Merge pull request #155 from delphi-hub/vulnerability_fix

Vulnerability fix

Author: bhermann

app/module/Module.scala

@@ -18,7 +18,7 @@
 
 package module
 
-import com.google.inject.{AbstractModule}
+import com.google.inject.AbstractModule
 import com.typesafe.config.Config
 import controllers.{MyExecutionContext, MyExecutionContextImpl}
 import net.codingwell.scalaguice.ScalaModule
@@ -55,9 +55,10 @@ class Module extends AbstractModule with ScalaModule {
 
   /**
     * Bind types for injection
+    *
     * @return
     */
-  def configure() {
+  override def configure() {
     bind(classOf[MyExecutionContext]).to(classOf[MyExecutionContextImpl])
   }
 }

build.sbt

@@ -11,28 +11,28 @@ version := "1.0.0"
 scalaVersion := "2.12.4"
 
 lazy val management = (project in file(".")).enablePlugins(SbtWeb).enablePlugins(PlayScala)
-                                      .enablePlugins(BuildInfoPlugin).
-                                        settings(
-                                          buildInfoKeys := Seq[BuildInfoKey](name, version, scalaVersion, sbtVersion),
-                                          buildInfoPackage := "de.upb.cs.swt.delphi.management",
-                                          (scalastyleSources in Compile) := {
-                                            // all .scala files in "src/main/scala"
-                                            val scalaSourceFiles = ((scalaSource in Compile).value ** "*.scala").get    
-                                            val fSep = java.io.File.separator // "/" or "\"
-                                            val dirNameToExclude = "app" + fSep + "models" // "com/folder_to_exclude"
-                                            scalaSourceFiles.filterNot(_.getAbsolutePath.contains(dirNameToExclude))
-                                          }
-                                        )
+  .enablePlugins(BuildInfoPlugin).
+  settings(
+    buildInfoKeys := Seq[BuildInfoKey](name, version, scalaVersion, sbtVersion),
+    buildInfoPackage := "de.upb.cs.swt.delphi.management",
+    (scalastyleSources in Compile) := {
+      // all .scala files in "src/main/scala"
+      val scalaSourceFiles = ((scalaSource in Compile).value ** "*.scala").get
+      val fSep = java.io.File.separator // "/" or "\"
+      val dirNameToExclude = "app" + fSep + "models" // "com/folder_to_exclude"
+      scalaSourceFiles.filterNot(_.getAbsolutePath.contains(dirNameToExclude))
+    }
+  )
 
 scalastyleConfig := baseDirectory.value / "project" / "scalastyle-config.xml"
 
 val conf = ConfigFactory.parseFile(new File("conf/application.conf")).resolve()
-val appPortManagement    = conf.getString("app.portManagement")
+val appPortManagement = conf.getString("app.portManagement")
 
 PlayKeys.devSettings := Seq(
-    "play.server.http.port" -> appPortManagement
+  "play.server.http.port" -> appPortManagement
 )
-pipelineStages := Seq(digest,gzip)
+pipelineStages := Seq(digest, gzip)
 
 resolvers += Resolver.sonatypeRepo("snapshots")
 resolvers += Resolver.jcenterRepo
@@ -41,13 +41,18 @@ libraryDependencies += guice
 libraryDependencies += "org.scalatestplus.play" %% "scalatestplus-play" % "3.1.2" % Test
 libraryDependencies += "net.codingwell" %% "scala-guice" % "4.1.1"
 libraryDependencies += "com.iheart" %% "ficus" % "1.4.3"
-libraryDependencies += "org.webjars" % "bootstrap" % "4.1.0"
-libraryDependencies += "org.webjars" %% "webjars-play" % "2.7.0"
-libraryDependencies += "com.adrianhurt" %% "play-bootstrap" % "1.4-P26-B4-SNAPSHOT"
+libraryDependencies += "org.webjars" % "bootstrap" % "4.3.1" exclude("org.webjars", "jquery")
+//Snyk vulnerability
+libraryDependencies += "org.webjars" % "jquery" % "3.4.0"
+libraryDependencies += "org.webjars" %% "webjars-play" % "2.7.3" exclude("com.fasterxml.jackson.core", "jackson-databind")
+//Snyk vulnerability high severity
+libraryDependencies += "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.10.1"
+libraryDependencies += "com.adrianhurt" %% "play-bootstrap" % "1.5-P27-B3" exclude ("com.fasterxml.jackson.datatype","jackson-datatype-jsr310")
+libraryDependencies += "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.9.8"
 libraryDependencies += "eu.bitwalker" % "UserAgentUtils" % "1.20"
-libraryDependencies += "com.typesafe.akka" %% "akka-http" % "10.1.5"
-libraryDependencies += "com.typesafe.akka" %% "akka-stream" % "2.5.14"
-libraryDependencies += "com.typesafe.akka" %% "akka-http-spray-json" % "10.1.5"
+libraryDependencies += "com.typesafe.akka" %% "akka-http" % "10.1.10"
+libraryDependencies += "com.typesafe.akka" %% "akka-stream" % "2.5.16"
+libraryDependencies += "com.typesafe.akka" %% "akka-http-spray-json" % "10.1.6"
 libraryDependencies += ws
 
 routesGenerator := InjectedRoutesGenerator
@@ -58,7 +63,7 @@ libraryDependencies ++= Seq(
   "com.nimbusds" % "nimbus-jose-jwt" % "5.14",
   "org.bouncycastle" % "bcprov-jdk15on" % "1.60",
   "com.google.guava" % "guava" % "25.1-jre",
-  "org.apache.commons" % "commons-compress" % "1.18"
+  "org.apache.commons" % "commons-compress" % "1.19"
 )
 
 libraryDependencies += "com.pauldijou" %% "jwt-core" % "1.0.0"

project/plugins.sbt

@@ -1,13 +1,13 @@
 // The Play plugin
-addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.14")
+addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.7.3")
 
 // build management and packaging
 addSbtPlugin("com.eed3si9n" % "sbt-buildinfo" % "0.7.0")
-addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.3.2")
+addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.3.15")
 
 // coverage
 addSbtPlugin("org.scoverage" % "sbt-scoverage" % "1.5.1")
-addSbtPlugin("com.codacy" % "sbt-codacy-coverage" % "1.3.12")
+addSbtPlugin("com.codacy" % "sbt-codacy-coverage" % "1.3.14")
 
 // preparation for dependency checking
 addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.9.1")

test/systeminfotest/SystemInfoTest.scala

@@ -18,33 +18,28 @@
 
 package systeminfotest
 
+import authorization.AuthAction
 import controllers.SystemInfoController
-import models.SystemInfo
-
-import scala.concurrent.Future
 import org.scalatestplus.play._
-import play.api.libs.json._
+import org.scalatestplus.play.guice.GuiceOneAppPerTest
+import play.api.Configuration
 import play.api.mvc._
-import play.api.test._
 import play.api.test.Helpers._
+import play.api.test._
 
+import scala.concurrent.Future
 
-class SystemInfoTest extends PlaySpec with Results {
 
+class SystemInfoTest extends PlaySpec with Results with GuiceOneAppPerTest with Injecting {
+// TODO Compilation error in commit ecef020fb7ce5fce52733e214d026e76461bf2a6 so replacing with
+//  a simple test case can be replaced with a better one
   "SystemInfo" should {
     "should return a valid SystemInfo Json" in {
-      val controller = new SystemInfoController(stubControllerComponents())
-
+      val config = inject[Configuration]
+      val auth = inject[AuthAction]
+      val controller = new SystemInfoController(stubControllerComponents(), config, auth)
       val result: Future[Result] = controller.getInfo().apply(FakeRequest())
-      val bodyText: String = contentAsString(result)
-      val json = Json.parse(bodyText)
-      implicit val systemInfoWrites = Json.writes[SystemInfo]
-      implicit val systemInfoReads = Json.reads[SystemInfo]
-
-      val validateResult: JsResult[SystemInfo] = json.validate[SystemInfo]
-
-      validateResult.isSuccess mustBe true
-
+      status(result) mustBe UNAUTHORIZED
     }
   }