Remove hard-coded ADR bug number (#202)

* replace hard-coded ADR bug number with dynamic search for omitting ADR patches
* improve performance by eliminating duplicate calls to ARU for PSU and recommended patches
* set PSU version for patches when applying latestPSU/recommendedPatches at the same time as new patches
* restructured ARU classes into their own package
* created ARU patch type to parse ARU patch responses
* secure usage of XML parser to prevent XXE
* replaced EasyMock unit tests

Author: ddsharpe

imagetool/pom.xml

@@ -57,11 +57,6 @@
             <artifactId>annotations</artifactId>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.easymock</groupId>
-            <artifactId>easymock</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>

imagetool/src/main/java/com/oracle/weblogic/imagetool/api/model/CachedFile.java

@@ -10,16 +10,12 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Objects;
-import javax.xml.xpath.XPathExpressionException;
 
 import com.oracle.weblogic.imagetool.cachestore.CacheStore;
 import com.oracle.weblogic.imagetool.installer.InstallerType;
 import com.oracle.weblogic.imagetool.logging.LoggingFacade;
 import com.oracle.weblogic.imagetool.logging.LoggingFactory;
-import com.oracle.weblogic.imagetool.util.HttpUtil;
 import com.oracle.weblogic.imagetool.util.Utils;
-import org.apache.http.client.fluent.Executor;
-import org.apache.http.client.fluent.Request;
 
 /**
  * Base class to represent either an installer or a patch file.
@@ -69,14 +65,10 @@ public String getKey() {
         if (id.contains(CacheStore.CACHE_KEY_SEPARATOR)) {
             return id;
         } else {
-            return buildKeyFromVersion(getVersion());
+            return id + CacheStore.CACHE_KEY_SEPARATOR + getVersion();
         }
     }
 
-    protected String buildKeyFromVersion(String version) {
-        return id + CacheStore.CACHE_KEY_SEPARATOR + version;
-    }
-
     /**
      * Get the version number for this cache entry/file.
      * @return the string version of this cached file.
@@ -91,7 +83,7 @@ public String getVersion() {
      * @return the Path of the file, if found
      * @throws IOException throws FileNotFoundException, if this cached file (key) could not be located in the cache
      */
-    public String resolve(CacheStore cacheStore) throws IOException, XPathExpressionException {
+    public String resolve(CacheStore cacheStore) throws IOException {
         // check entry exists in cache
         String key = getKey();
         logger.entering(key);
@@ -110,7 +102,7 @@ public String resolve(CacheStore cacheStore) throws IOException, XPathExpression
      * @param buildContextDir directory to copy file to
      * @return the path of the file copied to the Docker build context directory
      */
-    public Path copyFile(CacheStore cacheStore, String buildContextDir) throws IOException, XPathExpressionException {
+    public Path copyFile(CacheStore cacheStore, String buildContextDir) throws IOException {
         logger.entering();
         Path result;
         String sourceFile = resolve(cacheStore);
@@ -127,31 +119,4 @@ public Path copyFile(CacheStore cacheStore, String buildContextDir) throws IOExc
         logger.exiting(result);
         return result;
     }
-
-
-    /**
-     * Download a file from the url.
-     *
-     * @param url      url of the aru server
-     * @param fileName full path to save the file
-     * @param username userid for support account
-     * @param password password for support account
-     * @throws IOException when it fails to access the url
-     */
-
-    public void downloadFile(String url, String fileName, String username, String password)
-        throws IOException {
-        logger.entering(url);
-        try {
-            Executor.newInstance(HttpUtil.getOraClient(username, password))
-                .execute(Request.Get(url).connectTimeout(30000).socketTimeout(30000))
-                .saveContent(new File(fileName));
-        } catch (Exception ex) {
-            String message = String.format("Failed to download and save file %s from %s: %s", fileName, url,
-                ex.getLocalizedMessage());
-            logger.severe(message);
-            throw new IOException(message, ex);
-        }
-        logger.exiting(fileName);
-    }
 }

imagetool/src/main/java/com/oracle/weblogic/imagetool/aru/AruException.java

@@ -0,0 +1,18 @@
+// Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+package com.oracle.weblogic.imagetool.aru;
+
+public class AruException extends Exception {
+    public AruException() {
+        super();
+    }
+
+    public AruException(String message) {
+        super(message);
+    }
+
+    public AruException(String message, Throwable thrown) {
+        super(message, thrown);
+    }
+}

imagetool/src/main/java/com/oracle/weblogic/imagetool/util/AruHttpHelper.java renamed to imagetool/src/main/java/com/oracle/weblogic/imagetool/aru/AruHttpHelper.java

@@ -1,16 +1,14 @@
 // Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
-package com.oracle.weblogic.imagetool.util;
+package com.oracle.weblogic.imagetool.aru;
 
 import java.io.IOException;
-import javax.xml.XMLConstants;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.xpath.XPathExpressionException;
 
-import com.oracle.weblogic.imagetool.installer.AruProduct;
+import com.oracle.weblogic.imagetool.util.HttpUtil;
+import com.oracle.weblogic.imagetool.util.XPathUtil;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -171,7 +169,7 @@ AruHttpHelper execValidation(String url, String payload) throws IOException {
     AruHttpHelper validation() throws IOException {
         NodeList conflictSets;
         try {
-            conflictSets = XPathUtil.applyXPathReturnNodeList(results(),
+            conflictSets = XPathUtil.nodelist(results(),
                 "/conflict_check/conflict_sets/set");
         } catch (XPathExpressionException xee) {
             throw new IOException(xee);
@@ -181,7 +179,7 @@ AruHttpHelper validation() throws IOException {
                 success = false;
                 String expression = "/conflict_check/conflict_sets/set/merge_patches";
 
-                NodeList nodeList = XPathUtil.applyXPathReturnNodeList(results(), expression);
+                NodeList nodeList = XPathUtil.nodelist(results(), expression);
 
                 createResultDocument(nodeList);
 
@@ -203,15 +201,7 @@ AruHttpHelper validation() throws IOException {
      */
     AruHttpHelper createResultDocument(NodeList nodeList) throws IOException {
         try {
-            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-
-            // Prevent XXE attacks
-            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-            dbf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            dbf.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-
-            DocumentBuilder builder = dbf.newDocumentBuilder();
-            Document doc = builder.newDocument();
+            Document doc = HttpUtil.documentBuilder().newDocument();
             Element element = doc.createElement("results");
 
             for (int i = 0; i < nodeList.getLength(); i++) {
@@ -242,11 +232,11 @@ private String parsePatchValidationError() {
         Node conflictsResultNode = results();
         if (conflictsResultNode != null) {
             try {
-                NodeList patchSets = XPathUtil.applyXPathReturnNodeList(conflictsResultNode, "//merge_patches");
+                NodeList patchSets = XPathUtil.nodelist(conflictsResultNode, "//merge_patches");
                 stringBuilder.append("patch conflicts detected: ");
                 for (int i = 0; i < patchSets.getLength(); i++) {
                     stringBuilder.append("[");
-                    NodeList bugNumbers = XPathUtil.applyXPathReturnNodeList(patchSets.item(i), "patch/bug/number"
+                    NodeList bugNumbers = XPathUtil.nodelist(patchSets.item(i), "patch/bug/number"
                         + "/text()");
                     for (int j = 0; j < bugNumbers.getLength(); j++) {
                         stringBuilder.append(bugNumbers.item(j).getNodeValue());
@@ -267,10 +257,10 @@ private String parsePatchValidationError() {
     private void searchResult(Document result) throws IOException {
         success = true;
         try {
-            NodeList nodeList = XPathUtil.applyXPathReturnNodeList(result, "/results/error");
+            NodeList nodeList = XPathUtil.nodelist(result, "/results/error");
             if (nodeList.getLength() > 0) {
                 success = false;
-                errorMessage = XPathUtil.applyXPathReturnString(result, "/results/error/message");
+                errorMessage = XPathUtil.string(result, "/results/error/message");
             } else {
                 results = result;
             }