARs from each out of process node started by the driver (#3641) 2018-07-23 11:18:11 +01:00
Chris Rankin
fe9b89369f
CORDA-1816: Migrate JarFilter plugin to corda-gradle-plugins. (#3651) 2018-07-19 16:35:36 +01:00
Dominic Fox
d1455b7a0e Move hamkrest version number into top-level configuration 2018-07-19 14:21:07 +01:00
Chris Rankin
e879de70f3
CORDA-1800: Shrink the Simm Valuation Demo's contract states using ProGuard. (#3586)
* Shrink the Simm Valuation Demo's contract states CorDapp using ProGuard.
* Remove CordFormation from CorDapp modules, which unbundles Jolokia from the CorDapps.
* Preserve directory structure for CorDapp's own classes.
* Remove unwanted transitive dependencies from Simm Valuation CorDapps.
* Use allprojects {} to set Strata version property.
2018-07-17 12:31:44 +01:00
Rick Parker
ed25d8f1be
ENT-1565 Upgrade Artemis version to latest. (#3557)
* ENT-1565 Upgrade Artemis version to latest.

* Fix compiler errors.

* Add to changelog

* Additional commentary on Proton-J version
2018-07-13 10:10:26 +01:00
Thomas Schroeter
ae7e8a29c7
Don't use grgit to enable git worktree (#3573)
We might also include a check if the current repo is clean, e.g.
by running `git diff --exit-code` and checking the return value.
2018-07-12 16:20:37 +01:00
Stefano Franz
9503c9684e
CORDA-1747 - Client RPC classloader and Java Generics fixes (#3553)
* fix for spring boot rpc and  it work with deterministic serialization

* really really fix tests

* up log level

* reenable allWarningsAsErrors
2018-07-11 13:28:01 +01:00
Chris Rankin
35b2170b9c
Upgrade to Kotlin 1.2.51. (#3509) 2018-07-05 12:45:16 +01:00
Shams Asari
244167d3e9
Enabled warnings as errors (#3514) 2018-07-04 17:17:27 +01:00
szymonsztuka
470921afb9 ENT-1741 Build standalone shell JAR distribution - subsequent fix (#3476) 2018-06-29 12:03:18 +01:00
szymonsztuka
0a700fd3f0 ENT-1741 Build standalone shell JAR distribution - fix (#3474) 2018-06-29 10:32:37 +01:00
Mike Hearn
33511b40dc Minor: work around a Kotlin compiler performance regressions 2018-06-28 18:24:50 +02:00
Tommy Lillehagen
e3072ad320 Remove old TODO to upgrade Artemis to version 2.4+ (#3447) 2018-06-27 09:02:45 +01:00
Chris Rankin
a4d2acbea2
ENT-1467: Make the deterministic JDK image compatible with IntelliJ. (#3416)
* Expand the deterministic JDK image to make it friendlier to IntelliJ.
* Fix Gradle always to use the latest deterministic rt.jar available.
* Write JDK items directly from Gradle.
2018-06-26 11:53:16 +01:00
Tommy Lillehagen
1d95ffba3a
CORDA-1674 - Publish Node Explorer artefact (#3437) 2018-06-26 10:46:04 +01:00
Shams Asari
3046843d40
CORDA-1602: Added cmd line flags to the network bootstrapper (#3419)
The list of CorDapps jars is no longer passed in via the cmd line but is now expected to be placed in the bootstrapped directory.

Ended up being a bit of a refactor to cater for unit testing, and also tidied up the bootstrapper docs.
2018-06-23 11:36:10 +01:00
Chris Rankin
473d97e6c4
Upgrade to Gradle 4.8.1 (#3420)
See: https://github.com/gradle/gradle/releases/tag/v4.8.1
2018-06-22 08:36:04 +01:00
szymonsztuka
3af5412d40 ENT-1741 Build standalone shell JAR distribution (#3409) 2018-06-21 10:32:36 +01:00
Chris Rankin
6f149a38c9
ENT-1463: Upgrade to Kotlin 1.2.50 (#3383)
* Upgrade to Kotlin 1.2.50
* Remove methods whose implementations are now inherited.
2018-06-18 15:36:33 +01:00