From 99fa8038aa4fd6e05951c775a30278d87abc8459 Mon Sep 17 00:00:00 2001 From: Martin Maul Date: Fri, 22 Sep 2023 15:45:08 +0200 Subject: [PATCH 01/30] feature(UI):[TRACEFOSS-2551] layout fix --- .../other-parts/presentation/other-parts.component.scss | 2 +- .../modules/page/parts/presentation/parts.component.html | 7 +++---- .../modules/page/parts/presentation/parts.component.scss | 7 ++++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss b/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss index 31285fe017..ea6fdda5d1 100644 --- a/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss +++ b/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss @@ -21,7 +21,7 @@ .about-container { @apply flex flex-col; - height: 65vh; + height: 100%; } .split-container { diff --git a/frontend/src/app/modules/page/parts/presentation/parts.component.html b/frontend/src/app/modules/page/parts/presentation/parts.component.html index 2d1ea60ab4..7aec7a3efb 100644 --- a/frontend/src/app/modules/page/parts/presentation/parts.component.html +++ b/frontend/src/app/modules/page/parts/presentation/parts.component.html @@ -20,14 +20,13 @@ -->
-
- - {{ 'dataLoading.error' | i18n }} -
+ diff --git a/frontend/src/app/modules/page/parts/presentation/parts.component.scss b/frontend/src/app/modules/page/parts/presentation/parts.component.scss index f7c6ecc42d..435d1773c0 100644 --- a/frontend/src/app/modules/page/parts/presentation/parts.component.scss +++ b/frontend/src/app/modules/page/parts/presentation/parts.component.scss @@ -20,11 +20,12 @@ ********************************************************************************/ .parts-table-container { - width: 100%; + @apply flex flex-col; + height: 100%; } -.split-container-wrapper { - height: 65vh; +.split-container { + height: auto; } .parts-as-built-table-wrapper { From ca821183070b0e5367886dbfe10907c3d3cb142b Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Tue, 26 Sep 2023 09:47:31 +0200 Subject: [PATCH 02/30] fixed: Log Injection CWE-117 --- .../common/model/SecurityUtils.java | 60 +++++++++++++++++-- .../infrastructure/edc/EdcController.java | 34 ++++++----- .../edc/model/EDCNotificationContent.java | 15 +---- .../edc/model/EDCNotificationHeader.java | 23 +------ .../edc/model/EdcNotificationModelTest.java | 51 ++++++---------- 5 files changed, 99 insertions(+), 84 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index fbd4594db8..b3e502d37b 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -20,21 +20,69 @@ package org.eclipse.tractusx.traceability.common.model; +import org.eclipse.tractusx.traceability.qualitynotification.domain.base.model.QualityNotificationAffectedPart; +import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; +import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; +import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; + import java.util.ArrayList; import java.util.List; +import java.util.Objects; public class SecurityUtils { public static String sanitize(String unSanitizedInput) { - return unSanitizedInput.replaceAll("\r\n|\r|\n", " "); + if (unSanitizedInput != null) { + return unSanitizedInput.replaceAll("\r\n|\r|\n", " "); + } + return null; } public static List sanitize(List unSanitizedList) { - List cleanListOfAffectedItems = new ArrayList<>(); - for (String affectedItem : unSanitizedList) { - String cleanAffectedItem = sanitize(affectedItem); - cleanListOfAffectedItems.add(cleanAffectedItem); + if (unSanitizedList != null) { + List cleanListOfAffectedItems = new ArrayList<>(); + for (String affectedItem : unSanitizedList) { + String cleanAffectedItem = sanitize(affectedItem); + cleanListOfAffectedItems.add(cleanAffectedItem); + } + return cleanListOfAffectedItems; + } + return null; + } + + + public static EDCNotification sanitizeEDCNotification(EDCNotification edcNotification) { + if (edcNotification != null) { + EDCNotificationHeader cleanEDCNotificationHeader = sanitizeEDCNotificationHeader(edcNotification); + EDCNotificationContent cleanEDCNotificationContent = sanitizeEDCNotificationContent(edcNotification); + return new EDCNotification(cleanEDCNotificationHeader, cleanEDCNotificationContent); + } + return null; + } + + public static EDCNotificationHeader sanitizeEDCNotificationHeader(EDCNotification edcNotification) { + String cleanRecipientBPN = sanitize(edcNotification.getRecipientBPN()); + String cleanNotificationId = sanitize(edcNotification.getNotificationId()); + String cleanSenderBPN = sanitize(edcNotification.getSenderBPN()); + String cleanSenderAddress = sanitize(edcNotification.getSenderAddress()); + String cleanTargetDate = sanitize(Objects.requireNonNull(edcNotification.getTargetDate()).toString()); + String cleanStatus = edcNotification.convertNotificationStatus().name(); + String cleanClassification = edcNotification.convertNotificationType().getValue(); + String cleanSeverity = sanitize(edcNotification.getSeverity()); + String cleanMessageId = sanitize(edcNotification.getMessageId()); + String cleanRelatedNotificationId = sanitize(edcNotification.getRelatedNotificationId()); + return new EDCNotificationHeader(cleanNotificationId, cleanSenderBPN, cleanSenderAddress, cleanRecipientBPN, cleanClassification, cleanSeverity, cleanRelatedNotificationId, cleanStatus, cleanTargetDate, cleanMessageId); + } + + public static EDCNotificationContent sanitizeEDCNotificationContent(EDCNotification edcNotification) { + String cleanInformation = sanitize(edcNotification.getInformation()); + List StringListOfAffectedItems = new ArrayList<>(); + List ListOfAffectedItems = edcNotification.getListOfAffectedItems(); + for (QualityNotificationAffectedPart qualityNotificationAffectedPart : ListOfAffectedItems) { + String assetId = qualityNotificationAffectedPart.assetId(); + StringListOfAffectedItems.add(assetId); } - return cleanListOfAffectedItems; + List cleanStringListOfAffectedItems = sanitize(StringListOfAffectedItems); + return new EDCNotificationContent(cleanInformation, cleanStringListOfAffectedItems); } } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java index 155b9541d4..91896df587 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java @@ -25,17 +25,19 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.eclipse.tractusx.traceability.common.config.FeatureFlags; -import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; -import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.NotificationType; import org.eclipse.tractusx.traceability.qualitynotification.domain.alert.service.AlertsReceiverService; import org.eclipse.tractusx.traceability.qualitynotification.domain.investigation.model.exception.InvestigationIllegalUpdate; import org.eclipse.tractusx.traceability.qualitynotification.domain.investigation.service.InvestigationsReceiverService; +import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; +import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.NotificationType; import org.springframework.context.annotation.Profile; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeEDCNotification; + @Slf4j @Profile(FeatureFlags.NOTIFICATIONS_ENABLED_PROFILES) @Hidden @@ -52,9 +54,10 @@ public class EdcController { */ @PostMapping("/qualitynotifications/receive") public void qualityNotificationInvestigationReceive(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - log.info("EdcController [qualityNotificationReceive] notificationId:{}", edcNotification); - validateIsQualityInvestigation(edcNotification); - investigationsReceiverService.handleNotificationReceive(edcNotification); + EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + log.info("EdcController [qualityNotificationReceive] notificationId:{}", cleanEdcNotification); + validateIsQualityInvestigation(cleanEdcNotification); + investigationsReceiverService.handleNotificationReceive(cleanEdcNotification); } /** @@ -62,9 +65,10 @@ public void qualityNotificationInvestigationReceive(final @ValidEDCNotification */ @PostMapping("/qualitynotifications/update") public void qualityNotificationInvestigationUpdate(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - log.info("EdcController [qualityNotificationUpdate] notificationId:{}", edcNotification); - validateIsQualityInvestigation(edcNotification); - investigationsReceiverService.handleNotificationUpdate(edcNotification); + EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + log.info("EdcController [qualityNotificationUpdate] notificationId:{}", cleanEdcNotification); + validateIsQualityInvestigation(cleanEdcNotification); + investigationsReceiverService.handleNotificationUpdate(cleanEdcNotification); } /** @@ -72,9 +76,10 @@ public void qualityNotificationInvestigationUpdate(final @ValidEDCNotification @ */ @PostMapping("/qualityalerts/receive") public void qualityNotificationAlertReceive(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - log.info("EdcController [qualityalertReceive] notificationId:{}", edcNotification); - validateIsAlert(edcNotification); - alertsReceiverService.handleNotificationReceive(edcNotification); + EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + log.info("EdcController [qualityalertReceive] notificationId:{}", cleanEdcNotification); + validateIsAlert(cleanEdcNotification); + alertsReceiverService.handleNotificationReceive(cleanEdcNotification); } /** @@ -82,9 +87,10 @@ public void qualityNotificationAlertReceive(final @ValidEDCNotification @Valid @ */ @PostMapping("/qualityalerts/update") public void qualityNotificationAlertUpdate(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - log.info("EdcController [qualityalertUpdate] notificationId:{}", edcNotification); - validateIsAlert(edcNotification); - alertsReceiverService.handleNotificationUpdate(edcNotification); + EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + log.info("EdcController [qualityalertUpdate] notificationId:{}", cleanEdcNotification); + validateIsAlert(cleanEdcNotification); + alertsReceiverService.handleNotificationUpdate(cleanEdcNotification); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java index 9d5c2b8531..82ea9480c7 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationContent.java @@ -1,5 +1,7 @@ /******************************************************************************** - * Copyright (c) 2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * Copyright (c) 2022, 2023 ZF Friedrichshafen AG + * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -22,8 +24,6 @@ import java.util.List; -import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; - @JsonInclude(JsonInclude.Include.NON_NULL) @@ -31,13 +31,4 @@ public record EDCNotificationContent( String information, List listOfAffectedItems) { - @Override - public String toString() { - - return "EDCNotificationContent{" + - "information='" + sanitize(information) + '\'' + - ", listOfAffectedItems=" + sanitize(listOfAffectedItems) + - '}'; - } - } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java index 2b1152147d..33dc72a7e0 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/model/EDCNotificationHeader.java @@ -1,5 +1,7 @@ /******************************************************************************** - * Copyright (c) 2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022, 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * Copyright (c) 2022, 2023 ZF Friedrichshafen AG + * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -20,29 +22,10 @@ import com.fasterxml.jackson.annotation.JsonInclude; -import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; - @JsonInclude(JsonInclude.Include.NON_NULL) public record EDCNotificationHeader(String notificationId, String senderBPN, String senderAddress, String recipientBPN, String classification, String severity, String relatedNotificationId, String status, String targetDate, String messageId) { - - - @Override - public String toString() { - return "EDCNotificationHeader{" + - "notificationId='" + sanitize(notificationId) + '\'' + - ", senderBPN='" + sanitize(senderBPN) + '\'' + - ", senderAddress='" + sanitize(senderAddress) + '\'' + - ", recipientBPN='" + sanitize(recipientBPN) + '\'' + - ", classification='" + sanitize(classification) + '\'' + - ", severity='" + sanitize(severity) + '\'' + - ", relatedNotificationId='" + sanitize(relatedNotificationId) + '\'' + - ", status='" + sanitize(status) + '\'' + - ", targetDate='" + sanitize(targetDate) + '\'' + - ", messageId='" + sanitize(messageId) + '\'' + - '}'; - } } diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java index cd7b8dc71a..a3897bf483 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java @@ -18,67 +18,54 @@ ********************************************************************************/ package org.eclipse.tractusx.traceability.infrastructure.edc.model; +import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; import org.junit.jupiter.api.Test; +import java.time.Instant; import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeEDCNotification; import static org.junit.jupiter.api.Assertions.assertEquals; public class EdcNotificationModelTest { + @Test - public void testToStringEDCNotificationHeader() { + public void testSanitizeEDCNotification() { //GIVEN EDCNotificationHeader header = new EDCNotificationHeader( "12345", "SenderBPN", "Sender\nAddress", "RecipientBPN", - "Classification", "Severity", "Related\nNotificationId", - "Status", "2023-09-22", "MessageId" + "QM-Investigation", "Severity", "Related\nNotificationId", + "CREATED", "2023-09-22T14:30:00Z", "MessageId" ); - String expected = "EDCNotificationHeader{" + - "notificationId='12345', " + - "senderBPN='SenderBPN', " + - "senderAddress='Sender Address', " + - "recipientBPN='RecipientBPN', " + - "classification='Classification', " + - "severity='Severity', " + - "relatedNotificationId='Related NotificationId', " + - "status='Status', " + - "targetDate='2023-09-22', " + - "messageId='MessageId'}"; - - //WHEN - String actual = header.toString(); - - //THEN - assertEquals(expected, actual); - } - - @Test - public void testToStringEDCNotificationContent() { - - //GIVEN List listOfAffectedItems = new ArrayList<>(Arrays.asList("Item1\nItem2", "Item3", "Item4\r\nItem5")); EDCNotificationContent content = new EDCNotificationContent( "Information\nwith\nline\nbreaks", listOfAffectedItems ); - String expected = "EDCNotificationContent{" + - "information='Information with line breaks', " + - "listOfAffectedItems=[Item1 Item2, Item3, Item4 Item5]" + - "}"; + EDCNotification edcNotification = new EDCNotification(header, content); + //WHEN - String actual = content.toString(); + EDCNotification actual = sanitizeEDCNotification(edcNotification); //THEN - assertEquals(expected, actual); + assertEquals("Sender Address", actual.getSenderAddress()); + assertEquals("12345", actual.getNotificationId()); + assertEquals("Related NotificationId", actual.getRelatedNotificationId()); + assertEquals("Severity", actual.getSeverity()); + assertEquals("QM-Investigation", actual.convertNotificationType().getValue()); + assertEquals("CREATED", actual.convertNotificationStatus().name()); + assertEquals(Instant.parse("2023-09-22T14:30:00Z"), actual.getTargetDate()); + + } } From 209a1d5a9d42acfa7828e2d9d8997d26bd2566e3 Mon Sep 17 00:00:00 2001 From: Maximilian Wesener Date: Tue, 26 Sep 2023 10:46:21 +0200 Subject: [PATCH 03/30] chore: TRACEFOSS-2690 Updated bpn to match architecture. --- .../mapper/BpnMapper.java} | 35 ++++----------- .../rest/BpnMappingController.java | 44 ++++++++----------- .../service/BpnService.java} | 25 ++++------- .../bpn/domain/model/BpnEdcMapping.java | 8 +--- .../bpn/domain/service/BpnRepository.java | 3 +- .../{BpnService.java => BpnServiceImpl.java} | 7 +-- ...Repository.java => BpnRepositoryImpl.java} | 4 +- ...ryTest.java => BpnRepositoryImplTest.java} | 7 ++- ...rviceTest.java => BpnServiceImplTest.java} | 19 ++++---- .../ValidUrlParameterValidatorTest.java | 2 +- .../bpn/mapping/BpnMappingControllerIT.java | 2 +- .../common/support/BpnEdcMappingSupport.java | 2 +- .../java/bpn/request/BpnMappingRequest.java | 20 +++++++++ .../bpn/response/BpnEdcMappingResponse.java | 30 ++++++------- 14 files changed, 94 insertions(+), 114 deletions(-) rename tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/{infrastructure/rest/ValidUrlParameterValidator.java => application/mapper/BpnMapper.java} (50%) rename tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/{infrastructure => application}/rest/BpnMappingController.java (88%) rename tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/{infrastructure/rest/ValidUrlParameter.java => application/service/BpnService.java} (55%) rename tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/{BpnService.java => BpnServiceImpl.java} (91%) rename tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/{PersistentBpnRepository.java => BpnRepositoryImpl.java} (96%) rename tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/{PersistentBpnRepositoryTest.java => BpnRepositoryImplTest.java} (92%) rename tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/{BpnServiceTest.java => BpnServiceImplTest.java} (89%) create mode 100644 tx-models/src/main/java/bpn/request/BpnMappingRequest.java rename tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingRequest.java => tx-models/src/main/java/bpn/response/BpnEdcMappingResponse.java (60%) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/ValidUrlParameterValidator.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/mapper/BpnMapper.java similarity index 50% rename from tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/ValidUrlParameterValidator.java rename to tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/mapper/BpnMapper.java index 6251bdc29d..ed1d09a382 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/ValidUrlParameterValidator.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/mapper/BpnMapper.java @@ -16,38 +16,21 @@ * * SPDX-License-Identifier: Apache-2.0 ********************************************************************************/ +package org.eclipse.tractusx.traceability.bpn.application.mapper; -package org.eclipse.tractusx.traceability.bpn.infrastructure.rest; +import bpn.response.BpnEdcMappingResponse; +import org.eclipse.tractusx.traceability.bpn.domain.model.BpnEdcMapping; -import jakarta.validation.ConstraintValidator; -import jakarta.validation.ConstraintValidatorContext; -import org.apache.commons.lang3.StringUtils; +import java.util.List; -import java.net.MalformedURLException; -import java.net.URISyntaxException; -import java.net.URL; +public class BpnMapper { -public class ValidUrlParameterValidator implements ConstraintValidator { - - @Override - public void initialize(ValidUrlParameter constraintAnnotation) { - // nothing to do + public static BpnEdcMappingResponse from(BpnEdcMapping bpnEdcMapping) { + return new BpnEdcMappingResponse(bpnEdcMapping.bpn(), bpnEdcMapping.url()); } - @Override - public boolean isValid(String url, ConstraintValidatorContext context) { - - // do not validate notNull - if (StringUtils.isBlank(url)) { - return true; - } - - try { - new URL(url).toURI(); - return true; - } catch (MalformedURLException | URISyntaxException e) { - return false; - } + public static List from(List bpnEdcMappingList) { + return bpnEdcMappingList.stream().map(bpnEdcMapping -> new BpnEdcMappingResponse(bpnEdcMapping.bpn(), bpnEdcMapping.url())).toList(); } } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingController.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/rest/BpnMappingController.java similarity index 88% rename from tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingController.java rename to tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/rest/BpnMappingController.java index 2ccbc4b05d..b7ab93adcc 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingController.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/rest/BpnMappingController.java @@ -17,8 +17,10 @@ * SPDX-License-Identifier: Apache-2.0 ********************************************************************************/ -package org.eclipse.tractusx.traceability.bpn.infrastructure.rest; +package org.eclipse.tractusx.traceability.bpn.application.rest; +import bpn.request.BpnMappingRequest; +import bpn.response.BpnEdcMappingResponse; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.ArraySchema; import io.swagger.v3.oas.annotations.media.Content; @@ -29,22 +31,15 @@ import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.validation.Valid; import jakarta.validation.constraints.Size; +import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.eclipse.tractusx.traceability.bpn.domain.model.BpnEdcMapping; -import org.eclipse.tractusx.traceability.bpn.domain.service.BpnService; +import org.eclipse.tractusx.traceability.bpn.application.mapper.BpnMapper; +import org.eclipse.tractusx.traceability.bpn.domain.service.BpnServiceImpl; import org.eclipse.tractusx.traceability.common.response.ErrorResponse; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.DeleteMapping; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.PutMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseStatus; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import java.util.List; @@ -54,13 +49,10 @@ @Tag(name = "BpnEdcMapping") @RequestMapping(path = "/bpn-config") @Validated +@RequiredArgsConstructor public class BpnMappingController { - private final BpnService service; - - public BpnMappingController(BpnService service) { - this.service = service; - } + private final BpnServiceImpl service; @Operation(operationId = "getBpnEdcs", summary = "Get BPN EDC URL mappings", @@ -69,7 +61,7 @@ public BpnMappingController(BpnService service) { security = @SecurityRequirement(name = "oAuth2", scopes = "profile email")) @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Returns the paged result found", content = @Content( mediaType = "application/json", - array = @ArraySchema(arraySchema = @Schema(description = "BPN Mappings", implementation = BpnEdcMapping.class, additionalProperties = Schema.AdditionalPropertiesValue.FALSE), minItems = 0, maxItems = Integer.MAX_VALUE) + array = @ArraySchema(arraySchema = @Schema(description = "BPN Mappings", implementation = BpnEdcMappingResponse.class, additionalProperties = Schema.AdditionalPropertiesValue.FALSE), minItems = 0, maxItems = Integer.MAX_VALUE) )), @ApiResponse( responseCode = "400", @@ -114,8 +106,8 @@ public BpnMappingController(BpnService service) { mediaType = "application/json", schema = @Schema(implementation = ErrorResponse.class)))}) @GetMapping("") - public List getBpnMappings() { - return service.findAllBpnMappings(); + public List getBpnMappings() { + return BpnMapper.from(service.findAllBpnMappings()); } @Operation(operationId = "createBpnEdcUrlMappings", @@ -125,7 +117,7 @@ public List getBpnMappings() { security = @SecurityRequirement(name = "oAuth2", scopes = "profile email")) @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "Returns the paged result found for BpnEdcMapping", content = @Content( mediaType = "application/json", - array = @ArraySchema(arraySchema = @Schema(description = "BpnEdcMapping", implementation = BpnEdcMapping.class, additionalProperties = Schema.AdditionalPropertiesValue.FALSE), minItems = 0, maxItems = Integer.MAX_VALUE) + array = @ArraySchema(arraySchema = @Schema(description = "BpnEdcMapping", implementation = BpnEdcMappingResponse.class, additionalProperties = Schema.AdditionalPropertiesValue.FALSE), minItems = 0, maxItems = Integer.MAX_VALUE) )), @ApiResponse( responseCode = "400", @@ -170,9 +162,9 @@ public List getBpnMappings() { mediaType = "application/json", schema = @Schema(implementation = ErrorResponse.class)))}) @PostMapping("") - public List createBpnUrlMapping(@RequestBody @Valid @Size(max = 1000) List bpnEdcMappings) { + public List createBpnUrlMapping(@RequestBody @Valid @Size(max = 1000) List bpnEdcMappings) { log.info("BpnEdcController [createBpnEdcUrlMappings]"); - return service.saveAllBpnEdcMappings(bpnEdcMappings); + return BpnMapper.from(service.saveAllBpnEdcMappings(bpnEdcMappings)); } @Operation(operationId = "updateBpnEdcMappings", @@ -183,7 +175,7 @@ public List createBpnUrlMapping(@RequestBody @Valid @Size(max = 1 @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the paged result found for BpnEdcMapping", content = @Content( mediaType = "application/json", - array = @ArraySchema(arraySchema = @Schema(description = "BpnEdcMapping", implementation = BpnEdcMapping.class, additionalProperties = Schema.AdditionalPropertiesValue.FALSE), minItems = 0, maxItems = Integer.MAX_VALUE) + array = @ArraySchema(arraySchema = @Schema(description = "BpnEdcMapping", implementation = BpnEdcMappingResponse.class, additionalProperties = Schema.AdditionalPropertiesValue.FALSE), minItems = 0, maxItems = Integer.MAX_VALUE) )), @ApiResponse( responseCode = "400", @@ -229,9 +221,9 @@ public List createBpnUrlMapping(@RequestBody @Valid @Size(max = 1 mediaType = "application/json", schema = @Schema(implementation = ErrorResponse.class)))}) @PutMapping("") - public List updateBpnEdcUrlMapping(@RequestBody @Valid @Size(max = 1000) List bpnMappings) { + public List updateBpnEdcUrlMapping(@RequestBody @Valid @Size(max = 1000) List bpnMappings) { log.info("BpnEdcController [createBpnEdcUrlMappings]"); - return service.updateAllBpnMappings(bpnMappings); + return BpnMapper.from(service.updateAllBpnMappings(bpnMappings)); } @Operation(operationId = "deleteBpnEdcUrlMappings", diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/ValidUrlParameter.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/service/BpnService.java similarity index 55% rename from tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/ValidUrlParameter.java rename to tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/service/BpnService.java index 989abb6bb7..04381fc647 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/ValidUrlParameter.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/application/service/BpnService.java @@ -16,27 +16,20 @@ * * SPDX-License-Identifier: Apache-2.0 ********************************************************************************/ +package org.eclipse.tractusx.traceability.bpn.application.service; -package org.eclipse.tractusx.traceability.bpn.infrastructure.rest; +import bpn.request.BpnMappingRequest; +import org.eclipse.tractusx.traceability.bpn.domain.model.BpnEdcMapping; -import jakarta.validation.Constraint; -import jakarta.validation.Payload; -import java.lang.annotation.Documented; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; +import java.util.List; -@Target({ElementType.FIELD, ElementType.PARAMETER}) -@Retention(RetentionPolicy.RUNTIME) -@Constraint(validatedBy = ValidUrlParameterValidator.class) -@Documented -public @interface ValidUrlParameter { +public interface BpnService { + List findAllBpnMappings(); - String message() default "The URL must contain the protocol and a valid domain name."; + List saveAllBpnEdcMappings(List bpnEdcMappings); - Class[] groups() default {}; + List updateAllBpnMappings(List bpnEdcMappings); - Class[] payload() default {}; + void deleteBpnMapping(String bpn); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/model/BpnEdcMapping.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/model/BpnEdcMapping.java index 0d7b0f3e98..5d5805bd49 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/model/BpnEdcMapping.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/model/BpnEdcMapping.java @@ -19,13 +19,7 @@ package org.eclipse.tractusx.traceability.bpn.domain.model; -import io.swagger.annotations.ApiModelProperty; -import io.swagger.v3.oas.annotations.media.ArraySchema; -import io.swagger.v3.oas.annotations.media.Schema; - -@ArraySchema(arraySchema = @Schema(description = "BPN Mappings", additionalProperties = Schema.AdditionalPropertiesValue.FALSE), maxItems = Integer.MAX_VALUE) -public record BpnEdcMapping(@ApiModelProperty(example = "BPNL00000003CSGV") String bpn, - @ApiModelProperty(example = "https://trace-x-test-edc.dev.demo.catena-x.net/a1") String url) { +public record BpnEdcMapping(String bpn, String url) { public String getBpn() { return bpn; diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnRepository.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnRepository.java index fc1f314a6c..0b45a3877d 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnRepository.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnRepository.java @@ -19,7 +19,8 @@ package org.eclipse.tractusx.traceability.bpn.domain.service; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.BpnMappingRequest; + +import bpn.request.BpnMappingRequest; import org.eclipse.tractusx.traceability.bpn.domain.model.BpnEdcMapping; import java.util.List; diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnServiceImpl.java similarity index 91% rename from tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnService.java rename to tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnServiceImpl.java index d8e34a668a..1f0e6d723c 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnServiceImpl.java @@ -19,9 +19,10 @@ package org.eclipse.tractusx.traceability.bpn.domain.service; +import bpn.request.BpnMappingRequest; import lombok.extern.slf4j.Slf4j; +import org.eclipse.tractusx.traceability.bpn.application.service.BpnService; import org.eclipse.tractusx.traceability.bpn.domain.model.BpnNotFoundException; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.BpnMappingRequest; import org.eclipse.tractusx.traceability.bpn.domain.model.BpnEdcMapping; import org.springframework.stereotype.Component; @@ -29,11 +30,11 @@ @Slf4j @Component -public class BpnService { +public class BpnServiceImpl implements BpnService { private final BpnRepository bpnRepository; - public BpnService(BpnRepository bpnRepository) { + public BpnServiceImpl(BpnRepository bpnRepository) { this.bpnRepository = bpnRepository; } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/PersistentBpnRepository.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java similarity index 96% rename from tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/PersistentBpnRepository.java rename to tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java index 5be9150fe3..cbf9a8dbf1 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/PersistentBpnRepository.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java @@ -25,7 +25,7 @@ import org.eclipse.tractusx.traceability.bpn.domain.model.BpnNotFoundException; import org.eclipse.tractusx.traceability.bpn.domain.service.BpnRepository; import org.eclipse.tractusx.traceability.bpn.infrastructure.model.BpnEntity; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.BpnMappingRequest; +import org.eclipse.tractusx.traceability.bpn.application.rest.BpnMappingRequest; import org.springframework.stereotype.Component; import java.util.List; @@ -35,7 +35,7 @@ @Slf4j @Component @RequiredArgsConstructor -public class PersistentBpnRepository implements BpnRepository { +public class BpnRepositoryImpl implements BpnRepository { private final JpaBpnRepository repository; diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/PersistentBpnRepositoryTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnRepositoryImplTest.java similarity index 92% rename from tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/PersistentBpnRepositoryTest.java rename to tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnRepositoryImplTest.java index 22d1963889..b1db52283c 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/PersistentBpnRepositoryTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnRepositoryImplTest.java @@ -21,9 +21,8 @@ import org.eclipse.tractusx.traceability.bpn.domain.model.BpnNotFoundException; import org.eclipse.tractusx.traceability.bpn.domain.service.BpnRepository; -import org.eclipse.tractusx.traceability.bpn.infrastructure.model.BpnEntity; import org.eclipse.tractusx.traceability.bpn.infrastructure.repository.JpaBpnRepository; -import org.eclipse.tractusx.traceability.bpn.infrastructure.repository.PersistentBpnRepository; +import org.eclipse.tractusx.traceability.bpn.infrastructure.repository.BpnRepositoryImpl; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -37,7 +36,7 @@ import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) -class PersistentBpnRepositoryTest { +class BpnRepositoryImplTest { @Mock private JpaBpnRepository jpaBpnRepository; @@ -46,7 +45,7 @@ class PersistentBpnRepositoryTest { @BeforeEach void setUp() { - bpnRepository = new PersistentBpnRepository(jpaBpnRepository); + bpnRepository = new BpnRepositoryImpl(jpaBpnRepository); } @Test diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnServiceTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnServiceImplTest.java similarity index 89% rename from tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnServiceTest.java rename to tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnServiceImplTest.java index 55f92e0fef..4b43e5d954 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnServiceTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/BpnServiceImplTest.java @@ -19,10 +19,11 @@ package org.eclipse.tractusx.traceability.infrastructure.jpa.bpn_edc; +import bpn.request.BpnMappingRequest; import org.eclipse.tractusx.traceability.bpn.domain.model.BpnNotFoundException; import org.eclipse.tractusx.traceability.bpn.domain.service.BpnRepository; -import org.eclipse.tractusx.traceability.bpn.domain.service.BpnService; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.BpnMappingRequest; +import org.eclipse.tractusx.traceability.bpn.domain.service.BpnServiceImpl; + import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; @@ -39,19 +40,19 @@ import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) -class BpnServiceTest { +class BpnServiceImplTest { @Mock private BpnRepository bpnRepositoryMock; @InjectMocks - private BpnService bpnService; + private BpnServiceImpl bpnServiceImpl; @Test @DisplayName("Test getBpnEdcMappings") void testGetBpnEdcMappings() { - bpnService.findAllBpnMappings(); + bpnServiceImpl.findAllBpnMappings(); verify(bpnRepositoryMock, times(1)).findAllWhereUrlNotNull(); } @@ -61,7 +62,7 @@ void testCreateBpnEdcMapping() { String bpn = "12345"; String url = "https://example.com/12345"; List bpnMappingRequests = List.of(new BpnMappingRequest(bpn, url)); - bpnService.saveAllBpnEdcMappings(bpnMappingRequests); + bpnServiceImpl.saveAllBpnEdcMappings(bpnMappingRequests); verify(bpnRepositoryMock, times(1)).saveAll(bpnMappingRequests); } @@ -72,7 +73,7 @@ void testUpdateBpnEdcMapping() { String bpn = "12345"; String url = "https://example.com/12345"; List bpnMappingRequests = List.of(new BpnMappingRequest(bpn, url)); - bpnService.updateAllBpnMappings(bpnMappingRequests); + bpnServiceImpl.updateAllBpnMappings(bpnMappingRequests); verify(bpnRepositoryMock, times(1)).saveAll(bpnMappingRequests); } @@ -81,7 +82,7 @@ void testUpdateBpnEdcMapping() { void testDeleteBpnEdcMapping() { String bpn = "12345"; when(bpnRepositoryMock.existsWhereUrlNotNull(bpn)).thenReturn(true); - bpnService.deleteBpnMapping(bpn); + bpnServiceImpl.deleteBpnMapping(bpn); verify(bpnRepositoryMock, times(1)).deleteById(bpn); } @@ -91,7 +92,7 @@ void testDeleteBpnEdcMappingWithMissingMapping() { String bpn = "12345"; when(bpnRepositoryMock.existsWhereUrlNotNull(bpn)).thenReturn(false); Assertions.assertThrows(BpnNotFoundException.class, () -> { - bpnService.deleteBpnMapping(bpn); + bpnServiceImpl.deleteBpnMapping(bpn); }); verify(bpnRepositoryMock, never()).deleteById(bpn); } diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java index d8c47e33f2..f1b208cfbd 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java @@ -18,7 +18,7 @@ ********************************************************************************/ package org.eclipse.tractusx.traceability.infrastructure.jpa.bpn_edc; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.ValidUrlParameterValidator; +import org.eclipse.tractusx.traceability.bpn.application.rest.ValidUrlParameterValidator; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java index 38c704bb62..138e9404fd 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java @@ -20,7 +20,7 @@ package org.eclipse.tractusx.traceability.integration.bpn.mapping; import io.restassured.http.ContentType; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.BpnMappingRequest; +import org.eclipse.tractusx.traceability.bpn.application.rest.BpnMappingRequest; import org.eclipse.tractusx.traceability.integration.IntegrationTestSpecification; import org.eclipse.tractusx.traceability.integration.common.support.BpnEdcMappingSupport; import org.hamcrest.Matchers; diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java index 5c367e6988..e91ae38f06 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java @@ -20,7 +20,7 @@ package org.eclipse.tractusx.traceability.integration.common.support; import org.eclipse.tractusx.traceability.bpn.domain.service.BpnRepository; -import org.eclipse.tractusx.traceability.bpn.infrastructure.rest.BpnMappingRequest; +import org.eclipse.tractusx.traceability.bpn.application.rest.BpnMappingRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; diff --git a/tx-models/src/main/java/bpn/request/BpnMappingRequest.java b/tx-models/src/main/java/bpn/request/BpnMappingRequest.java new file mode 100644 index 0000000000..5d5062f1b2 --- /dev/null +++ b/tx-models/src/main/java/bpn/request/BpnMappingRequest.java @@ -0,0 +1,20 @@ +package bpn.request; + +import io.swagger.annotations.ApiModelProperty; +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.NotNull; +import jakarta.validation.constraints.Size; + +public record BpnMappingRequest( + @NotNull(message = "BPN must be present") + @NotEmpty(message = "BPN must be present") + @ApiModelProperty(example = "BPNL00000003CSGV") + @Size(max = 255) + String bpn, + + @NotNull(message = "A valid URL must be present") + @NotEmpty(message = "A valid URL must be present") + @Size(max = 255) + String url +) { +} diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingRequest.java b/tx-models/src/main/java/bpn/response/BpnEdcMappingResponse.java similarity index 60% rename from tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingRequest.java rename to tx-models/src/main/java/bpn/response/BpnEdcMappingResponse.java index 0e6fc04f33..6a853ce59b 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/rest/BpnMappingRequest.java +++ b/tx-models/src/main/java/bpn/response/BpnEdcMappingResponse.java @@ -16,24 +16,20 @@ * * SPDX-License-Identifier: Apache-2.0 ********************************************************************************/ - -package org.eclipse.tractusx.traceability.bpn.infrastructure.rest; +package bpn.response; import io.swagger.annotations.ApiModelProperty; -import jakarta.validation.constraints.NotEmpty; -import jakarta.validation.constraints.NotNull; -import jakarta.validation.constraints.Size; +import io.swagger.v3.oas.annotations.media.ArraySchema; +import io.swagger.v3.oas.annotations.media.Schema; + +@ArraySchema(arraySchema = @Schema(description = "BPN Mappings", additionalProperties = Schema.AdditionalPropertiesValue.FALSE), maxItems = Integer.MAX_VALUE) +public record BpnEdcMappingResponse(@ApiModelProperty(example = "BPNL00000003CSGV") String bpn, @ApiModelProperty(example = "https://trace-x-test-edc.dev.demo.catena-x.net/a1") String url) { + + public String getBpn() { + return bpn; + } -public record BpnMappingRequest( - @NotNull(message = "BPN must be present") - @NotEmpty(message = "BPN must be present") - @ApiModelProperty(example = "BPNL00000003CSGV") - @Size(max = 255) - String bpn, - @ValidUrlParameter - @NotNull(message = "A valid URL must be present") - @NotEmpty(message = "A valid URL must be present") - @Size(max = 255) - String url -) { + public String getUrl() { + return url; + } } From bfdb2115bd84f86a54b8ae3a791240f354d5c700 Mon Sep 17 00:00:00 2001 From: Maximilian Wesener Date: Tue, 26 Sep 2023 10:53:27 +0200 Subject: [PATCH 04/30] chore: TRACEFOSS-2690 Updated bpn to match architecture. --- CHANGELOG.md | 1 + .../repository/BpnRepositoryImpl.java | 3 +- .../ValidUrlParameterValidatorTest.java | 51 ------------------- .../bpn/mapping/BpnMappingControllerIT.java | 2 +- .../common/support/BpnEdcMappingSupport.java | 2 +- 5 files changed, 5 insertions(+), 54 deletions(-) delete mode 100644 tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c29b99b3c..258902a407 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - integration tests uses flyway now rather than hibernate schema auto creation - irs helm updated from 6.5.0 to 6.6.1 - BpnEntity now contains BpnEdcMappingEntity fields +- Directories of bpnEntity to match architecture ### Removed diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java index cbf9a8dbf1..6d0792118a 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/infrastructure/repository/BpnRepositoryImpl.java @@ -19,13 +19,14 @@ package org.eclipse.tractusx.traceability.bpn.infrastructure.repository; +import bpn.request.BpnMappingRequest; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.eclipse.tractusx.traceability.bpn.domain.model.BpnEdcMapping; import org.eclipse.tractusx.traceability.bpn.domain.model.BpnNotFoundException; import org.eclipse.tractusx.traceability.bpn.domain.service.BpnRepository; import org.eclipse.tractusx.traceability.bpn.infrastructure.model.BpnEntity; -import org.eclipse.tractusx.traceability.bpn.application.rest.BpnMappingRequest; + import org.springframework.stereotype.Component; import java.util.List; diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java deleted file mode 100644 index f1b208cfbd..0000000000 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/jpa/bpn_edc/ValidUrlParameterValidatorTest.java +++ /dev/null @@ -1,51 +0,0 @@ -/******************************************************************************** - * Copyright (c) 2023 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0. - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - ********************************************************************************/ -package org.eclipse.tractusx.traceability.infrastructure.jpa.bpn_edc; - -import org.eclipse.tractusx.traceability.bpn.application.rest.ValidUrlParameterValidator; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; - -class ValidUrlParameterValidatorTest { - - private final ValidUrlParameterValidator validator = new ValidUrlParameterValidator(); - - @Test - void testIsValid_whenUrlIsValid_returnsTrue() { - String validUrl = "https://www.example.com"; - boolean result = validator.isValid(validUrl, null); - Assertions.assertTrue(result); - } - - @Test - void testIsValid_whenUrlIsNull_returnsTrue() { - String nullUrl = null; - boolean result = validator.isValid(nullUrl, null); - Assertions.assertTrue(result); - } - - @Test - void testIsValid_whenUrlIsMalformed_returnsFalse() { - String malformedUrl = "not_a_valid_url"; - boolean result = validator.isValid(malformedUrl, null); - Assertions.assertFalse(result); - } - -} - diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java index 138e9404fd..e9fd13b082 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/bpn/mapping/BpnMappingControllerIT.java @@ -19,8 +19,8 @@ package org.eclipse.tractusx.traceability.integration.bpn.mapping; +import bpn.request.BpnMappingRequest; import io.restassured.http.ContentType; -import org.eclipse.tractusx.traceability.bpn.application.rest.BpnMappingRequest; import org.eclipse.tractusx.traceability.integration.IntegrationTestSpecification; import org.eclipse.tractusx.traceability.integration.common.support.BpnEdcMappingSupport; import org.hamcrest.Matchers; diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java index e91ae38f06..3931e0fa4d 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/BpnEdcMappingSupport.java @@ -19,8 +19,8 @@ package org.eclipse.tractusx.traceability.integration.common.support; +import bpn.request.BpnMappingRequest; import org.eclipse.tractusx.traceability.bpn.domain.service.BpnRepository; -import org.eclipse.tractusx.traceability.bpn.application.rest.BpnMappingRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; From 87f955a0abac40344cc787947f853eaf1e6ea33c Mon Sep 17 00:00:00 2001 From: ds-ext-sceronik Date: Tue, 26 Sep 2023 12:05:50 +0200 Subject: [PATCH 05/30] bug: TRACEFOSS-1369 added handling for duplicate shellDescriptor Ids --- CHANGELOG.md | 1 + .../domain/repository/ShellDescriptorRepository.java | 1 + .../domain/service/ShellDescriptorsServiceImpl.java | 11 ++++++++++- .../repository/jpa/ShellDescriptorRepositoryImpl.java | 6 ++++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 258902a407..bff46396c7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - LocalStorage to be used for saving view setting - archunit tests as preparation for good quality architecture checks - safety and security doc including roles matrix +- handling for duplicate shellDescriptor ids when refreshing registry ### Changed - added sorting for /api/investigations received and created endpoints diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/repository/ShellDescriptorRepository.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/repository/ShellDescriptorRepository.java index 481733c093..61d525e59a 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/repository/ShellDescriptorRepository.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/repository/ShellDescriptorRepository.java @@ -32,6 +32,7 @@ public interface ShellDescriptorRepository { List findAll(); void update(ShellDescriptor shellDescriptor); void saveAll(Collection values); + void save(ShellDescriptor descriptor); void removeDescriptorsByUpdatedBefore(ZonedDateTime now); void deleteAll(); diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImpl.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImpl.java index d160a6b946..f9937e6e7b 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImpl.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImpl.java @@ -26,6 +26,7 @@ import org.eclipse.tractusx.traceability.shelldescriptor.application.ShellDescriptorService; import org.eclipse.tractusx.traceability.shelldescriptor.domain.model.ShellDescriptor; import org.eclipse.tractusx.traceability.shelldescriptor.domain.repository.ShellDescriptorRepository; +import org.springframework.dao.DataIntegrityViolationException; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -61,7 +62,7 @@ public List determineExistingShellDescriptorsAndUpdate(List determineExistingShellDescriptorsAndUpdate(List values) { .toList()); } + @Override + public void save(ShellDescriptor descriptor) { + repository.save(ShellDescriptorEntity.newEntityFrom(descriptor)); + } + @Override public void removeDescriptorsByUpdatedBefore(ZonedDateTime now) { repository.deleteAllByUpdatedBefore(now); From 8af9d742b8f288b0628fbb703a3f88e25942e9f6 Mon Sep 17 00:00:00 2001 From: ds-ext-sceronik Date: Tue, 26 Sep 2023 12:18:45 +0200 Subject: [PATCH 06/30] bug: TRACEFOSS-1369 fix test --- .../domain/service/ShellDescriptorsServiceImplTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java index 336b8693f8..14bc31f0c4 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java @@ -61,7 +61,7 @@ void testDetermineExistingShellDescriptorsAndUpdate() { shellDescriptorsService.determineExistingShellDescriptorsAndUpdate(ownShellDescriptors); // Then - verify(shellDescriptorRepository, times(1)).saveAll(List.of(newDescriptor)); + verify(shellDescriptorRepository, times(1)).save(newDescriptor); verify(shellDescriptorRepository, times(1)).removeDescriptorsByUpdatedBefore(any(ZonedDateTime.class)); verify(shellDescriptorRepository, times(1)).update(existingDescriptor); } From 58994c0ead792e5f0f3cf03df38f818ab9b3bfce Mon Sep 17 00:00:00 2001 From: ds-ext-sceronik Date: Tue, 26 Sep 2023 12:36:28 +0200 Subject: [PATCH 07/30] bug: TRACEFOSS-1369 remove code smell and add handler test --- .../jpa/ShellDescriptorRepositoryImpl.java | 1 - .../ShellDescriptorsServiceImplTest.java | 24 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImpl.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImpl.java index 1e89b22faa..e1be9ddb9d 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImpl.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImpl.java @@ -22,7 +22,6 @@ package org.eclipse.tractusx.traceability.shelldescriptor.infrastructure.repository.jpa; import lombok.RequiredArgsConstructor; -import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.Shell; import org.eclipse.tractusx.traceability.shelldescriptor.domain.model.ShellDescriptor; import org.eclipse.tractusx.traceability.shelldescriptor.domain.repository.ShellDescriptorRepository; import org.eclipse.tractusx.traceability.shelldescriptor.infrastructure.model.ShellDescriptorEntity; diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java index 14bc31f0c4..6e4f014095 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/domain/service/ShellDescriptorsServiceImplTest.java @@ -26,12 +26,14 @@ import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; +import org.springframework.dao.DataIntegrityViolationException; import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.List; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -57,6 +59,28 @@ void testDetermineExistingShellDescriptorsAndUpdate() { when(shellDescriptorRepository.findAll()).thenReturn(List.of(existingDescriptor)); + // When + shellDescriptorsService.determineExistingShellDescriptorsAndUpdate(ownShellDescriptors); + + // Then + verify(shellDescriptorRepository, times(1)).save(newDescriptor); + verify(shellDescriptorRepository, times(1)).removeDescriptorsByUpdatedBefore(any(ZonedDateTime.class)); + verify(shellDescriptorRepository, times(1)).update(existingDescriptor); + } + + @Test + void testHandleDataIntegrityViolationException() { + // Given + List ownShellDescriptors = new ArrayList<>(); + ShellDescriptor existingDescriptor = ShellDescriptor.builder().globalAssetId("existing-id").build(); + ownShellDescriptors.add(existingDescriptor); + ShellDescriptor newDescriptor = ShellDescriptor.builder().globalAssetId("new-id").build(); + ownShellDescriptors.add(newDescriptor); + + when(shellDescriptorRepository.findAll()).thenReturn(List.of(existingDescriptor)); + doThrow(new DataIntegrityViolationException("test")).when(shellDescriptorRepository).save(newDescriptor); + + // When shellDescriptorsService.determineExistingShellDescriptorsAndUpdate(ownShellDescriptors); From 5072f387359c35bf58d5a2b6ea6faebc1828def3 Mon Sep 17 00:00:00 2001 From: ds-ext-sceronik Date: Tue, 26 Sep 2023 12:48:09 +0200 Subject: [PATCH 08/30] bug: TRACEFOSS-1369 coverage --- .../jpa/ShellDescriptorRepositoryImplTest.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImplTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImplTest.java index 0f53a18efe..230d5763ee 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImplTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/shelldescriptor/infrastructure/repository/jpa/ShellDescriptorRepositoryImplTest.java @@ -31,6 +31,7 @@ import java.util.List; import java.util.Optional; +import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyList; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; @@ -100,6 +101,19 @@ void testSaveAll() { verify(repository, times(1)).saveAll(anyList()); } + @Test + void testSave() { + // Given + ShellDescriptor descriptors = ShellDescriptor.builder().build(); + shellDescriptorRepository = new ShellDescriptorRepositoryImpl(repository); + + // When + shellDescriptorRepository.save(descriptors); + + // Then + verify(repository, times(1)).save(any()); + } + @Test void testRemoveDescriptorsByUpdatedBefore() { // Given From 4f1df0ea59ad8acb7059182326023ca323c4dac6 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Tue, 26 Sep 2023 13:48:56 +0200 Subject: [PATCH 09/30] fixed: Log Injection CWE-117 --- .../common/model/SecurityUtils.java | 46 ++++++++----------- .../infrastructure/edc/EdcController.java | 10 ++-- .../edc/model/EdcNotificationModelTest.java | 4 +- 3 files changed, 27 insertions(+), 33 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index b3e502d37b..1a576593f8 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -20,20 +20,20 @@ package org.eclipse.tractusx.traceability.common.model; -import org.eclipse.tractusx.traceability.qualitynotification.domain.base.model.QualityNotificationAffectedPart; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Objects; public class SecurityUtils { - + private static final List unwantedStrings = Arrays.asList("\r\n", "\r", "\n"); public static String sanitize(String unSanitizedInput) { if (unSanitizedInput != null) { - return unSanitizedInput.replaceAll("\r\n|\r|\n", " "); + return unSanitizedInput.replaceAll(unwantedStrings.toString(), " "); } return null; } @@ -51,38 +51,32 @@ public static List sanitize(List unSanitizedList) { } - public static EDCNotification sanitizeEDCNotification(EDCNotification edcNotification) { + public static EDCNotification sanitize(EDCNotification edcNotification) { if (edcNotification != null) { - EDCNotificationHeader cleanEDCNotificationHeader = sanitizeEDCNotificationHeader(edcNotification); - EDCNotificationContent cleanEDCNotificationContent = sanitizeEDCNotificationContent(edcNotification); + EDCNotificationHeader cleanEDCNotificationHeader = sanitize(edcNotification.header()); + EDCNotificationContent cleanEDCNotificationContent = sanitize(edcNotification.content()); return new EDCNotification(cleanEDCNotificationHeader, cleanEDCNotificationContent); } return null; } - public static EDCNotificationHeader sanitizeEDCNotificationHeader(EDCNotification edcNotification) { - String cleanRecipientBPN = sanitize(edcNotification.getRecipientBPN()); - String cleanNotificationId = sanitize(edcNotification.getNotificationId()); - String cleanSenderBPN = sanitize(edcNotification.getSenderBPN()); - String cleanSenderAddress = sanitize(edcNotification.getSenderAddress()); - String cleanTargetDate = sanitize(Objects.requireNonNull(edcNotification.getTargetDate()).toString()); - String cleanStatus = edcNotification.convertNotificationStatus().name(); - String cleanClassification = edcNotification.convertNotificationType().getValue(); - String cleanSeverity = sanitize(edcNotification.getSeverity()); - String cleanMessageId = sanitize(edcNotification.getMessageId()); - String cleanRelatedNotificationId = sanitize(edcNotification.getRelatedNotificationId()); + private static EDCNotificationHeader sanitize(EDCNotificationHeader edcNotificationHeader) { + String cleanRecipientBPN = sanitize(edcNotificationHeader.recipientBPN()); + String cleanNotificationId = sanitize(edcNotificationHeader.notificationId()); + String cleanSenderBPN = sanitize(edcNotificationHeader.senderBPN()); + String cleanSenderAddress = sanitize(edcNotificationHeader.senderAddress()); + String cleanTargetDate = sanitize(Objects.requireNonNull(edcNotificationHeader.targetDate())); + String cleanStatus = edcNotificationHeader.status(); + String cleanClassification = edcNotificationHeader.classification(); + String cleanSeverity = sanitize(edcNotificationHeader.severity()); + String cleanMessageId = sanitize(edcNotificationHeader.messageId()); + String cleanRelatedNotificationId = sanitize(edcNotificationHeader.relatedNotificationId()); return new EDCNotificationHeader(cleanNotificationId, cleanSenderBPN, cleanSenderAddress, cleanRecipientBPN, cleanClassification, cleanSeverity, cleanRelatedNotificationId, cleanStatus, cleanTargetDate, cleanMessageId); } - public static EDCNotificationContent sanitizeEDCNotificationContent(EDCNotification edcNotification) { - String cleanInformation = sanitize(edcNotification.getInformation()); - List StringListOfAffectedItems = new ArrayList<>(); - List ListOfAffectedItems = edcNotification.getListOfAffectedItems(); - for (QualityNotificationAffectedPart qualityNotificationAffectedPart : ListOfAffectedItems) { - String assetId = qualityNotificationAffectedPart.assetId(); - StringListOfAffectedItems.add(assetId); - } - List cleanStringListOfAffectedItems = sanitize(StringListOfAffectedItems); + private static EDCNotificationContent sanitize(EDCNotificationContent edcNotificationContent) { + String cleanInformation = sanitize(edcNotificationContent.information()); + List cleanStringListOfAffectedItems = sanitize(edcNotificationContent.listOfAffectedItems()); return new EDCNotificationContent(cleanInformation, cleanStringListOfAffectedItems); } } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java index 91896df587..0ed856869e 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/infrastructure/edc/EdcController.java @@ -36,7 +36,7 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; -import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeEDCNotification; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; @Slf4j @Profile(FeatureFlags.NOTIFICATIONS_ENABLED_PROFILES) @@ -54,7 +54,7 @@ public class EdcController { */ @PostMapping("/qualitynotifications/receive") public void qualityNotificationInvestigationReceive(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + EDCNotification cleanEdcNotification = sanitize(edcNotification); log.info("EdcController [qualityNotificationReceive] notificationId:{}", cleanEdcNotification); validateIsQualityInvestigation(cleanEdcNotification); investigationsReceiverService.handleNotificationReceive(cleanEdcNotification); @@ -65,7 +65,7 @@ public void qualityNotificationInvestigationReceive(final @ValidEDCNotification */ @PostMapping("/qualitynotifications/update") public void qualityNotificationInvestigationUpdate(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + EDCNotification cleanEdcNotification = sanitize(edcNotification); log.info("EdcController [qualityNotificationUpdate] notificationId:{}", cleanEdcNotification); validateIsQualityInvestigation(cleanEdcNotification); investigationsReceiverService.handleNotificationUpdate(cleanEdcNotification); @@ -76,7 +76,7 @@ public void qualityNotificationInvestigationUpdate(final @ValidEDCNotification @ */ @PostMapping("/qualityalerts/receive") public void qualityNotificationAlertReceive(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + EDCNotification cleanEdcNotification = sanitize(edcNotification); log.info("EdcController [qualityalertReceive] notificationId:{}", cleanEdcNotification); validateIsAlert(cleanEdcNotification); alertsReceiverService.handleNotificationReceive(cleanEdcNotification); @@ -87,7 +87,7 @@ public void qualityNotificationAlertReceive(final @ValidEDCNotification @Valid @ */ @PostMapping("/qualityalerts/update") public void qualityNotificationAlertUpdate(final @ValidEDCNotification @Valid @RequestBody EDCNotification edcNotification) { - EDCNotification cleanEdcNotification = sanitizeEDCNotification(edcNotification); + EDCNotification cleanEdcNotification = sanitize(edcNotification); log.info("EdcController [qualityalertUpdate] notificationId:{}", cleanEdcNotification); validateIsAlert(cleanEdcNotification); alertsReceiverService.handleNotificationUpdate(cleanEdcNotification); diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java index a3897bf483..204962de64 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java @@ -28,7 +28,7 @@ import java.util.Arrays; import java.util.List; -import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeEDCNotification; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -55,7 +55,7 @@ public void testSanitizeEDCNotification() { //WHEN - EDCNotification actual = sanitizeEDCNotification(edcNotification); + EDCNotification actual = sanitize(edcNotification); //THEN assertEquals("Sender Address", actual.getSenderAddress()); From db43e4d1f3cb63fd3060140e7f34d25fe827f6e6 Mon Sep 17 00:00:00 2001 From: Martin Maul Date: Tue, 26 Sep 2023 14:56:45 +0200 Subject: [PATCH 10/30] feature(UI):[TRACEFOSS-2511] layout fix --- .../presentation/other-parts.component.scss | 10 +++++----- .../page/parts/presentation/parts.component.html | 10 ++++------ .../page/parts/presentation/parts.component.scss | 14 +++++++++++--- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss b/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss index 88085b02c4..622c0c0b04 100644 --- a/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss +++ b/frontend/src/app/modules/page/other-parts/presentation/other-parts.component.scss @@ -21,7 +21,7 @@ .other-parts-container { @apply flex flex-col; - height: 68vh; + height: 72vh; } .app-bom-lifecycle-activator-container { @@ -38,19 +38,19 @@ } .supplier-parts-as-built-table-wrapper { - max-height: 58vh; + max-height: 51vh; } .supplier-parts-as-planned-table-wrapper { - max-height: 58vh; + max-height: 51vh; } .customer-parts-as-built-table-wrapper { - max-height: 58vh; + max-height: 51vh; } .customer-parts-as-planned-table-wrapper { - max-height: 58vh; + max-height: 51vh; } .other-parts-mat-tab-group { diff --git a/frontend/src/app/modules/page/parts/presentation/parts.component.html b/frontend/src/app/modules/page/parts/presentation/parts.component.html index 09067d8c21..0fd5e2b1b9 100644 --- a/frontend/src/app/modules/page/parts/presentation/parts.component.html +++ b/frontend/src/app/modules/page/parts/presentation/parts.component.html @@ -25,11 +25,11 @@
- + +
{{"page.asBuiltParts" | i18n}}
-
{{"page.asBuiltParts" | i18n}}
- + +
{{"page.asPlannedParts" | i18n}}
-
{{"page.asPlannedParts" | i18n}}
diff --git a/frontend/src/app/modules/page/parts/presentation/parts.component.scss b/frontend/src/app/modules/page/parts/presentation/parts.component.scss index 88456f7016..17803a58c8 100644 --- a/frontend/src/app/modules/page/parts/presentation/parts.component.scss +++ b/frontend/src/app/modules/page/parts/presentation/parts.component.scss @@ -29,16 +29,24 @@ } .split-container-wrapper { - height: 68vh; + height: 65vh; } // TODO: fix bottom shadow of parts Table .parts-as-built-table-wrapper { - max-height: 58vh; + max-height: 52vh; margin: 16px; + overflow: auto; + box-shadow: 0px 5px 5px -3px rgba(0, 0, 0, 0.2), 0px 8px 10px 1px rgba(0, 0, 0, 0.14), 0px 3px 14px 2px rgba(0, 0, 0, 0.12); +} + +.split-area { + overflow-x: auto !important; } .parts-as-planned-table-wrapper { - max-height: 58vh; + max-height: 52vh; + overflow: auto; margin: 16px; + box-shadow: 0px 5px 5px -3px rgba(0, 0, 0, 0.2), 0px 8px 10px 1px rgba(0, 0, 0, 0.14), 0px 3px 14px 2px rgba(0, 0, 0, 0.12); } From a6737464fad3002362c6a6721ea55dc6a520b5ea Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Tue, 26 Sep 2023 15:01:18 +0200 Subject: [PATCH 11/30] fixed: Log Injection CWE-117 --- .../common/model/SecurityUtils.java | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index 1a576593f8..6f9b4b0a2a 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -24,28 +24,26 @@ import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; -import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Objects; +import java.util.stream.Collectors; public class SecurityUtils { - private static final List unwantedStrings = Arrays.asList("\r\n", "\r", "\n"); + private static final List UNWANTED_STRINGS = Arrays.asList("\r\n", "\r", "\n"); public static String sanitize(String unSanitizedInput) { if (unSanitizedInput != null) { - return unSanitizedInput.replaceAll(unwantedStrings.toString(), " "); + return unSanitizedInput.replaceAll(UNWANTED_STRINGS.toString(), " "); } return null; } public static List sanitize(List unSanitizedList) { - if (unSanitizedList != null) { - List cleanListOfAffectedItems = new ArrayList<>(); - for (String affectedItem : unSanitizedList) { - String cleanAffectedItem = sanitize(affectedItem); - cleanListOfAffectedItems.add(cleanAffectedItem); - } - return cleanListOfAffectedItems; + if (!unSanitizedList.isEmpty()) { + return unSanitizedList.stream() + .filter(Objects::nonNull) + .map(SecurityUtils::sanitize) + .collect(Collectors.toList()); } return null; } From 4b13427e34645a209dcf5fb099d3e1eb31dab558 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Tue, 26 Sep 2023 15:08:59 +0200 Subject: [PATCH 12/30] fixed: Log Injection CWE-117 --- .../tractusx/traceability/common/model/SecurityUtils.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index 6f9b4b0a2a..97a092391b 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -27,7 +27,6 @@ import java.util.Arrays; import java.util.List; import java.util.Objects; -import java.util.stream.Collectors; public class SecurityUtils { private static final List UNWANTED_STRINGS = Arrays.asList("\r\n", "\r", "\n"); @@ -41,9 +40,8 @@ public static String sanitize(String unSanitizedInput) { public static List sanitize(List unSanitizedList) { if (!unSanitizedList.isEmpty()) { return unSanitizedList.stream() - .filter(Objects::nonNull) .map(SecurityUtils::sanitize) - .collect(Collectors.toList()); + .toList(); } return null; } From a2d479e58c6e47a159092b8595f390f0578af55f Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Wed, 27 Sep 2023 09:23:14 +0200 Subject: [PATCH 13/30] feature: TRACEFOSS-2640 fix catenaxSiteId in assets as planned --- .../assets/domain/base/model/aspect/DetailAspectModel.java | 2 +- .../infrastructure/asplanned/model/AsPlannedInfo.java | 6 ++++++ .../asplanned/model/AssetAsPlannedEntity.java | 4 +++- .../V37__add_catenaxSiteId_to_assets_as_planned.sql | 2 ++ 4 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 tx-backend/src/main/resources/db/migration/V37__add_catenaxSiteId_to_assets_as_planned.sql diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/model/aspect/DetailAspectModel.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/model/aspect/DetailAspectModel.java index c02b535576..3fa7c0bbc0 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/model/aspect/DetailAspectModel.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/model/aspect/DetailAspectModel.java @@ -123,7 +123,7 @@ public static List from(AssetAsPlannedEntity entity) { DetailAspectModel partSiteInfo = DetailAspectModel.builder() .type(DetailAspectType.PART_SITE_INFORMATION_AS_PLANNED) .data(DetailAspectDataPartSiteInformationAsPlanned.builder() - .catenaXSiteId(entity.getId()) + .catenaXSiteId(entity.getCatenaxSiteId()) .functionValidFrom(entity.getFunctionValidFrom()) .function(entity.getFunction()) .functionValidUntil(entity.getFunctionValidUntil()) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AsPlannedInfo.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AsPlannedInfo.java index ce8af99da6..fcea1aa967 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AsPlannedInfo.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AsPlannedInfo.java @@ -18,6 +18,7 @@ public class AsPlannedInfo { private String function; private String validityPeriodFrom; private String validityPeriodTo; + private String catenaxSiteId; public static AsPlannedInfo from(List detailAspectModels) { Optional asPlannedInfo = detailAspectModels @@ -50,12 +51,17 @@ public static AsPlannedInfo from(List detailAspectModels) { .map(org.eclipse.tractusx.traceability.assets.domain.asplanned.model.aspect.DetailAspectDataPartSiteInformationAsPlanned::getFunctionValidFrom) .orElse(""); + String catenaxSiteId = partSiteInfo.map(detailAspectModel -> (DetailAspectDataPartSiteInformationAsPlanned) detailAspectModel.getData()) + .map(org.eclipse.tractusx.traceability.assets.domain.asplanned.model.aspect.DetailAspectDataPartSiteInformationAsPlanned::getCatenaXSiteId) + .orElse(""); + return AsPlannedInfo.builder() .functionValidUntil(functionValidUntil) .functionValidFrom(functionValidFrom) .function(function) .validityPeriodFrom(validityPeriodFrom) .validityPeriodTo(validityPeriodTo) + .catenaxSiteId(catenaxSiteId) .build(); } } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java index 66e71fce68..8cb7288dbc 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java @@ -57,6 +57,7 @@ public class AssetAsPlannedEntity extends AssetBaseEntity { private String functionValidUntil; private String function; private String functionValidFrom; + private String catenaxSiteId; @ElementCollection @@ -100,12 +101,13 @@ public static AssetAsPlannedEntity from(AssetBase asset) { .owner(asset.getOwner()) .classification(asset.getClassification()) .childDescriptors(asset.getChildRelations().stream() - .map(child -> new AssetAsPlannedEntity.ChildDescription(child.id(), child.idShort())) + .map(child -> new ChildDescription(child.id(), child.idShort())) .toList()) .qualityType(asset.getQualityType()) .activeAlert(asset.isActiveAlert()) .inInvestigation(asset.isUnderInvestigation()) .semanticDataModel(SemanticDataModelEntity.from(asset.getSemanticDataModel())) + .catenaxSiteId(asPlannedInfo.getCatenaxSiteId()) .build(); } diff --git a/tx-backend/src/main/resources/db/migration/V37__add_catenaxSiteId_to_assets_as_planned.sql b/tx-backend/src/main/resources/db/migration/V37__add_catenaxSiteId_to_assets_as_planned.sql new file mode 100644 index 0000000000..59fa395eea --- /dev/null +++ b/tx-backend/src/main/resources/db/migration/V37__add_catenaxSiteId_to_assets_as_planned.sql @@ -0,0 +1,2 @@ +ALTER TABLE assets_as_planned + ADD COLUMN catenax_site_id varchar(255); From ea61996d394b7257db7382caa19539945ae29346 Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Wed, 27 Sep 2023 09:24:25 +0200 Subject: [PATCH 14/30] feature: TRACEFOSS-2640 add correct manufacturerPartId test data --- .../CX_Testdata_MessagingTest_v0.0.10.json | 10 +- .../CX_Testdata_MessagingTest_v0.0.11.json | 136 +++++++++--------- 2 files changed, 73 insertions(+), 73 deletions(-) diff --git a/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.10.json b/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.10.json index c77665a13a..1e5b106f61 100644 --- a/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.10.json +++ b/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.10.json @@ -1388,7 +1388,7 @@ "validFrom" : "2023-03-21T08:47:14.438+01:00", "validTo" : "2024-08-02T09:00:00.000+01:00" }, - "parentCatenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "parentCatenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "quantity" : { "quantityNumber" : 2.5, "measurementUnit" : "unit:litre" @@ -1454,11 +1454,11 @@ ] }, { - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "bpnl" : "BPNL00000003CNKC", "urn:bamm:io.catenax.part_site_information_as_planned:1.0.0#PartSiteInformationAsPlanned" : [ { - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "sites" : [ { "functionValidUntil" : "2027-05-23T09:16:30.000Z", @@ -1475,7 +1475,7 @@ "validFrom" : "2015-05-18T23:10:44.000Z", "validTo" : "2025-10-23T14:46:01.000Z" }, - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "partTypeInformation" : { "manufacturerPartId" : "38049661-08", "classification" : "product", @@ -1485,7 +1485,7 @@ ], "urn:bamm:io.catenax.single_level_bom_as_planned:2.0.0#SingleLevelBomAsPlanned" : [ { - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "childItems" : [ { "validityPeriod" : { diff --git a/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.11.json b/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.11.json index 390612c0a1..541e8390c7 100644 --- a/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.11.json +++ b/tx-backend/testdata/CX_Testdata_MessagingTest_v0.0.11.json @@ -71,7 +71,7 @@ "key" : "manufacturerId" }, { - "value" : "IF-53", + "value" : "3500076-05", "key" : "manufacturerPartId" }, { @@ -89,7 +89,7 @@ }, "catenaXId" : "urn:uuid:6b2296cc-26c0-4f38-8a22-092338c36e22", "partTypeInformation" : { - "manufacturerPartId" : "IF-53", + "manufacturerPartId" : "3500076-05", "classification" : "product", "nameAtManufacturer" : "a/dev Vehicle Hybrid" } @@ -255,7 +255,7 @@ "key" : "manufacturerId" }, { - "value" : "JQ-87", + "value" : "4922009-56", "key" : "manufacturerPartId" }, { @@ -273,7 +273,7 @@ }, "catenaXId" : "urn:uuid:d8030bbf-a874-49fb-b2e1-7610f0ccad12", "partTypeInformation" : { - "manufacturerPartId" : "JQ-87", + "manufacturerPartId" : "4922009-56", "classification" : "product", "nameAtManufacturer" : "a/dev Vehicle Hybrid" } @@ -308,7 +308,7 @@ "key" : "manufacturerId" }, { - "value" : "22782277-50", + "value" : "3880383-57", "key" : "manufacturerPartId" }, { @@ -322,8 +322,8 @@ }, "catenaXId" : "urn:uuid:5205f736-8fc2-4585-b869-6bf36842369a", "partTypeInformation" : { - "manufacturerPartId" : "22782277-50", - "customerPartId" : "22782277-50", + "manufacturerPartId" : "3880383-57", + "customerPartId" : "3880383-57", "classification" : "component", "nameAtManufacturer" : "b/test Door f-l", "nameAtCustomer" : "Door front-left" @@ -365,7 +365,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "6683834-82", "key" : "manufacturerPartId" }, { @@ -379,8 +379,8 @@ }, "catenaXId" : "urn:uuid:4e390dab-707f-446e-bfbe-653f6f5b1f37", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", - "customerPartId" : "95657762-59", + "manufacturerPartId" : "6683834-82", + "customerPartId" : "6683834-82", "classification" : "component", "nameAtManufacturer" : "Door Key", "nameAtCustomer" : "Door Key" @@ -439,7 +439,7 @@ "key" : "manufacturerId" }, { - "value" : "WZ-95", + "value" : "5519583-63", "key" : "manufacturerPartId" }, { @@ -457,7 +457,7 @@ }, "catenaXId" : "urn:uuid:7c7d5aec-b15d-491c-8fbd-c61c6c02c69a", "partTypeInformation" : { - "manufacturerPartId" : "WZ-95", + "manufacturerPartId" : "5519583-63", "classification" : "product", "nameAtManufacturer" : "Vehicle Hybrid" } @@ -492,7 +492,7 @@ "key" : "manufacturerId" }, { - "value" : "22782277-50", + "value" : "9069675-60", "key" : "manufacturerPartId" }, { @@ -506,8 +506,8 @@ }, "catenaXId" : "urn:uuid:f11ddc62-3bd5-468f-b7b0-110fe13ed0cd", "partTypeInformation" : { - "manufacturerPartId" : "22782277-50", - "customerPartId" : "22782277-50", + "manufacturerPartId" : "9069675-60", + "customerPartId" : "9069675-60", "classification" : "component", "nameAtManufacturer" : "b/test Door f-l", "nameAtCustomer" : "Door front-left" @@ -549,7 +549,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "8770123-80", "key" : "manufacturerPartId" }, { @@ -563,8 +563,8 @@ }, "catenaXId" : "urn:uuid:4a5e9ff6-2d5c-4510-a90e-d55af3ba502f", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", - "customerPartId" : "95657762-59", + "manufacturerPartId" : "8770123-80", + "customerPartId" : "8770123-80", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key", "nameAtCustomer" : "Door Key" @@ -623,7 +623,7 @@ "key" : "manufacturerId" }, { - "value" : "KZ-19", + "value" : "9321782-89", "key" : "manufacturerPartId" }, { @@ -641,7 +641,7 @@ }, "catenaXId" : "urn:uuid:4d33bfa6-0f1f-43a5-ad63-c3fe07a2d076", "partTypeInformation" : { - "manufacturerPartId" : "KZ-19", + "manufacturerPartId" : "9321782-89", "classification" : "product", "nameAtManufacturer" : "Vehicle Hybrid" } @@ -676,7 +676,7 @@ "key" : "manufacturerId" }, { - "value" : "22782277-50", + "value" : "9879317-51", "key" : "manufacturerPartId" }, { @@ -690,8 +690,8 @@ }, "catenaXId" : "urn:uuid:c47b9f8b-48d0-4ef4-8f0b-e965a225cb8d", "partTypeInformation" : { - "manufacturerPartId" : "22782277-50", - "customerPartId" : "22782277-50", + "manufacturerPartId" : "9879317-51", + "customerPartId" : "9879317-51", "classification" : "component", "nameAtManufacturer" : "b/test Door f-l", "nameAtCustomer" : "Door front-left" @@ -733,7 +733,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "5756987-94", "key" : "manufacturerPartId" }, { @@ -747,8 +747,8 @@ }, "catenaXId" : "urn:uuid:6ec3f1db-2798-454b-a73f-0d21a8966c74", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", - "customerPartId" : "95657762-59", + "manufacturerPartId" : "5756987-94", + "customerPartId" : "5756987-94", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key", "nameAtCustomer" : "Door Key" @@ -790,7 +790,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "5290709-55", "key" : "manufacturerPartId" }, { @@ -804,7 +804,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284b170", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "5290709-55", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key" } @@ -845,7 +845,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "9858559-85", "key" : "manufacturerPartId" }, { @@ -859,7 +859,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284fa01", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "9858559-85", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key" } @@ -877,7 +877,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "9623673-66", "key" : "manufacturerPartId" }, { @@ -891,7 +891,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284fa02", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "9623673-66", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key" } @@ -926,7 +926,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "5894914-94", "key" : "manufacturerPartId" }, { @@ -940,7 +940,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284fb01", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "5894914-94", "classification" : "component", "nameAtManufacturer" : "b/test Door Key" } @@ -981,7 +981,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "6245773-32", "key" : "manufacturerPartId" }, { @@ -995,7 +995,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284fb02", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "6245773-32", "classification" : "component", "nameAtManufacturer" : "b/test Door Key" } @@ -1030,7 +1030,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "4902203-92", "key" : "manufacturerPartId" }, { @@ -1044,7 +1044,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284fa03", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "4902203-92", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key" } @@ -1087,7 +1087,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "9770171-23", "key" : "manufacturerPartId" }, { @@ -1101,7 +1101,7 @@ }, "catenaXId" : "urn:uuid:1be6ec59-40fb-4993-9836-acb0e284fb03", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", + "manufacturerPartId" : "9770171-23", "classification" : "component", "nameAtManufacturer" : "b/test Door Key" } @@ -1119,7 +1119,7 @@ }, "catenaXId" : "urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4da01", "partTypeInformation" : { - "manufacturerPartId" : "ZX-55", + "manufacturerPartId" : "9649571-63", "classification" : "product", "nameAtManufacturer" : "a/dev Vehicle Model A" } @@ -1171,7 +1171,7 @@ }, "catenaXId" : "urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4eb01", "partTypeInformation" : { - "manufacturerPartId" : "ZX-55", + "manufacturerPartId" : "7805659-25", "classification" : "product", "nameAtManufacturer" : "b/test Vehicle Model B" } @@ -1233,7 +1233,7 @@ }, "catenaXId" : "urn:uuid:580d3adf-1981-44a0-a214-13d6ceed6841", "partTypeInformation" : { - "manufacturerPartId" : "123-0.740-3434-A", + "manufacturerPartId" : "3578115-43", "customerPartId" : "PRT-12345", "classification" : "product", "nameAtManufacturer" : "Mirror left", @@ -1263,7 +1263,7 @@ }, "catenaXId" : "urn:uuid:0733946c-59c6-41ae-9570-cb43a6e43842", "partTypeInformation" : { - "manufacturerPartId" : "123-0.740-3434-A", + "manufacturerPartId" : "8397292-13", "customerPartId" : "PRT-12345", "classification" : "product", "nameAtManufacturer" : "Mirror left", @@ -1369,7 +1369,7 @@ }, "catenaXId" : "urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e", "partTypeInformation" : { - "manufacturerPartId" : "ZX-55", + "manufacturerPartId" : "2586427-48", "classification" : "product", "nameAtManufacturer" : "b/test Vehicle Model A" } @@ -1456,7 +1456,7 @@ "validFrom" : "2023-03-21T08:47:14.438+01:00", "validTo" : "2024-08-02T09:00:00.000+01:00" }, - "parentCatenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "parentCatenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "quantity" : { "quantityNumber" : 2.5, "measurementUnit" : "unit:litre" @@ -1522,11 +1522,11 @@ ] }, { - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "bpnl" : "BPNL00000003CNKC", "urn:bamm:io.catenax.part_site_information_as_planned:1.0.0#PartSiteInformationAsPlanned" : [ { - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "sites" : [ { "functionValidUntil" : "2027-05-23T09:16:30.000Z", @@ -1543,9 +1543,9 @@ "validFrom" : "2015-05-18T23:10:44.000Z", "validTo" : "2025-10-23T14:46:01.000Z" }, - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "partTypeInformation" : { - "manufacturerPartId" : "38049661-08", + "manufacturerPartId" : "6288246-67", "classification" : "product", "nameAtManufacturer" : "b/test OEM A High Voltage Battery" } @@ -1553,7 +1553,7 @@ ], "urn:bamm:io.catenax.single_level_bom_as_planned:2.0.0#SingleLevelBomAsPlanned" : [ { - "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128z", + "catenaXId" : "urn:uuid:aad27ddb-43aa-4e42-98c2-01e529ef128c", "childItems" : [ { "validityPeriod" : { @@ -1804,7 +1804,7 @@ }, "catenaXId" : "urn:uuid:07cb071f-8716-45fe-89f1-f2f77a1ce93b", "partTypeInformation" : { - "manufacturerPartId" : "ZX-55", + "manufacturerPartId" : "8583898-48", "classification" : "product", "nameAtManufacturer" : "b/test Tier B ECU1" } @@ -1929,7 +1929,7 @@ }, "catenaXId" : "urn:uuid:68904173-ad59-4a77-8412-3e73fcafbd8b", "partTypeInformation" : { - "manufacturerPartId" : "FJ-87", + "manufacturerPartId" : "6004474-20", "classification" : "product", "nameAtManufacturer" : "a/dev Vehicle Model B" } @@ -1981,7 +1981,7 @@ }, "catenaXId" : "urn:uuid:e8c48a8e-d2d7-43d9-a867-65c70c85f5b8", "partTypeInformation" : { - "manufacturerPartId" : "123564887-01", + "manufacturerPartId" : "1987361-42", "classification" : "product", "nameAtManufacturer" : "b/test Tire Model A" } @@ -2013,8 +2013,8 @@ }, "catenaXId" : "urn:uuid:44347dec-21d1-47aa-b2a7-f959bf9d424b", "partTypeInformation" : { - "manufacturerPartId" : "8840838-04", - "customerPartId" : "8840838-04", + "manufacturerPartId" : "8840837-48", + "customerPartId" : "9560617-12", "classification" : "component", "nameAtManufacturer" : "a/dev HV MODUL", "nameAtCustomer" : "HV MODUL" @@ -2045,7 +2045,7 @@ "key" : "manufacturerId" }, { - "value" : "8840838-04", + "value" : "8840374-09", "key" : "manufacturerPartId" }, { @@ -2091,7 +2091,7 @@ "key" : "manufacturerId" }, { - "value" : "8840838-04", + "value" : "4683655-00", "key" : "manufacturerPartId" }, { @@ -2105,8 +2105,8 @@ }, "catenaXId" : "urn:uuid:1233b405-5ac8-4867-93f8-6fdf37733737", "partTypeInformation" : { - "manufacturerPartId" : "8840374-09", - "customerPartId" : "8840374-09", + "manufacturerPartId" : "4683655-00", + "customerPartId" : "4683655-00", "classification" : "component", "nameAtManufacturer" : "a/dev ZB ZELLE", "nameAtCustomer" : "ZB ZELLE" @@ -2137,7 +2137,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "1142469-27", "key" : "manufacturerPartId" }, { @@ -2151,8 +2151,8 @@ }, "catenaXId" : "urn:uuid:da978a30-4dde-4d76-808a-b7946763ff0d", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", - "customerPartId" : "95657762-59", + "manufacturerPartId" : "1142469-27", + "customerPartId" : "1142469-27", "classification" : "component", "nameAtManufacturer" : "b/test Door Key", "nameAtCustomer" : "Door Key" @@ -2173,7 +2173,7 @@ }, "catenaXId" : "urn:uuid:da978a30-4dde-4d76-808a-b7946763ff0d", "partTypeInformation" : { - "manufacturerPartId" : "123-0.740-3434-A", + "manufacturerPartId" : "1417058-05", "customerPartId" : "PRT-12345", "classification" : "product", "nameAtManufacturer" : "b/test Door Key", @@ -2193,7 +2193,7 @@ "key" : "manufacturerId" }, { - "value" : "95657762-59", + "value" : "1261027-41", "key" : "manufacturerPartId" }, { @@ -2207,8 +2207,8 @@ }, "catenaXId" : "urn:uuid:bcfae197-40fa-4be0-821d-5c1873a1b7c2", "partTypeInformation" : { - "manufacturerPartId" : "95657762-59", - "customerPartId" : "95657762-59", + "manufacturerPartId" : "1261027-41", + "customerPartId" : "1261027-41", "classification" : "component", "nameAtManufacturer" : "a/dev Door Key", "nameAtCustomer" : "Door Key" @@ -2229,7 +2229,7 @@ }, "catenaXId" : "urn:uuid:bcfae197-40fa-4be0-821d-5c1873a1b7c2", "partTypeInformation" : { - "manufacturerPartId" : "123-0.740-3434-A", + "manufacturerPartId" : "5464168-83", "customerPartId" : "PRT-12345", "classification" : "product", "nameAtManufacturer" : "a/dev Door Key", From 99eb6e06c8f3b1da34a4b1c00dad05c8e9971d28 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 09:44:59 +0200 Subject: [PATCH 15/30] fixed: Log Injection CWE-117 --- .../common/model/SecurityUtils.java | 44 ++++++++++++++- .../rest/InvestigationsController.java | 36 ++++++------- .../edc/model/EdcNotificationModelTest.java | 54 +++++++++++++++++++ 3 files changed, 114 insertions(+), 20 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index 97a092391b..493263e601 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -20,6 +20,9 @@ package org.eclipse.tractusx.traceability.common.model; +import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.CloseQualityNotificationRequest; +import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.StartQualityNotificationRequest; +import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.UpdateQualityNotificationRequest; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; @@ -46,6 +49,46 @@ public static List sanitize(List unSanitizedList) { return null; } + public static StartQualityNotificationRequest sanitize(StartQualityNotificationRequest request) { + if (request != null) { + String cleanDescription = sanitize(request.getDescription()); + String cleanReceiverBpn = sanitize(request.getReceiverBpn()); + List cleanPartIds = sanitize(request.getPartIds()); + + + StartQualityNotificationRequest cleanStartQualityNotificationRequest = new StartQualityNotificationRequest(); + cleanStartQualityNotificationRequest.setDescription(cleanDescription); + cleanStartQualityNotificationRequest.setTargetDate(request.getTargetDate()); + cleanStartQualityNotificationRequest.setSeverity(request.getSeverity()); + cleanStartQualityNotificationRequest.setAsBuilt(request.isAsBuilt()); + cleanStartQualityNotificationRequest.setReceiverBpn(cleanReceiverBpn); + cleanStartQualityNotificationRequest.setPartIds(cleanPartIds); + return cleanStartQualityNotificationRequest; + } + return null; + } + + public static CloseQualityNotificationRequest sanitize(CloseQualityNotificationRequest closeInvestigationRequest) { + if (closeInvestigationRequest != null) { + String cleanReason = sanitize(closeInvestigationRequest.getReason()); + CloseQualityNotificationRequest cleanCloseInvestigationRequest = new CloseQualityNotificationRequest(); + cleanCloseInvestigationRequest.setReason(cleanReason); + return cleanCloseInvestigationRequest; + } + return null; + } + + public static UpdateQualityNotificationRequest sanitize(UpdateQualityNotificationRequest updateInvestigationRequest) { + if (updateInvestigationRequest != null) { + String cleanReason = sanitize(updateInvestigationRequest.getReason()); + UpdateQualityNotificationRequest cleanUpdateInvestigationRequest = new UpdateQualityNotificationRequest(); + cleanUpdateInvestigationRequest.setStatus(updateInvestigationRequest.getStatus()); + cleanUpdateInvestigationRequest.setReason(cleanReason); + return cleanUpdateInvestigationRequest; + } + + return null; + } public static EDCNotification sanitize(EDCNotification edcNotification) { if (edcNotification != null) { @@ -55,7 +98,6 @@ public static EDCNotification sanitize(EDCNotification edcNotification) { } return null; } - private static EDCNotificationHeader sanitize(EDCNotificationHeader edcNotificationHeader) { String cleanRecipientBPN = sanitize(edcNotificationHeader.recipientBPN()); String cleanNotificationId = sanitize(edcNotificationHeader.notificationId()); diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/investigation/rest/InvestigationsController.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/investigation/rest/InvestigationsController.java index b6e779930c..0f1f332be4 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/investigation/rest/InvestigationsController.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/investigation/rest/InvestigationsController.java @@ -47,16 +47,11 @@ import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseStatus; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import qualitynotification.base.response.QualityNotificationIdResponse; import qualitynotification.investigation.response.InvestigationResponse; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; import static org.eclipse.tractusx.traceability.qualitynotification.application.validation.UpdateQualityNotificationValidator.validate; @Profile(FeatureFlags.NOTIFICATIONS_ENABLED_PROFILES) @@ -128,14 +123,15 @@ public InvestigationsController(@Qualifier("investigationServiceImpl") QualityNo @PostMapping @ResponseStatus(HttpStatus.CREATED) public QualityNotificationIdResponse investigateAssets(@RequestBody @Valid StartQualityNotificationRequest request) { - log.info(API_LOG_START + " with params: {}", request); + StartQualityNotificationRequest cleanRequest = sanitize(request); + log.info(API_LOG_START + " with params: {}", cleanRequest); return new QualityNotificationIdResponse(investigationService.start( - request.getPartIds(), - request.getDescription(), - request.getTargetDate(), - request.getSeverity().toDomain(), - request.getReceiverBpn(), - request.isAsBuilt()) + cleanRequest.getPartIds(), + cleanRequest.getDescription(), + cleanRequest.getTargetDate(), + cleanRequest.getSeverity().toDomain(), + cleanRequest.getReceiverBpn(), + cleanRequest.isAsBuilt()) .value()); } @@ -486,8 +482,9 @@ public void cancelInvestigation(@PathVariable Long investigationId) { @PostMapping("/{investigationId}/close") @ResponseStatus(HttpStatus.NO_CONTENT) public void closeInvestigation(@PathVariable Long investigationId, @Valid @RequestBody CloseQualityNotificationRequest closeInvestigationRequest) { - log.info(API_LOG_START + "/{}/close with params {}", investigationId, closeInvestigationRequest); - investigationService.update(investigationId, QualityNotificationStatusRequest.toDomain(QualityNotificationStatusRequest.CLOSED), closeInvestigationRequest.getReason()); + CloseQualityNotificationRequest cleanCloseQualityNotificationRequest = sanitize(closeInvestigationRequest); + log.info(API_LOG_START + "/{}/close with params {}", investigationId, cleanCloseQualityNotificationRequest); + investigationService.update(investigationId, QualityNotificationStatusRequest.toDomain(QualityNotificationStatusRequest.CLOSED), cleanCloseQualityNotificationRequest.getReason()); } @Operation(operationId = "updateInvestigation", @@ -547,9 +544,10 @@ public void closeInvestigation(@PathVariable Long investigationId, @Valid @Reque @PostMapping("/{investigationId}/update") @ResponseStatus(HttpStatus.NO_CONTENT) public void updateInvestigation(@PathVariable Long investigationId, @Valid @RequestBody UpdateQualityNotificationRequest updateInvestigationRequest) { - validate(updateInvestigationRequest); - log.info(API_LOG_START + "/{}/update with params {}", investigationId, updateInvestigationRequest); - investigationService.update(investigationId, updateInvestigationRequest.getStatus().toDomain(), updateInvestigationRequest.getReason()); + UpdateQualityNotificationRequest cleanUpdateQualityNotificationRequest = sanitize(updateInvestigationRequest); + validate(cleanUpdateQualityNotificationRequest); + log.info(API_LOG_START + "/{}/update with params {}", investigationId, cleanUpdateQualityNotificationRequest); + investigationService.update(investigationId, cleanUpdateQualityNotificationRequest.getStatus().toDomain(), cleanUpdateQualityNotificationRequest.getReason()); } } diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java index 204962de64..a4a66672dc 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java @@ -18,6 +18,7 @@ ********************************************************************************/ package org.eclipse.tractusx.traceability.infrastructure.edc.model; +import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.*; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; @@ -30,6 +31,7 @@ import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; public class EdcNotificationModelTest { @@ -68,4 +70,56 @@ public void testSanitizeEDCNotification() { } + + @Test + public void testSanitizeRequest() { + //GIVEN + List partIds = new ArrayList<>(); + partIds.add("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca978"); + partIds.add("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca979\n"); + Instant targetDate = Instant.parse("2023-09-22T14:30:00Z".trim()); + QualityNotificationSeverityRequest severity = QualityNotificationSeverityRequest.MINOR; + StartQualityNotificationRequest request = new StartQualityNotificationRequest(partIds, "The description\n", targetDate, severity, true, "BPN00001123123AS\n"); + + + //WHEN + StartQualityNotificationRequest cleanRequest = sanitize(request); + + //THEN + assertEquals("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca979 ", cleanRequest.getPartIds().get(1)); + assertEquals(request.getSeverity(), cleanRequest.getSeverity()); + assertEquals("The description ", cleanRequest.getDescription()); + assertTrue(cleanRequest.isAsBuilt()); + assertEquals("BPN00001123123AS ", cleanRequest.getReceiverBpn()); + + } + + @Test + public void testSanitizeCloseInvestigationRequest() { + //GIVEN + CloseQualityNotificationRequest closeQualityNotificationRequest = new CloseQualityNotificationRequest(); + closeQualityNotificationRequest.setReason("Reason\n"); + + //WHEN + CloseQualityNotificationRequest cleanCloseQualityNotificationRequest = sanitize(closeQualityNotificationRequest); + + //THEN + assertEquals("Reason ", cleanCloseQualityNotificationRequest.getReason()); + + } + + + @Test + public void testSanitizeUpdateQualityNotificationRequest() { + //GIVEN + UpdateQualityNotificationRequest updateQualityNotificationRequest = new UpdateQualityNotificationRequest(); + updateQualityNotificationRequest.setReason("Reason\n"); + updateQualityNotificationRequest.setStatus(UpdateQualityNotificationStatusRequest.ACCEPTED); + + //WHEN + UpdateQualityNotificationRequest cleanUpdateQualityNotificationRequest = sanitize(updateQualityNotificationRequest); + + //THEN + assertEquals("Reason ", cleanUpdateQualityNotificationRequest.getReason()); + } } From c1cbba6a032c77ceb1b877e7ad90e2c5faf9d53e Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 10:28:09 +0200 Subject: [PATCH 16/30] fixed: Log Injection CWE-117 --- .../common/model/SecurityUtils.java | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index 493263e601..f7d34e7c28 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -54,16 +54,14 @@ public static StartQualityNotificationRequest sanitize(StartQualityNotificationR String cleanDescription = sanitize(request.getDescription()); String cleanReceiverBpn = sanitize(request.getReceiverBpn()); List cleanPartIds = sanitize(request.getPartIds()); - - - StartQualityNotificationRequest cleanStartQualityNotificationRequest = new StartQualityNotificationRequest(); - cleanStartQualityNotificationRequest.setDescription(cleanDescription); - cleanStartQualityNotificationRequest.setTargetDate(request.getTargetDate()); - cleanStartQualityNotificationRequest.setSeverity(request.getSeverity()); - cleanStartQualityNotificationRequest.setAsBuilt(request.isAsBuilt()); - cleanStartQualityNotificationRequest.setReceiverBpn(cleanReceiverBpn); - cleanStartQualityNotificationRequest.setPartIds(cleanPartIds); - return cleanStartQualityNotificationRequest; + return StartQualityNotificationRequest.builder() + .description(cleanDescription) + .targetDate(request.getTargetDate()) + .severity(request.getSeverity()) + .isAsBuilt(request.isAsBuilt()) + .receiverBpn(cleanReceiverBpn) + .partIds(cleanPartIds) + .build(); } return null; } From d72731692367197f83893f78dedc27764f7cd359 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 10:38:28 +0200 Subject: [PATCH 17/30] fixed: Log Injection CWE-117 --- .../traceability/common/model/SecurityUtils.java | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index f7d34e7c28..3eb0bc7db8 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -50,7 +50,6 @@ public static List sanitize(List unSanitizedList) { } public static StartQualityNotificationRequest sanitize(StartQualityNotificationRequest request) { - if (request != null) { String cleanDescription = sanitize(request.getDescription()); String cleanReceiverBpn = sanitize(request.getReceiverBpn()); List cleanPartIds = sanitize(request.getPartIds()); @@ -62,30 +61,21 @@ public static StartQualityNotificationRequest sanitize(StartQualityNotificationR .receiverBpn(cleanReceiverBpn) .partIds(cleanPartIds) .build(); - } - return null; } public static CloseQualityNotificationRequest sanitize(CloseQualityNotificationRequest closeInvestigationRequest) { - if (closeInvestigationRequest != null) { String cleanReason = sanitize(closeInvestigationRequest.getReason()); CloseQualityNotificationRequest cleanCloseInvestigationRequest = new CloseQualityNotificationRequest(); cleanCloseInvestigationRequest.setReason(cleanReason); return cleanCloseInvestigationRequest; - } - return null; } public static UpdateQualityNotificationRequest sanitize(UpdateQualityNotificationRequest updateInvestigationRequest) { - if (updateInvestigationRequest != null) { String cleanReason = sanitize(updateInvestigationRequest.getReason()); UpdateQualityNotificationRequest cleanUpdateInvestigationRequest = new UpdateQualityNotificationRequest(); cleanUpdateInvestigationRequest.setStatus(updateInvestigationRequest.getStatus()); cleanUpdateInvestigationRequest.setReason(cleanReason); return cleanUpdateInvestigationRequest; - } - - return null; } public static EDCNotification sanitize(EDCNotification edcNotification) { From d44975e66988a4408707c1bfacda3fc5f7bb4968 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 14:07:17 +0200 Subject: [PATCH 18/30] fixed: Log Injection CWE-117 --- .../common/model/SecurityUtils.java | 15 ++++++++ .../alert/rest/AlertController.java | 36 +++++++++---------- .../service/EdcPolicyDefinitionService.java | 20 +++++------ .../edc/model/EdcNotificationModelTest.java | 26 ++++++++++++-- 4 files changed, 64 insertions(+), 33 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index 3eb0bc7db8..880ea62c1e 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -20,6 +20,7 @@ package org.eclipse.tractusx.traceability.common.model; +import org.eclipse.tractusx.traceability.qualitynotification.application.alert.request.StartQualityAlertRequest; import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.CloseQualityNotificationRequest; import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.StartQualityNotificationRequest; import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.UpdateQualityNotificationRequest; @@ -63,6 +64,20 @@ public static StartQualityNotificationRequest sanitize(StartQualityNotificationR .build(); } + public static StartQualityAlertRequest sanitize(StartQualityAlertRequest request) { + String cleanDescription = sanitize(request.getDescription()); + List cleanPartIds = sanitize(request.getPartIds()); + String cleanBpn = sanitize(request.getBpn()); + return StartQualityAlertRequest.builder() + .partIds(cleanPartIds) + .description(cleanDescription) + .targetDate(request.getTargetDate()) + .severity(request.getSeverity()) + .bpn(cleanBpn) + .isAsBuilt(request.isAsBuilt()) + .build(); + } + public static CloseQualityNotificationRequest sanitize(CloseQualityNotificationRequest closeInvestigationRequest) { String cleanReason = sanitize(closeInvestigationRequest.getReason()); CloseQualityNotificationRequest cleanCloseInvestigationRequest = new CloseQualityNotificationRequest(); diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/alert/rest/AlertController.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/alert/rest/AlertController.java index 3a296a13d0..0fc06aae27 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/alert/rest/AlertController.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/application/alert/rest/AlertController.java @@ -45,16 +45,11 @@ import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseStatus; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import qualitynotification.alert.response.AlertResponse; import qualitynotification.base.response.QualityNotificationIdResponse; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; import static org.eclipse.tractusx.traceability.qualitynotification.application.validation.UpdateQualityNotificationValidator.validate; @Profile(FeatureFlags.NOTIFICATIONS_ENABLED_PROFILES) @@ -125,15 +120,16 @@ public AlertController(@Qualifier("alertServiceImpl") QualityNotificationService @PostMapping @ResponseStatus(HttpStatus.CREATED) public QualityNotificationIdResponse alertAssets(@RequestBody @Valid StartQualityAlertRequest request) { - log.info(API_LOG_START + " with params: {}", request); + StartQualityAlertRequest cleanStartQualityAlertRequest = sanitize(request); + log.info(API_LOG_START + " with params: {}", cleanStartQualityAlertRequest); //TODO refactor this method to only take request as parameter return new QualityNotificationIdResponse(alertService.start( - request.getPartIds(), - request.getDescription(), - request.getTargetDate(), - request.getSeverity().toDomain(), - request.getBpn(), - request.isAsBuilt() + cleanStartQualityAlertRequest.getPartIds(), + cleanStartQualityAlertRequest.getDescription(), + cleanStartQualityAlertRequest.getTargetDate(), + cleanStartQualityAlertRequest.getSeverity().toDomain(), + cleanStartQualityAlertRequest.getBpn(), + cleanStartQualityAlertRequest.isAsBuilt() ).value()); } @@ -491,8 +487,9 @@ public void cancelAlert(@PathVariable Long alertId) { public void closeAlert( @PathVariable @ApiParam Long alertId, @Valid @RequestBody CloseQualityNotificationRequest closeAlertRequest) { - log.info(API_LOG_START + "/{}/close with params {}", alertId, closeAlertRequest); - alertService.update(alertId, QualityNotificationStatusRequest.toDomain(QualityNotificationStatusRequest.CLOSED), closeAlertRequest.getReason()); + CloseQualityNotificationRequest cleanCloseAlertRequest = sanitize(closeAlertRequest); + log.info(API_LOG_START + "/{}/close with params {}", alertId, cleanCloseAlertRequest); + alertService.update(alertId, QualityNotificationStatusRequest.toDomain(QualityNotificationStatusRequest.CLOSED), cleanCloseAlertRequest.getReason()); } @Operation(operationId = "updateAlert", @@ -554,9 +551,10 @@ public void closeAlert( public void updateAlert( @PathVariable Long alertId, @Valid @RequestBody UpdateQualityNotificationRequest updateAlertRequest) { - validate(updateAlertRequest); - log.info(API_LOG_START + "/{}/update with params {}", alertId, updateAlertRequest); - alertService.update(alertId, updateAlertRequest.getStatus().toDomain(), updateAlertRequest.getReason()); + UpdateQualityNotificationRequest cleanUpdateAlertRequest = sanitize(updateAlertRequest); + validate(cleanUpdateAlertRequest); + log.info(API_LOG_START + "/{}/update with params {}", alertId, cleanUpdateAlertRequest); + alertService.update(alertId, cleanUpdateAlertRequest.getStatus().toDomain(), cleanUpdateAlertRequest.getReason()); } } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java index f73c068f29..d74abef206 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java @@ -23,16 +23,11 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.extern.slf4j.Slf4j; +import org.eclipse.tractusx.traceability.common.properties.EdcProperties; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.asset.model.CreateEdcAssetException; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.asset.model.OdrlContext; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.contract.model.EdcOperator; -import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.CreateEdcPolicyDefinitionException; -import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.EdcCreatePolicyDefinitionRequest; -import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.EdcPolicy; -import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.EdcPolicyPermission; -import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.EdcPolicyPermissionConstraint; -import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.EdcPolicyPermissionConstraintExpression; -import org.eclipse.tractusx.traceability.common.properties.EdcProperties; +import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.policy.model.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.HttpStatusCode; @@ -45,8 +40,9 @@ import java.util.List; import java.util.UUID; -import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_ODRL; import static org.eclipse.tractusx.traceability.common.config.EdcRestTemplateConfiguration.EDC_REST_TEMPLATE; +import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_ODRL; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; @Slf4j @Component @@ -124,22 +120,22 @@ public String createAccessPolicy() throws JsonProcessingException { if (responseCode.value() == 200) { return accessPolicyId; } - - log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", createPolicyDefinitionResponse.getBody(), createPolicyDefinitionResponse.getStatusCode()); + log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", sanitize(createPolicyDefinitionResponse.getBody()), createPolicyDefinitionResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EDC notification policy definition for asset"); } public void deleteAccessPolicy(String accessPolicyId) { + String cleanAccessPolicyId = sanitize(accessPolicyId); String deleteUri = UriComponentsBuilder.fromPath(edcProperties.getPolicyDefinitionsPath()) .pathSegment("{accessPolicyId}") - .buildAndExpand(accessPolicyId) + .buildAndExpand(cleanAccessPolicyId) .toUriString(); try { restTemplate.delete(deleteUri); } catch (RestClientException e) { - log.error("Failed to delete EDC notification asset policy {}. Reason: ", accessPolicyId, e); + log.error("Failed to delete EDC notification asset policy {}. Reason: ", cleanAccessPolicyId, e); } } } diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java index a4a66672dc..b529753992 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java @@ -18,6 +18,7 @@ ********************************************************************************/ package org.eclipse.tractusx.traceability.infrastructure.edc.model; +import org.eclipse.tractusx.traceability.qualitynotification.application.alert.request.StartQualityAlertRequest; import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.*; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotification; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; @@ -72,7 +73,7 @@ public void testSanitizeEDCNotification() { } @Test - public void testSanitizeRequest() { + public void testSanitizeStartQualityNotificationRequest() { //GIVEN List partIds = new ArrayList<>(); partIds.add("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca978"); @@ -87,13 +88,34 @@ public void testSanitizeRequest() { //THEN assertEquals("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca979 ", cleanRequest.getPartIds().get(1)); - assertEquals(request.getSeverity(), cleanRequest.getSeverity()); assertEquals("The description ", cleanRequest.getDescription()); assertTrue(cleanRequest.isAsBuilt()); assertEquals("BPN00001123123AS ", cleanRequest.getReceiverBpn()); } + @Test + public void testSanitizeStartQualityAlertRequest() { + //GIVEN + List partIds = new ArrayList<>(); + partIds.add("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca978"); + partIds.add("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca979\n"); + Instant targetDate = Instant.parse("2023-09-22T14:30:00Z".trim()); + QualityNotificationSeverityRequest severity = QualityNotificationSeverityRequest.MINOR; + StartQualityAlertRequest request = new StartQualityAlertRequest(partIds, "The description\n", targetDate, severity, "BPN00001123123AS\n", true); + + + //WHEN + StartQualityAlertRequest cleanRequest = sanitize(request); + + //THEN + assertEquals("urn:uuid:fe99da3d-b0de-4e80-81da-882aebcca979 ", cleanRequest.getPartIds().get(1)); + assertEquals("The description ", cleanRequest.getDescription()); + assertTrue(cleanRequest.isAsBuilt()); + assertEquals("BPN00001123123AS ", cleanRequest.getBpn()); + + } + @Test public void testSanitizeCloseInvestigationRequest() { //GIVEN From e25b6b6d607c95c4598f2eccb0a0928ff4e29b2e Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 16:33:10 +0200 Subject: [PATCH 19/30] fixed: Log Injection CWE-117 --- .../asset/service/EdcNotificationAssetService.java | 7 ++++--- .../contract/service/EdcContractDefinitionService.java | 8 ++++---- .../policy/service/EdcPolicyDefinitionService.java | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java index 3b9cba2349..73c74b4556 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java @@ -22,11 +22,11 @@ import com.fasterxml.jackson.core.JsonProcessingException; import lombok.extern.slf4j.Slf4j; +import org.eclipse.tractusx.traceability.common.properties.EdcProperties; import org.eclipse.tractusx.traceability.common.properties.TraceabilityProperties; import org.eclipse.tractusx.traceability.qualitynotification.application.contract.model.NotificationMethod; import org.eclipse.tractusx.traceability.qualitynotification.application.contract.model.NotificationType; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.asset.model.*; -import org.eclipse.tractusx.traceability.common.properties.EdcProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.HttpStatusCode; @@ -38,8 +38,9 @@ import java.util.UUID; -import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_EDC; import static org.eclipse.tractusx.traceability.common.config.EdcRestTemplateConfiguration.EDC_REST_TEMPLATE; +import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_EDC; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; @Slf4j @Component @@ -131,7 +132,7 @@ public String createNotificationAsset(NotificationMethod notificationMethod, Not return notificationAssetId; } - log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, createEdcDataAssetResponse.getBody(), createEdcDataAssetResponse.getStatusCode()); + log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", sanitize(notificationMethodValue), sanitize(createEdcDataAssetResponse.getBody()), sanitize(createEdcDataAssetResponse.getStatusCode().toString())); throw new CreateEdcAssetException("Failed to create EEC notification asset for %s method".formatted(notificationMethodValue)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java index 9e6d715401..bcbbf70284 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java @@ -23,12 +23,12 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.extern.slf4j.Slf4j; +import org.eclipse.tractusx.traceability.common.properties.EdcProperties; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.asset.model.CreateEdcAssetException; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.asset.model.EdcContext; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.contract.model.CreateEdcContractDefinitionException; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.contract.model.EdcContractDefinitionCriteria; import org.eclipse.tractusx.traceability.qualitynotification.domain.contract.contract.model.EdcCreateContractDefinitionRequest; -import org.eclipse.tractusx.traceability.common.properties.EdcProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.HttpStatusCode; @@ -37,9 +37,9 @@ import org.springframework.web.client.RestClientException; import org.springframework.web.client.RestTemplate; -import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_EDC; import static org.eclipse.tractusx.traceability.common.config.EdcRestTemplateConfiguration.EDC_REST_TEMPLATE; - +import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_EDC; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; @Slf4j @Component public class EdcContractDefinitionService { @@ -102,7 +102,7 @@ public String createContractDefinition(String notificationAssetId, String access return accessPolicyId; } - log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, createContractDefinitionResponse.getBody(), createContractDefinitionResponse.getStatusCode()); + log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", sanitize(notificationAssetId), sanitize(createContractDefinitionResponse.getBody()), sanitize(createContractDefinitionResponse.getStatusCode().toString())); throw new CreateEdcAssetException("Failed to create EDC contract definition for %s notification asset id".formatted(notificationAssetId)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java index d74abef206..16f4d6eb95 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java @@ -120,7 +120,7 @@ public String createAccessPolicy() throws JsonProcessingException { if (responseCode.value() == 200) { return accessPolicyId; } - log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", sanitize(createPolicyDefinitionResponse.getBody()), createPolicyDefinitionResponse.getStatusCode()); + log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", sanitize(createPolicyDefinitionResponse.getBody()), sanitize(createPolicyDefinitionResponse.getStatusCode().toString())); throw new CreateEdcAssetException("Failed to create EDC notification policy definition for asset"); } From 18cfc69aaad1e918095040fcdbc9bcd08df9ac6e Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 16:47:57 +0200 Subject: [PATCH 20/30] fixed: Log Injection CWE-117 --- .../contract/asset/service/EdcNotificationAssetService.java | 2 +- .../contract/contract/service/EdcContractDefinitionService.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java index 73c74b4556..6175de58e9 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java @@ -132,7 +132,7 @@ public String createNotificationAsset(NotificationMethod notificationMethod, Not return notificationAssetId; } - log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", sanitize(notificationMethodValue), sanitize(createEdcDataAssetResponse.getBody()), sanitize(createEdcDataAssetResponse.getStatusCode().toString())); + log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, sanitize(createEdcDataAssetResponse.getBody()), sanitize(createEdcDataAssetResponse.getStatusCode().toString())); throw new CreateEdcAssetException("Failed to create EEC notification asset for %s method".formatted(notificationMethodValue)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java index bcbbf70284..17a2b91fe8 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java @@ -102,7 +102,7 @@ public String createContractDefinition(String notificationAssetId, String access return accessPolicyId; } - log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", sanitize(notificationAssetId), sanitize(createContractDefinitionResponse.getBody()), sanitize(createContractDefinitionResponse.getStatusCode().toString())); + log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, sanitize(createContractDefinitionResponse.getBody()), sanitize(createContractDefinitionResponse.getStatusCode().toString())); throw new CreateEdcAssetException("Failed to create EDC contract definition for %s notification asset id".formatted(notificationAssetId)); } From fcc78f1c3b226cefc31dae82ef8735196512df02 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Wed, 27 Sep 2023 17:09:05 +0200 Subject: [PATCH 21/30] fixed: Log Injection CWE-117 --- .../contract/asset/service/EdcNotificationAssetService.java | 4 ++-- .../contract/service/EdcContractDefinitionService.java | 4 ++-- .../contract/policy/service/EdcPolicyDefinitionService.java | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java index 6175de58e9..b9296da29a 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java @@ -131,8 +131,8 @@ public String createNotificationAsset(NotificationMethod notificationMethod, Not if (responseCode.value() == 200) { return notificationAssetId; } - - log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, sanitize(createEdcDataAssetResponse.getBody()), sanitize(createEdcDataAssetResponse.getStatusCode().toString())); + String cleanBody = sanitize(createEdcDataAssetResponse.getBody()); + log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, cleanBody, createEdcDataAssetResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EEC notification asset for %s method".formatted(notificationMethodValue)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java index 17a2b91fe8..1a2e39b48b 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java @@ -101,8 +101,8 @@ public String createContractDefinition(String notificationAssetId, String access if (responseCode.value() == 200) { return accessPolicyId; } - - log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, sanitize(createContractDefinitionResponse.getBody()), sanitize(createContractDefinitionResponse.getStatusCode().toString())); + String cleanBody = sanitize(createContractDefinitionResponse.getBody()); + log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, cleanBody, createContractDefinitionResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EDC contract definition for %s notification asset id".formatted(notificationAssetId)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java index 16f4d6eb95..6572869428 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java @@ -120,7 +120,8 @@ public String createAccessPolicy() throws JsonProcessingException { if (responseCode.value() == 200) { return accessPolicyId; } - log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", sanitize(createPolicyDefinitionResponse.getBody()), sanitize(createPolicyDefinitionResponse.getStatusCode().toString())); + String cleanBody = sanitize(createPolicyDefinitionResponse.getBody()); + log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", cleanBody, createPolicyDefinitionResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EDC notification policy definition for asset"); } From 6996fbe99660f1394d512eefe94fcfb9988d9af7 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Thu, 28 Sep 2023 10:48:11 +0200 Subject: [PATCH 22/30] fixed: Log Injection CWE-117 --- .../tractusx/traceability/common/model/SecurityUtils.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index 880ea62c1e..f7df8aefa5 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -28,15 +28,14 @@ import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationContent; import org.eclipse.tractusx.traceability.qualitynotification.infrastructure.edc.model.EDCNotificationHeader; -import java.util.Arrays; import java.util.List; import java.util.Objects; public class SecurityUtils { - private static final List UNWANTED_STRINGS = Arrays.asList("\r\n", "\r", "\n"); + private static final String UNWANTED_REGEX = "\r\n|\r|\n"; public static String sanitize(String unSanitizedInput) { if (unSanitizedInput != null) { - return unSanitizedInput.replaceAll(UNWANTED_STRINGS.toString(), " "); + return unSanitizedInput.replaceAll(UNWANTED_REGEX, " "); } return null; } From e9a180a70e7f8d72e38094d003e9f31e25fd45d1 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Thu, 28 Sep 2023 12:35:04 +0200 Subject: [PATCH 23/30] fixed: Log Injection CWE-117 --- .../contract/asset/service/EdcNotificationAssetService.java | 3 ++- .../contract/service/EdcContractDefinitionService.java | 3 ++- .../contract/policy/service/EdcPolicyDefinitionService.java | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java index b9296da29a..049d7e96fe 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java @@ -132,7 +132,8 @@ public String createNotificationAsset(NotificationMethod notificationMethod, Not return notificationAssetId; } String cleanBody = sanitize(createEdcDataAssetResponse.getBody()); - log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, cleanBody, createEdcDataAssetResponse.getStatusCode()); + String cleanStatus = sanitize(createEdcDataAssetResponse.getStatusCode().toString()); + log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, cleanBody, cleanStatus); throw new CreateEdcAssetException("Failed to create EEC notification asset for %s method".formatted(notificationMethodValue)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java index 1a2e39b48b..14b71c3264 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java @@ -102,7 +102,8 @@ public String createContractDefinition(String notificationAssetId, String access return accessPolicyId; } String cleanBody = sanitize(createContractDefinitionResponse.getBody()); - log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, cleanBody, createContractDefinitionResponse.getStatusCode()); + String cleanStatus = sanitize(createContractDefinitionResponse.getStatusCode().toString()); + log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, cleanBody, cleanStatus); throw new CreateEdcAssetException("Failed to create EDC contract definition for %s notification asset id".formatted(notificationAssetId)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java index 6572869428..2c3904d24b 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java @@ -121,7 +121,8 @@ public String createAccessPolicy() throws JsonProcessingException { return accessPolicyId; } String cleanBody = sanitize(createPolicyDefinitionResponse.getBody()); - log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", cleanBody, createPolicyDefinitionResponse.getStatusCode()); + String cleanStatus = sanitize(createPolicyDefinitionResponse.getStatusCode().toString()); + log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", cleanBody, cleanStatus); throw new CreateEdcAssetException("Failed to create EDC notification policy definition for asset"); } From 3292faf49157c2f172440c0f66f1412aad57ab11 Mon Sep 17 00:00:00 2001 From: abi231002 <143817136+abi231002@users.noreply.github.com> Date: Thu, 28 Sep 2023 13:14:04 +0200 Subject: [PATCH 24/30] chore: update codeql-config.yml --- .github/codeql/codeql-config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index c606ac801f..e1e98c9af2 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -19,4 +19,6 @@ name: "TraceX CodeQL config" # Exclude "Unused classes and interfaces" query-filters: - exclude: - id: java/unused-reference-type + id: + - java/unused-reference-type + - java/spring-disabled-csrf-protection From f25c7d1cd0616dddd7a11c9090c10994e5c97f5a Mon Sep 17 00:00:00 2001 From: abi231002 <143817136+abi231002@users.noreply.github.com> Date: Thu, 28 Sep 2023 13:48:17 +0200 Subject: [PATCH 25/30] Update codeql-config.yml --- .github/codeql/codeql-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index e1e98c9af2..ff9408fbee 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -16,7 +16,7 @@ # SPDX-License-Identifier: Apache-2.0 name: "TraceX CodeQL config" -# Exclude "Unused classes and interfaces" +# Exclude "Unused classes, interfaces and rules" query-filters: - exclude: id: From 306cc6af823d6c15a36ef4637e95aab630555fa4 Mon Sep 17 00:00:00 2001 From: ashanmugavel Date: Thu, 28 Sep 2023 14:38:18 +0200 Subject: [PATCH 26/30] fixed: Log Injection CWE-117 --- .../traceability/common/model/SecurityUtils.java | 5 +++++ .../asset/service/EdcNotificationAssetService.java | 7 ++++--- .../service/EdcContractDefinitionService.java | 8 +++++--- .../policy/service/EdcPolicyDefinitionService.java | 7 ++++--- .../edc/model/EdcNotificationModelTest.java | 14 ++++++++++++++ 5 files changed, 32 insertions(+), 9 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java index f7df8aefa5..d0d2bda19e 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/model/SecurityUtils.java @@ -20,6 +20,7 @@ package org.eclipse.tractusx.traceability.common.model; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.traceability.qualitynotification.application.alert.request.StartQualityAlertRequest; import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.CloseQualityNotificationRequest; import org.eclipse.tractusx.traceability.qualitynotification.application.base.request.StartQualityNotificationRequest; @@ -32,6 +33,10 @@ import java.util.Objects; public class SecurityUtils { + + public static String sanitizeHtml(String str) { + return StringEscapeUtils.escapeHtml4(str); + } private static final String UNWANTED_REGEX = "\r\n|\r|\n"; public static String sanitize(String unSanitizedInput) { if (unSanitizedInput != null) { diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java index 049d7e96fe..abc2ec47b9 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/asset/service/EdcNotificationAssetService.java @@ -41,6 +41,7 @@ import static org.eclipse.tractusx.traceability.common.config.EdcRestTemplateConfiguration.EDC_REST_TEMPLATE; import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_EDC; import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeHtml; @Slf4j @Component @@ -131,9 +132,9 @@ public String createNotificationAsset(NotificationMethod notificationMethod, Not if (responseCode.value() == 200) { return notificationAssetId; } - String cleanBody = sanitize(createEdcDataAssetResponse.getBody()); - String cleanStatus = sanitize(createEdcDataAssetResponse.getStatusCode().toString()); - log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, cleanBody, cleanStatus); + String bodyWithoutLineBreaks = sanitize(createEdcDataAssetResponse.getBody()); + String cleanBody = sanitizeHtml(bodyWithoutLineBreaks); + log.error("Failed to create EDC notification asset for {} method. Body: {}, status: {}", notificationMethodValue, cleanBody, createEdcDataAssetResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EEC notification asset for %s method".formatted(notificationMethodValue)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java index 14b71c3264..a73c1724d0 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/contract/service/EdcContractDefinitionService.java @@ -40,6 +40,8 @@ import static org.eclipse.tractusx.traceability.common.config.EdcRestTemplateConfiguration.EDC_REST_TEMPLATE; import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_EDC; import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeHtml; + @Slf4j @Component public class EdcContractDefinitionService { @@ -101,9 +103,9 @@ public String createContractDefinition(String notificationAssetId, String access if (responseCode.value() == 200) { return accessPolicyId; } - String cleanBody = sanitize(createContractDefinitionResponse.getBody()); - String cleanStatus = sanitize(createContractDefinitionResponse.getStatusCode().toString()); - log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, cleanBody, cleanStatus); + String bodyWithoutLineBreaks = sanitize(createContractDefinitionResponse.getBody()); + String cleanBody = sanitizeHtml(bodyWithoutLineBreaks); + log.error("Failed to create EDC contract definition for {} notification asset id. Body: {}, status: {}", notificationAssetId, cleanBody, createContractDefinitionResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EDC contract definition for %s notification asset id".formatted(notificationAssetId)); } diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java index 2c3904d24b..5642a9360d 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/qualitynotification/domain/contract/policy/service/EdcPolicyDefinitionService.java @@ -43,6 +43,7 @@ import static org.eclipse.tractusx.traceability.common.config.EdcRestTemplateConfiguration.EDC_REST_TEMPLATE; import static org.eclipse.tractusx.traceability.common.config.JsonLdConfigurationTraceX.NAMESPACE_ODRL; import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeHtml; @Slf4j @Component @@ -120,9 +121,9 @@ public String createAccessPolicy() throws JsonProcessingException { if (responseCode.value() == 200) { return accessPolicyId; } - String cleanBody = sanitize(createPolicyDefinitionResponse.getBody()); - String cleanStatus = sanitize(createPolicyDefinitionResponse.getStatusCode().toString()); - log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", cleanBody, cleanStatus); + String bodyWithoutLineBreaks = sanitize(createPolicyDefinitionResponse.getBody()); + String cleanBody = sanitizeHtml(bodyWithoutLineBreaks); + log.error("Failed to create EDC notification policy definition for notification asset. Body: {}, status: {}", cleanBody, createPolicyDefinitionResponse.getStatusCode()); throw new CreateEdcAssetException("Failed to create EDC notification policy definition for asset"); } diff --git a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java index b529753992..bb96fee0ad 100644 --- a/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java +++ b/tx-backend/src/test/java/org/eclipse/tractusx/traceability/infrastructure/edc/model/EdcNotificationModelTest.java @@ -31,6 +31,7 @@ import java.util.List; import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitize; +import static org.eclipse.tractusx.traceability.common.model.SecurityUtils.sanitizeHtml; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -144,4 +145,17 @@ public void testSanitizeUpdateQualityNotificationRequest() { //THEN assertEquals("Reason ", cleanUpdateQualityNotificationRequest.getReason()); } + + @Test + public void testSanitizeHtml() { + //GIVEN + String html = "\n"; + + //WHEN + String stringWithoutLineBreaks = sanitize(html); + String cleanString = sanitizeHtml(stringWithoutLineBreaks); + + //THEN + assertEquals(" <oohlook&atme>", cleanString); + } } From e1cf617cc20b0f9b68a17b7eb7958597af9958ca Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Fri, 29 Sep 2023 06:32:21 +0000 Subject: [PATCH 27/30] Update Dependencies Backend Action --- DEPENDENCIES_BACKEND | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPENDENCIES_BACKEND b/DEPENDENCIES_BACKEND index 3bfc580996..4e49e3b732 100644 --- a/DEPENDENCIES_BACKEND +++ b/DEPENDENCIES_BACKEND @@ -140,7 +140,7 @@ maven/mavencentral/org.eclipse.edc/transfer-spi/0.1.3, Apache-2.0, approved, tec maven/mavencentral/org.eclipse.edc/transform-spi/0.1.3, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/validator-spi/0.1.3, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/web-spi/0.1.3, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.2.1-20230922.131153-4, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.2.1-20230928.131326-5, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.traceability/tx-backend/0.0.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.traceability/tx-models/0.0.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.flywaydb/flyway-core/9.16.3, Apache-2.0, approved, #7935 From d2138f384da4540a6d0c05a530852421631a8a5f Mon Sep 17 00:00:00 2001 From: Maximilian Wesener Date: Fri, 29 Sep 2023 10:32:05 +0200 Subject: [PATCH 28/30] chore: TRACEFOSS-2640 adapt assetAsPlanned mapping --- .../infrastructure/asplanned/model/AssetAsPlannedEntity.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java index 8cb7288dbc..3ff46104c0 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/model/AssetAsPlannedEntity.java @@ -81,7 +81,6 @@ public static class ChildDescription { } public static AssetAsPlannedEntity from(AssetBase asset) { - ManufacturingInfo manufacturingInfo = ManufacturingInfo.from(asset.getDetailAspectModels()); List detailAspectModels = asset.getDetailAspectModels(); AsPlannedInfo asPlannedInfo = AsPlannedInfo.from(detailAspectModels); @@ -89,7 +88,7 @@ public static AssetAsPlannedEntity from(AssetBase asset) { .id(asset.getId()) .idShort(asset.getIdShort()) .nameAtManufacturer(asset.getNameAtManufacturer()) - .manufacturerPartId(manufacturingInfo.getManufacturerPartId()) + .manufacturerPartId(asset.getManufacturerPartId()) .manufacturerName(asset.getManufacturerName()) .semanticModelId(asset.getSemanticModelId()) .van(asset.getVan()) From 4eb00fd31c7236a9388bba4d348064654f13095f Mon Sep 17 00:00:00 2001 From: Maximilian Wesener Date: Fri, 29 Sep 2023 10:52:08 +0200 Subject: [PATCH 29/30] chore: TRACEFOSS-2640 add CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bff46396c7..b6a2276b85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - archunit tests as preparation for good quality architecture checks - safety and security doc including roles matrix - handling for duplicate shellDescriptor ids when refreshing registry +- Extendend testdata to reflect better overview of assets ### Changed - added sorting for /api/investigations received and created endpoints @@ -21,6 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - irs helm updated from 6.5.0 to 6.6.1 - BpnEntity now contains BpnEdcMappingEntity fields - Directories of bpnEntity to match architecture +- Mapping logic of catena-x site id and manufacturerPartId for AssetsAsPlanned ### Removed From 48dfc4eda6b0ea4ed5710420f4b4bb43bb399c4c Mon Sep 17 00:00:00 2001 From: ds-mwesener Date: Fri, 29 Sep 2023 08:54:48 +0000 Subject: [PATCH 30/30] Update Dependencies Backend Action --- DEPENDENCIES_BACKEND | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPENDENCIES_BACKEND b/DEPENDENCIES_BACKEND index 3bfc580996..4e49e3b732 100644 --- a/DEPENDENCIES_BACKEND +++ b/DEPENDENCIES_BACKEND @@ -140,7 +140,7 @@ maven/mavencentral/org.eclipse.edc/transfer-spi/0.1.3, Apache-2.0, approved, tec maven/mavencentral/org.eclipse.edc/transform-spi/0.1.3, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/validator-spi/0.1.3, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/web-spi/0.1.3, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.2.1-20230922.131153-4, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.2.1-20230928.131326-5, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.traceability/tx-backend/0.0.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.eclipse.tractusx.traceability/tx-models/0.0.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx maven/mavencentral/org.flywaydb/flyway-core/9.16.3, Apache-2.0, approved, #7935