diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9d241b9..08abd09 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # â„šī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -65,4 +65,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.mvn/wrapper/MavenWrapperDownloader.java b/.mvn/wrapper/MavenWrapperDownloader.java index b901097..4744b4f 100644 --- a/.mvn/wrapper/MavenWrapperDownloader.java +++ b/.mvn/wrapper/MavenWrapperDownloader.java @@ -22,30 +22,32 @@ public class MavenWrapperDownloader { private static final String WRAPPER_VERSION = "0.5.6"; /** - * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided. + * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' + * is provided. */ private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/" - + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar"; + + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar"; /** - * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to - * use instead of the default one. + * Path to the maven-wrapper.properties file, which might contain a + * downloadUrl property to use instead of the default one. */ - private static final String MAVEN_WRAPPER_PROPERTIES_PATH = - ".mvn/wrapper/maven-wrapper.properties"; + private static final String MAVEN_WRAPPER_PROPERTIES_PATH + = ".mvn/wrapper/maven-wrapper.properties"; /** * Path where the maven-wrapper.jar will be saved to. */ - private static final String MAVEN_WRAPPER_JAR_PATH = - ".mvn/wrapper/maven-wrapper.jar"; + private static final String MAVEN_WRAPPER_JAR_PATH + = ".mvn/wrapper/maven-wrapper.jar"; /** - * Name of the property which should be used to override the default download url for the wrapper. + * Name of the property which should be used to override the default + * download url for the wrapper. */ private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl"; - public static void main(String args[]) { + public static void main(String args[]) throws Exception { System.out.println("- Downloader started"); File baseDirectory = new File(args[0]); System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath()); @@ -54,30 +56,34 @@ public static void main(String args[]) { // wrapperUrl parameter. File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH); String url = DEFAULT_DOWNLOAD_URL; - if(mavenWrapperPropertyFile.exists()) { - FileInputStream mavenWrapperPropertyFileInputStream = null; - try { - mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); - Properties mavenWrapperProperties = new Properties(); - mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); - url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); - } catch (IOException e) { - System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); - } finally { + try { + if (mavenWrapperPropertyFile.exists() && mavenWrapperPropertyFile.getCanonicalPath().startsWith(baseDirectory.getCanonicalPath())) { + FileInputStream mavenWrapperPropertyFileInputStream = null; try { - if(mavenWrapperPropertyFileInputStream != null) { - mavenWrapperPropertyFileInputStream.close(); - } + mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); + Properties mavenWrapperProperties = new Properties(); + mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); + url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); } catch (IOException e) { - // Ignore ... + System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); + } finally { + try { + if (mavenWrapperPropertyFileInputStream != null) { + mavenWrapperPropertyFileInputStream.close(); + } + } catch (IOException e) { + // Ignore ... + } } } + } catch (IOException e) { + System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); } System.out.println("- Downloading from: " + url); File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH); - if(!outputFile.getParentFile().exists()) { - if(!outputFile.getParentFile().mkdirs()) { + if (!outputFile.getParentFile().exists()) { + if (!outputFile.getParentFile().mkdirs()) { System.out.println( "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'"); } @@ -87,7 +93,7 @@ public static void main(String args[]) { downloadFileFromURL(url, outputFile); System.out.println("Done"); System.exit(0); - } catch (Throwable e) { + } catch (IOException e) { System.out.println("- Error downloading"); e.printStackTrace(); System.exit(1); @@ -108,9 +114,9 @@ protected PasswordAuthentication getPasswordAuthentication() { URL website = new URL(urlString); ReadableByteChannel rbc; rbc = Channels.newChannel(website.openStream()); - FileOutputStream fos = new FileOutputStream(destination); - fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); - fos.close(); + try (FileOutputStream fos = new FileOutputStream(destination.getCanonicalPath().replaceAll("^/+", "").split("\\?")[0])) { + fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); + } rbc.close(); } diff --git a/LICENSE b/LICENSE index cd45c4e..c7d34c7 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2012 - 2021 Contentstack +Copyright (c) 2012 - 2025 Contentstack Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 369c67e..db7ec74 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This step-by-step guide details how to create a Java sample webapp via spring-bo - An IDE, for example, [IntelliJ IDEA](https://www.jetbrains.com/idea/download/) / [STS](https://spring.io/tools) / [VSCode](https://code.visualstudio.com/download) / [Ecllipse](https://www.eclipse.org/downloads/) -- [JDK 1.8 or later](https://www.oracle.com/in/java/technologies/javase/javase-jdk8-downloads.html) +- [JDK 17 or later](https://www.oracle.com/in/java/technologies/downloads/#java17) - Gradle 4+ or Maven 3.2+ diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..c296f3d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,27 @@ +# Security + +Contentstack takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations. + +If you believe you have found a security vulnerability in any Contentstack-owned repository, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Send email to [security@contentstack.com](mailto:security@contentstack.com). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +[https://www.contentstack.com/trust/](https://www.contentstack.com/trust/) \ No newline at end of file diff --git a/pom.xml b/pom.xml index 6c033aa..71a7cef 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.4 + 3.4.1 com.contentstack @@ -15,43 +15,38 @@ graphql-springboot-api-integration Demo project for graphql-springboot-api-integration - 1.8 - 3.1.4 - 5.2.2 + 17 + 3.4.1 + 2.5.2 org.springframework.boot spring-boot-starter-web - ${spring-boot.version} org.springframework.boot spring-boot-starter-freemarker - ${spring-boot.version} org.springframework.boot spring-boot-starter-thymeleaf - ${spring-boot.version} org.springframework.boot spring-boot-starter - ${spring-boot.version} io.github.cdimascio java-dotenv - ${json-smart.version} + 5.2.2 org.projectlombok lombok - 1.18.30 provided @@ -59,26 +54,32 @@ net.minidev json-smart - 2.5.0 org.springframework.boot spring-boot-test - ${spring-boot.version} test + + + + org.jetbrains.kotlin + kotlin-stdlib + 1.6.0 + + + org.springframework.boot spring-boot-maven-plugin - 3.1.4 diff --git a/src/main/java/com/contentstack/gqlspring/Contentstack.java b/src/main/java/com/contentstack/gqlspring/Contentstack.java index c9495e7..439f247 100644 --- a/src/main/java/com/contentstack/gqlspring/Contentstack.java +++ b/src/main/java/com/contentstack/gqlspring/Contentstack.java @@ -5,10 +5,13 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; + import io.github.cdimascio.dotenv.Dotenv; + import org.jetbrains.annotations.NotNull; import java.util.Collections; +import java.util.logging.Logger; public class Contentstack { @@ -26,7 +29,7 @@ public static T convertToObject(Class clazz, String jsonString) { ObjectMapper mapper = new ObjectMapper(); return mapper.readValue(jsonString, clazz); } catch (Exception e) { - e.printStackTrace(); + Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage()); return null; } } @@ -63,7 +66,7 @@ public Object getQuery(@NotNull String query, @NotNull String nodeBy, Class c return convertToObject(cls, jsonNode.toString()); } catch (Exception e) { - e.printStackTrace(); + Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage()); } return null; } @@ -73,7 +76,7 @@ private Object toListObject(Class cls, String string) { try { return Collections.singletonList(new ObjectMapper().readValue(string, cls)).get(0); } catch (JsonProcessingException e) { - e.printStackTrace(); + Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage()); } return null; } @@ -132,7 +135,7 @@ public Object blogPostById(String id, Class cls) { JsonNode strResponse = graphqlBuilderInstance.fetch().get("data").get("all_blog_post").get(ITEMS).get(0); return convertToObject(cls, strResponse.toString()); } catch (Exception e) { - e.printStackTrace(); + Logger.getLogger(Contentstack.class.getName()).severe(e.getMessage()); throw new IllegalArgumentException("Invalid = graphql query"); } }