5.0 fix security review issues

core/build.gradle

@@ -3,6 +3,14 @@ plugins {
     id 'maven-publish'
     id 'antlr'
     id "org.sonarqube"
+    id "com.diffplug.spotless" version "6.7.2"
+}
+
+spotless {
+    java {
+        target 'src/*/java/**/*.java'
+        removeUnusedImports()
+    }
 }
 
 archivesBaseName = "apoc"

core/src/main/java/apoc/Pools.java

@@ -91,8 +91,8 @@ public void shutdown() throws Exception {
             try {
                 service.shutdown();
                 service.awaitTermination(10, TimeUnit.SECONDS);
-            } catch (InterruptedException ignore) {
-
+            } catch (InterruptedException e) {
+                throw new RuntimeException("Shutdown failed to complete with error: " + e.getMessage());
             }
         });
     }

core/src/main/java/apoc/TTLConfigExtensionFactory.java

@@ -1,15 +1,11 @@
 package apoc;
 
 import org.neo4j.annotations.service.ServiceProvider;
-import org.neo4j.configuration.Config;
-import org.neo4j.dbms.api.DatabaseManagementService;
 import org.neo4j.kernel.api.procedure.GlobalProcedures;
 import org.neo4j.kernel.extension.ExtensionFactory;
 import org.neo4j.kernel.extension.ExtensionType;
 import org.neo4j.kernel.extension.context.ExtensionContext;
-import org.neo4j.kernel.internal.GraphDatabaseAPI;
 import org.neo4j.kernel.lifecycle.Lifecycle;
-import org.neo4j.logging.internal.LogService;
 
 /**
  * a kernel extension for the TTL config

core/src/main/java/apoc/agg/Graph.java

@@ -6,7 +6,6 @@
 import org.neo4j.graphdb.Relationship;
 import org.neo4j.procedure.*;
 
-import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;

core/src/main/java/apoc/agg/Median.java

@@ -4,7 +4,6 @@
 
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Comparator;
 import java.util.List;
 
 /**

core/src/main/java/apoc/agg/Product.java

@@ -1,11 +1,7 @@
 package apoc.agg;
 
-import org.HdrHistogram.Histogram;
 import org.neo4j.procedure.*;
 
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  * @author mh
  * @since 18.12.17

core/src/main/java/apoc/convert/Convert.java

@@ -214,9 +214,11 @@ private Long parseLongString(String input) {
         } catch (NumberFormatException nfe) {
             try {
                 return (long)Double.parseDouble(input);
-            } catch(NumberFormatException nfe2) {}
+            } catch(NumberFormatException nfe2) {
+                // String was not able to be parsed, return null
+                return null;
+            }
         }
-        return null;
     }
 
     @UserFunction

core/src/main/java/apoc/date/Date.java

@@ -3,8 +3,6 @@
 import apoc.util.DateFormatUtil;
 import apoc.util.Util;
 import org.apache.commons.lang3.StringUtils;
-import org.neo4j.graphdb.Label;
-import org.neo4j.graphdb.Node;
 import org.neo4j.procedure.*;
 
 import java.text.DateFormat;

core/src/main/java/apoc/export/csv/CsvHeaderField.java

@@ -1,7 +1,6 @@
 package apoc.export.csv;
 
 import apoc.meta.Meta;
-import org.apache.commons.lang3.StringUtils;
 
 import java.util.HashMap;
 import java.util.Map;

core/src/main/java/apoc/export/json/JsonFormatSerializer.java

@@ -2,7 +2,6 @@
 
 import apoc.export.util.ExportConfig;
 import com.fasterxml.jackson.core.JsonGenerator;
-import org.neo4j.graphdb.Label;
 import org.neo4j.graphdb.Node;
 import org.neo4j.graphdb.Relationship;
 

core/src/main/java/apoc/export/util/CountingInputStream.java

@@ -5,6 +5,7 @@
 
 import java.io.*;
 import java.nio.channels.SeekableByteChannel;
+import java.nio.file.Files;
 
 /**
  * @author mh
@@ -16,8 +17,8 @@ public class CountingInputStream extends FilterInputStream implements SizeCounte
     private long count=0;
     private long newLines;
 
-    public CountingInputStream(File file) throws FileNotFoundException {
-        super(toBufferedStream(new FileInputStream(file)));
+    public CountingInputStream(File file) throws IOException {
+        super(toBufferedStream(Files.newInputStream(file.toPath())));
         this.total = file.length();
     }
     public CountingInputStream(InputStream stream, long total) throws FileNotFoundException {

core/src/main/java/apoc/export/util/ExportConfig.java

@@ -1,7 +1,6 @@
 package apoc.export.util;
 
 import apoc.export.cypher.formatter.CypherFormat;
-import apoc.util.CompressionAlgo;
 import apoc.util.CompressionConfig;
 import apoc.util.Util;
 

core/src/main/java/apoc/export/util/MetaInformation.java

@@ -12,7 +12,6 @@
 import org.neo4j.graphdb.RelationshipType;
 import org.neo4j.graphdb.ResultTransformer;
 
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;

core/src/main/java/apoc/get/Get.java

@@ -4,10 +4,7 @@
 import apoc.result.RelationshipResult;
 import apoc.util.Util;
 import org.neo4j.graphdb.Transaction;
-import org.neo4j.procedure.Context;
-import org.neo4j.procedure.Description;
 import org.neo4j.procedure.Name;
-import org.neo4j.procedure.Procedure;
 
 import java.util.stream.Stream;
 

core/src/main/java/apoc/graph/document/builder/DocumentToGraph.java

@@ -16,7 +16,6 @@
 import java.lang.reflect.Array;
 import java.util.*;
 import java.util.concurrent.atomic.AtomicLong;
-import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;

core/src/main/java/apoc/graph/document/builder/LabelBuilder.java

@@ -8,7 +8,6 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.apache.commons.text.WordUtils.capitalize;
 import static org.apache.commons.text.WordUtils.capitalizeFully;
 
 public class LabelBuilder {

core/src/main/java/apoc/graph/document/builder/RelationshipBuilder.java

@@ -9,7 +9,6 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 

core/src/main/java/apoc/hashing/Fingerprinting.java

@@ -16,7 +16,6 @@
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Formatter;
@@ -25,7 +24,6 @@
 import java.util.TreeMap;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
-import java.util.stream.Stream;
 import java.util.stream.StreamSupport;
 
 public class Fingerprinting {

core/src/main/java/apoc/help/Help.java

@@ -35,6 +35,7 @@ public Help() {
             }
         } catch (IOException e) {
             // Failed to load extended file
+            throw new RuntimeException("Failed to load extended file with error: " + e.getMessage());
         }
     }
 

core/src/main/java/apoc/index/SchemaIndex.java

@@ -12,7 +12,6 @@
 import org.neo4j.internal.kernel.api.*;
 import org.neo4j.internal.schema.IndexDescriptor;
 import org.neo4j.internal.schema.SchemaDescriptors;
-import org.neo4j.io.pagecache.context.CursorContext;
 import org.neo4j.kernel.api.KernelTransaction;
 import org.neo4j.kernel.impl.api.KernelStatement;
 import org.neo4j.kernel.impl.coreapi.InternalTransaction;

core/src/main/java/apoc/load/Xml.java

@@ -49,7 +49,6 @@
 import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.Deque;
 import java.util.HashMap;

core/src/main/java/apoc/meta/Meta.java

@@ -55,7 +55,6 @@
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;

core/src/main/java/apoc/meta/tablesforlabels/OrderedLabels.java

@@ -1,6 +1,5 @@
 package apoc.meta.tablesforlabels;
 
-import apoc.meta.Tables4LabelsProfile;
 import org.neo4j.graphdb.Label;
 
 import java.util.ArrayList;

core/src/main/java/apoc/meta/tablesforlabels/PropertyContainerProfile.java

@@ -1,15 +1,9 @@
 package apoc.meta.tablesforlabels;
 
 import apoc.meta.Meta.ConstraintTracker;
-import org.neo4j.graphdb.Label;
-import org.neo4j.graphdb.Node;
 import org.neo4j.graphdb.Entity;
-import org.neo4j.graphdb.schema.ConstraintDefinition;
 
 import java.util.*;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
 
 /**
  * A profile of a particular ordered label set (or relationship type) has a set of possible properties that can exist, and

core/src/main/java/apoc/meta/tablesforlabels/PropertyTracker.java

@@ -1,5 +1,4 @@
 package apoc.meta.tablesforlabels;
-import org.neo4j.graphdb.Label;
 
 import java.util.*;
 

core/src/main/java/apoc/periodic/PeriodicUtils.java

@@ -17,7 +17,6 @@
 import java.util.concurrent.Future;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.locks.LockSupport;
-import java.util.function.BiConsumer;
 import java.util.function.BiFunction;
 import java.util.function.ToLongFunction;
 import java.util.regex.Pattern;

core/src/main/java/apoc/refactor/GraphRefactoring.java

@@ -19,7 +19,6 @@
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
 import java.util.function.BiFunction;
-import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;

core/src/main/java/apoc/refactor/util/PropertiesManager.java

@@ -57,12 +57,14 @@ public static void combineProperties(Map.Entry<String, Object> prop, Entity targ
             else
                 values.add(prop.getValue());
             Object array = createPropertyValueFromSet(values, refactorConfig);
-            target.setProperty(prop.getKey(), array);
+            if (array != null) {
+                target.setProperty(prop.getKey(), array);
+            }
         }
     }
 
     private static Object createPropertyValueFromSet(Set<Object> input, RefactorConfig refactorConfig) {
-        Object array = null;
+        Object array;
         try {
             if (input.size() == 1 && !refactorConfig.isSingleElementAsArray()) {
                 return input.toArray()[0];
@@ -79,7 +81,8 @@ private static Object createPropertyValueFromSet(Set<Object> input, RefactorConf
                     }
                 }
             }
-        } catch (Exception e) {
+        } catch (NegativeArraySizeException | ClassNotFoundException e) {
+            return null;
         }
         return array;
     }

core/src/main/java/apoc/result/AssertSchemaResult.java

@@ -1,6 +1,5 @@
 package apoc.result;
 
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 

core/src/main/java/apoc/result/Empty.java

@@ -1,7 +1,5 @@
 package apoc.result;
 
-import apoc.meta.Meta;
-
 import java.util.stream.Stream;
 
 /**

core/src/main/java/apoc/result/GraphResult.java

@@ -3,7 +3,6 @@
 import org.neo4j.graphdb.Node;
 import org.neo4j.graphdb.Relationship;
 
-import java.util.Collection;
 import java.util.List;
 
 /**

core/src/main/java/apoc/result/LongResult.java

@@ -1,7 +1,5 @@
 package apoc.result;
 
-import java.util.stream.Stream;
-
 /**
  * @author mh
  * @since 26.02.16

core/src/main/java/apoc/schema/Schemas.java

@@ -1,6 +1,5 @@
 package apoc.schema;
 
-import apoc.Pools;
 import apoc.result.AssertSchemaResult;
 import apoc.result.IndexConstraintNodeInfo;
 import apoc.result.IndexConstraintRelationshipInfo;

core/src/main/java/apoc/text/Phonetic.java

@@ -2,17 +2,12 @@
 
 import org.apache.commons.codec.language.DoubleMetaphone;
 import org.neo4j.procedure.Description;
-import apoc.result.LongResult;
 import apoc.result.StringResult;
 import org.apache.commons.codec.EncoderException;
-import org.apache.commons.codec.language.Soundex;
 import org.neo4j.procedure.Name;
 import org.neo4j.procedure.Procedure;
 import org.neo4j.procedure.UserFunction;
 
-import java.util.Iterator;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;

core/src/main/java/apoc/util/CompressionAlgo.java

@@ -17,7 +17,6 @@
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.lang.reflect.InvocationTargetException;
 import java.nio.charset.Charset;
 
 import static apoc.ApocConfig.apocConfig;

core/src/main/java/apoc/util/DateParseUtil.java

@@ -28,6 +28,8 @@ public static TemporalAccessor dateParse(String value, Class<? extends TemporalA
                             return getParse(date, value);
                         }
                     } catch (Exception e) {
+                        // Ignore here as we are in a loop checking formats
+                        // if all formats fail, a later exception will be called
                         continue;
                     }
                 }
@@ -38,7 +40,7 @@ public static TemporalAccessor dateParse(String value, Class<? extends TemporalA
         } catch (Exception e) {
             throw new RuntimeException(e);
         } catch (Throwable throwable) {
-            throwable.printStackTrace();
+            throw new RuntimeException(throwable.getMessage());
         }
         throw new RuntimeException("Can't format the date with the pattern");
     }

core/src/main/java/apoc/util/FileUtils.java

@@ -18,7 +18,6 @@
 import java.io.OutputStream;
 import java.net.MalformedURLException;
 import java.net.URI;
-import java.net.URISyntaxException;
 import java.net.URL;
 import java.net.URLStreamHandler;
 import java.net.URLStreamHandlerFactory;

core/src/main/java/apoc/util/MapUtil.java

@@ -1,6 +1,5 @@
 package apoc.util;
 
-import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**