NIAD-1805: Fix vulnerabilities in dependencies (#1296)

* Address vulnerability in `org.testcontainers:testcontainers:1.21.3`.  This occurs due to a bug (which will not be fixed) in the `commons-compress` version used.  This addressed this by importing an implementation of `common-compress` where the vulnerability exists and allowing this to override the `TestContainers` version.
* Remove `io.findify:s3mock_2.13:0.2.6` as this project has now been abandoned and  archived.  Switched instead to use `com.adobe.testing:s3mock-testcontainers:4.7.0` as this is in active development and is the recommended replacement.
* Update the unit tests previously using `findify:s3mock` to use the test container instead, and removed now unneeded constants.
* Update `org.apache.commons:commons-lang3:3.17.0` to version `3.18.0` where the vulnerability has been resolved.

Author: MartinWheelerMT

service/build.gradle

@@ -55,7 +55,7 @@ dependencies {
 	implementation 'org.apache.qpid:qpid-jms-client:2.7.0'
 
 	// Utils
-	implementation 'org.apache.commons:commons-lang3:3.17.0'
+	implementation 'org.apache.commons:commons-lang3:3.18.0'
 	implementation 'javax.xml.soap:javax.xml.soap-api:1.4.0'
 	implementation 'com.github.spullara.mustache.java:compiler:0.9.14'
 	implementation 'org.apache.tika:tika-core:3.2.0'
@@ -66,12 +66,14 @@ dependencies {
 	// Test
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation "org.assertj:assertj-core:3.27.3"
+	testImplementation 'org.apache.commons:commons-compress:1.28.0'
 	testImplementation 'org.testcontainers:testcontainers:1.21.3'
+	testImplementation 'org.testcontainers:junit-jupiter:1.21.3'
 	testImplementation 'org.awaitility:awaitility:4.3.0'
 	testImplementation 'org.wiremock:wiremock-standalone:3.13.0'
 	testImplementation 'com.squareup.okhttp3:okhttp:4.12.0'
 	testImplementation 'com.squareup.okhttp3:mockwebserver:4.12.0'
-	testImplementation 'io.findify:s3mock_2.13:0.2.6'
+	testImplementation 'com.adobe.testing:s3mock-testcontainers:4.7.0'
 
 	pitest 'com.arcmutate:base:1.3.2'
 	pitest 'com.arcmutate:pitest-git-plugin:2.1.0'

service/src/test/java/uk/nhs/adaptors/gp2gp/common/configuration/CustomTrustStoreTest.java

@@ -1,9 +1,11 @@
 package uk.nhs.adaptors.gp2gp.common.configuration;
 
-import io.findify.s3mock.S3Mock;
+import com.adobe.testing.s3mock.testcontainers.S3MockContainer;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
@@ -15,10 +17,12 @@
 import java.net.URI;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 
+@Testcontainers
 class CustomTrustStoreTest {
 
-    public static final int PORT = 8001;
-    private static S3Mock s3Mock;
+    @Container
+    private static final S3MockContainer S3_MOCK = new S3MockContainer("4.7.0");
+
     private static S3Client s3Client;
     private static final String BUCKET_NAME = "test-bucket";
     private static final String TRUSTSTORE_PATH = "test.jks";
@@ -27,12 +31,8 @@ class CustomTrustStoreTest {
 
     @BeforeAll
     static void setUp() {
-        s3Mock = new S3Mock.Builder().withPort(PORT).withInMemoryBackend().build();
-        s3Mock.start();
-        System.out.println("S3Mock started at http://localhost:" + PORT);
-
         s3Client = S3Client.builder()
-            .endpointOverride(URI.create("http://localhost:" + PORT))
+            .endpointOverride(URI.create(S3_MOCK.getHttpEndpoint()))
             .credentialsProvider(StaticCredentialsProvider.create(
                 AwsBasicCredentials.create("accessKey", "secretKey")))
             .serviceConfiguration(S3Configuration.builder().pathStyleAccessEnabled(true).build())
@@ -53,7 +53,6 @@ static void setup() {
 
     @AfterAll
     static void tearDown() {
-        s3Mock.shutdown();
         customTrustStore = null;
     }
 

service/src/test/java/uk/nhs/adaptors/gp2gp/common/storage/S3StorageConnectorTest.java

@@ -1,8 +1,11 @@
 package uk.nhs.adaptors.gp2gp.common.storage;
 
-import io.findify.s3mock.S3Mock;
+import com.adobe.testing.s3mock.testcontainers.S3MockContainer;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.core.ResponseInputStream;
@@ -21,39 +24,35 @@
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 
+@Testcontainers
 class S3StorageConnectorTest {
 
-    public static final int PORT = 9090;
     private static final String BUCKET_NAME = "s3bucket";
     private static final String FILE_NAME = "test-file.txt";
 
-    private static S3Mock s3Mock;
     private static S3StorageConnector s3StorageConnector;
-    private static StorageConnectorConfiguration config;
+
+    @Container
+    private static final S3MockContainer S3_MOCK = new S3MockContainer("4.7.0");
 
     private static S3Client s3Client;
 
     @BeforeAll
     static void setUp() {
-
-        s3Mock = new S3Mock.Builder().withPort(PORT).withInMemoryBackend().build();
-        s3Mock.start();
-        System.out.println("S3Mock started at http://localhost:" + PORT);
-
         s3Client = S3Client.builder()
-            .endpointOverride(URI.create("http://localhost:" + PORT))
+            .endpointOverride(URI.create(S3_MOCK.getHttpEndpoint()))
             .credentialsProvider(StaticCredentialsProvider.create(
                 AwsBasicCredentials.create("accessKey", "secretKey")))
             .serviceConfiguration(S3Configuration.builder().pathStyleAccessEnabled(true).build())
             .region(Region.EU_WEST_2)
             .build();
 
-        config = new StorageConnectorConfiguration();
+        StorageConnectorConfiguration config = new StorageConnectorConfiguration();
         config.setContainerName(BUCKET_NAME);
 
         s3Client.createBucket(CreateBucketRequest.builder().bucket(BUCKET_NAME).build());