[#863] Placed Dependencies and Dependency Versions In TOML file (#885)

* issue_863: Successfully moved all the dependencies to toml file and currently replacing dependencies listed in the build.gradle file with the ones referenced in the toml file * issue_863: finished updating dependency versions. Ready for PR * issue_863: downgraded versions since there was an issue with the dependencies versions and the ci/cd pipeline in git. will update each depedency slowly to ensure that upgrades are down correctly. * issue_863: upgrading this slowly but surely * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes. * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) * issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) partIII * issue_863: Part IV of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) * issue_863: Part V of upgrading this slowly to see if github's ci/cd is happy still with these set of changes (again) * issue_863: Part VI of updating dependencies slowly * issue_863: Part VII of updating dependencies * issue_863: Part 8 of updating dependencies * issue_863: Part 9 of updating dependencies * issue_863: Part 10 of updating dependencies * issue_863: Part 12 of updating dependencies * issue_863: Part 13 of updating dependencies * issue_863: Part 14 of updating dependencies * issue_863: Part 15 of updating dependencies * issue_863: Updating tomcat core. * issue_863: removed some critical vulnerable dependencies * issue_863: updated spring boot version. second try at it. * issue_863: undid spring update. need to figure out how to smoothly transition to newer spring. * issue_863: updated spring boot, hibernate, and spring retry. Removed an unused dependency. * issue_863: removed unused dependencies and am currently resolving critical vulnerable dependendcies * issue_863: reverted changes from last commit. let's see if that makes a difference * issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. * issue_863: Updated gradle plugins version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities. * issue_863: Updated gradle plugins version again. Ready for PR. Vulnerability issues will be addressed in another PR. I've cut down vulnerabilities by quite a lot and I want to test the new OWASP plugin against the remaining vulnerabilities. * issue_863: Finishing touches to the PR. Upgraded some more dependencies and removed unused one. * issue_863: Removed testng from codebase. Has been officially replaced with spring junit.
nsacyber · Jan 13, 2025 · 11691e5 · 11691e5
1 parent ad09669
commit 11691e5
Show file tree

Hide file tree

Showing 14 changed files with 494 additions and 618 deletions.
diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle
@@ -1,20 +1,6 @@
 plugins {
-    id 'java'
-    id 'io.spring.dependency-management' version '1.1.0'
+    id 'io.spring.dependency-management' version '1.1.7'
     id 'com.google.protobuf' version '0.9.4'
-    id 'checkstyle'
-}
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-
-    flatDir { dirs "lib" }
 }
 
 configurations {
@@ -27,63 +13,42 @@ dependencies {
     implementation project(':HIRS_Utils')
     implementation project(':HIRS_Structs')
 
-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa:3.0.1'
-    implementation 'com.github.darrachequesne:spring-data-jpa-datatables:6.0.1'
-    implementation 'org.springframework.retry:spring-retry:2.0.0'
-    implementation libs.springdatajpa
-
     implementation libs.bouncycastle
     implementation libs.commons.codec
+    implementation libs.commons.io
     implementation libs.commons.lang3
-    implementation libs.jakarta.api
-    implementation libs.jakarta.xml
-    implementation libs.hibernate.core
-    implementation libs.pci
     implementation libs.guava
     implementation libs.jackson.core
     implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
     implementation libs.minimal.json
-    implementation libs.protobuf.java
-    implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
-    implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
 
-    testImplementation 'org.apache.directory.studio:org.apache.commons.io:2.4'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.mockito:mockito-core:4.2.0'
-    testImplementation 'org.springframework:spring-test:6.0.8'
+    // pull the pci dependency and ...
+    implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient
 
-    compileOnly "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
-    annotationProcessor "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
+    implementation libs.protobuf.java
+    implementation libs.spring.boot.starter.data.jpa
+    implementation libs.spring.retry
+    implementation libs.spring.boot.starter.web
+    implementation libs.spring.framework.webmvc
 
-    // spring management
     compileOnly libs.lombok
-    implementation libs.lombok
     annotationProcessor libs.lombok
+
+    compileOnly libs.spotbugs.annotations
+    annotationProcessor libs.spotbugs.annotations
+
+    testImplementation libs.commons.io
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
+
 protobuf {
     protoc {
         artifact = 'com.google.protobuf:protoc:3.24.3'

diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java
@@ -19,10 +19,10 @@ public abstract class UserDefinedEntity extends ArchivableEntity {
 
     @Column(nullable = false, unique = true)
     @NonNull
-    private String name;
+    private String name = "";
 
     @ToString.Exclude
-    @Column(nullable = false, unique = false)
+    @Column(nullable = false)
     @NonNull
     private String description = "";
 

diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle
@@ -1,25 +1,17 @@
 plugins {
     id 'application'
-    id 'java'
     id 'war'
-    id 'com.netflix.nebula.ospackage' version '11.8.0'
-    id 'org.springframework.boot' version '3.0.6'
-    id 'io.spring.dependency-management' version '1.1.0'
-    id 'checkstyle'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
+    id 'org.springframework.boot' version '3.0.13'
+    id 'io.spring.dependency-management' version '1.1.7'
 }
 
 // Get version from main project gradle
-def packVersion = properties.get("packageVersion");
-def jarVersion = properties.get("jarVersion");
-def projVersion = properties.get("projVersion");
+def packVersion = properties.get("packageVersion")
+def jarVersion = properties.get("jarVersion")
+def projVersion = properties.get("projVersion")
 //println "packageVersion is ${projVersion}"
 
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
 bootRun {
     if (project.hasProperty('debug')) {
         jvmArgs project.debug
@@ -33,63 +25,40 @@ configurations {
     all*.exclude module: 'spring-boot-starter-logging'
 }
 
-repositories {
-    flatDir { dirs "lib" }
-    mavenCentral()
-}
-
 dependencies {
     implementation project(':HIRS_Utils')
     implementation project(':HIRS_AttestationCA')
 
-    implementation libs.pci
-    implementation libs.gson
     implementation libs.bouncycastle
     implementation libs.guava
+    implementation libs.gson
+    implementation libs.jakarta.persistence.api
     implementation libs.jakarta.servlet
-    implementation libs.jakarta.api
     implementation libs.jakarta.xml
 
-    implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.springframework.boot:spring-boot-starter-validation'
-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
-    implementation 'org.springframework.boot:spring-boot-starter-log4j2'
-    implementation 'org.apache.logging.log4j:log4j-spring-boot'
-    implementation 'org.projectlombok:lombok'
-    implementation 'commons-fileupload:commons-fileupload:1.5'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-jasper:10.1.5'
-
-    compileOnly 'org.projectlombok:lombok'
-    implementation 'org.mariadb.jdbc:mariadb-java-client:3.1.4'
-    annotationProcessor 'org.projectlombok:lombok'
-    providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
-
-    testImplementation 'org.springframework.boot:spring-boot-starter-test'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.hsqldb:hsqldb'
-}
+    // pull the pci dependency and ...
+    implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient
 
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
+    implementation libs.mariadb.java.client
+    implementation libs.spring.boot.starter.web
+    //implementation libs.spring.framework.webmvc
+    implementation libs.spring.boot.starter.validation
+    implementation libs.spring.boot.starter.data.jpa
+    implementation libs.spring.boot.starter.log4j2
+    implementation libs.tomcat.embed.jasper
+
+    compileOnly libs.lombok
+    annotationProcessor libs.lombok
+
+    providedRuntime libs.spring.boot.starter.tomcat
+
+    testImplementation libs.hsqldb
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }
 
 test {

diff --git a/HIRS_Structs/build.gradle b/HIRS_Structs/build.gradle
@@ -1,56 +1,19 @@
-plugins {
-    id 'java'
-    id 'checkstyle'
-}
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
+dependencies {
+    implementation libs.commons.lang3
 
-    flatDir { dirs "lib" }
-}
+    compileOnly libs.lombok
+    annotationProcessor libs.lombok
 
-dependencies {
-    implementation 'org.apache.commons:commons-lang3:3.13.0'
+    testImplementation libs.spring.boot.starter.test
 
-//    testCompile libs.mockito
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }
 
 test {
     useJUnitPlatform()
 }
 
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 //publishing {
 //    publications {
 //        maven(MavenPublication) {
@@ -59,5 +22,3 @@ tasks.withType(Checkstyle) {
 //        }
 //    }
 //}
-
-