From 887fa1acf6a953378f179065e4a8d8bfa84b968b Mon Sep 17 00:00:00 2001 From: VishalMCF <70262922+VishalMCF@users.noreply.github.com> Date: Fri, 29 Dec 2023 21:37:51 +0530 Subject: [PATCH 1/7] addressed comments and removed vulnerability --- .../java/co/novu/common/base/NovuConfig.java | 14 ------------- .../java/co/novu/common/rest/RestHandler.java | 20 ++++++++++++++++++- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/src/main/java/co/novu/common/base/NovuConfig.java b/src/main/java/co/novu/common/base/NovuConfig.java index 3897fad..71a2cf1 100644 --- a/src/main/java/co/novu/common/base/NovuConfig.java +++ b/src/main/java/co/novu/common/base/NovuConfig.java @@ -14,21 +14,7 @@ public class NovuConfig { private String apiKey; private String baseUrl = "https://api.novu.co/v1/"; - private String sdkName; - private String sdkVersion; public NovuConfig(String apiKey) { this.apiKey = apiKey; - loadContextFromPom(); - } - - private void loadContextFromPom(){ - try { - MavenXpp3Reader reader = new MavenXpp3Reader(); - Model model = reader.read(new FileReader("pom.xml")); - this.sdkName = model.getArtifactId(); - this.sdkVersion = model.getVersion(); - } catch (Exception e) { - e.printStackTrace(); - } } } \ No newline at end of file diff --git a/src/main/java/co/novu/common/rest/RestHandler.java b/src/main/java/co/novu/common/rest/RestHandler.java index c42ad4c..94df375 100644 --- a/src/main/java/co/novu/common/rest/RestHandler.java +++ b/src/main/java/co/novu/common/rest/RestHandler.java @@ -11,7 +11,13 @@ import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; +import org.apache.maven.model.Model; +import org.apache.maven.model.io.xpp3.MavenXpp3Reader; + +import java.io.FileReader; import java.io.IOException; +import java.io.InputStreamReader; +import java.util.Objects; @RequiredArgsConstructor public class RestHandler { @@ -30,7 +36,7 @@ public Retrofit buildRetrofit() { Request request = chain.request() .newBuilder() .addHeader("Authorization", "ApiKey " + novuConfig.getApiKey()) - .addHeader("User-Agent", "novu/" + novuConfig.getSdkName() + "@" + novuConfig.getSdkVersion()) + .addHeader("User-Agent", "novu/JAVA" + "@" + loadSdkVersionFromPom()) .build(); return chain.proceed(request); }).addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BASIC)); @@ -62,4 +68,16 @@ public R extractResponse(Response response, R body) throws NovuNetwork throw new NovuNetworkException(response.errorBody() != null ? response.errorBody().string() : "Error connecting to Novu API"); } } + + private String loadSdkVersionFromPom(){ + try { + MavenXpp3Reader reader = new MavenXpp3Reader(); + Model model = reader.read( + new InputStreamReader(Objects.requireNonNull(this.getClass().getResourceAsStream("/META-INF/maven/co.novu/novu-java/pom.xml")))); + return model.getVersion(); + } catch (Exception e) { + e.printStackTrace(); + } + return ""; + } } \ No newline at end of file From e6bade14b3b358d0f50db3bf53a2369fff0c7cbf Mon Sep 17 00:00:00 2001 From: VishalMCF <70262922+VishalMCF@users.noreply.github.com> Date: Fri, 29 Dec 2023 22:16:59 +0530 Subject: [PATCH 2/7] addressed comment for logging --- src/main/java/co/novu/common/rest/RestHandler.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/main/java/co/novu/common/rest/RestHandler.java b/src/main/java/co/novu/common/rest/RestHandler.java index 94df375..1016fc7 100644 --- a/src/main/java/co/novu/common/rest/RestHandler.java +++ b/src/main/java/co/novu/common/rest/RestHandler.java @@ -4,6 +4,8 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + import okhttp3.OkHttpClient; import okhttp3.Request; import okhttp3.logging.HttpLoggingInterceptor; @@ -20,6 +22,7 @@ import java.util.Objects; @RequiredArgsConstructor +@Slf4j public class RestHandler { private final NovuConfig novuConfig; @@ -36,7 +39,7 @@ public Retrofit buildRetrofit() { Request request = chain.request() .newBuilder() .addHeader("Authorization", "ApiKey " + novuConfig.getApiKey()) - .addHeader("User-Agent", "novu/JAVA" + "@" + loadSdkVersionFromPom()) + .addHeader("User-Agent", "novu/JAVA@" + loadSdkVersionFromPom()) .build(); return chain.proceed(request); }).addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BASIC)); @@ -69,14 +72,14 @@ public R extractResponse(Response response, R body) throws NovuNetwork } } - private String loadSdkVersionFromPom(){ + private String loadSdkVersionFromPom() { try { MavenXpp3Reader reader = new MavenXpp3Reader(); Model model = reader.read( new InputStreamReader(Objects.requireNonNull(this.getClass().getResourceAsStream("/META-INF/maven/co.novu/novu-java/pom.xml")))); return model.getVersion(); } catch (Exception e) { - e.printStackTrace(); + log.error("Could not retrieve the sdk version", e); } return ""; } From d495e9feba06f5a0905b4652f817592607f41976 Mon Sep 17 00:00:00 2001 From: VishalMCF <70262922+VishalMCF@users.noreply.github.com> Date: Fri, 29 Dec 2023 22:22:12 +0530 Subject: [PATCH 3/7] added dependency in the pom file --- pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pom.xml b/pom.xml index dd304bf..c34eb5b 100644 --- a/pom.xml +++ b/pom.xml @@ -196,5 +196,10 @@ okhttp 4.10.0 + + org.apache.maven + maven-model + 3.9.6 + From 7884ca1247c465a5f96f7374d2f19d9b0de7072c Mon Sep 17 00:00:00 2001 From: Joseph Olugbohunmi <37001871+mayorJAY@users.noreply.github.com> Date: Fri, 29 Dec 2023 09:00:21 -0800 Subject: [PATCH 4/7] Update src/main/java/co/novu/common/rest/RestHandler.java --- src/main/java/co/novu/common/rest/RestHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/co/novu/common/rest/RestHandler.java b/src/main/java/co/novu/common/rest/RestHandler.java index 1016fc7..fc79d32 100644 --- a/src/main/java/co/novu/common/rest/RestHandler.java +++ b/src/main/java/co/novu/common/rest/RestHandler.java @@ -39,7 +39,7 @@ public Retrofit buildRetrofit() { Request request = chain.request() .newBuilder() .addHeader("Authorization", "ApiKey " + novuConfig.getApiKey()) - .addHeader("User-Agent", "novu/JAVA@" + loadSdkVersionFromPom()) + .addHeader("User-Agent", "novu/Java@" + loadSdkVersionFromPom()) .build(); return chain.proceed(request); }).addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BASIC)); From 3d9d31488d04e61918fa40e172a0fc2e2abd3c5e Mon Sep 17 00:00:00 2001 From: Joseph Olugbohunmi <37001871+mayorJAY@users.noreply.github.com> Date: Fri, 29 Dec 2023 14:26:13 -0800 Subject: [PATCH 5/7] Update src/main/java/co/novu/common/rest/RestHandler.java --- src/main/java/co/novu/common/rest/RestHandler.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/co/novu/common/rest/RestHandler.java b/src/main/java/co/novu/common/rest/RestHandler.java index fc79d32..f11b289 100644 --- a/src/main/java/co/novu/common/rest/RestHandler.java +++ b/src/main/java/co/novu/common/rest/RestHandler.java @@ -16,10 +16,9 @@ import org.apache.maven.model.Model; import org.apache.maven.model.io.xpp3.MavenXpp3Reader; -import java.io.FileReader; import java.io.IOException; +import java.io.InputStream; import java.io.InputStreamReader; -import java.util.Objects; @RequiredArgsConstructor @Slf4j From fa35749a8931d2441ad2a7eaf3f88ec44dcaa91d Mon Sep 17 00:00:00 2001 From: Joseph Olugbohunmi <37001871+mayorJAY@users.noreply.github.com> Date: Fri, 29 Dec 2023 14:27:30 -0800 Subject: [PATCH 6/7] Update src/main/java/co/novu/common/rest/RestHandler.java --- src/main/java/co/novu/common/rest/RestHandler.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/co/novu/common/rest/RestHandler.java b/src/main/java/co/novu/common/rest/RestHandler.java index f11b289..8b71b37 100644 --- a/src/main/java/co/novu/common/rest/RestHandler.java +++ b/src/main/java/co/novu/common/rest/RestHandler.java @@ -74,8 +74,11 @@ public R extractResponse(Response response, R body) throws NovuNetwork private String loadSdkVersionFromPom() { try { MavenXpp3Reader reader = new MavenXpp3Reader(); - Model model = reader.read( - new InputStreamReader(Objects.requireNonNull(this.getClass().getResourceAsStream("/META-INF/maven/co.novu/novu-java/pom.xml")))); + InputStream inputStream = this.getClass().getResourceAsStream("/META-INF/maven/co.novu/novu-java/pom.xml"); + if (inputStream == null) { + return ""; + } + Model model = reader.read(new InputStreamReader(inputStream)); return model.getVersion(); } catch (Exception e) { log.error("Could not retrieve the sdk version", e); From 8d89fd96ea4e232dabdaa308b1ea8d946badc3d2 Mon Sep 17 00:00:00 2001 From: Joseph Olugbohunmi <37001871+mayorJAY@users.noreply.github.com> Date: Fri, 29 Dec 2023 14:31:11 -0800 Subject: [PATCH 7/7] Update src/main/java/co/novu/common/rest/RestHandler.java --- src/main/java/co/novu/common/rest/RestHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/co/novu/common/rest/RestHandler.java b/src/main/java/co/novu/common/rest/RestHandler.java index 8b71b37..7830a34 100644 --- a/src/main/java/co/novu/common/rest/RestHandler.java +++ b/src/main/java/co/novu/common/rest/RestHandler.java @@ -73,11 +73,11 @@ public R extractResponse(Response response, R body) throws NovuNetwork private String loadSdkVersionFromPom() { try { - MavenXpp3Reader reader = new MavenXpp3Reader(); InputStream inputStream = this.getClass().getResourceAsStream("/META-INF/maven/co.novu/novu-java/pom.xml"); if (inputStream == null) { return ""; } + MavenXpp3Reader reader = new MavenXpp3Reader(); Model model = reader.read(new InputStreamReader(inputStream)); return model.getVersion(); } catch (Exception e) {