Merge pull request #11432 from hzi-braunschweig/11032-spring-expressi…

…on-dependency #11441 update spring expression dependency to get rid of security issue
SORMAS-Foundation · Feb 9, 2023 · 4fb7468 · 4fb7468
2 parents cf6272b + 90e496e
commit 4fb7468
Show file tree

Hide file tree

Showing 7 changed files with 64 additions and 26 deletions.
diff --git a/...src/androidTest/java/de/symeda/sormas/app/campaign/CampaignFormDataFragmentUtilsTest.java b/...src/androidTest/java/de/symeda/sormas/app/campaign/CampaignFormDataFragmentUtilsTest.java
@@ -0,0 +1,29 @@
+package de.symeda.sormas.app.campaign;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertTrue;
+
+import java.util.Arrays;
+
+import org.junit.Test;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+
+import de.symeda.sormas.api.campaign.data.CampaignFormDataEntry;
+
+/**
+ * This test is part of the android tests, to make sure
+ * Spring expression languages and it's dependencies are correctly working.
+ *
+ * Execute this on a device with minimum android SDK version!
+ */
+public class CampaignFormDataFragmentUtilsTest {
+
+	@Test
+	public void handleExpression() {
+		Object result = CampaignFormDataFragmentUtils.getExpressionValue(
+			new SpelExpressionParser(),
+			Arrays.asList(new CampaignFormDataEntry("missedChildren", 3), new CampaignFormDataEntry("teamDidNotVisit", 2)),
+			"missedChildren > 2 and teamDidNotVisit >= 2");
+		assertEquals(Boolean.TRUE, result);
+	}
+}
diff --git a/sormas-app/app/src/main/java/de/symeda/sormas/app/backend/common/AdoDtoHelper.java b/sormas-app/app/src/main/java/de/symeda/sormas/app/backend/common/AdoDtoHelper.java
@@ -15,14 +15,6 @@
 
 package de.symeda.sormas.app.backend.common;
 
-import android.content.Context;
-import android.util.Log;
-
-import com.j256.ormlite.logger.Logger;
-import com.j256.ormlite.logger.LoggerFactory;
-
-import org.springframework.util.CollectionUtils;
-
 import java.io.IOException;
 import java.sql.SQLException;
 import java.sql.Timestamp;
@@ -33,6 +25,14 @@
 import java.util.Optional;
 import java.util.concurrent.Callable;
 
+import org.apache.commons.collections4.CollectionUtils;
+
+import com.j256.ormlite.logger.Logger;
+import com.j256.ormlite.logger.LoggerFactory;
+
+import android.content.Context;
+import android.util.Log;
+
 import de.symeda.sormas.api.EntityDto;
 import de.symeda.sormas.api.PushResult;
 import de.symeda.sormas.api.user.UserRight;

diff --git a/...as-app/app/src/main/java/de/symeda/sormas/app/campaign/CampaignFormDataFragmentUtils.java b/...as-app/app/src/main/java/de/symeda/sormas/app/campaign/CampaignFormDataFragmentUtils.java
@@ -24,17 +24,17 @@
 import java.util.Locale;
 import java.util.Map;
 
-import org.springframework.expression.EvaluationContext;
-import org.springframework.expression.Expression;
-import org.springframework.expression.ExpressionParser;
-import org.springframework.expression.spel.SpelEvaluationException;
-
 import android.content.Context;
 import android.util.AttributeSet;
 import android.util.Log;
 import android.view.Gravity;
 import android.view.View;
 
+import org.springframework.expression.EvaluationContext;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.SpelEvaluationException;
+
 import de.symeda.sormas.api.campaign.data.CampaignFormDataEntry;
 import de.symeda.sormas.api.campaign.form.CampaignFormElement;
 import de.symeda.sormas.api.campaign.form.CampaignFormElementType;

diff --git a/...ymeda/sormas/backend/sormastosormas/share/incoming/SormasToSormasShareRequestService.java b/...ymeda/sormas/backend/sormastosormas/share/incoming/SormasToSormasShareRequestService.java
@@ -29,7 +29,7 @@
 import javax.persistence.criteria.Root;
 import javax.persistence.criteria.Subquery;
 
-import org.springframework.util.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 
 import de.symeda.sormas.api.caze.CaseReferenceDto;
 import de.symeda.sormas.api.sormastosormas.share.ShareRequestCriteria;

diff --git a/.../java/de/symeda/sormas/backend/sormastosormas/share/outgoing/ShareRequestInfoService.java b/.../java/de/symeda/sormas/backend/sormastosormas/share/outgoing/ShareRequestInfoService.java
@@ -27,7 +27,7 @@
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 
-import org.springframework.util.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 
 import de.symeda.sormas.api.sormastosormas.share.ShareRequestCriteria;
 import de.symeda.sormas.backend.common.AdoServiceWithUserFilterAndJurisdiction;

diff --git a/sormas-base/pom.xml b/sormas-base/pom.xml
@@ -933,8 +933,17 @@
 			<dependency>
 				<groupId>org.springframework</groupId>
 				<artifactId>spring-context</artifactId>
-				<version>4.3.30.RELEASE</version>
-				<!-- downgraded because of missing support in android api 24-->
+				<version>5.3.25</version>
+				<exclusions>
+					<exclusion>
+						<groupId>org.springframework</groupId>
+						<artifactId>spring-aop</artifactId>
+					</exclusion>
+					<exclusion>
+						<groupId>org.springframework</groupId>
+						<artifactId>spring-beans</artifactId>
+					</exclusion>
+				</exclusions>
 			</dependency>
 
 			<dependency>

diff --git a/sormas-ui/src/main/java/de/symeda/sormas/ui/campaign/expressions/ExpressionProcessor.java b/sormas-ui/src/main/java/de/symeda/sormas/ui/campaign/expressions/ExpressionProcessor.java
@@ -1,35 +1,31 @@
 package de.symeda.sormas.ui.campaign.expressions;
 
-import java.util.HashMap;
+import static de.symeda.sormas.api.campaign.ExpressionProcessorUtils.refreshEvaluationContext;
+
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import de.symeda.sormas.api.campaign.data.CampaignFormDataEntry;
-import de.symeda.sormas.api.i18n.Descriptions;
-import de.symeda.sormas.api.i18n.I18nProperties;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.context.expression.MapAccessor;
 import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.Expression;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.spel.SpelEvaluationException;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
-import org.springframework.expression.spel.support.StandardEvaluationContext;
 
 import com.vaadin.ui.AbstractComponent;
 import com.vaadin.v7.data.Property;
 import com.vaadin.v7.ui.Field;
 
 import de.symeda.sormas.api.campaign.form.CampaignFormElement;
 import de.symeda.sormas.api.campaign.form.CampaignFormElementType;
+import de.symeda.sormas.api.i18n.Descriptions;
+import de.symeda.sormas.api.i18n.I18nProperties;
 import de.symeda.sormas.ui.campaign.campaigndata.CampaignFormBuilder;
 
-import static de.symeda.sormas.api.campaign.ExpressionProcessorUtils.refreshEvaluationContext;
-
 public class ExpressionProcessor {
 
 	private static final Logger LOG = LoggerFactory.getLogger(ExpressionProcessor.class);
@@ -82,7 +78,11 @@ private void buildTooltipDescription(CampaignFormElement formElement) {
 				fieldNamesInExpression.add(campaignFormBuilder.get18nCaption(element.getId(), element.getCaption()));
 			}
 		});
-		field.setDescription(String.format("%s: %s", I18nProperties.getDescription(Descriptions.Campaign_calculatedBasedOn), StringUtils.join(fieldNamesInExpression, ", ")));
+		field.setDescription(
+			String.format(
+				"%s: %s",
+				I18nProperties.getDescription(Descriptions.Campaign_calculatedBasedOn),
+				StringUtils.join(fieldNamesInExpression, ", ")));
 	}
 
 	private void checkExpression() {