Replace tika lib and update project dependencies

.github/workflows/github-actions-build.yml

@@ -48,7 +48,7 @@ jobs:
           echo "Sonar secure variables NOT available"
         else
           echo "Sonar secure variables ARE available"
-          mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey="bordertech-wcomponents" -Dsonar.organization="bordertech-github" -Dsonar.host.url="https://sonarcloud.io"
+          mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey="bordertech-wcomponents" -Dsonar.organization="bordertech-github" -Dsonar.host.url="https://sonarcloud.io" -Dsonar.qualitygate.wait=true
         fi
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -4,6 +4,28 @@
 
 ### API Changes
 ### Enhancements
+* Consistent use of try-with-resources when handling streams
+* Updated AbstractRequest to remove deprecated methods uploadFileItems and readBytes (were protected static). Use StreamUtils instead.
+* Replaced org.apache.tika:tika library with org.overviewproject:mime-types in FileUtil to validate uploaded file mime types.
+* Updated FileUtil to make file extension and mime type validation case insensitive.
+* Updated the following dependencies:
+  * wcomponents-core:
+    * com.google.code.gson:gson from 2.13.1 to 2.13.2
+    * org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0
+    * commons-io:commons-io from 2.19.0 to 2.21.0
+    * com.google.errorprone:error_prone_annotations from 2.39.0 to 2.46.0
+    * org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.6
+    * org.apache.httpcomponents.core5:httpcore5 from 5.3.4 to 5.4
+  * wcomponents-test-lib:
+    * io.github.bonigarcia:webdrivermanager from 6.1.0 to 6.3.3
+    * org.apache.commons:commons-compress from 1.27.1 to 1.28.0
+    * commons-codec:commons-codec from 1.18.0 to 1.20.0
+    * com.google.guava:guava from 33.4.8-jre to 33.5.0-jre
+    * net.java.dev.jna:jna from 5.17.0 to 5.18.1
+  * wcomponents-bundle:
+    * org.ehcache:ehcahce from 3.10.8 to 3.11.1
+    * org.glassfish.jaxb:jaxb-runtime from 4.0.5 to 4.0.6
+
 ### Bug Fixes
 
 ## 1.5.38

code-coverage/pom.xml

@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>com.github.bordertech.wcomponents</groupId>
+		<artifactId>wcomponents-parent</artifactId>
+		<version>1.5.39-SNAPSHOT</version>
+		<relativePath>../pom.xml</relativePath>
+	</parent>
+
+	<name>code-coverage</name>
+	<artifactId>code-coverage</artifactId>
+
+	<packaging>jar</packaging>
+
+	<dependencies>
+		<dependency>
+			<groupId>com.github.bordertech.wcomponents</groupId>
+			<artifactId>wcomponents-core</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.github.bordertech.wcomponents</groupId>
+			<artifactId>wcomponents-examples</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.github.bordertech.wcomponents</groupId>
+			<artifactId>wcomponents-test-lib</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.github.bordertech.wcomponents</groupId>
+			<artifactId>wcomponents-lde</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+	</dependencies>
+
+	<build>
+
+		<plugins>
+			<!-- Generate aggreated coverage report -->
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>report-aggregate</id>
+						<phase>test</phase>
+						<goals>
+							<goal>report-aggregate</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+			<!-- This coverage module should never de deployed -->
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-deploy-plugin</artifactId>
+				<version>3.1.4</version>
+				<configuration>
+					<skip>true</skip>
+				</configuration>
+			</plugin>
+		</plugins>
+
+	</build>
+
+</project>

pom.xml

@@ -85,7 +85,7 @@
 			<dependency>
 				<groupId>org.ehcache</groupId>
 				<artifactId>ehcache</artifactId>
-				<version>3.10.8</version>
+				<version>3.11.1</version>
 				<exclusions>
 					<!-- Exclude jaxb runtime as ehcache has a wildcard dependency that breaks the build -->
 					<exclusion>
@@ -107,7 +107,7 @@
 			<dependency>
 				<groupId>org.glassfish.jaxb</groupId>
 				<artifactId>jaxb-runtime</artifactId>
-				<version>4.0.5</version>
+				<version>4.0.6</version>
 			</dependency>
 
 			<!-- Servlet Interface -->
@@ -217,6 +217,7 @@
 		<module>wcomponents-theme</module>
 		<module>wcomponents-xslt</module>
 		<module>wcomponents-bundle</module>
+		<module>code-coverage</module>
 	</modules>
 
 </project>

wcomponents-core/pom.xml

@@ -218,7 +218,7 @@
 		<dependency>
 			<groupId>com.google.code.gson</groupId>
 			<artifactId>gson</artifactId>
-			<version>2.13.1</version>
+			<version>2.13.2</version>
 			<exclusions>
 				<exclusion>
 					<groupId>com.google.errorprone</groupId>
@@ -248,6 +248,14 @@
 					<groupId>xerces</groupId>
 					<artifactId>xercesImpl</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>commons-io</groupId>
+					<artifactId>commons-io</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.httpcomponents.core5</groupId>
+					<artifactId>httpcore5</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 		<dependency>
@@ -289,20 +297,9 @@
 		</dependency>
 
 		<dependency>
-			<groupId>org.apache.tika</groupId>
-			<artifactId>tika-core</artifactId>
-			<version>2.9.4</version>
-			<!-- Fix convergence -->
-			<exclusions>
-				<exclusion>
-					<groupId>org.slf4j</groupId>
-					<artifactId>slf4j-api</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>commons-io</groupId>
-					<artifactId>commons-io</artifactId>
-				</exclusion>
-			</exclusions>
+			<groupId>org.overviewproject</groupId>
+			<artifactId>mime-types</artifactId>
+			<version>2.0.0</version>
 		</dependency>
 
 		<!-- Force versions to fix convergence -->
@@ -319,22 +316,22 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
-			<version>3.18.0</version>
+			<version>3.20.0</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.19.0</version>
+			<version>2.21.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.google.errorprone</groupId>
 			<artifactId>error_prone_annotations</artifactId>
-			<version>2.39.0</version>
+			<version>2.46.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.httpcomponents.client5</groupId>
 			<artifactId>httpclient5</artifactId>
-			<version>5.5</version>
+			<version>5.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.slf4j</groupId>
@@ -345,7 +342,7 @@
 		<dependency>
 			<groupId>org.apache.httpcomponents.core5</groupId>
 			<artifactId>httpcore5</artifactId>
-			<version>5.3.4</version>
+			<version>5.4</version>
 		</dependency>
 
 		<!-- Test dependencies -->

wcomponents-core/src/main/java/com/github/bordertech/wcomponents/AbstractRequest.java

@@ -1,16 +1,11 @@
 package com.github.bordertech.wcomponents;
 
-import com.github.bordertech.wcomponents.servlet.ServletUtil;
 import com.github.bordertech.wcomponents.util.Config;
 import com.github.bordertech.wcomponents.util.Enumerator;
-import com.github.bordertech.wcomponents.util.StreamUtil;
 import com.github.bordertech.wcomponents.util.Util;
-import java.io.IOException;
-import java.io.InputStream;
 import java.io.Serializable;
 import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import org.apache.commons.fileupload.FileItem;
 
@@ -69,7 +64,7 @@ public FileItem[] getFileItems(final String key) {
 				result = deserialized.toArray(new FileItem[]{});
 			}
 		}
-		*/
+		 */
 		return result;
 	}
 
@@ -128,41 +123,6 @@ public boolean isLogout() {
 		return logout;
 	}
 
-	/**
-	 * <p>
-	 * {@link FileItem} classes (if attachements) will be kept as part of the request. The default behaviour of the file
-	 * item is to store the upload in memory until it reaches a certain size, after which the content is streamed to a
-	 * temp file.</p>
-	 *
-	 * <p>
-	 * If, in the future, performance of uploads becomes a focus we can instead look into using the Jakarta Commons
-	 * Streaming API. In this case, the content of the upload isn't stored anywhere. It will be up to the user to
-	 * read/store the content of the stream.</p>
-	 *
-	 * @param fileItems a list of {@link FileItem}s corresponding to POSTed form data.
-	 * @param parameters the map to store non-file request parameters in.
-	 * @param files the map to store the uploaded file parameters in.
-	 * @deprecated Use {@link ServletUtil#uploadFileItems(java.util.List, java.util.Map, java.util.Map)} instead.
-	 */
-	@Deprecated
-	protected static void uploadFileItems(final List fileItems, final Map<String, String[]> parameters,
-			final Map<String, FileItem[]> files) {
-		ServletUtil.uploadFileItems(fileItems, parameters, files);
-	}
-
-	/**
-	 * Returns a byte array containing all the information contained in the given input stream.
-	 *
-	 * @param stream the input stream to read from.
-	 * @return the stream contents as a byte array.
-	 * @throws IOException if there is an error reading from the stream.
-	 * @deprecated Use {@link StreamUtil#getBytes(java.io.InputStream)} instead.
-	 */
-	@Deprecated
-	protected static byte[] readBytes(final InputStream stream) throws IOException {
-		return StreamUtil.getBytes(stream);
-	}
-
 	/**
 	 * This method contains no logic. Subclasses which need to perform event handling logic (eg.
 	 * <code>WPortletRequest</code>) should override this method.

wcomponents-core/src/main/java/com/github/bordertech/wcomponents/ContentEscape.java

@@ -9,8 +9,7 @@
 import org.apache.commons.logging.LogFactory;
 
 /**
- * An Escape subclass that bypasses the usual request -> paint flow by directly producing the binary document
- * content.
+ * An Escape subclass that bypasses the usual request -> paint flow by directly producing the binary document content.
  *
  * @author Martin Shevchenko
  * @since 1.0.0
@@ -81,28 +80,19 @@ public void escape() throws IOException {
 			}
 
 			if (contentAccess instanceof ContentStreamAccess) {
-				InputStream stream = null;
-
-				try {
-					stream = ((ContentStreamAccess) contentAccess).getStream();
-
+				try (InputStream stream = ((ContentStreamAccess) contentAccess).getStream()) {
 					if (stream == null) {
 						throw new SystemException(
 								"ContentAccess returned null stream, access=" + contentAccess);
 					}
-
 					StreamUtil.copy(stream, response.getOutputStream());
-				} finally {
-					StreamUtil.safeClose(stream);
 				}
 			} else {
 				byte[] bytes = contentAccess.getBytes();
-
 				if (bytes == null) {
 					throw new SystemException(
 							"ContentAccess returned null data, access=" + contentAccess);
 				}
-
 				response.getOutputStream().write(bytes);
 			}
 		}

wcomponents-core/src/main/java/com/github/bordertech/wcomponents/InternalResource.java

@@ -56,17 +56,11 @@ public InternalResource(final String resourceName, final String description) {
 	 */
 	@Override
 	public byte[] getBytes() {
-		InputStream stream = null;
-
-		try {
-			stream = getClass().getResourceAsStream(resourceName);
+		try (InputStream stream = getClass().getResourceAsStream(resourceName)) {
 			return StreamUtil.getBytes(stream);
 		} catch (Exception e) {
 			LOG.error("Failed to read resource: " + resourceName, e);
-		} finally {
-			StreamUtil.safeClose(stream);
 		}
-
 		return EMPTY;
 	}