Merge pull request #226 from hmcts/CCD-4454-CVE-2022-1471-Fix

CCD-4454 : CVE-2022-1471 Fix
hmcts · Nov 9, 2023 · 78e70eb · 78e70eb
2 parents 9d83628 + 650426f
commit 78e70eb
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 19 deletions.
diff --git a/build.gradle b/build.gradle
@@ -2,7 +2,7 @@ plugins {
   id 'application'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.0.10.RELEASE'
-  id 'org.springframework.boot' version '2.4.4'
+  id 'org.springframework.boot' version '2.7.10'
   id 'com.github.ben-manes.versions' version '0.20.0'
   id 'org.sonarqube' version '4.4.0.3356'
   id 'uk.gov.hmcts.java' version '0.12.40'
@@ -147,14 +147,14 @@ ext['spring-framework.version'] = '5.3.27'
 ext['spring-security.version'] = '5.7.8'
 ext['log4j2.version'] = '2.17.1'
 ext['jackson.version'] = '2.14.1'
-ext['snakeyaml.version'] = '1.32'
+ext['snakeyaml.version'] = '2.0'
 
 // it is important to specify logback classic and core packages explicitly as libraries like spring boot
 // enforces it's own (older) version which is not recommended.
 def versions = [
   junit           : '5.3.2',
   reformLogging   : '6.0.1',
-  springBoot      : springBoot.class.package.implementationVersion,
+  springBoot      : '3.0',
   springfoxSwagger: '3.0.0',
 ]
 
@@ -281,7 +281,7 @@ bootJar {
 
 dependencyManagement {
   imports {
-    mavenBom "org.springframework.cloud:spring-cloud-dependencies:2020.0.1"
+    mavenBom "org.springframework.cloud:spring-cloud-dependencies:2021.0.1"
   }
 }
 

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
@@ -2,7 +2,6 @@
   <suppress>
     <notes>Temporary Suppression
         CVE-2022-45688 refer https://tools.hmcts.net/jira/browse/CCD-4373
-        CVE-2022-1471 refer https://tools.hmcts.net/jira/browse/CCD-4454
         CVE-2023-26048 refer [Ticket]
         CVE-2023-26049 refer [Ticket]
         CVE-2023-20873 refer [Ticket]
@@ -23,10 +22,9 @@
         CVE-2023-45648 refer [Ticket]
         CVE-2023-44487 refer [Ticket]
         CVE-2023-5072 refer [Ticket]
-
-        CVE-2023-36478 refer [Ticket]</notes>
+        CVE-2023-36478 refer [Ticket]
+    </notes>
     <cve>CVE-2022-45688</cve>
-    <cve>CVE-2022-1471</cve>
     <cve>CVE-2023-26048</cve>
     <cve>CVE-2023-26049</cve>
     <cve>CVE-2023-20873</cve>
@@ -48,4 +46,4 @@
     <cve>CVE-2023-5072</cve>
     <cve>CVE-2023-36478</cve>
   </suppress>
-</suppressions>
+</suppressions>
diff --git a/...va/uk/gov/hmcts/reform/ccd/test/stubs/service/controllers/StubResponseControllerTest.java b/...va/uk/gov/hmcts/reform/ccd/test/stubs/service/controllers/StubResponseControllerTest.java
@@ -7,7 +7,6 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
-import org.mockito.Matchers;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
@@ -26,6 +25,7 @@
 import static org.hamcrest.Matchers.is;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -57,7 +57,7 @@ void setUp() {
     void shouldReturnStatusOK_ForwardGetRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
         HttpResponse mockResponse = mock(HttpResponse.class);
-        Mockito.doReturn(mockResponse).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doReturn(mockResponse).when(mockHttpClient).send(any(), any());
         when(mockResponse.body()).thenReturn("MOCK BODY");
         when(mockResponse.statusCode()).thenReturn(200);
 
@@ -75,7 +75,7 @@ void shouldReturnStatusOK_ForwardGetRequestsWhenQueryParametersPresent()
         when(mockRequest.getParameterMap()).thenReturn(Map.of("id", value));
 
         HttpResponse mockResponse = mock(HttpResponse.class);
-        Mockito.doReturn(mockResponse).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doReturn(mockResponse).when(mockHttpClient).send(any(), any());
         when(mockResponse.body()).thenReturn("MOCK BODY");
         when(mockResponse.statusCode()).thenReturn(200);
 
@@ -91,7 +91,7 @@ void shouldReturnStatusOK_ForwardGetRequestsWhenQueryParametersPresent()
     @DisplayName("Test for forwardGetRequests() exception thrown")
     void shouldThrowException_ForwardGetRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
-        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(any(), any());
 
         ResponseEntity<Object> responseEntityReturned = stubResponseController.forwardGetRequests(mockRequest);
         assertNotNull(responseEntityReturned);
@@ -106,7 +106,7 @@ void shouldThrowException_ForwardGetRequests() throws IOException, InterruptedEx
     void shouldReturnStatusOK_ForwardPostRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
         HttpResponse mockResponse = mock(HttpResponse.class);
-        Mockito.doReturn(mockResponse).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doReturn(mockResponse).when(mockHttpClient).send(any(), any());
         when(mockResponse.body()).thenReturn("MOCK BODY");
         when(mockResponse.statusCode()).thenReturn(200);
 
@@ -122,7 +122,7 @@ void shouldReturnStatusOK_ForwardPostRequests() throws IOException, InterruptedE
     @DisplayName("Test for forwardPostRequests() exception thrown")
     void shouldThrowException_ForwardPostRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
-        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(any(), any());
 
         ResponseEntity<Object> responseEntityReturned = stubResponseController.forwardPostRequests(mockRequest);
         assertNotNull(responseEntityReturned);
@@ -137,7 +137,7 @@ void shouldThrowException_ForwardPostRequests() throws IOException, InterruptedE
     void shouldReturnStatusOK_ForwardPutRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
         HttpResponse mockResponse = mock(HttpResponse.class);
-        Mockito.doReturn(mockResponse).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doReturn(mockResponse).when(mockHttpClient).send(any(), any());
         when(mockResponse.body()).thenReturn("MOCK BODY");
         when(mockResponse.statusCode()).thenReturn(200);
 
@@ -153,7 +153,7 @@ void shouldReturnStatusOK_ForwardPutRequests() throws IOException, InterruptedEx
     @DisplayName("Test for forwardPutRequests() exception thrown")
     void shouldThrowException_ForwardPutRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
-        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(any(), any());
 
         ResponseEntity<Object> responseEntityReturned = stubResponseController.forwardPutRequests(mockRequest);
         assertNotNull(responseEntityReturned);
@@ -168,7 +168,7 @@ void shouldThrowException_ForwardPutRequests() throws IOException, InterruptedEx
     void shouldReturnStatusOK_ForwardDeleteRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
         HttpResponse mockResponse = mock(HttpResponse.class);
-        Mockito.doReturn(mockResponse).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doReturn(mockResponse).when(mockHttpClient).send(any(), any());
         when(mockResponse.body()).thenReturn("MOCK BODY");
         when(mockResponse.statusCode()).thenReturn(200);
 
@@ -184,7 +184,7 @@ void shouldReturnStatusOK_ForwardDeleteRequests() throws IOException, Interrupte
     @DisplayName("Test for forwardDeleteRequests() exception thrown")
     void shouldThrowException_ForwardDeleteRequests() throws IOException, InterruptedException {
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
-        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(Matchers.any(), Matchers.any());
+        Mockito.doThrow(new IOException("")).when(mockHttpClient).send(any(), any());
 
         ResponseEntity<Object> responseEntityReturned = stubResponseController.forwardDeleteRequests(mockRequest);
         assertNotNull(responseEntityReturned);