Merge branch 'release/1.14.0'

.github/workflows/main.yml

@@ -28,7 +28,7 @@ jobs:
         options: --name mongo
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Fetch all history for all tags and branches
       run: git fetch --prune --unshallow
@@ -38,13 +38,13 @@ jobs:
 
 # (1) -> Prepare cache and Java
     - name: Cache ~/.m2
-      uses: actions/cache@v2.1.7
+      uses: actions/cache@v3
       with:
         path: ~/.m2
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
 
     - name: Cache JDK folder
-      uses: actions/cache@v2.1.7
+      uses: actions/cache@v3
       with:
         path: ~/jdk
         key: ${{ env.JDK_FILE }}
@@ -58,7 +58,7 @@ jobs:
         cp ~/jdk/$JDK_FILE .
 
     - name: Setup Java
-      uses: actions/setup-java@v2.5.0
+      uses: actions/setup-java@v3
       with:
         distribution: 'jdkfile'
         java-version: ${{ env.JDK_VERSION }}

.github/workflows/security.yml

@@ -0,0 +1,131 @@
+name: "Security Audit"
+
+on:
+  push:
+    branches: [ develop, master ]
+  pull_request:
+    branches: [ develop ]
+  schedule:
+    - cron: '23 4 * * 1'
+
+jobs:
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    env:
+      JDK_VERSION: 17
+      JDK_FILE: openjdk-17_linux-x64_bin.tar.gz
+      JDK_URL: https://download.java.net/java/GA/jdk17/0d483333a00540d886896bac774ff48b/35/GPL/openjdk-17_linux-x64_bin.tar.gz
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Fetch all history for all tags and branches
+        run: git fetch --prune --unshallow
+
+      - name: Prepare JDK folder
+        run: mkdir -p ~/jdk
+
+      # (1) -> Prepare cache and Java
+      - name: Cache ~/.m2
+        uses: actions/[email protected]
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+
+      - name: Cache JDK folder
+        uses: actions/[email protected]
+        with:
+          path: ~/jdk
+          key: ${{ env.JDK_FILE }}
+
+      # (2) -> Prepare Java
+      - name: Download JDK
+        run: |
+          if [ ! -f ~/jdk/$JDK_FILE ]; then
+            wget --quiet $JDK_URL -O ~/jdk/$JDK_FILE
+          fi
+          cp ~/jdk/$JDK_FILE .
+
+      - name: Setup Java
+        uses: actions/[email protected]
+        with:
+          distribution: 'jdkfile'
+          java-version: ${{ env.JDK_VERSION }}
+          jdkFile: ${{ env.JDK_FILE }}
+          architecture: x64
+
+      - name: Verify Maven and Java
+        run: |
+          mvn --version
+
+      # (3) -> Init CodeQL
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: 'java'
+
+      # (3) -> Build
+      - name: Build package
+        run: |
+          mvn --quiet -B -U --fail-fast -DskipTests package
+
+      # (4) -> CodeQL Analysis
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1
+
+  snyk:
+    name: Snyk (Maven)
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+
+      - name: Checkout repository
+        uses: actions/checkout@master
+
+      - name: Perform Snyk Check (Maven)
+        uses: snyk/actions/maven@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high
+
+  snyk-docker:
+    name: Snyk (Docker)
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    env:
+      PUBLIC_IMAGE: fairdata/fairdatapoint
+      TAG_DEVELOP: develop
+
+    steps:
+
+      - name: Checkout repository
+        uses: actions/checkout@master
+
+      - name: Docker build
+        run: |
+          docker pull $PUBLIC_IMAGE:$TAG_DEVELOP
+          docker build --cache-from $PUBLIC_IMAGE:$TAG_DEVELOP -t fdp:snyk-test -f Dockerfile.build .
+
+      - name: Perform Snyk Check (Docker)
+        uses: snyk/actions/docker@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: fdp:snyk-test
+          args: --severity-threshold=high

CHANGELOG.md

@@ -8,6 +8,18 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [Unreleased]
 
 
+## [1.14.0]
+
+### Added
+
+- Security audit via GitHub Actions (Snyk and CodeQL)
+
+### Changed
+
+- Introduced metadata schemas (as replacement of shapes) including versioning and importing
+- Updated RDF4J to 4.0
+- Several dependencies updated
+
 ## [1.13.2]
 
 ### Fixed
@@ -36,7 +48,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Fixed
 
-- Missing `xsd` prefix in some default shapes
+- Missing `xsd` prefix in some default metadataSchemas
 
 ## [1.12.4]
 
@@ -92,13 +104,13 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Changed
 
-- Resource definitions are related directly to shapes
+- Resource definitions are related directly to metadataSchemas
 
 ## [1.10.0]
 
 ### Added
 
-- Allow to change internal shapes
+- Allow to change internal metadataSchemas
 - Reset to "factory defaults" (users, resource definitions, metadata)
 
 ### Changed
@@ -109,7 +121,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Added
 
-- Publishing and sharing SHACL shapes between FDPs
+- Publishing and sharing SHACL metadataSchemas between FDPs
 - Pagination for child resources
 
 ### Changed
@@ -193,8 +205,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 - Shape definitions with DASH support
 - Endpoint for bootstrapping [Client]
-- Validation for SHACL definitions in shapes
-- Production migration for shape definitions
+- Validation for SHACL definitions in metadataSchemas
+- Production migration for metadataSchema definitions
 
 ### Changed
 
@@ -300,3 +312,5 @@ The first release of reference FAIR Data Point implementation.
 [1.12.4]: /../../tree/v1.12.4
 [1.13.0]: /../../tree/v1.13.0
 [1.13.1]: /../../tree/v1.13.1
+[1.13.2]: /../../tree/v1.13.2
+[1.14.0]: /../../tree/v1.14.0

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+We support the latest major and minor version with patch versions that fix vulnerabilities and critical bugs. For older versions, we highly recommend upgrading to the latest version. 
+
+| Version | Supported          |
+|---------| ------------------ |
+| 1.14.0  | :white_check_mark: |
+| < 1.14  | :x:                |
+
+## Current Recommendations
+
+* Use 1.14.0 with the newest dependencies (and no known vulnerabilities)
+
+## Reporting a Vulnerability
+
+In case you encounter a vulnerability, please let us know via [GitHub issues](https://github.com/FAIRDataTeam/FAIRDataPoint/issues). If you need to share sensitive information, indicate that in the issue and we will provide a secured channel how you can privately send us such information.

pom.xml

@@ -5,12 +5,12 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.6</version>
+        <version>2.7.0</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>nl.dtls</groupId>
     <artifactId>fairdatapoint</artifactId>
-    <version>1.13.2</version>
+    <version>1.14.0</version>
     <packaging>jar</packaging>
 
     <name>FairDataPoint</name>
@@ -51,17 +51,16 @@
         <maven.compiler.target>17</maven.compiler.target>
 
         <!-- Project related -->
-        <spring.rdf.migration.version>1.1.0.RELEASE</spring.rdf.migration.version>
+        <spring.rdf.migration.version>1.2.0.RELEASE</spring.rdf.migration.version>
         <spring.security.acl.mongo.version>5.2.4.RELEASE</spring.security.acl.mongo.version>
 
         <!-- Core -->
-        <springdoc.version>1.6.5</springdoc.version>
-        <mongock.version>5.0.35</mongock.version>
-        <mongodb.spring-data.v3.version>3.3.1</mongodb.spring-data.v3.version>
-        <rdf4j.version>3.7.4</rdf4j.version>
-        <unirest.version>1.4.9</unirest.version>
-        <jwt.version>0.11.2</jwt.version>
-        <lombok.version>1.18.22</lombok.version>
+        <springdoc.version>1.6.9</springdoc.version>
+        <mongock.version>5.1.0</mongock.version>
+        <mongodb.spring-data.v3.version>3.4.0</mongodb.spring-data.v3.version>
+        <rdf4j.version>4.0.2</rdf4j.version>
+        <jwt.version>0.11.5</jwt.version>
+        <lombok.version>1.18.24</lombok.version>
         <rdf-resolver.version>0.1.2-SNAPSHOT</rdf-resolver.version>
         <log4j2.version>2.17.1</log4j2.version>
 
@@ -222,11 +221,6 @@
             <artifactId>rdf4j-sail-nativerdf</artifactId>
             <version>${rdf4j.version}</version>
         </dependency>
-        <dependency>
-            <groupId>com.mashape.unirest</groupId>
-            <artifactId>unirest-java</artifactId>
-            <version>${unirest.version}</version>
-        </dependency>
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
             <artifactId>jjwt-api</artifactId>

src/main/java/nl/dtls/fairdatapoint/api/controller/apikey/ApiKeyController.java

@@ -59,7 +59,7 @@ public ResponseEntity<ApiKeyDTO> createApiKey() {
 
     @DeleteMapping("/{uuid}")
     @ResponseStatus(HttpStatus.NO_CONTENT)
-    public ResponseEntity<Void> deleteShape(@PathVariable final String uuid) throws ResourceNotFoundException {
+    public ResponseEntity<Void> deleteApiKey(@PathVariable final String uuid) throws ResourceNotFoundException {
         boolean result = apiKeyService.delete(uuid);
         if (result) {
             return ResponseEntity.noContent().build();

src/main/java/nl/dtls/fairdatapoint/api/controller/exception/ExceptionControllerAdvice.java

@@ -72,6 +72,7 @@ public class ExceptionControllerAdvice {
     )
     public ErrorDTO handleBadRequest(Exception e) {
         log.warn(e.getMessage());
+        log.debug("Handling bad request (ValidationException)", e);
         return new ErrorDTO(HttpStatus.BAD_REQUEST, e.getMessage());
     }
 
@@ -88,6 +89,7 @@ public ErrorDTO handleBadRequest(Exception e) {
     )
     public Model handleBadRequest(RdfValidationException e) {
         Model validationReportModel = e.getModel();
+        log.debug("Handling bad request (RdfValidationException)", e);
 
         // Log number of errors
         IRI validationResultIri = i("http://www.w3.org/ns/shacl#ValidationResult");
@@ -115,6 +117,7 @@ public Model handleBadRequest(RdfValidationException e) {
     )
     public ErrorDTO handleUnauthorized(Exception e) {
         log.error(e.getMessage());
+        e.printStackTrace();
         return new ErrorDTO(HttpStatus.UNAUTHORIZED, e.getMessage());
     }
 
@@ -131,6 +134,7 @@ public ErrorDTO handleUnauthorized(Exception e) {
     )
     public ErrorDTO handleForbidden(Exception e) {
         log.error(e.getMessage());
+        log.debug("Handling forbidden", e);
         return new ErrorDTO(HttpStatus.FORBIDDEN, e.getMessage());
     }
 
@@ -147,6 +151,7 @@ public ErrorDTO handleForbidden(Exception e) {
     )
     public ErrorDTO handleResourceNotFound(ResourceNotFoundException e) {
         log.error(e.getMessage());
+        log.debug("Handling resource not found", e);
         return new ErrorDTO(HttpStatus.NOT_FOUND, e.getMessage());
     }
 
@@ -163,12 +168,14 @@ public ErrorDTO handleResourceNotFound(ResourceNotFoundException e) {
     )
     public ErrorDTO handleInternalServerError(Exception e) {
         log.error(e.getMessage());
+        log.debug("Handling internal server error (MetadataServiceException)", e);
         return new ErrorDTO(HttpStatus.INTERNAL_SERVER_ERROR, e.getMessage());
     }
 
     @ExceptionHandler(IndexException.class)
-    public ResponseEntity<ErrorDTO> handleIndexException(IndexException exception) {
-        return new ResponseEntity<>(exception.getErrorDTO(), exception.getStatus());
+    public ResponseEntity<ErrorDTO> handleIndexException(IndexException e) {
+        log.debug("Handling index exception", e);
+        return new ResponseEntity<>(e.getErrorDTO(), e.getStatus());
     }
 
 }