Merge pull request #167 from eclipse/spring2

Update rest-backend and rest-lib-utils to SpringBoot 2.5.1

Author: henrikplate

lang-java/src/main/java/org/eclipse/steady/java/JarWriter.java

@@ -543,6 +543,7 @@ public Path rewrite(Path _todir) throws JarAnalysisException {
         }
 
         // Add additional files
+
         for (Map.Entry<String, Path> e : this.additionalFiles.entrySet()) {
           if (e.getValue().toFile().exists()) {
             new_entry = new JarEntry(e.getKey());

lang-java/src/main/java/org/eclipse/steady/java/sign/gson/ASTSignatureChangeSerializer.java

@@ -67,6 +67,7 @@ private void writeSourceCodeEntityElement(
     jgen.writeObjectFieldStart(_property_name);
     jgen.writeStringField("UniqueName", _entity.getUniqueName().toString());
     jgen.writeStringField("EntityType", _entity.getType().toString());
+
     jgen.writeStringField("Modifiers", Integer.toString(_entity.getModifiers()));
     jgen.writeObjectFieldStart("SourceCodeRange");
     jgen.writeStringField("Start", Integer.toString(_entity.getSourceRange().getStart()));

rest-backend/pom.xml

@@ -26,8 +26,8 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.22.RELEASE</version>
-		<relativePath/>
+		<version>2.5.1</version>
+		<relativePath />
 	</parent>
 
 	<groupId>org.eclipse.steady</groupId>
@@ -111,19 +111,9 @@
 		<maven.install.skip>${skip.install.deploy}</maven.install.skip>
 		<maven.deploy.skip>${skip.install.deploy}</maven.deploy.skip>
 
-		<!-- Fix vulnerable dependencies in spring-boot-dependencies -->
-		<commons-beanutils.version>1.9.4</commons-beanutils.version><!-- from 1.9.3 -->
-		<hibernate.version>5.4.25.Final</hibernate.version><!-- from 5.0.12.Final, which includes vulnerable dom4j 1.6.1  -->
-		<jackson.version>2.9.10.20210106</jackson.version><!-- from 2.8.11.20181123 -->
-		<logback.version>1.2.3</logback.version><!--  from 1.1.11 -->
-		<log4j2.version>2.13.3</log4j2.version><!-- from 2.7 -->
-		<snakeyaml.version>1.26</snakeyaml.version><!-- from 1.17 -->
-		<spring.version>4.3.29.RELEASE</spring.version><!-- from 4.3.25.RELEASE -->
-		<tomcat.version>8.5.63</tomcat.version><!-- from 8.5.43 -->
 	</properties>
 
 	<dependencies>
-
 		<dependency>
 			<groupId>org.eclipse.steady</groupId>
 			<artifactId>shared</artifactId>
@@ -168,31 +158,14 @@
 			<artifactId>json-path</artifactId>
 			<version>2.4.0</version>
 		</dependency>
-
-		<!-- Swagger core dependencies -->
-		<dependency>
-			<groupId>io.swagger</groupId>
-			<artifactId>swagger-annotations</artifactId>
-			<version>1.5.22</version>
-		</dependency>
-		<dependency>
-			<groupId>io.swagger</groupId>
-			<artifactId>swagger-core</artifactId>
-			<version>1.5.22</version>
-		</dependency>
-
-		<!-- SpringFox dependencies -->
-		<dependency>
-			<groupId>io.springfox</groupId>
-			<artifactId>springfox-swagger2</artifactId>
-			<version>2.9.2</version>
-		</dependency>
+		
+		<!-- Swagger dependencies -->		
 		<dependency>
-			<groupId>io.springfox</groupId>
-			<artifactId>springfox-swagger-ui</artifactId>
-			<version>2.9.2</version>
-		</dependency>
-
+			<groupId>org.springdoc</groupId>
+            <artifactId>springdoc-openapi-ui</artifactId>
+            <version>1.2.32</version>
+        </dependency>
+		
 		<dependency>
 			<groupId>com.sun.mail</groupId>
 			<artifactId>javax.mail</artifactId>
@@ -204,6 +177,12 @@
 			<artifactId>javax.activation-api</artifactId>
 			<version>1.2.0</version>
 		</dependency>
+		
+		<dependency>
+		    <groupId>com.google.guava</groupId>
+		    <artifactId>guava</artifactId>
+		    <version>28.2-jre</version>
+		</dependency>
 
 		<!-- Test dependencies -->
 		<dependency>
@@ -218,6 +197,25 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-mock</artifactId>
+			<version>2.0.8</version>
+			<scope>test</scope>
+		</dependency>
+		<!-- to allow tests written with JUnit 4 to be run by JUnit 5, see https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.4-Release-Notes#junit-5s-vintage-engine-removed-from-spring-boot-starter-test -->
+		<dependency>
+    		<groupId>org.junit.vintage</groupId>
+    		<artifactId>junit-vintage-engine</artifactId>
+    		<scope>test</scope>
+    		<exclusions>
+        		<exclusion>
+            		<groupId>org.hamcrest</groupId>
+            		<artifactId>hamcrest-core</artifactId>
+        		</exclusion>
+    		</exclusions>
+		</dependency>
+		
 
 		<!-- Used to mock REST services -->
 		<dependency>
@@ -237,9 +235,9 @@
 		<dependency>
 			<groupId>org.flywaydb</groupId>
 			<artifactId>flyway-core</artifactId>
-			<version>5.0.7</version>
+			<version>6.5.7</version> <!-- overriding managed version 7.7.3 to avoid 1 migration checksum mismatch -->
 		</dependency>
-
+		
 		<!-- To prevent javadoc error "class file for javax.interceptor.InterceptorBinding not found" -->
 		<dependency>
 		    <groupId>javax.interceptor</groupId>

rest-backend/src/main/java/org/eclipse/steady/backend/model/Dependency.java

@@ -119,7 +119,7 @@ public class Dependency implements Serializable {
   @Column(columnDefinition = "text")
   private String path;
 
-  @Column(columnDefinition = "text")
+  @Column(length = 1024)
   private String relativePath;
 
   @ManyToMany(
@@ -134,22 +134,23 @@ public class Dependency implements Serializable {
   private Set<TouchPoint> touchPoints;
 
   /**
-   * Only set when single dependencies are returned by {@link ApplicationController#getDependency(String, String, String, String)}.
-   * TODO: Maybe check if they can always bet set (depending on performance and memory).
+   * Only set when single dependencies are returned by {@link
+   * ApplicationController#getDependency(String, String, String, String)}. TODO: Maybe check if they
+   * can always bet set (depending on performance and memory).
    */
   @Transient private Collection<Trace> traces;
 
   /**
-   * Contains collections of reachable dependency constructs per {@link ConstructType}.
-   * It MUST be a subset of what can be obtained from the library via {@link Library#countConstructTypes()}.
+   * Contains collections of reachable dependency constructs per {@link ConstructType}. It MUST be a
+   * subset of what can be obtained from the library via {@link Library#countConstructTypes()}.
    */
   @Transient private ConstructIdFilter reachableFilter = null;
 
   /**
-   * Contains collections of traced dependency constructs per {@link ConstructType}.
-   * It MUST be a subset of what can be obtained from the library via {@link Library#countConstructTypes()}.
-   * Depending on the quality of the reachability analysis, it SHOULD be a subset of what can be obtained
-   * via {@link Dependency#countReachableConstructTypes()}.
+   * Contains collections of traced dependency constructs per {@link ConstructType}. It MUST be a
+   * subset of what can be obtained from the library via {@link Library#countConstructTypes()}.
+   * Depending on the quality of the reachability analysis, it SHOULD be a subset of what can be
+   * obtained via {@link Dependency#countReachableConstructTypes()}.
    */
   @Transient private ConstructIdFilter tracedFilter = null;
 

rest-backend/src/main/java/org/eclipse/steady/backend/repo/ApplicationRepository.java

@@ -56,14 +56,6 @@ public interface ApplicationRepository
   /** Constant <code>FILTER</code> */
   public static final ResultSetFilter<Application> FILTER = new ResultSetFilter<Application>();
 
-  /**
-   * <p>findById.</p>
-   *
-   * @param id a {@link java.lang.Long} object.
-   * @return a {@link java.util.List} object.
-   */
-  List<Application> findById(@Param("id") Long id);
-
   /**
    * <p>findByGA.</p>
    *

rest-backend/src/main/java/org/eclipse/steady/backend/repo/ApplicationRepositoryImpl.java

@@ -541,12 +541,11 @@ public TreeSet<VulnerableDependency> findAppVulnerableDependencies(
 
     for (Object[] e : bundledDigests) {
       Dependency depWithBundledLibId =
-          DependencyRepository.FILTER.findOne(
-              this.depRepository.findById(((BigInteger) e[0]).longValue()));
+          this.depRepository.findById(((BigInteger) e[0]).longValue()).orElse(null);
 
       Library bundledDigest =
-          LibraryRepository.FILTER.findOne(
-              this.libRepository.findById(((BigInteger) e[1]).longValue()));
+          this.libRepository.findById(((BigInteger) e[1]).longValue()).orElse(null);
+
       List<Bug> vulns_cc = this.bugRepository.findByLibrary(bundledDigest);
 
       for (Bug b : vulns_cc) {
@@ -570,12 +569,10 @@ public TreeSet<VulnerableDependency> findAppVulnerableDependencies(
     for (Object[] e : bundledLibIds) {
 
       Dependency depWithBundledLibId =
-          DependencyRepository.FILTER.findOne(
-              this.depRepository.findById(((BigInteger) e[0]).longValue()));
+          this.depRepository.findById(((BigInteger) e[0]).longValue()).orElse(null);
 
       LibraryId bundledLibId =
-          LibraryIdRepository.FILTER.findOne(
-              this.libIdRepository.findById(((BigInteger) e[1]).longValue()));
+          this.libIdRepository.findById(((BigInteger) e[1]).longValue()).orElse(null);
 
       List<Bug> vulns_av_true = this.bugRepository.findByLibId(bundledLibId, true);
 

rest-backend/src/main/java/org/eclipse/steady/backend/repo/BugRepository.java

@@ -43,15 +43,6 @@ public interface BugRepository extends CrudRepository<Bug, Long>, BugRepositoryC
   /** Constant <code>FILTER</code> */
   public static final ResultSetFilter<Bug> FILTER = new ResultSetFilter<Bug>();
 
-  /**
-   * <p>findById.</p>
-   *
-   * @param id a {@link java.lang.Long} object.
-   * @return a {@link java.util.List} object.
-   */
-  @Query("SELECT b FROM Bug b JOIN FETCH b.constructChanges WHERE b.id=:id")
-  List<Bug> findById(@Param("id") Long id);
-
   /**
    * <p>findByBugId.</p>
    *

rest-backend/src/main/java/org/eclipse/steady/backend/repo/DependencyRepository.java

@@ -42,15 +42,6 @@ public interface DependencyRepository
   /** Constant <code>FILTER</code> */
   public static final ResultSetFilter<Dependency> FILTER = new ResultSetFilter<Dependency>();
 
-  /**
-   * <p>findById.</p>
-   *
-   * @param id a {@link java.lang.Long} object.
-   * @return a {@link java.util.List} object.
-   */
-  @Query("SELECT dep FROM Dependency dep JOIN FETCH dep.lib l WHERE dep.id = :id")
-  List<Dependency> findById(@Param("id") Long id);
-
   /**
    * <p>findByDigest.</p>
    *

rest-backend/src/main/java/org/eclipse/steady/backend/repo/GoalExecutionRepositoryImpl.java

@@ -96,7 +96,7 @@ public GoalExecution findLatestGoalExecution(Application _app, GoalType _type) {
     Long id = null;
     if (_type != null) id = this.gexeRepository.findLatestForApp(_app.getId(), _type.toString());
     else id = this.gexeRepository.findLatestForApp(_app.getId());
-    if (id != null) return this.gexeRepository.findOne(id);
+    if (id != null) return this.gexeRepository.findById(id).orElse(null);
     else return null;
   }
 

rest-backend/src/main/java/org/eclipse/steady/backend/repo/LibraryIdRepository.java

@@ -38,9 +38,6 @@ public interface LibraryIdRepository extends CrudRepository<LibraryId, Long> {
   /** Constant <code>FILTER</code> */
   public static final ResultSetFilter<LibraryId> FILTER = new ResultSetFilter<LibraryId>();
 
-  @Query("SELECT l FROM LibraryId l WHERE l.id=:id")
-  List<LibraryId> findById(@Param("id") Long id);
-
   /**
    * <p>findBySecondaryKey.</p>
    *