diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9d241b9..08abd09 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,7 +38,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@v3
# âšī¸ Command-line programs to run using the OS shell.
# đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -65,4 +65,4 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
diff --git a/.mvn/wrapper/MavenWrapperDownloader.java b/.mvn/wrapper/MavenWrapperDownloader.java
index b901097..4744b4f 100644
--- a/.mvn/wrapper/MavenWrapperDownloader.java
+++ b/.mvn/wrapper/MavenWrapperDownloader.java
@@ -22,30 +22,32 @@ public class MavenWrapperDownloader {
private static final String WRAPPER_VERSION = "0.5.6";
/**
- * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
+ * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl'
+ * is provided.
*/
private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
- + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
+ + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
/**
- * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
- * use instead of the default one.
+ * Path to the maven-wrapper.properties file, which might contain a
+ * downloadUrl property to use instead of the default one.
*/
- private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
- ".mvn/wrapper/maven-wrapper.properties";
+ private static final String MAVEN_WRAPPER_PROPERTIES_PATH
+ = ".mvn/wrapper/maven-wrapper.properties";
/**
* Path where the maven-wrapper.jar will be saved to.
*/
- private static final String MAVEN_WRAPPER_JAR_PATH =
- ".mvn/wrapper/maven-wrapper.jar";
+ private static final String MAVEN_WRAPPER_JAR_PATH
+ = ".mvn/wrapper/maven-wrapper.jar";
/**
- * Name of the property which should be used to override the default download url for the wrapper.
+ * Name of the property which should be used to override the default
+ * download url for the wrapper.
*/
private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
- public static void main(String args[]) {
+ public static void main(String args[]) throws Exception {
System.out.println("- Downloader started");
File baseDirectory = new File(args[0]);
System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
@@ -54,30 +56,34 @@ public static void main(String args[]) {
// wrapperUrl parameter.
File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
String url = DEFAULT_DOWNLOAD_URL;
- if(mavenWrapperPropertyFile.exists()) {
- FileInputStream mavenWrapperPropertyFileInputStream = null;
- try {
- mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
- Properties mavenWrapperProperties = new Properties();
- mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
- url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
- } catch (IOException e) {
- System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
- } finally {
+ try {
+ if (mavenWrapperPropertyFile.exists() && mavenWrapperPropertyFile.getCanonicalPath().startsWith(baseDirectory.getCanonicalPath())) {
+ FileInputStream mavenWrapperPropertyFileInputStream = null;
try {
- if(mavenWrapperPropertyFileInputStream != null) {
- mavenWrapperPropertyFileInputStream.close();
- }
+ mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
+ Properties mavenWrapperProperties = new Properties();
+ mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
+ url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
} catch (IOException e) {
- // Ignore ...
+ System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
+ } finally {
+ try {
+ if (mavenWrapperPropertyFileInputStream != null) {
+ mavenWrapperPropertyFileInputStream.close();
+ }
+ } catch (IOException e) {
+ // Ignore ...
+ }
}
}
+ } catch (IOException e) {
+ System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
}
System.out.println("- Downloading from: " + url);
File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
- if(!outputFile.getParentFile().exists()) {
- if(!outputFile.getParentFile().mkdirs()) {
+ if (!outputFile.getParentFile().exists()) {
+ if (!outputFile.getParentFile().mkdirs()) {
System.out.println(
"- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
}
@@ -87,7 +93,7 @@ public static void main(String args[]) {
downloadFileFromURL(url, outputFile);
System.out.println("Done");
System.exit(0);
- } catch (Throwable e) {
+ } catch (IOException e) {
System.out.println("- Error downloading");
e.printStackTrace();
System.exit(1);
@@ -108,9 +114,9 @@ protected PasswordAuthentication getPasswordAuthentication() {
URL website = new URL(urlString);
ReadableByteChannel rbc;
rbc = Channels.newChannel(website.openStream());
- FileOutputStream fos = new FileOutputStream(destination);
- fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
- fos.close();
+ try (FileOutputStream fos = new FileOutputStream(destination.getCanonicalPath().replaceAll("^/+", "").split("\\?")[0])) {
+ fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
+ }
rbc.close();
}
diff --git a/LICENSE b/LICENSE
index cd45c4e..c7d34c7 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
MIT License
-Copyright (c) 2012 - 2021 Contentstack
+Copyright (c) 2012 - 2025 Contentstack
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
index 369c67e..db7ec74 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ This step-by-step guide details how to create a Java sample webapp via spring-bo
- An IDE, for example, [IntelliJ IDEA](https://www.jetbrains.com/idea/download/) / [STS](https://spring.io/tools) / [VSCode](https://code.visualstudio.com/download) / [Ecllipse](https://www.eclipse.org/downloads/)
-- [JDK 1.8 or later](https://www.oracle.com/in/java/technologies/javase/javase-jdk8-downloads.html)
+- [JDK 17 or later](https://www.oracle.com/in/java/technologies/downloads/#java17)
- Gradle 4+ or Maven 3.2+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..c296f3d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,27 @@
+# Security
+
+Contentstack takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
+
+If you believe you have found a security vulnerability in any Contentstack-owned repository, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Send email to [security@contentstack.com](mailto:security@contentstack.com).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+[https://www.contentstack.com/trust/](https://www.contentstack.com/trust/)
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 6c033aa..71a7cef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
org.springframework.boot
spring-boot-starter-parent
- 3.1.4
+ 3.4.1
com.contentstack
@@ -15,43 +15,38 @@
graphql-springboot-api-integration
Demo project for graphql-springboot-api-integration
- 1.8
- 3.1.4
- 5.2.2
+ 17
+ 3.4.1
+ 2.5.2
org.springframework.boot
spring-boot-starter-web
- ${spring-boot.version}
org.springframework.boot
spring-boot-starter-freemarker
- ${spring-boot.version}
org.springframework.boot
spring-boot-starter-thymeleaf
- ${spring-boot.version}
org.springframework.boot
spring-boot-starter
- ${spring-boot.version}
io.github.cdimascio
java-dotenv
- ${json-smart.version}
+ 5.2.2
org.projectlombok
lombok
- 1.18.30
provided
@@ -59,26 +54,32 @@
net.minidev
json-smart
- 2.5.0
org.springframework.boot
spring-boot-test
- ${spring-boot.version}
test
+
+
+
+ org.jetbrains.kotlin
+ kotlin-stdlib
+ 1.6.0
+
+
+
org.springframework.boot
spring-boot-maven-plugin
- 3.1.4
diff --git a/src/main/java/com/contentstack/gqlspring/Contentstack.java b/src/main/java/com/contentstack/gqlspring/Contentstack.java
index c9495e7..439f247 100644
--- a/src/main/java/com/contentstack/gqlspring/Contentstack.java
+++ b/src/main/java/com/contentstack/gqlspring/Contentstack.java
@@ -5,10 +5,13 @@
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
+
import io.github.cdimascio.dotenv.Dotenv;
+
import org.jetbrains.annotations.NotNull;
import java.util.Collections;
+import java.util.logging.Logger;
public class Contentstack {
@@ -26,7 +29,7 @@ public static T convertToObject(Class clazz, String jsonString) {
ObjectMapper mapper = new ObjectMapper();
return mapper.readValue(jsonString, clazz);
} catch (Exception e) {
- e.printStackTrace();
+ Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
return null;
}
}
@@ -63,7 +66,7 @@ public Object getQuery(@NotNull String query, @NotNull String nodeBy, Class c
return convertToObject(cls, jsonNode.toString());
} catch (Exception e) {
- e.printStackTrace();
+ Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
}
return null;
}
@@ -73,7 +76,7 @@ private Object toListObject(Class cls, String string) {
try {
return Collections.singletonList(new ObjectMapper().readValue(string, cls)).get(0);
} catch (JsonProcessingException e) {
- e.printStackTrace();
+ Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
}
return null;
}
@@ -132,7 +135,7 @@ public Object blogPostById(String id, Class cls) {
JsonNode strResponse = graphqlBuilderInstance.fetch().get("data").get("all_blog_post").get(ITEMS).get(0);
return convertToObject(cls, strResponse.toString());
} catch (Exception e) {
- e.printStackTrace();
+ Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage());
throw new IllegalArgumentException("Invalid = graphql query");
}
}