Issue #12

.github/workflows/maven.yml

@@ -37,7 +37,7 @@ jobs:
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven
-      run: mvn clean install -P jar -DskipTests
+      run: mvn clean install -P jar -DskipTests -Ddependency-check.skip=true
 
     - name: Upload artifact to GitHub
       uses: actions/upload-artifact@v4.6.0

pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.2.5</version>
+		<version>3.4.1</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 	<groupId>it.govpay.gpd</groupId>
@@ -31,10 +31,10 @@
 		<exec.maven.plugin.versione>1.6.0</exec.maven.plugin.versione>
 
 		<!-- Apache Commons IO -->
-		<commons-io.version>2.11.0</commons-io.version>
+		<commons-io.version>2.18.0</commons-io.version>
 
 		<!-- Swagger-codegen -->
-		<openapi.tool.codegen.version>6.4.0</openapi.tool.codegen.version>
+		<openapi.tool.codegen.version>6.6.0</openapi.tool.codegen.version>
 
 		<!-- jackson-databind-nullable -->
 		<jackson.databind.nullable.version>0.2.1</jackson.databind.nullable.version>
@@ -55,6 +55,18 @@
 		<wagon-ssh-external.version>3.5.3</wagon-ssh-external.version>
 
 		<javax.annotation-api.version>1.3.2</javax.annotation-api.version>
+
+		<owasp.falsePositives.dir>src/main/resources/owasp/falsePositives</owasp.falsePositives.dir>
+		<!-- owasp config -->
+		<owasp>verify</owasp> <!-- owasp phase, use 'none' for disable -->
+		<owasp.plugin.version>11.1.1</owasp.plugin.version>
+		<owasp.plugin.autoUpdate>true</owasp.plugin.autoUpdate> <!-- Impostare a false quando ci sono problemi su repository NIST -->
+		<owasp.plugin.failBuildOnAnyVulnerability>false</owasp.plugin.failBuildOnAnyVulnerability>
+		<owasp.ossindex.prevents429.sleep>5</owasp.ossindex.prevents429.sleep> <!-- https://github.com/sonatype/ossindex-maven/issues/17 -->
+
+		<logback.version>1.5.16</logback.version>
+
+		<h2.version>2.3.232</h2.version>
 	</properties>
 
 	<profiles>
@@ -358,6 +370,45 @@
 					</execution>
 				</executions>
 			</plugin>
+
+			<plugin>
+				<groupId>org.owasp</groupId>
+				<artifactId>dependency-check-maven</artifactId>
+				<version>${owasp.plugin.version}</version>
+				<executions>
+					<execution>
+						<id>check owasp</id>
+						<phase>${owasp}</phase>
+						<configuration>
+							<autoUpdate>${owasp.plugin.autoUpdate}</autoUpdate>
+							<failBuildOnAnyVulnerability>${owasp.plugin.failBuildOnAnyVulnerability}</failBuildOnAnyVulnerability>
+							<format>ALL</format>
+							<suppressionFiles>
+                            	<suppressionFile>${owasp.falsePositives.dir}/CVE-2018-14335.xml</suppressionFile>
+                            </suppressionFiles>
+                            <nvdApiDelay>120000</nvdApiDelay><!-- 2 minuti -->
+							<nvdMaxRetryCount>3</nvdMaxRetryCount> <!-- 3 max tentativi visto il timeout alto -->
+						</configuration>
+						<goals>
+							<goal>aggregate</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>		
+	        <plugin>
+	            <groupId>com.github.spotbugs</groupId>
+	            <artifactId>spotbugs-maven-plugin</artifactId>
+	            <version>4.8.6.0</version>
+	            <configuration>
+	                <plugins>
+	                    <plugin>
+	                        <groupId>com.h3xstream.findsecbugs</groupId>
+	                        <artifactId>findsecbugs-plugin</artifactId>
+	                        <version>1.12.0</version>
+	                    </plugin>
+	                </plugins>
+	            </configuration>
+	        </plugin>
 		</plugins>
 		<extensions>
 			<!-- Enabling the use of SSH -->

src/main/java/it/govpay/gpd/client/config/GdeRestTemplateConfig.java

@@ -3,7 +3,6 @@
 import java.net.http.HttpClient;
 import java.net.http.HttpClient.Builder;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -16,14 +15,11 @@
 @Configuration
 public class GdeRestTemplateConfig {
 
-	@Autowired
-	ObjectMapper objectMapper;
-
 	@Value("${it.govpay.gde.client.baseUrl}")
 	protected String baseUrl;
 
 	@Bean("gdeApi")
-	EventiApi gdeApi() {
+	EventiApi gdeApi(ObjectMapper objectMapper) {
 		Builder builder = HttpClient.newBuilder();
 
 		ApiClient apiClient= new ApiClient(builder, objectMapper, baseUrl);

src/main/java/it/govpay/gpd/gde/service/GdeService.java

@@ -5,7 +5,6 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpMethod;
@@ -34,18 +33,20 @@ public class GdeService {
 
 	private Logger logger = LoggerFactory.getLogger(GdeService.class);
 
-	@Autowired
-	@Qualifier("gdeApi")
 	EventiApi gdeApi;
 
 	@Value("${it.govpay.gde.enabled:true}")
 	Boolean gdeEnabled;
 
-	@Autowired
 	ObjectMapper objectMapper;
 
-	@Autowired
 	EventoGdpMapperImpl eventoGdpMapper;
+
+	public GdeService(ObjectMapper objectMapper,@Qualifier("gdeApi") EventiApi gdeApi, EventoGdpMapperImpl eventoGdpMapper) {
+		this.objectMapper = objectMapper;
+		this.gdeApi = gdeApi;
+		this.eventoGdpMapper = eventoGdpMapper;
+	}
 
 	public void inviaEvento(NuovoEvento nuovoEvento) {
 		if(this.gdeEnabled.booleanValue()) {

src/main/java/it/govpay/gpd/mapper/PaymentPositionModelRequestMapper.java

@@ -107,10 +107,7 @@ public String mapUoAnagrafica(VersamentoGpdEntity versamentoGpdEntity) {
 
 	@Named("mapValidityDate")
 	public OffsetDateTime mapValidityDate(VersamentoGpdEntity versamentoGpdEntity) {
-		// Otteniamo l'offset per il fuso orario di Roma
-		ZoneOffset offset = ZoneOffset.ofHoursMinutes(1, 0); // CET (Central European Time)
-		LocalDateTime dueDate = Utils.calcolaDueDate(versamentoGpdEntity);
-		return dueDate != null ? dueDate.atOffset(offset) : null;
+		return leggiDueDate(versamentoGpdEntity);
 	}
 
 	@Named("mapPaymentOption")
@@ -146,14 +143,16 @@ public Boolean mapPartialPayment(VersamentoGpdEntity versamentoGpdEntity) {
 
 	@Named("mapDueDate")
 	public OffsetDateTime mapDueDate(VersamentoGpdEntity versamentoGpdEntity) {
-		// Otteniamo l'offset per il fuso orario di Roma
-		ZoneOffset offset = ZoneOffset.ofHoursMinutes(1, 0); // CET (Central European Time)
-		LocalDateTime dueDate = Utils.calcolaDueDate(versamentoGpdEntity);
-		return dueDate != null ? dueDate.atOffset(offset) : null;
+		return leggiDueDate(versamentoGpdEntity);
 	}
 
 	@Named("mapRetentionDate")
 	public OffsetDateTime mapRetentionDate(VersamentoGpdEntity versamentoGpdEntity) {
+		return leggiDueDate(versamentoGpdEntity);
+	}
+
+
+	private OffsetDateTime leggiDueDate(VersamentoGpdEntity versamentoGpdEntity) {
 		// Otteniamo l'offset per il fuso orario di Roma
 		ZoneOffset offset = ZoneOffset.ofHoursMinutes(1, 0); // CET (Central European Time)
 		LocalDateTime dueDate = Utils.calcolaDueDate(versamentoGpdEntity);

src/main/java/it/govpay/gpd/step/SendPendenzaToGpdProcessor.java

@@ -6,7 +6,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.batch.item.ItemProcessor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatusCode;
@@ -38,19 +37,24 @@ public class SendPendenzaToGpdProcessor implements ItemProcessor<VersamentoGpdEn
 
 	private Logger logger = LoggerFactory.getLogger(SendPendenzaToGpdProcessor.class);
 
-	@Autowired
 	PaymentPositionModelRequestMapperImpl paymentPositionModelRequestMapperImpl;
 
-	@Autowired
 	@Qualifier("gpdApi")
 	DebtPositionsApiApi gpdApi;
 
-	@Autowired
 	@Qualifier("gpdActionsApi")
 	DebtPositionActionsApiApi gpdActionsApi;
 
-	@Autowired
 	GdeService gdeService;
+
+	public SendPendenzaToGpdProcessor(PaymentPositionModelRequestMapperImpl paymentPositionModelRequestMapperImpl,
+			@Qualifier("gpdApi") DebtPositionsApiApi gpdApi, 
+			@Qualifier("gpdActionsApi") DebtPositionActionsApiApi gpdActionsApi, GdeService gdeService) {
+        this.paymentPositionModelRequestMapperImpl = paymentPositionModelRequestMapperImpl;
+        this.gpdApi = gpdApi;
+        this.gpdActionsApi = gpdActionsApi;
+        this.gdeService = gdeService;
+	}
 
 	@Value("${it.govpay.gpd.toPublish.enabled:true}")
 	Boolean toPublish;

src/main/resources/owasp/falsePositives/CVE-2018-14335.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+   <suppress>
+      <notes><![CDATA[
+      file name: h2-2.3.232.jar
+      la vulnerabilita' non esiste e' un problema del sistema OSSI come indicato in https://github.com/OSSIndex/vulns/issues/277
+      ]]></notes>
+      <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
+      <vulnerabilityName>CVE-2018-14335</vulnerabilityName>
+   </suppress>
+</suppressions>

src/test/java/it/govpay/gpd/test/UC_1_HappyPathTest.java

@@ -94,7 +94,7 @@ class UC_1_HappyPathTest extends UC_00_BaseTest {
 
 	HttpResponse<InputStream> mockHttpResponseOk;
 
-	private void initailizeJobLauncherTestUtils() throws Exception {
+	private void initailizeJobLauncherTestUtils() {
 		jobLauncherTestUtils.setJob(job);
 	}
 
@@ -103,8 +103,9 @@ void tearDown() {
         jobRepositoryTestUtils.removeJobExecutions();
     }
 
+	@SuppressWarnings("unchecked")
 	@BeforeEach
-	void setUp() throws Exception {
+	void setUp() {
 		MockitoAnnotations.openMocks(this);
 		this.cleanDB();
 
@@ -147,8 +148,7 @@ void TC_01_EmptyRunTest() throws Exception {
 				)).thenAnswer(new Answer<ResponseEntity<PaymentPositionModel>>() {
 					@Override
 					public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation) throws Throwable {
-						ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
-						return mockResponseEntity;
+						return PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
 					}
 				});
 
@@ -179,8 +179,7 @@ void TC_02_SendTestOk() throws Exception {
 					)).thenAnswer(new Answer<ResponseEntity<PaymentPositionModel>>() {
 						@Override
 						public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation) throws Throwable {
-							ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
-							return mockResponseEntity;
+							return PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
 						}
 					});
 
@@ -221,9 +220,7 @@ void TC_03_SendTest_KO() throws Exception {
 					)).thenAnswer(new Answer<ResponseEntity<ProblemJson>>() {
 						@Override
 						public ResponseEntity<ProblemJson> answer(InvocationOnMock invocation) throws Throwable {
-							ResponseEntity<ProblemJson> mockResponseEntity = GpdUtils.creaResponseKo(invocation, HttpStatus.SERVICE_UNAVAILABLE);
-
-							return mockResponseEntity;
+							return GpdUtils.creaResponseKo(invocation, HttpStatus.SERVICE_UNAVAILABLE);
 						}
 					});
 
@@ -240,7 +237,6 @@ public CompletableFuture<HttpResponse<InputStream>> answer(InvocationOnMock invo
 			assertEquals(1, VersamentoUtils.countVersamentiDaSpedire(this.versamentoGpdRepository, this.numeroGiorni));
 			assertEquals(1, this.versamentoRepository.count());
 
-//			initailizeJobLauncherTestUtils();
 			JobExecution jobExecution = jobLauncherTestUtils.launchJob();
 			assertEquals("COMPLETED", jobExecution.getExitStatus().getExitCode());
 
@@ -270,8 +266,7 @@ void TC_04_SendTestPendenzeMultipleOk() throws Exception {
 					)).thenAnswer(new Answer<ResponseEntity<PaymentPositionModel>>() {
 						@Override
 						public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation) throws Throwable {
-							ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
-							return mockResponseEntity;
+							return PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
 						}
 					});
 
@@ -280,8 +275,7 @@ public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation)
 					)).thenAnswer(new Answer<ResponseEntity<PaymentPositionModel>>() {
 						@Override
 						public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation) throws Throwable {
-							ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponsePublishPositionOk(invocation);
-							return mockResponseEntity;
+							return PaymentPositionModelUtils.creaResponsePublishPositionOk(invocation);
 						}
 					});
 
@@ -327,8 +321,7 @@ public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation)
 							assertNotNull(paymentOption);
 							assertEquals(true, paymentOption.get(0).isIsPartialPayment());
 
-							ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
-							return mockResponseEntity;
+							return PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
 						}
 					});
 
@@ -387,8 +380,7 @@ public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation)
 								assertEquals("valore", transferMetadataModel.getValue());
 							}
 
-							ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
-							return mockResponseEntity;
+							return PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
 						}
 					});
 
@@ -439,8 +431,7 @@ public ResponseEntity<PaymentPositionModel> answer(InvocationOnMock invocation)
 							assertNotNull(transferList);
 							assertEquals(2, transferList.size());
 
-							ResponseEntity<PaymentPositionModel> mockResponseEntity = PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
-							return mockResponseEntity;
+							return PaymentPositionModelUtils.creaResponseCreatePaymentPositionModelOk(invocation);
 						}
 					});