diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml index 6cde258..e32b928 100644 --- a/.github/workflows/sca-scan.yml +++ b/.github/workflows/sca-scan.yml @@ -7,9 +7,26 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + + - name: Setup local.properties + run: | + cat << EOF >> local.properties + sdk.dir=$ANDROID_HOME + EOF + + - name: Grant execute permission for gradlew + run: chmod +x gradlew + - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/gradle@master + uses: snyk/actions/setup@master + + - name: Snyk test + run: snyk test --all-sub-projects --fail-on=all env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --fail-on=all --all-sub-projects \ No newline at end of file + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f8dc825 --- /dev/null +++ b/LICENSE @@ -0,0 +1,18 @@ +The MIT License (MIT) +Copyright © 2012-2026 Contentstack. All Rights Reserved + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and +associated documentation files (the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, publish, distribute, +sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial +portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT +NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES +OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b38466e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,31 @@ +## Security + +Contentstack takes the security of our software products and services seriously, which includes all +source code repositories managed through our GitHub organizations. + +If you believe you have found a security vulnerability in any Contentstack-owned repository, please +report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Send email to [security@contentstack.com](mailto:security@contentstack.com). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via +email to ensure we received your original message. + +Please include the requested information listed below (as much as you can provide) to help us better +understand the nature and scope of the possible issue: + +* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +* Full paths of source file(s) related to the manifestation of the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +[https://www.contentstack.com/trust/](https://www.contentstack.com/trust/) \ No newline at end of file diff --git a/app/build.gradle b/app/build.gradle index d777469..8a53ccc 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -2,24 +2,32 @@ apply plugin: 'com.android.application' apply plugin: 'com.apollographql.apollo' android { + namespace 'com.contentstack.graphql' + def localProperties = new Properties() - localProperties.load(new FileInputStream(rootProject.file("local.properties"))) - compileSdkVersion 30 + def localPropertiesFile = rootProject.file("local.properties") + if (localPropertiesFile.exists()) { + localProperties.load(new FileInputStream(localPropertiesFile)) + } + + compileSdk 34 defaultConfig { applicationId "com.contentstack.graphql" - minSdkVersion 21 - targetSdkVersion 30 + minSdk 21 + targetSdk 34 versionCode 1 versionName "1.0" testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" + + // BuildConfig fields with fallback values + buildConfigField "String", "APIKey", "\"${localProperties.getProperty('APIKey', '')}\"" + buildConfigField "String", "deliveryToken", "\"${localProperties.getProperty('deliveryToken', '')}\"" + buildConfigField "String", "environment", "\"${localProperties.getProperty('environment', '')}\"" + buildConfigField "String", "GRAPHQL_URL", "\"https://graphql.contentstack.com/stacks/api_key?access_token=deliveryToken&environment=env\"" + buildConfigField "String", "DEV_GQL_URL", "\"https://dev8-origin-graphql.contentstack.com/stacks/api_key/explore?access_token=delivery_token&environment=env\"" } buildTypes { debug { - buildConfigField "String", "APIKey", localProperties['APIKey'] - buildConfigField "String", "deliveryToken", localProperties['deliveryToken'] - buildConfigField "String", "environment", localProperties['environment'] - buildConfigField "String", "GRAPHQL_URL", "\"https://graphql.contentstack.com/stacks/api_key?access_token=deliveryToken&environment=env\"" - buildConfigField "String", "DEV_GQL_URL", "\"https://dev8-origin-graphql.contentstack.com/stacks/api_key/explore?access_token=delivery_token&environment=env\"" } release { minifyEnabled false @@ -27,14 +35,23 @@ android { } } - - buildFeatures{ + buildFeatures { dataBinding = true + buildConfig = true } compileOptions { - sourceCompatibility = '1.8' - targetCompatibility = '1.8' + sourceCompatibility JavaVersion.VERSION_17 + targetCompatibility JavaVersion.VERSION_17 + } +} + +configurations.all { + resolutionStrategy { + force 'com.squareup.okhttp3:okhttp:4.12.0' + force 'org.jetbrains.kotlin:kotlin-stdlib:2.1.0' + force 'com.google.guava:guava:32.1.3-jre' + force 'commons-io:commons-io:2.15.1' } } @@ -43,9 +60,9 @@ dependencies { implementation 'androidx.appcompat:appcompat:1.3.0-alpha01' implementation 'androidx.constraintlayout:constraintlayout:1.1.3' implementation 'androidx.swiperefreshlayout:swiperefreshlayout:1.0.0' - testImplementation 'junit:junit:4.13' - androidTestImplementation 'androidx.test:runner:1.2.0' - androidTestImplementation 'androidx.test.espresso:espresso-core:3.2.0' + testImplementation 'junit:junit:4.13.2' + androidTestImplementation 'androidx.test:runner:1.5.2' + androidTestImplementation 'androidx.test.espresso:espresso-core:3.5.1' implementation 'androidx.recyclerview:recyclerview:1.1.0' implementation 'com.github.bumptech.glide:glide:4.11.0' annotationProcessor 'com.github.bumptech.glide:compiler:4.7.1' @@ -53,5 +70,5 @@ dependencies { implementation 'androidx.cardview:cardview:1.0.0' implementation 'com.google.android.material:material:1.1.0' implementation 'org.jetbrains:annotations:16.0.1' - implementation 'com.apollographql.apollo:apollo-runtime:2.2.2' + implementation 'com.apollographql.apollo:apollo-runtime:2.5.14' } diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml index 19fc44c..de3c1e4 100644 --- a/app/src/main/AndroidManifest.xml +++ b/app/src/main/AndroidManifest.xml @@ -1,7 +1,6 @@ + xmlns:tools="http://schemas.android.com/tools"> @@ -13,8 +12,10 @@ android:supportsRtl="true" android:theme="@style/AppTheme" tools:ignore="GoogleAppIndexingWarning"> - - + + diff --git a/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java b/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java index fccd7dd..8ee2bc6 100644 --- a/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java +++ b/app/src/main/java/com/contentstack/graphql/product/view/ProductActivity.java @@ -104,24 +104,25 @@ private void getProducts(int skipCount, int limit) { @RequiresApi(api = Build.VERSION_CODES.N) @Override public void onResponse(@NotNull Response response) { - assert response.data() != null; - response.data().all_product().items().forEach(item -> { - Log.i("Title", item.title()); - Log.i("Price", item.price().toString()); - Log.i("description", item.description()); - Log.e("image", item.featured_imageConnection().edges().get(0).node().url()); - }); - ProductActivity.this.runOnUiThread(() -> { - binding.tvError.setVisibility(View.GONE); - binding.refreshContainer.setRefreshing(false); - - if (response.data().all_product().items().size() > 0) { - Log.i(TAG, response.data().all_product().items().toString()); - adapter.addAll(response.data().all_product().items()); - binding.recyclerView.setAdapter(adapter); - adapter.notifyDataSetChanged(); - } - }); + if (response.data() != null) { + response.data().all_product().items().forEach(item -> { + Log.i("Title", item.title()); + Log.i("Price", item.price().toString()); + Log.i("description", item.description()); + Log.e("image", item.featured_imageConnection().edges().get(0).node().url()); + }); + ProductActivity.this.runOnUiThread(() -> { + binding.tvError.setVisibility(View.GONE); + binding.refreshContainer.setRefreshing(false); + + if (response.data().all_product().items().size() > 0) { + Log.i(TAG, response.data().all_product().items().toString()); + adapter.addAll(response.data().all_product().items()); + binding.recyclerView.setAdapter(adapter); + adapter.notifyDataSetChanged(); + } + }); + } } @Override diff --git a/build.gradle b/build.gradle index 9f8bd10..b0a6c7b 100644 --- a/build.gradle +++ b/build.gradle @@ -3,19 +3,18 @@ buildscript { repositories { google() - jcenter() - + mavenCentral() } dependencies { - classpath 'com.android.tools.build:gradle:4.1.1' - classpath 'com.apollographql.apollo:apollo-gradle-plugin:2.2.2' + classpath 'com.android.tools.build:gradle:8.2.2' + classpath 'com.apollographql.apollo:apollo-gradle-plugin:2.5.14' } } allprojects { repositories { google() - jcenter() + mavenCentral() } } diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 5998bc3..6cb8454 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,5 @@ -#Mon Jul 13 14:43:07 IST 2020 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.5.1-all.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-all.zip