Skip to content

Commit

Permalink
Update dependencies to address CVE-2024-7254 (#353)
Browse files Browse the repository at this point in the history
Also the following dependency changes:

- Remove obsolete JUnit 4.
- Replace com.github.stefanbirkner:system-rules with
  uk.org.webcompere:system-stubs-jupiter since the former appears not to
  work correctly with JUnit 5.
- Update versions following v2.5.3 release.

Signed-off-by: Mark S. Lewis <[email protected]>
  • Loading branch information
bestbeforetoday authored Sep 23, 2024
1 parent a645338 commit 086f6b5
Show file tree
Hide file tree
Showing 55 changed files with 567 additions and 692 deletions.
30 changes: 15 additions & 15 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,11 @@
* SPDX-License-Identifier: Apache-2.0
*/

apply plugin: 'idea'
apply plugin: 'eclipse-wtp'
version = '2.5.3'
plugins {
id "com.github.ben-manes.versions" version "0.51.0"
}

version = '2.5.4'


// If the nightly property is set, then this is the scheduled main
Expand Down Expand Up @@ -46,18 +48,16 @@ subprojects {
}

dependencies {
implementation 'commons-cli:commons-cli:1.6.0'
implementation 'commons-logging:commons-logging:1.2'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.3.1'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.3.1'

testImplementation 'org.hamcrest:hamcrest-library:1.3'
testImplementation 'org.mockito:mockito-core:2.23.0'
testImplementation 'com.github.stefanbirkner:system-rules:system-rules-1.17.0'

testCompileOnly 'junit:junit:4.13.2'
testRuntimeOnly 'org.junit.vintage:junit-vintage-engine:5.10.2'
testImplementation 'org.assertj:assertj-core:3.9.1'
implementation 'commons-cli:commons-cli:1.9.0'
implementation 'commons-logging:commons-logging:1.3.4'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.0'
testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.11.0'

testImplementation 'org.hamcrest:hamcrest-library:3.0'
testImplementation 'org.mockito:mockito-core:5.13.0'
testImplementation 'uk.org.webcompere:system-stubs-jupiter:2.1.6'

testImplementation 'org.assertj:assertj-core:3.26.3'
}

test {
Expand Down
8 changes: 4 additions & 4 deletions examples/fabric-contract-example-as-service/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ repositories {

dependencies {
compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2'
compile 'org.json:json:20231013'
testImplementation 'org.junit.jupiter:junit-jupiter:5.4.2'
testImplementation 'org.assertj:assertj-core:3.11.1'
testImplementation 'org.mockito:mockito-core:2.+'
compile 'org.json:json:20240303'
testImplementation 'org.junit.jupiter:junit-jupiter:5.11.0'
testImplementation 'org.assertj:assertj-core:3.26.3'
testImplementation 'org.mockito:mockito-core:5.13.0'
}

shadowJar {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ version = "0.0.1"

dependencies {
implementation("org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2")
implementation("org.json:json:20231013")
implementation("org.json:json:20240303")
implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")

testImplementation("org.junit.jupiter:junit-jupiter:5.4.2")
testImplementation("org.junit.jupiter:junit-jupiter:5.11.0")
testImplementation("com.nhaarman.mockitokotlin2:mockito-kotlin:2.1.0")
}

Expand Down
8 changes: 4 additions & 4 deletions examples/fabric-contract-example-gradle/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ repositories {

dependencies {
compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2'
compile 'org.json:json:20231013'
testImplementation 'org.junit.jupiter:junit-jupiter:5.4.2'
testImplementation 'org.assertj:assertj-core:3.11.1'
testImplementation 'org.mockito:mockito-core:2.+'
compile 'org.json:json:20240303'
testImplementation 'org.junit.jupiter:junit-jupiter:5.11.0'
testImplementation 'org.assertj:assertj-core:3.26.3'
testImplementation 'org.mockito:mockito-core:5.13.0'
}

shadowJar {
Expand Down
8 changes: 4 additions & 4 deletions examples/ledger-api/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ repositories {

dependencies {
compile 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.2'
compile 'org.json:json:20231013'
testImplementation 'org.junit.jupiter:junit-jupiter:5.4.2'
testImplementation 'org.assertj:assertj-core:3.11.1'
testImplementation 'org.mockito:mockito-core:2.+'
compile 'org.json:json:20240303'
testImplementation 'org.junit.jupiter:junit-jupiter:5.11.0'
testImplementation 'org.assertj:assertj-core:3.26.3'
testImplementation 'org.mockito:mockito-core:5.13.0'
}

shadowJar {
Expand Down
5 changes: 3 additions & 2 deletions fabric-chaincode-docker/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@ buildscript {
maven { url "https://oss.sonatype.org/content/repositories/snapshots" }
maven { url "https://www.jitpack.io" }
mavenCentral()
gradlePluginPortal()
}
dependencies {
classpath 'com.bmuschko:gradle-docker-plugin:5.1.0'
classpath 'com.bmuschko:gradle-docker-plugin:9.4.0'
}
}

Expand Down Expand Up @@ -64,6 +65,6 @@ task copyAllDeps(type: Copy) {
task buildImage(type: DockerBuildImage) {
dependsOn copyAllDeps
inputDir = project.file('Dockerfile').parentFile
tags = ['hyperledger/fabric-javaenv', 'hyperledger/fabric-javaenv:2.5', 'hyperledger/fabric-javaenv:amd64-2.5.3', 'hyperledger/fabric-javaenv:amd64-latest']
images = ['hyperledger/fabric-javaenv', 'hyperledger/fabric-javaenv:2.5', 'hyperledger/fabric-javaenv:amd64-2.5.4', 'hyperledger/fabric-javaenv:amd64-latest']
}

2 changes: 1 addition & 1 deletion fabric-chaincode-integration-test/build.gradle
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
dependencies {
implementation project(':fabric-chaincode-docker')
implementation project(':fabric-chaincode-shim')
implementation 'org.json:json:20231013'
implementation 'org.json:json:20240303'
}


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ repositories {
}

dependencies {
implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.3'
implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.4'
implementation 'org.hyperledger.fabric:fabric-protos:0.3.3'
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<!-- fabric-chaincode-java -->
<fabric-chaincode-java.version>2.5.3</fabric-chaincode-java.version>
<fabric-chaincode-java.version>2.5.4</fabric-chaincode-java.version>

</properties>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ repositories {
}

dependencies {
implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.3'
implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.4'
implementation 'org.hyperledger.fabric:fabric-protos:0.3.3'
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ repositories {
}

dependencies {
implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.3'
implementation 'org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim:2.5.4'
implementation 'org.hyperledger.fabric:fabric-protos:0.3.3'
implementation 'commons-logging:commons-logging:1.2'
implementation 'com.google.code.gson:gson:2.10.1'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<!-- fabric-chaincode-java -->
<fabric-chaincode-java.version>2.5.3</fabric-chaincode-java.version>
<fabric-chaincode-java.version>2.5.4</fabric-chaincode-java.version>

</properties>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,22 @@
SPDX-License-Identifier: Apache-2.0
*/
package org.hyperleder.fabric.shim.integration.contractinstall;

import static org.hamcrest.core.StringContains.containsString;
import static org.junit.Assert.assertThat;
import static org.hamcrest.MatcherAssert.assertThat;

import org.hyperleder.fabric.shim.integration.util.FabricState;
import org.hyperleder.fabric.shim.integration.util.InvokeHelper;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/**
* Basic Java Chaincode Test
*
*/
public class ContractInstallTest {

@BeforeClass
@BeforeAll
public static void setUp() throws Exception {
FabricState.getState().start();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,20 @@
*/
package org.hyperleder.fabric.shim.integration.ledgertests;
import static org.hamcrest.core.StringContains.containsString;
import static org.junit.Assert.assertThat;
import static org.hamcrest.MatcherAssert.assertThat;

import org.hyperleder.fabric.shim.integration.util.FabricState;
import org.hyperleder.fabric.shim.integration.util.InvokeHelper;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/**
* Basic Java Chaincode Test
*
*/
public class LedgerIntegrationTest {

@BeforeClass
@BeforeAll
public static void setUp() throws Exception {


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,20 @@
*/
package org.hyperleder.fabric.shim.integration.shimtests;
import static org.hamcrest.core.StringContains.containsString;
import static org.junit.Assert.assertThat;
import static org.hamcrest.MatcherAssert.assertThat;

import org.hyperleder.fabric.shim.integration.util.FabricState;
import org.hyperleder.fabric.shim.integration.util.InvokeHelper;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/**
* Basic Java Chaincode Test
*
*/
public class SACCIntegrationTest {

@BeforeClass
@BeforeAll
public static void setUp() throws Exception {
FabricState.getState().start();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,16 @@

import static org.hamcrest.core.StringContains.containsString;
import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertThat;
import static org.hamcrest.MatcherAssert.assertThat;

import org.hyperleder.fabric.shim.integration.util.FabricState;
import org.hyperleder.fabric.shim.integration.util.InvokeHelper;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

public class SBECCIntegrationTest {

@BeforeClass
@BeforeAll
public static void setUp() throws Exception {
FabricState.getState().start();

Expand Down
32 changes: 11 additions & 21 deletions fabric-chaincode-shim/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,16 @@
*
* SPDX-License-Identifier: Apache-2.0
*/
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'org.owasp:dependency-check-gradle:8.4.0'
}
}

plugins {
id 'maven-publish'
id 'jacoco'
id 'signing'
id 'checkstyle'
id 'org.cyclonedx.bom' version '1.8.1'
}

checkstyle {
toolVersion '10.12.5'
toolVersion '10.18.1'
configFile file("../ci/checkstyle/checkstyle.xml")
configProperties = [root_dir: file("..") ]
}
Expand Down Expand Up @@ -54,34 +45,33 @@ tasks.withType(org.gradle.api.tasks.testing.Test) {
}

dependencies {
implementation platform('com.google.protobuf:protobuf-bom:3.25.5')
implementation platform('io.grpc:grpc-bom:1.68.0')
implementation platform('io.opentelemetry:opentelemetry-bom:1.42.1')

implementation 'org.hyperledger.fabric:fabric-protos:0.3.3'
implementation 'org.bouncycastle:bcpkix-jdk18on:1.78.1'
implementation 'org.bouncycastle:bcprov-jdk18on:1.78.1'
implementation 'io.github.classgraph:classgraph:4.8.165'
implementation 'io.github.classgraph:classgraph:4.8.176'
implementation 'com.github.everit-org.json-schema:org.everit.json.schema:1.14.4'
implementation 'org.json:json:20240303'
implementation 'com.google.protobuf:protobuf-java-util:3.24.4'
implementation 'com.google.protobuf:protobuf-java-util'

// Required if using Java 11+ as no longer bundled in the core libraries
testImplementation 'javax.xml.bind:jaxb-api:2.3.1'

implementation platform('io.grpc:grpc-bom:1.60.0')
implementation 'io.grpc:grpc-netty-shaded'
implementation 'io.grpc:grpc-protobuf'
implementation 'io.grpc:grpc-stub'

testImplementation 'io.grpc:grpc-inprocess'

implementation platform("io.opentelemetry:opentelemetry-bom:1.32.0")
// Required if using Java 11+ as no longer bundled in the core libraries
testImplementation 'javax.xml.bind:jaxb-api:2.3.1'

implementation 'io.opentelemetry:opentelemetry-api'
implementation 'io.opentelemetry.proto:opentelemetry-proto:1.0.0-alpha'
implementation 'io.opentelemetry.proto:opentelemetry-proto:1.3.2-alpha'
implementation 'io.opentelemetry:opentelemetry-sdk'
implementation 'io.opentelemetry:opentelemetry-sdk-extension-autoconfigure'
implementation 'io.opentelemetry:opentelemetry-sdk-trace'
implementation 'io.opentelemetry:opentelemetry-exporter-otlp'
implementation 'io.opentelemetry:opentelemetry-extension-trace-propagators'
implementation 'io.opentelemetry.instrumentation:opentelemetry-grpc-1.6:1.32.0-alpha'
implementation 'io.opentelemetry.instrumentation:opentelemetry-grpc-1.6:2.8.0-alpha'
}

sourceSets {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,31 +4,25 @@
* SPDX-License-Identifier: Apache-2.0
*/

import static org.hamcrest.Matchers.is;
import static org.hyperledger.fabric.protos.peer.ChaincodeMessage.Type.READY;
import static org.hyperledger.fabric.protos.peer.ChaincodeMessage.Type.REGISTER;
import static org.junit.Assert.assertThat;
import org.hyperledger.fabric.shim.ChaincodeBase;
import org.hyperledger.fabric.shim.mock.peer.ChaincodeMockPeer;
import org.hyperledger.fabric.shim.mock.peer.RegisterStep;
import org.hyperledger.fabric.shim.mock.peer.ScenarioStep;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;

import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;

import org.hyperledger.fabric.shim.ChaincodeBase;
import org.hyperledger.fabric.shim.mock.peer.ChaincodeMockPeer;
import org.hyperledger.fabric.shim.mock.peer.RegisterStep;
import org.hyperledger.fabric.shim.mock.peer.ScenarioStep;
import org.junit.After;
import org.junit.Rule;
import org.junit.Test;
import org.junit.contrib.java.lang.system.EnvironmentVariables;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hyperledger.fabric.protos.peer.ChaincodeMessage.Type.READY;
import static org.hyperledger.fabric.protos.peer.ChaincodeMessage.Type.REGISTER;

public final class ChaincodeWithoutPackageTest {
@Rule
public final EnvironmentVariables environmentVariables = new EnvironmentVariables();

private ChaincodeMockPeer server;

@After
@AfterEach
public void afterTest() throws Exception {
if (server != null) {
server.stop();
Expand All @@ -49,8 +43,8 @@ public void testRegisterChaincodeWithoutPackage() throws Exception {

ChaincodeMockPeer.checkScenarioStepEnded(server, 1, 5000, TimeUnit.MILLISECONDS);

assertThat(server.getLastMessageSend().getType(), is(READY));
assertThat(server.getLastMessageRcvd().getType(), is(REGISTER));
assertThat(server.getLastMessageSend().getType()).isEqualTo(READY);
assertThat(server.getLastMessageRcvd().getType()).isEqualTo(REGISTER);
}

}
Loading

0 comments on commit 086f6b5

Please sign in to comment.