Vulnerabilities Fix (#50)

* Vulnerabilities Fix * sonar cloud fix * sonar cloud issues check * sample commit to check sonar cloud checks * sonar issues resolving
PSMRI · Jan 16, 2024 · 9f9f529 · 9f9f529
1 parent a49ec0b
commit 9f9f529
Show file tree

Hide file tree

Showing 15 changed files with 136 additions and 163 deletions.
diff --git a/pom.xml b/pom.xml
@@ -32,6 +32,10 @@
         <source-properties>target/classes/common_${environment}.properties</source-properties>
         <maven.test.skip>true</maven.test.skip>
         <sonar.java.binaries>target</sonar.java.binaries>
+        <deploy.wildfly.host>127.0.0.1</deploy.wildfly.host>
+        <deploy.wildfly.port>9990</deploy.wildfly.port>
+        <deploy.wildfly.username></deploy.wildfly.username>
+        <deploy.wildfly.password></deploy.wildfly.password>
     </properties>
     <dependencies>
         <dependency>
@@ -41,7 +45,24 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-validation</artifactId>
+            <exclusions>
+            	<exclusion>
+            		<groupId>org.springframework.boot</groupId>
+    				<artifactId>spring-boot-starter</artifactId>
+            	</exclusion>
+            </exclusions>
         </dependency>
+        <dependency>
+    		<groupId>org.springframework.boot</groupId>
+    		<artifactId>spring-boot-starter</artifactId>
+
+    		<exclusions>
+            	<exclusion>
+            		<groupId>org.springframework.boot</groupId>
+            		<artifactId>spring-boot-starter-logging</artifactId>
+            	</exclusion>
+            </exclusions>
+		</dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -52,11 +73,13 @@
             <artifactId>spring-boot-devtools</artifactId>
             <scope>runtime</scope>
         </dependency>
-        <dependency>
-            <groupId>mysql</groupId>
-            <artifactId>mysql-connector-java</artifactId>
-            <version>8.0.33</version>
-        </dependency>
+       <!-- https://mvnrepository.com/artifact/com.mysql/mysql-connector-j -->
+		<dependency>
+   			<groupId>com.mysql</groupId>
+    		<artifactId>mysql-connector-j</artifactId>
+    		<version>8.2.0</version>
+		</dependency>
+
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
@@ -83,6 +106,13 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
+            <exclusions>
+            	<exclusion>
+            		<groupId>jakarta.xml.bind</groupId>
+            		<artifactId>jakarta.xml.bind-api</artifactId>
+            	</exclusion>
+            </exclusions>
+
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
@@ -109,19 +139,13 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
+            <version>2.16.1</version><!--$NO-MVN-MAN-VER$-->
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.quartz-scheduler</groupId>
-            <artifactId>quartz</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.quartz-scheduler</groupId>
-            <artifactId>quartz-jobs</artifactId>
-        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-cache</artifactId>
@@ -135,25 +159,12 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-mail</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.sun.jersey</groupId>
-            <artifactId>jersey-client</artifactId>
-            <version>1.19.4</version>
-        </dependency>
-        <dependency>
-            <groupId>javax.ws.rs</groupId>
-            <artifactId>javax.ws.rs-api</artifactId>
-            <version>2.1.1</version>
-        </dependency>
+
         <dependency>
             <groupId>com.sun.jersey.contribs</groupId>
             <artifactId>jersey-multipart</artifactId>
             <version>1.19.4</version>
         </dependency>
-        <dependency>
-            <groupId>org.glassfish.jersey.media</groupId>
-            <artifactId>jersey-media-multipart</artifactId>
-        </dependency>
         <!--START NEW DEPENDENCIES ADDED-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -178,6 +189,23 @@
             <artifactId>guava</artifactId>
             <version>33.0.0-jre</version>
         </dependency>
+
+		<!-- https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api -->
+			<dependency>
+    			<groupId>javax.ws.rs</groupId>
+    			<artifactId>javax.ws.rs-api</artifactId>
+    			<version>2.1.1</version>
+			</dependency>
+
+			<dependency>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-starter-tomcat</artifactId>
+				<scope>provided</scope>
+			</dependency>
+			<dependency>
+    			<groupId>org.slf4j</groupId>
+   				<artifactId>slf4j-api</artifactId>
+			</dependency>
         <!--END NEW DEPENDENCIES ADDED-->
     </dependencies>
     <profiles>
@@ -197,23 +225,7 @@
     <build>
         <finalName>identity-0.0.1</finalName>
         <plugins>
-			<plugin>
-				<groupId>org.owasp</groupId>
-				<artifactId>dependency-check-maven</artifactId>
-				<version>9.0.8</version>
-				<configuration>
-					<format>HTML</format>
-					<nvdApiServerId>nvd</nvdApiServerId>
-					<nvdApiKey>${NVD_API_KEY}</nvdApiKey>
-				</configuration>
-				<executions>
-					<execution>
-						<goals>
-							<goal>check</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
+
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
@@ -323,6 +335,7 @@
                     </webResources>
                 </configuration>
             </plugin>
+
         </plugins>
     </build>
     <reporting>

diff --git a/src/main/java/com/iemr/common/identity/IdentityApplication.java b/src/main/java/com/iemr/common/identity/IdentityApplication.java
@@ -26,25 +26,21 @@
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Bean;
-import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 import com.iemr.common.identity.utils.IEMRApplBeans;
 
 @SpringBootApplication
-@EnableTransactionManagement
 public class IdentityApplication extends SpringBootServletInitializer {
 
 	public static void main(String[] args) {
-		SpringApplication.run(applicationClass, args);
+		SpringApplication.run(IdentityApplication.class, args);
 	}
 
 	@Override
 	protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-		return application.sources(applicationClass);
+		return application.sources(IdentityApplication.class);
 	}
 
-	private static Class<IdentityApplication> applicationClass = IdentityApplication.class;
-
 	@Bean
 	public IEMRApplBeans instantiateBeans(){
 

diff --git a/src/main/java/com/iemr/common/identity/controller/IdentityController.java b/src/main/java/com/iemr/common/identity/controller/IdentityController.java
@@ -29,6 +29,7 @@
 import java.util.List;
 import java.util.Objects;
 
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -114,25 +115,13 @@ public String getBeneficiaries(
 	@Operation(summary = "Search beneficiary based on beneficiary registration id")
 	@PostMapping(path = "/getByBenRegId", headers = "Authorization")
 	public String getBeneficiariesByBeneficiaryRegId(
-			@Param(value = "\"Integer\"") @RequestParam String benRegId) {
-		logger.info("IdentityController.getBeneficiary - start. benId = " + benRegId);
+			@Param(value = "\"Integer\"") @RequestParam("benRegId") String benRegId) {
 		String response;
 		try {
-			String benRegIdValue = "";
-			JsonElement json = JsonParser.parseString(benRegId);
-
-			if (json instanceof JsonNull) {
+			if (null == benRegId || StringUtils.isEmpty(benRegId)) {
 				return getErrorResponseString("Null/Empty Beneficiary Id.", 5000, "failure", "");
-
 			}
-
-			if (json instanceof JsonPrimitive) {
-				benRegIdValue = benRegId;
-			} else {
-				benRegIdValue = InputMapper.getInstance().gson().fromJson(json, String.class);
-			}
-
-			List<BeneficiariesDTO> list = svc.getBeneficiariesByBenRegId(new BigInteger(benRegIdValue));
+			List<BeneficiariesDTO> list = svc.getBeneficiariesByBenRegId(new BigInteger(benRegId));
 			list.removeIf(Objects::isNull);
 			Collections.sort(list);
 			response = getSuccessResponseString(list, 200, "success", "getBeneficiariesByBeneficiaryRegId");
@@ -151,9 +140,7 @@ public String getBeneficiariesByBeneficiaryRegId(
 	@Operation(summary = "Search identity based on beneficiary registration id")
 	@PostMapping(path = "/getByBenId", headers = "Authorization")
 	public String getBeneficiariesByBeneficiaryId(
-			@Param(value = "\"Integer\"") @RequestParam String benId) {
-		logger.info("IdentityController.getBeneficiary - start. benId = " + benId);
-
+			@Param(value = "\"Integer\"") @RequestParam("benId") String benId) {
 		String response;
 		try {
 			String benIdValue = "";
@@ -188,8 +175,7 @@ public String getBeneficiariesByBeneficiaryId(
 	@Operation(summary = "Search beneficiary based on phone number")
 	@PostMapping(path = "/getByPhoneNum", headers = "Authorization")
 	public String getBeneficiariesByPhoneNum(
-			@Param(value = "\"String\"") @RequestParam String phoneNum) {
-		logger.info("IdentityController.getBeneficiary - start. phoneNum = " + phoneNum);
+			@Param(value = "\"String\"") @RequestParam("phoneNum") String phoneNum) {
 		String response;
 		try {
 			String phoneNumValue = "";
@@ -220,8 +206,7 @@ public String getBeneficiariesByPhoneNum(
 	@Operation(summary = "Search beneficiary based on health ID / ABHA Address")
 	@PostMapping(path = "/getByAbhaAddress", headers = "Authorization")
 	public String searhBeneficiaryByABHAAddress(
-			@Param(value = "\"String\"") @RequestParam String healthID) {
-		logger.info("IdentityController.getBeneficiary - start. Health ID / ABHA Address = " + healthID);
+			@Param(value = "\"String\"") @RequestParam("healthID") String healthID) {
 		String response;
 		try {
 			String healthIDValue = "";
@@ -253,8 +238,7 @@ public String searhBeneficiaryByABHAAddress(
 	@Operation(summary = "Search beneficiary based on health ID number / ABHA ID number")
 	@PostMapping(path = "/getByAbhaIdNo", headers = "Authorization")
 	public String searhBeneficiaryByABHAIdNo(
-			@Param(value = "\"String\"") @RequestParam String healthIDNo) {
-		logger.info("IdentityController.getBeneficiary - start. HealthIDNo / ABHA Id No = " + healthIDNo);
+			@Param(value = "\"String\"") @RequestParam("healthIDNo") String healthIDNo) {
 		String response;
 		try {
 			String healthIDNoValue = "";
@@ -286,8 +270,7 @@ public String searhBeneficiaryByABHAIdNo(
 	@Operation(summary = "Search beneficiary based on family id")
 	@PostMapping(path = "/searchByFamilyId", headers = "Authorization")
 	public String searhBeneficiaryByFamilyId(
-			@Param(value = "\"String\"") @RequestParam String familyId) {
-		logger.info("IdentityController.getBeneficiary - start. family id = " + familyId);
+			@Param(value = "\"String\"") @RequestParam("familyId") String familyId) {
 		String response;
 		try {
 
@@ -342,8 +325,7 @@ public String searchBeneficiaryByBlockIdAndLastModDate(
 	@Operation(summary = "Search beneficiary based on government identity number")
 	@PostMapping(path = "/searhByGovIdentity", headers = "Authorization")
 	public String searhBeneficiaryByGovIdentity(
-			@Param(value = "\"String\"") @RequestParam String identity) {
-		logger.info("IdentityController.getBeneficiary - start. Gov Identity = " + identity);
+			@Param(value = "\"String\"") @RequestParam("identity") String identity) {
 		String response;
 		try {
 

diff --git a/src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarycontact.java b/src/main/java/com/iemr/common/identity/data/rmnch/RMNCHMBeneficiarycontact.java
@@ -25,18 +25,16 @@
 import java.math.BigInteger;
 import java.sql.Timestamp;
 
+import com.google.gson.annotations.Expose;
+
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
 import jakarta.persistence.Transient;
-
-import org.hibernate.validator.constraints.Email;
-
-import com.google.gson.annotations.Expose;
-
+import jakarta.validation.constraints.Email;
 import lombok.Data;
 
 @Entity

diff --git a/src/main/java/com/iemr/common/identity/domain/MBeneficiarycontact.java b/src/main/java/com/iemr/common/identity/domain/MBeneficiarycontact.java
@@ -25,18 +25,17 @@
 import java.math.BigInteger;
 import java.sql.Timestamp;
 
+
+import com.google.gson.annotations.Expose;
+
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.NamedQuery;
 import jakarta.persistence.Table;
-
-import org.hibernate.validator.constraints.Email;
-
-import com.google.gson.annotations.Expose;
-
+import jakarta.validation.constraints.Email;
 import lombok.Data;
 
 /**

diff --git a/src/main/java/com/iemr/common/identity/domain/MBeneficiarydetail.java b/src/main/java/com/iemr/common/identity/domain/MBeneficiarydetail.java
@@ -41,7 +41,6 @@
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
-import lombok.NoArgsConstructor;
 
 @Entity
 @Table(name = "i_beneficiarydetails")

diff --git a/src/main/java/com/iemr/common/identity/service/IdentityService.java b/src/main/java/com/iemr/common/identity/service/IdentityService.java
@@ -88,7 +88,6 @@
 import com.iemr.common.identity.repo.MBeneficiaryImageRepo;
 import com.iemr.common.identity.repo.V_BenAdvanceSearchRepo;
 import com.iemr.common.identity.repo.rmnch.RMNCHBeneficiaryDetailsRmnchRepo;
-import com.iemr.common.identity.utils.exception.IEMRException;
 import com.iemr.common.identity.utils.mapper.OutputMapper;
 import com.iemr.common.identity.utils.response.OutputResponse;
 

diff --git a/src/main/java/com/iemr/common/identity/utils/http/HTTPRequestInterceptor.java b/src/main/java/com/iemr/common/identity/utils/http/HTTPRequestInterceptor.java
@@ -21,6 +21,7 @@
 */
 package com.iemr.common.identity.utils.http;
 
+
 import javax.ws.rs.core.MediaType;
 
 import org.slf4j.Logger;

diff --git a/src/main/java/com/iemr/common/identity/utils/http/HttpUtils.java b/src/main/java/com/iemr/common/identity/utils/http/HttpUtils.java
@@ -41,6 +41,7 @@
 import com.sun.jersey.multipart.FormDataBodyPart;
 import com.sun.jersey.multipart.FormDataMultiPart;
 
+
 @Component
 public class HttpUtils {
 	public static final String AUTHORIZATION = "Authorization";
@@ -126,8 +127,7 @@ public String uploadFile(String uri, String data, Map<String, Object> header) th
 			try(FormDataMultiPart multiPart = new FormDataMultiPart();
 					FileInputStream is = new FileInputStream(data)) {
 
-				FormDataBodyPart filePart = new FormDataBodyPart("content", is,
-						MediaType.APPLICATION_OCTET_STREAM_TYPE);
+				FormDataBodyPart filePart = new FormDataBodyPart();
 				multiPart.bodyPart(filePart);
 				multiPart.field("docPath", data);
 				headers.add("Content-Type", MediaType.APPLICATION_JSON);

diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
@@ -17,7 +17,6 @@
         </rollingPolicy>
 
         <encoder>
-            <!-- <pattern>%d %p %c{1.} [%t] %m%n</pattern> -->
             <pattern>%d %-5p [%X{sessionId}] [%X{userId}] %C{1}.%M:%L] %m%n</pattern>
         </encoder>
     </appender>