Merge pull request #64 from contentstack/fix/DX-2530-snyk-issues

Snyk fixes and code quality fixes

Author: cs-raj

.github/workflows/codeql-analysis.yml

@@ -38,7 +38,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -65,4 +65,4 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.mvn/wrapper/MavenWrapperDownloader.java

@@ -22,30 +22,32 @@ public class MavenWrapperDownloader {
 
     private static final String WRAPPER_VERSION = "0.5.6";
     /**
-     * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
+     * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl'
+     * is provided.
      */
     private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
-        + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
+            + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
 
     /**
-     * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
-     * use instead of the default one.
+     * Path to the maven-wrapper.properties file, which might contain a
+     * downloadUrl property to use instead of the default one.
      */
-    private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
-            ".mvn/wrapper/maven-wrapper.properties";
+    private static final String MAVEN_WRAPPER_PROPERTIES_PATH
+            = ".mvn/wrapper/maven-wrapper.properties";
 
     /**
      * Path where the maven-wrapper.jar will be saved to.
      */
-    private static final String MAVEN_WRAPPER_JAR_PATH =
-            ".mvn/wrapper/maven-wrapper.jar";
+    private static final String MAVEN_WRAPPER_JAR_PATH
+            = ".mvn/wrapper/maven-wrapper.jar";
 
     /**
-     * Name of the property which should be used to override the default download url for the wrapper.
+     * Name of the property which should be used to override the default
+     * download url for the wrapper.
      */
     private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
 
-    public static void main(String args[]) {
+    public static void main(String args[]) throws Exception {
         System.out.println("- Downloader started");
         File baseDirectory = new File(args[0]);
         System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
@@ -54,30 +56,34 @@ public static void main(String args[]) {
         // wrapperUrl parameter.
         File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
         String url = DEFAULT_DOWNLOAD_URL;
-        if(mavenWrapperPropertyFile.exists()) {
-            FileInputStream mavenWrapperPropertyFileInputStream = null;
-            try {
-                mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
-                Properties mavenWrapperProperties = new Properties();
-                mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
-                url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
-            } catch (IOException e) {
-                System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
-            } finally {
+        try {
+            if (mavenWrapperPropertyFile.exists() && mavenWrapperPropertyFile.getCanonicalPath().startsWith(baseDirectory.getCanonicalPath())) {
+                FileInputStream mavenWrapperPropertyFileInputStream = null;
                 try {
-                    if(mavenWrapperPropertyFileInputStream != null) {
-                        mavenWrapperPropertyFileInputStream.close();
-                    }
+                    mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
+                    Properties mavenWrapperProperties = new Properties();
+                    mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
+                    url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
                 } catch (IOException e) {
-                    // Ignore ...
+                    System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
+                } finally {
+                    try {
+                        if (mavenWrapperPropertyFileInputStream != null) {
+                            mavenWrapperPropertyFileInputStream.close();
+                        }
+                    } catch (IOException e) {
+                        // Ignore ...
+                    }
                 }
             }
+        } catch (IOException e) {
+            System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
         }
         System.out.println("- Downloading from: " + url);
 
         File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
-        if(!outputFile.getParentFile().exists()) {
-            if(!outputFile.getParentFile().mkdirs()) {
+        if (!outputFile.getParentFile().exists()) {
+            if (!outputFile.getParentFile().mkdirs()) {
                 System.out.println(
                         "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
             }
@@ -87,7 +93,7 @@ public static void main(String args[]) {
             downloadFileFromURL(url, outputFile);
             System.out.println("Done");
             System.exit(0);
-        } catch (Throwable e) {
+        } catch (IOException e) {
             System.out.println("- Error downloading");
             e.printStackTrace();
             System.exit(1);
@@ -108,9 +114,9 @@ protected PasswordAuthentication getPasswordAuthentication() {
         URL website = new URL(urlString);
         ReadableByteChannel rbc;
         rbc = Channels.newChannel(website.openStream());
-        FileOutputStream fos = new FileOutputStream(destination);
-        fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
-        fos.close();
+        try (FileOutputStream fos = new FileOutputStream(destination.getCanonicalPath().replaceAll("^/+", "").split("\\?")[0])) {
+            fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
+        }
         rbc.close();
     }
 

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2012 - 2021 Contentstack
+Copyright (c) 2012 - 2025 Contentstack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -11,7 +11,7 @@ This step-by-step guide details how to create a Java sample webapp via spring-bo
 
 -   An IDE, for example, [IntelliJ IDEA](https://www.jetbrains.com/idea/download/) / [STS](https://spring.io/tools) / [VSCode](https://code.visualstudio.com/download) / [Ecllipse](https://www.eclipse.org/downloads/)
 
--   [JDK 1.8 or later](https://www.oracle.com/in/java/technologies/javase/javase-jdk8-downloads.html)
+-   [JDK 17 or later](https://www.oracle.com/in/java/technologies/downloads/#java17)
 
 -   Gradle 4+ or Maven 3.2+
 

SECURITY.md

@@ -0,0 +1,27 @@
+# Security
+
+Contentstack takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
+
+If you believe you have found a security vulnerability in any Contentstack-owned repository, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Send email to [security@contentstack.com](mailto:security@contentstack.com).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+[https://www.contentstack.com/trust/](https://www.contentstack.com/trust/)

pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.1.4</version>
+        <version>3.4.1</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>com.contentstack</groupId>
@@ -15,70 +15,71 @@
     <name>graphql-springboot-api-integration</name>
     <description>Demo project for graphql-springboot-api-integration</description>
     <properties>
-        <java.version>1.8</java.version>
-        <spring-boot.version>3.1.4</spring-boot.version>
-        <json-smart.version>5.2.2</json-smart.version>
+        <java.version>17</java.version>
+        <spring-boot.version>3.4.1</spring-boot.version>
+        <json-smart.version>2.5.2</json-smart.version>
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-freemarker</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
-            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>io.github.cdimascio</groupId>
             <artifactId>java-dotenv</artifactId>
-            <version>${json-smart.version}</version>
+            <version>5.2.2</version>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/org.projectlombok/lombok -->
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.30</version>
             <scope>provided</scope>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/net.minidev/json-smart -->
         <dependency>
             <groupId>net.minidev</groupId>
             <artifactId>json-smart</artifactId>
-            <version>2.5.0</version>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-test -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-test</artifactId>
-            <version>${spring-boot.version}</version>
             <scope>test</scope>
         </dependency>
 
 
     </dependencies>
+    <dependencyManagement>
+         <dependencies>
+             <dependency>
+                 <groupId>org.jetbrains.kotlin</groupId>
+                 <artifactId>kotlin-stdlib</artifactId>
+                 <version>1.6.0</version>
+             </dependency>
+         </dependencies>
+      </dependencyManagement>
 
     <build>
         <plugins>
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
-                <version>3.1.4</version>
             </plugin>
         </plugins>
     </build>

src/main/java/com/contentstack/gqlspring/Contentstack.java

@@ -5,10 +5,13 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+
 import io.github.cdimascio.dotenv.Dotenv;
+
 import org.jetbrains.annotations.NotNull;
 
 import java.util.Collections;
+import java.util.logging.Logger;
 
 public class Contentstack {
 
@@ -26,7 +29,7 @@ public static <T> T convertToObject(Class<T> clazz, String jsonString) {
             ObjectMapper mapper = new ObjectMapper();
             return mapper.readValue(jsonString, clazz);
         } catch (Exception e) {
-            e.printStackTrace();
+            Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
             return null;
         }
     }
@@ -63,7 +66,7 @@ public Object getQuery(@NotNull String query, @NotNull String nodeBy, Class<?> c
             return convertToObject(cls, jsonNode.toString());
 
         } catch (Exception e) {
-            e.printStackTrace();
+            Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
         }
         return null;
     }
@@ -73,7 +76,7 @@ private Object toListObject(Class<?> cls, String string) {
         try {
             return Collections.singletonList(new ObjectMapper().readValue(string, cls)).get(0);
         } catch (JsonProcessingException e) {
-            e.printStackTrace();
+            Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
         }
         return null;
     }
@@ -132,7 +135,7 @@ public Object blogPostById(String id, Class<?> cls) {
             JsonNode strResponse = graphqlBuilderInstance.fetch().get("data").get("all_blog_post").get(ITEMS).get(0);
             return convertToObject(cls, strResponse.toString());
         } catch (Exception e) {
-            e.printStackTrace();
+            Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
             throw new IllegalArgumentException("Invalid = graphql query");
         }
     }