Skip to content

Commit bf831ad

Browse files
coling01coling01
authored
Merge pull request #116 from hmcts/feature/us-owasp-encode
feature: use owasp encoder to sanitize urls
2 parents f670a51 + b9dea59 commit bf831ad

30 files changed

+386
-430
lines changed

Dockerfile

Lines changed: 5 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,17 @@
1-
# ---- Base image (default fallback) ----
2-
ARG BASE_IMAGE
3-
FROM ${BASE_IMAGE:-eclipse-temurin:21}
1+
FROM eclipse-temurin:21
42

5-
# ---- Runtime arguments ----
6-
ARG SERVER_PORT
7-
ARG JAR_FILENAME
8-
ARG JAR_FILE_PATH
9-
ARG CP_BACKEND_URL
10-
ARG CJSCPPUID
11-
12-
ENV JAR_FILENAME=${JAR_FILENAME:-app.jar}
13-
ENV JAR_FILE_PATH=${JAR_FILE_PATH:-build/libs}
14-
ENV JAR_FULL_PATH=$JAR_FILE_PATH/$JAR_FILENAME
15-
16-
ENV CP_BACKEND_URL=$CP_BACKEND_URL
17-
ENV CJSCPPUID=$CJSCPPUID
18-
19-
# ---- Set runtime ENV for Spring Boot to bind port
20-
ENV SERVER_PORT=${SERVER_PORT:-4550}
3+
WORKDIR /app
214

225
# ---- Dependencies ----
236
RUN apt-get update \
247
&& apt-get install -y curl \
258
&& rm -rf /var/lib/apt/lists/*
269

2710
# ---- Application files ----
28-
COPY $JAR_FULL_PATH /opt/app/app.jar
29-
COPY lib/applicationinsights.json /opt/app/
30-
31-
# ---- Permissions ----
32-
RUN chmod 755 /opt/app/app.jar
11+
COPY build/libs/*.jar /app/
12+
COPY lib/applicationinsights.json /app/
3313

3414
# ---- Runtime ----
3515
EXPOSE 4550
3616

37-
CMD ["java", "-jar", "/opt/app/app.jar"]
17+
ENTRYPOINT ["sh","-c","exec java -jar $(ls /app/*.jar | grep -v 'plain' | head -n1)"]

build.gradle

Lines changed: 30 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -1,77 +1,45 @@
11
plugins {
2-
id 'application'
3-
id 'java'
4-
id 'io.spring.dependency-management' version '1.1.7'
5-
id 'org.springframework.boot' version '4.0.0'
6-
id 'jacoco'
7-
id 'maven-publish'
8-
id "com.github.ben-manes.versions" version "0.53.0"
9-
id "org.cyclonedx.bom" version "3.1.0"
2+
id 'application'
3+
id 'java'
4+
id 'org.springframework.boot' version '4.0.0'
5+
id 'io.spring.dependency-management' version '1.1.7'
6+
id 'jacoco'
7+
id 'maven-publish'
8+
id "com.github.ben-manes.versions" version "0.53.0"
9+
id "org.cyclonedx.bom" version "3.1.0"
10+
id 'com.avast.gradle.docker-compose' version '0.17.20'
1011
}
1112

1213
group = 'uk.gov.hmcts.cp'
1314
version = System.getProperty('ARTEFACT_VERSION') ?: '0.0.999'
1415

1516
apply {
16-
from("$rootDir/gradle/dependency.gradle")
17-
from("$rootDir/gradle/buildinfo.gradle")
18-
from("$rootDir/gradle/integration.gradle")
19-
from("$rootDir/gradle/jar.gradle")
20-
from("$rootDir/gradle/java.gradle")
21-
from("$rootDir/gradle/pmd.gradle")
22-
from("$rootDir/gradle/repositories.gradle")
23-
from("$rootDir/gradle/test.gradle")
17+
from("$rootDir/gradle/dependencies/java-core.gradle")
18+
from("$rootDir/gradle/dependencies/spring-core.gradle")
19+
20+
from("$rootDir/gradle/github/repositories.gradle")
21+
from("$rootDir/gradle/github/java.gradle")
22+
from("$rootDir/gradle/github/dependency.gradle")
23+
from("$rootDir/gradle/github/pmd.gradle")
24+
from("$rootDir/gradle/github/test.gradle")
25+
from("$rootDir/gradle/github/jar.gradle")
26+
27+
from("$rootDir/gradle/tasks/apitest.gradle")
2428
}
2529

2630
ext {
27-
apiCaseUrnMapperVersion = "1.0.4"
28-
log4JVersion = "2.24.3"
29-
logbackVersion = "1.5.18"
30-
lombokVersion = "1.18.38"
31+
apiCaseUrnMapperVersion = "1.0.5"
3132
}
32-
cyclonedxBom {
33-
schemaVersion = org.cyclonedx.Version.VERSION_16
34-
componentVersion = project.version.toString()
35-
}
36-
dependencies {
37-
implementation "uk.gov.hmcts.cp:api-cp-caseadmin-case-urn-mapper:$apiCaseUrnMapperVersion"
38-
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:3.0.0'
39-
implementation 'io.swagger.core.v3:swagger-core:2.2.41'
40-
implementation 'javax.xml.bind:jaxb-api:2.3.1'
41-
implementation 'org.springframework.boot:spring-boot-starter-cache'
4233

43-
implementation 'org.springframework.boot:spring-boot-starter-web'
44-
implementation 'org.springframework.boot:spring-boot-starter-actuator'
45-
implementation 'org.springframework.boot:spring-boot-starter-aop:3.5.8'
46-
implementation 'org.springframework.boot:spring-boot-starter-json'
47-
48-
// micrometer
49-
implementation platform('io.micrometer:micrometer-tracing-bom:latest.release')
50-
implementation 'io.micrometer:micrometer-tracing'
51-
implementation 'io.micrometer:micrometer-tracing-bridge-otel'
52-
// Spring Boot 4 will auto-configure OpenTelemetry when management.tracing.enabled=true
53-
implementation 'com.azure:azure-monitor-opentelemetry-autoconfigure:1.4.0'
54-
implementation 'net.logstash.logback:logstash-logback-encoder:9.0'
55-
implementation group: 'io.rest-assured', name: 'rest-assured', version: '6.0.0'
56-
implementation 'org.hibernate.validator:hibernate-validator:9.1.0.Final'
57-
58-
implementation 'org.apache.commons:commons-text:1.15.0'
59-
implementation 'com.fasterxml.jackson.core:jackson-databind:2.20.1'
60-
implementation("org.owasp.encoder:encoder:1.4.0")
61-
compileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
62-
annotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
63-
testCompileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
64-
testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
65-
integrationTestCompileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
66-
integrationTestAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
34+
dependencies {
35+
implementation "uk.gov.hmcts.cp:api-cp-caseadmin-case-urn-mapper:$apiCaseUrnMapperVersion"
36+
implementation "io.swagger.core.v3:swagger-annotations:2.2.41"
6737

68-
testImplementation(platform('org.junit:junit-bom:6.0.1'))
69-
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
70-
testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', version: '4.0.0', {
71-
exclude group: 'junit', module: 'junit'
72-
exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
73-
}
74-
testImplementation group: 'org.springframework.boot', name: 'spring-boot-test-autoconfigure', version: '4.0.0'
75-
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
38+
implementation 'org.springframework.boot:spring-boot-starter-actuator'
39+
implementation 'org.hibernate.validator:hibernate-validator'
40+
implementation 'org.springframework.boot:spring-boot-starter-opentelemetry'
41+
implementation 'io.jsonwebtoken:jjwt:0.13.0'
42+
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
7643

44+
implementation 'org.springframework.boot:spring-boot-starter-cache'
7745
}

docker-compose.yml

Lines changed: 2 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,6 @@
1-
version: '3.8'
2-
31
services:
4-
service-cp-caseadmin-case-urn-mapper:
5-
env_file:
6-
- .env
2+
app:
73
build:
8-
context: .
94
dockerfile: Dockerfile
10-
args:
11-
http_proxy: ${http_proxy}
12-
https_proxy: ${https_proxy}
13-
no_proxy: ${no_proxy}
14-
BASE_IMAGE: ${BASE_IMAGE}
15-
SERVER_PORT: ${SERVER_PORT}
16-
JAR_FILENAME: ${JAR_FILENAME}
17-
JAR_FILE_PATH: ${JAR_FILE_PATH}
18-
CP_BACKEND_URL: ${CP_BACKEND_URL}
19-
CJSCPPUID: ${CJSCPPUID}
20-
environment:
21-
- SERVER_PORT=${SERVER_PORT:-4550}
225
ports:
23-
- "${SERVER_PORT:-4550}:${SERVER_PORT:-4550}"
24-
networks:
25-
- service-network
26-
healthcheck:
27-
test: [ "CMD", "curl", "-f", "http://localhost:${SERVER_PORT}/health" ]
28-
interval: 30s
29-
timeout: 10s
30-
retries: 3
31-
start_period: 5s
32-
33-
networks:
34-
service-network:
35-
name: service-cp-caseadmin-case-urn-mapper-network
6+
- "4550:4550"

gradle/buildinfo.gradle

Lines changed: 0 additions & 8 deletions
This file was deleted.

gradle/dependencies/java-core.gradle

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
ext {
2+
log4JVersion = "2.24.3"
3+
logbackVersion = "1.5.18"
4+
lombokVersion = "1.18.38"
5+
mapstructVersion = "1.5.5.Final"
6+
}
7+
8+
dependencies {
9+
implementation 'net.logstash.logback:logstash-logback-encoder:8.1'
10+
implementation 'org.apache.logging.log4j:log4j-to-slf4j'
11+
implementation 'ch.qos.logback:logback-classic'
12+
implementation 'ch.qos.logback:logback-core'
13+
implementation "org.owasp.encoder:encoder:1.2.3"
14+
15+
compileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
16+
annotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
17+
testCompileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
18+
testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
19+
20+
implementation "org.mapstruct:mapstruct:$mapstructVersion"
21+
annotationProcessor "org.mapstruct:mapstruct-processor:$mapstructVersion"
22+
}

gradle/dependencies/spring-core.gradle

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
dependencies {
2+
implementation "org.springframework.boot:spring-boot-starter-web"
3+
implementation "org.springframework.boot:spring-boot-starter-aspectj"
4+
implementation "org.springframework.boot:spring-boot-starter-actuator"
5+
implementation "org.springframework.boot:spring-boot-starter-validation"
6+
7+
testImplementation "org.springframework.boot:spring-boot-starter-webmvc-test"
8+
testImplementation "org.springframework.boot:spring-boot-starter-test"
9+
}

gradle/dependency.gradle

Lines changed: 0 additions & 10 deletions
This file was deleted.

gradle/github/dependency.gradle

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
// check dependencies upon release ONLY
2+
tasks.named("dependencyUpdates").configure {
3+
def isNonStable = { String version ->
4+
def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { qualifier -> version.toUpperCase().contains(qualifier) }
5+
def regex = /^[0-9,.v-]+$/
6+
return !stableKeyword && !(version ==~ regex)
7+
}
8+
rejectVersionIf {
9+
isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
10+
}
11+
}

gradle/github/jar.gradle

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
jar {
2+
enabled = true
3+
archiveClassifier.set('plain')
4+
manifest {
5+
attributes(
6+
'Implementation-Title': project.name,
7+
'Implementation-Version': project.version.toString()
8+
)
9+
}
10+
if (file("CHANGELOG.md").exists()) {
11+
from('CHANGELOG.md') {
12+
into 'META-INF'
13+
}
14+
} else {
15+
println "⚠️ CHANGELOG.md not found, skipping inclusion in JAR"
16+
}
17+
}
18+
19+
bootJar {
20+
archiveFileName = "${rootProject.name}-${project.version}.jar"
21+
22+
manifest {
23+
attributes('Implementation-Version': project.version.toString())
24+
}
25+
}
26+
27+
tasks.named('composeBuild') {
28+
dependsOn tasks.named('bootJar')
29+
}
30+
31+
tasks.withType(AbstractArchiveTask).configureEach {
32+
preserveFileTimestamps = false
33+
reproducibleFileOrder = true
34+
}

gradle/github/java.gradle

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
java {
2+
sourceCompatibility = JavaVersion.VERSION_21
3+
targetCompatibility = JavaVersion.VERSION_21
4+
}
5+
tasks.withType(JavaCompile).configureEach {
6+
options.compilerArgs << "-Xlint:unchecked" << "-Werror"
7+
}
8+
9+
// https://github.com/gradle/gradle/issues/16791
10+
tasks.withType(JavaExec).configureEach {
11+
javaLauncher.set(javaToolchains.launcherFor(java.toolchain))
12+
}

0 commit comments

Comments
 (0)