From 9319be876e5f1101fa1edc1e521b162856b4e400 Mon Sep 17 00:00:00 2001 From: Esta Nagy Date: Mon, 9 May 2022 23:13:42 +0200 Subject: [PATCH] Security improvements (#158) - Removes unused vulnerable dependency from docker tests - Removes unused vulnerable dependency from testcontainers module - Separate Jackson Bom version from the rest of Jackson packages - Fix log pattern to replace new line characters {patch} Signed-off-by: Esta Nagy --- gradle/libs.versions.toml | 3 ++- .../src/main/resources/application.properties | 3 +++ lowkey-vault-docker/build.gradle | 8 ++++++-- lowkey-vault-testcontainers/build.gradle | 8 ++++++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index aba7be1a..f1b0a1ea 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -16,6 +16,7 @@ jupiter = "5.8.2" abortMission = "2.8.53" checkstyle = "9.2.1" jacoco = "0.8.2" +jacksonBom = { strictly = "2.13.2.20220328" } jackson = { strictly = "2.13.2" } jacksonDatabind = { strictly = "2.13.2.2" } openApiUi = "1.6.8" @@ -73,7 +74,7 @@ cucumber-java = { module = "io.cucumber:cucumber-java", version.ref = "cucumber" cucumber-testng = { module = "io.cucumber:cucumber-testng", version.ref = "cucumber" } cucumber-spring = { module = "io.cucumber:cucumber-spring", version.ref = "cucumber" } -jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version.ref = "jackson" } +jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version.ref = "jacksonBom" } jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jackson" } jackson-annotations = { module = "com.fasterxml.jackson.core:jackson-annotations", version.ref = "jackson" } jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonDatabind" } diff --git a/lowkey-vault-app/src/main/resources/application.properties b/lowkey-vault-app/src/main/resources/application.properties index b915836e..5a4eb248 100644 --- a/lowkey-vault-app/src/main/resources/application.properties +++ b/lowkey-vault-app/src/main/resources/application.properties @@ -25,3 +25,6 @@ springdoc.swagger-ui.operationsSorter=alpha spring.jackson.generator.flush-passed-to-stream=true # logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=DEBUG +logging.pattern.dateformat=HH:mm:ss.SSS +logging.pattern.console=%clr(%d{HH:mm:ss.SSS}){faint} %clr(%5p){magenta} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %replace(%m){'[\\r\\n]',' '}%n%ex{5} +logging.exception-conversion-word=%ex{5} diff --git a/lowkey-vault-docker/build.gradle b/lowkey-vault-docker/build.gradle index 96224a4d..fecdb8b2 100644 --- a/lowkey-vault-docker/build.gradle +++ b/lowkey-vault-docker/build.gradle @@ -24,8 +24,12 @@ dependencies { testImplementation libs.bouncycastle.bcpkix testImplementation libs.httpclient testImplementation libs.commons.codec - testImplementation libs.azure.security.keyvault.keys - testImplementation libs.azure.security.keyvault.secrets + testImplementation(libs.azure.security.keyvault.keys) { + exclude(group: "io.netty") + } + testImplementation(libs.azure.security.keyvault.secrets) { + exclude(group: "io.netty") + } testImplementation libs.spring.boot.starter.test testImplementation libs.bundles.cucumber testImplementation libs.abort.mission.cucumber diff --git a/lowkey-vault-testcontainers/build.gradle b/lowkey-vault-testcontainers/build.gradle index 574c2983..d31381f1 100644 --- a/lowkey-vault-testcontainers/build.gradle +++ b/lowkey-vault-testcontainers/build.gradle @@ -17,8 +17,12 @@ dependencies { testImplementation libs.bundles.jackson testImplementation libs.httpclient testImplementation libs.commons.codec - testImplementation libs.azure.security.keyvault.keys - testImplementation libs.azure.security.keyvault.secrets + testImplementation(libs.azure.security.keyvault.keys) { + exclude(group: "io.netty") + } + testImplementation(libs.azure.security.keyvault.secrets) { + exclude(group: "io.netty") + } testImplementation libs.mockito.core testImplementation libs.jupiter testImplementation libs.logback.classic