Merge branch 'release/1.4.1'

Author: infeo

.github/workflows/build.yml

@@ -17,11 +17,11 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         shell: bash
         run: |
-          mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
+          mvn -B versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
         id: buildAndTest
-        run: mvn -B clean install -Pdependency-check
-      - uses: actions/upload-artifact@v3
+        run: mvn -B clean install
+      - uses: actions/upload-artifact@v4
         with:
           name: artifacts
           path: target/*.jar

.github/workflows/codeql-analysis.yml

@@ -25,10 +25,10 @@ jobs:
         java-version: 21
         cache: 'maven'
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: java
     - name: Build
       run: mvn -B compile
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/dependency-check.yml

@@ -0,0 +1,63 @@
+name: OWASP Maven Dependency Check
+on:
+  schedule:
+    - cron: '0 11 * * 0'
+  push:
+    branches:
+      - 'release/**'
+  workflow_dispatch:
+
+
+jobs:
+  check-dependencies:
+    name: Check dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: 21
+          cache: 'maven'
+      - name: Cache NVD DB
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2/repository/org/owasp/dependency-check-data/
+          key: dependency-check-${{ github.run_id }}
+          restore-keys: |
+            dependency-check
+        env:
+          SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
+      - name: Run org.owasp:dependency-check plugin
+        id: dependency-check
+        continue-on-error: true
+        run: mvn -B validate -Pdependency-check
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+      - name: Upload report on failure
+        if: steps.dependency-check.outcome == 'failure'
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-check-report
+          path: target/dependency-check-report.html
+          if-no-files-found: error
+      - name: Slack Notification on regular check
+        if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure'
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_USERNAME: 'Cryptobot'
+          SLACK_ICON: false
+          SLACK_ICON_EMOJI: ':bot:'
+          SLACK_CHANNEL: 'cryptomator-desktop'
+          SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected."
+          SLACK_MESSAGE: "Download the <https://github.com/${{ github.repository }}/actions/run/${{ github.run_id }}|report> for more details."
+          SLACK_FOOTER: false
+          MSG_MINIMAL: true
+      - name: Failing workflow on release branch
+        if: github.event_name == 'push' && steps.dependency-check.outcome == 'failure'
+        shell: bash
+        run: exit 1

pom.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>integrations-linux</artifactId>
-	<version>1.4.0</version>
+	<version>1.4.1</version>
 
 	<name>integrations-linux</name>
 	<description>Provides optional Linux services used by Cryptomator</description>
@@ -44,13 +44,13 @@
 		<secret-service.version>2.0.0-alpha</secret-service.version>
 		<kdewallet.version>1.3.3</kdewallet.version>
 		<appindicator.version>1.3.6</appindicator.version>
-		<slf4j.version>2.0.9</slf4j.version>
+		<slf4j.version>2.0.11</slf4j.version>
 
 		<!-- test dependencies -->
 		<junit.version>5.10.1</junit.version>
 
 		<!-- build plugin dependencies -->
-		<dependency-check.version>8.4.2</dependency-check.version>
+		<dependency-check.version>9.0.7</dependency-check.version>
 		<nexus-staging.version>1.6.8</nexus-staging.version>
 	</properties>
 
@@ -94,7 +94,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.11.0</version>
+				<version>3.12.1</version>
 				<configuration>
 					<release>${project.jdk.version}</release>
 					<compilerArgs>
@@ -105,7 +105,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.2.1</version>
+				<version>3.2.3</version>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
@@ -143,7 +143,7 @@
 			</plugin>
 			<plugin>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.6.0</version>
+				<version>3.6.3</version>
 				<executions>
 					<execution>
 						<id>attach-javadocs</id>
@@ -211,17 +211,19 @@
 						<artifactId>dependency-check-maven</artifactId>
 						<version>${dependency-check.version}</version>
 						<configuration>
-							<cveValidForHours>24</cveValidForHours>
+							<nvdValidForHours>24</nvdValidForHours>
 							<failBuildOnCVSS>0</failBuildOnCVSS>
 							<skipTestScope>true</skipTestScope>
 							<detail>true</detail>
 							<suppressionFile>suppression.xml</suppressionFile>
+							<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
 						</configuration>
 						<executions>
 							<execution>
 								<goals>
 									<goal>check</goal>
 								</goals>
+								<phase>validate</phase>
 							</execution>
 						</executions>
 					</plugin>

src/main/java/org/cryptomator/linux/keychain/SecretServiceKeychainAccess.java

@@ -5,7 +5,8 @@
 import org.cryptomator.integrations.common.Priority;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
 import org.cryptomator.integrations.keychain.KeychainAccessProvider;
-import org.freedesktop.dbus.exceptions.DBusExecutionException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.util.List;
@@ -15,6 +16,8 @@
 @OperatingSystem(OperatingSystem.Value.LINUX)
 public class SecretServiceKeychainAccess implements KeychainAccessProvider {
 
+	private static Logger LOG = LoggerFactory.getLogger(SecretServiceKeychainAccess.class);
+
 	private final String LABEL_FOR_SECRET_IN_KEYRING = "Cryptomator";
 
 	@Override
@@ -27,12 +30,8 @@ public boolean isSupported() {
 		try {
 			return SimpleCollection.isAvailable();
 		} catch (ExceptionInInitializerError e) {
-			//TODO: remove try-catch once secret-service lib is fixed
-			if(e.getException() instanceof DBusExecutionException) {
-				return false;
-			} else {
-				throw e;
-			}
+			LOG.warn("Initializing secret service keychain access failed", e.getException());
+			return false;
 		}
 	}
 

src/test/java/org/cryptomator/linux/keychain/KDEWalletKeychainAccessTest.java

@@ -3,6 +3,7 @@
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledIf;
 import org.junit.jupiter.api.condition.EnabledOnOs;
 import org.junit.jupiter.api.condition.OS;
 
@@ -14,6 +15,7 @@
  * Unit tests for KWallet access via DBUS.
  */
 @EnabledOnOs(OS.LINUX)
+@EnabledIf("osEnvironmentSuitable")
 public class KDEWalletKeychainAccessTest {
 
 	private static boolean isInstalled;
@@ -40,4 +42,9 @@ public void testIsSupported() {
 		KDEWalletKeychainAccess keychainAccess = new KDEWalletKeychainAccess();
 		Assertions.assertEquals(isInstalled, keychainAccess.isSupported());
 	}
+
+
+	private static boolean osEnvironmentSuitable() {
+		return System.getenv().containsKey("DISPLAY");
+	}
 }