chore: Remove vulnerable commons-configuration (#808)

Co-authored-by: Jonas Israel <[email protected]>
Co-authored-by: Roshin Rajan Panackal <[email protected]>
Co-authored-by: Alexander Dümont <[email protected]>
Co-authored-by: Alexander Dümont <[email protected]>

Author: 4 people

datamodel/odata-generator-utility/src/main/java/com/sap/cloud/sdk/datamodel/odata/utility/ServiceNameMappings.java

@@ -0,0 +1,125 @@
+package com.sap.cloud.sdk.datamodel.odata.utility;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.nio.file.StandardOpenOption.CREATE;
+import static java.nio.file.StandardOpenOption.TRUNCATE_EXISTING;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import javax.annotation.Nonnull;
+
+import com.google.common.base.Joiner;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * This class is used to read and write service name mappings from a file.
+ */
+@Slf4j
+public class ServiceNameMappings
+{
+    private static final String DELIMITER_SHORT = "=";
+    private static final String DELIMITER_LONG = " = ";
+    private final Path file;
+    private final Map<Key, Value> mappings = new LinkedHashMap<>();
+
+    private record Key( @Nonnull String key )
+    {
+    }
+
+    private record Value( @Nonnull String value, @Nonnull String comment )
+    {
+    }
+
+    /**
+     * Creates a new instance of {@link ServiceNameMappings} with the specified file.
+     *
+     * @param file
+     *            the file to read and write mappings from/to
+     */
+    public ServiceNameMappings( @Nonnull final Path file )
+    {
+        this.file = file;
+        if( Files.exists(file) ) {
+            populateMappings();
+        }
+    }
+
+    /**
+     * Saves the mappings to the file.
+     *
+     * @throws IOException
+     *             if an error occurs while writing to the file
+     */
+    public void save()
+        throws IOException
+    {
+        final StringBuilder text = new StringBuilder();
+        for( final Map.Entry<Key, Value> entry : mappings.entrySet() ) {
+            if( !entry.getValue().comment().isBlank() ) {
+                text.append(System.lineSeparator()).append("# ").append(entry.getValue().comment());
+                text.append(System.lineSeparator());
+            }
+            text.append(entry.getKey().key()).append(DELIMITER_LONG).append(entry.getValue().value());
+            text.append(System.lineSeparator());
+        }
+        Files.writeString(file, text, UTF_8, CREATE, TRUNCATE_EXISTING);
+    }
+
+    /**
+     * Gets the value of the specified key.
+     *
+     * @param key
+     *            the key to get the value for
+     * @return the optional value of the key.
+     */
+    @Nonnull
+    public Optional<String> getString( @Nonnull final String key )
+    {
+        return Optional.ofNullable(mappings.get(new Key(key))).map(Value::value);
+    }
+
+    /**
+     * Adds a new mapping to the file.
+     *
+     * @param key
+     *            the key to add
+     * @param value
+     *            the value to add
+     * @param comments
+     *            the comments to add, optional
+     */
+    public void putString( @Nonnull final String key, @Nonnull final String value, @Nonnull final String... comments )
+    {
+        mappings.put(new Key(key), new Value(value, Joiner.on(" ").join(comments)));
+    }
+
+    private void populateMappings()
+    {
+        try {
+            final List<String> lines = Files.readAllLines(file, UTF_8);
+            final List<String> comment = new ArrayList<>();
+            for( final String line : lines ) {
+                if( line.startsWith("#") ) {
+                    comment.add(line.substring(1).trim());
+                } else if( line.contains(DELIMITER_SHORT) ) {
+                    final String[] parts = line.split("=", 2);
+                    putString(parts[0].trim(), parts[1].trim(), comment.toArray(new String[0]));
+                    comment.clear();
+                } else if( !line.isBlank() ) {
+                    log.debug("Skipping line: {}", line);
+                }
+            }
+        }
+        catch( final IOException e ) {
+            throw new IllegalArgumentException("Invalid mapping file: " + file, e);
+        }
+    }
+}

datamodel/odata-v4/odata-v4-generator/pom.xml

@@ -118,16 +118,6 @@
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>commons-configuration</groupId>
-			<artifactId>commons-configuration</artifactId>
-			<exclusions>
-				<exclusion>
-					<artifactId>commons-logging</artifactId>
-					<groupId>commons-logging</groupId>
-				</exclusion>
-			</exclusions>
-		</dependency>
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>

datamodel/odata-v4/odata-v4-generator/src/main/java/com/sap/cloud/sdk/datamodel/odatav4/generator/EdmService.java

@@ -15,7 +15,6 @@
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
-import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.olingo.commons.api.edm.Edm;
 import org.apache.olingo.commons.api.edm.EdmAction;
 import org.apache.olingo.commons.api.edm.EdmActionImport;
@@ -49,6 +48,7 @@
 import com.google.common.collect.Multimap;
 import com.google.common.collect.MultimapBuilder;
 import com.sap.cloud.sdk.datamodel.odata.utility.NamingUtils;
+import com.sap.cloud.sdk.datamodel.odata.utility.ServiceNameMappings;
 
 import io.vavr.control.Option;
 import lombok.AccessLevel;
@@ -66,7 +66,7 @@ class EdmService implements Service
     private static final String[] TERMS_LONG_DESCRIPTION = { "Core.LongDescription", "SAP__core.LongDescription" };
 
     private final String name;
-    private final PropertiesConfiguration serviceNameMappings;
+    private final ServiceNameMappings serviceNameMappings;
     private final Edm metadata;
     private final ServiceDetails details;
     private final Function<String, Collection<ApiFunction>> allowedFunctionsByEntity;
@@ -86,7 +86,7 @@ class EdmService implements Service
 
     EdmService(
         final String name,
-        final PropertiesConfiguration serviceNameMappings,
+        final ServiceNameMappings serviceNameMappings,
         final Edm metadata,
         final ServiceDetails details,
         final Multimap<String, ApiFunction> allowedFunctionsByEntity,
@@ -247,12 +247,8 @@ public Collection<ServiceAction> getAllServiceActions()
     public String getJavaPackageName()
     {
         final String javaPackageNameKey = name + SERVICE_MAPPINGS_PACKAGE_SUFFIX;
-        String javaPackageName = serviceNameMappings.getString(javaPackageNameKey);
-
-        if( javaPackageName == null ) {
-            javaPackageName = NamingUtils.serviceNameToJavaPackageName(getTitle());
-        }
-        return javaPackageName;
+        final String javaPackageName = serviceNameMappings.getString(javaPackageNameKey).orElseGet(this::getTitle);
+        return NamingUtils.serviceNameToJavaPackageName(javaPackageName);
     }
 
     @Override
@@ -265,12 +261,8 @@ public String getName()
     public String getJavaClassName()
     {
         final String javaClassNameKey = name + SERVICE_MAPPINGS_CLASS_SUFFIX;
-        String javaClassName = serviceNameMappings.getString(javaClassNameKey);
-
-        if( javaClassName == null ) {
-            javaClassName = NamingUtils.serviceNameToBaseJavaClassName(getTitle());
-        }
-        return javaClassName;
+        final String javaClassName = serviceNameMappings.getString(javaClassNameKey).orElseGet(this::getTitle);
+        return NamingUtils.serviceNameToBaseJavaClassName(javaClassName);
     }
 
     @Override

datamodel/odata-v4/odata-v4-generator/src/main/java/com/sap/cloud/sdk/datamodel/odatav4/generator/ODataToVdmGenerator.java

@@ -11,7 +11,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -24,9 +23,6 @@
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -42,7 +38,7 @@
 
 import com.google.common.collect.Multimap;
 import com.sap.cloud.sdk.datamodel.odata.utility.EdmxValidator;
-import com.sap.cloud.sdk.datamodel.odata.utility.NamingUtils;
+import com.sap.cloud.sdk.datamodel.odata.utility.ServiceNameMappings;
 
 import io.vavr.control.Try;
 
@@ -148,8 +144,7 @@ private Collection<EdmxFile> loadServicesFromInput(
         @Nonnull final Collection<File> inputFiles )
     {
         final Collection<EdmxFile> allEdmxFiles = new LinkedList<>();
-        final PropertiesConfiguration serviceNameMappings =
-            loadPropertiesConfiguration(config.getServiceNameMappings());
+        final ServiceNameMappings serviceNameMappings = loadPropertiesConfiguration(config.getServiceNameMappings());
         final List<CsdlSchema> edmxTerms = loadEdmxSchemas();
 
         for( final File inputFile : inputFiles ) {
@@ -226,7 +221,7 @@ private Collection<File> getInputFiles( @Nonnull final File inputDir )
 
     private Service buildService(
         final String serviceName,
-        final PropertiesConfiguration serviceNameMappings,
+        final ServiceNameMappings serviceNameMappings,
         final List<CsdlSchema> edmxTerms,
         @Nullable final String defaultBasePath,
         final File serviceMetadataFile,
@@ -296,23 +291,9 @@ private void cleanDirectory( final File outputDir )
         }
     }
 
-    private PropertiesConfiguration loadPropertiesConfiguration( final File serviceMappingsFile )
+    private ServiceNameMappings loadPropertiesConfiguration( final File serviceMappingsFile )
     {
-        final PropertiesConfiguration serviceNameMappings;
-        try {
-            if( serviceMappingsFile.exists() ) {
-                serviceNameMappings = new PropertiesConfiguration(serviceMappingsFile);
-            } else {
-                serviceNameMappings = new PropertiesConfiguration();
-            }
-        }
-        catch( final ConfigurationException e ) {
-            throw new ODataGeneratorReadException(e);
-        }
-
-        sanitizeConfiguration(serviceNameMappings);
-
-        return serviceNameMappings;
+        return new ServiceNameMappings(serviceMappingsFile.toPath());
     }
 
     // Schema definitions are necessary to make the EDMX properties explorable through Olingo API at runtime, example:
@@ -350,43 +331,23 @@ static List<CsdlSchema> loadEdmxSchemas()
         return termSchemas;
     }
 
-    private void sanitizeConfiguration( final Configuration configuration )
-    {
-        for( final Iterator<String> it = configuration.getKeys(); it.hasNext(); ) {
-            final String key = it.next();
-
-            if( key.endsWith(Service.SERVICE_MAPPINGS_CLASS_SUFFIX) ) {
-                final String javaClassName = configuration.getString(key);
-                final String sanitizedJavaClassName = NamingUtils.serviceNameToBaseJavaClassName(javaClassName);
-                configuration.setProperty(key, sanitizedJavaClassName);
-            }
-            if( key.endsWith(Service.SERVICE_MAPPINGS_PACKAGE_SUFFIX) ) {
-                final String javaPackageName = configuration.getString(key);
-                final String sanitizedJavaPackageName = NamingUtils.serviceNameToJavaPackageName(javaPackageName);
-                configuration.setProperty(key, sanitizedJavaPackageName);
-            }
-        }
-    }
-
     private void storeConfiguration( final File serviceMappingsFile, final Iterable<Service> allODataServices )
     {
         ensureFileExists(serviceMappingsFile);
-        final PropertiesConfiguration serviceNameMappings = loadPropertiesConfiguration(serviceMappingsFile);
+        final ServiceNameMappings mappings = new ServiceNameMappings(serviceMappingsFile.toPath());
 
         for( final Service oDataService : allODataServices ) {
             final String javaClassNameKey = oDataService.getName() + Service.SERVICE_MAPPINGS_CLASS_SUFFIX;
-            serviceNameMappings.setProperty(javaClassNameKey, oDataService.getJavaClassName());
-            serviceNameMappings.getLayout().setComment(javaClassNameKey, oDataService.getTitle());
-            serviceNameMappings.getLayout().setBlancLinesBefore(javaClassNameKey, 1);
+            mappings.putString(javaClassNameKey, oDataService.getJavaClassName(), oDataService.getTitle());
 
             final String javaPackageNameKey = oDataService.getName() + Service.SERVICE_MAPPINGS_PACKAGE_SUFFIX;
-            serviceNameMappings.setProperty(javaPackageNameKey, oDataService.getJavaPackageName());
+            mappings.putString(javaPackageNameKey, oDataService.getJavaPackageName());
         }
 
         try {
-            serviceNameMappings.save();
+            mappings.save();
         }
-        catch( final ConfigurationException e ) {
+        catch( final IOException e ) {
             throw new ODataGeneratorWriteException(e);
         }
     }

datamodel/odata-v4/odata-v4-generator/src/test/resources/oDataGeneratorIntegrationTest/multipleEntitySets/input/serviceNameMappings.properties

@@ -1,3 +1,4 @@
+
 # minimal metadata
 minimal_metadata.className = MinimalMetadata
 minimal_metadata.packageName = minimalmetadata

datamodel/odata/odata-generator/pom.xml

@@ -109,16 +109,6 @@
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>commons-configuration</groupId>
-			<artifactId>commons-configuration</artifactId>
-			<exclusions>
-				<exclusion>
-					<artifactId>commons-logging</artifactId>
-					<groupId>commons-logging</groupId>
-				</exclusion>
-			</exclusions>
-		</dependency>
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>