Skip to content

Commit

Permalink
Security improvements (#158)
Browse files Browse the repository at this point in the history 
- Removes unused vulnerable dependency from docker tests
- Removes unused vulnerable dependency from testcontainers module
- Separate Jackson Bom version from the rest of Jackson packages
- Fix log pattern to replace new line characters

{patch}

Signed-off-by: Esta Nagy <[email protected]>
  • Loading branch information
@nagyesta
nagyesta authored May 9, 2022
1 parent 422a01d commit 9319be8
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 5 deletions.
3 changes: 2 additions & 1 deletion gradle/libs.versions.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ jupiter = "5.8.2"
abortMission = "2.8.53"
checkstyle = "9.2.1"
jacoco = "0.8.2"
jacksonBom = { strictly = "2.13.2.20220328" }
jackson = { strictly = "2.13.2" }
jacksonDatabind = { strictly = "2.13.2.2" }
openApiUi = "1.6.8"
Expand Down Expand Up @@ -73,7 +74,7 @@ cucumber-java = { module = "io.cucumber:cucumber-java", version.ref = "cucumber"
cucumber-testng = { module = "io.cucumber:cucumber-testng", version.ref = "cucumber" }
cucumber-spring = { module = "io.cucumber:cucumber-spring", version.ref = "cucumber" }

jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version.ref = "jackson" }
jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version.ref = "jacksonBom" }
jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jackson" }
jackson-annotations = { module = "com.fasterxml.jackson.core:jackson-annotations", version.ref = "jackson" }
jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonDatabind" }
Expand Down
3 changes: 3 additions & 0 deletions lowkey-vault-app/src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,6 @@ springdoc.swagger-ui.operationsSorter=alpha
spring.jackson.generator.flush-passed-to-stream=true
#
logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=DEBUG
logging.pattern.dateformat=HH:mm:ss.SSS
logging.pattern.console=%clr(%d{HH:mm:ss.SSS}){faint} %clr(%5p){magenta} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %replace(%m){'[\\r\\n]',' '}%n%ex{5}
logging.exception-conversion-word=%ex{5}
8 changes: 6 additions & 2 deletions lowkey-vault-docker/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,12 @@ dependencies {
testImplementation libs.bouncycastle.bcpkix
testImplementation libs.httpclient
testImplementation libs.commons.codec
testImplementation libs.azure.security.keyvault.keys
testImplementation libs.azure.security.keyvault.secrets
testImplementation(libs.azure.security.keyvault.keys) {
exclude(group: "io.netty")
}
testImplementation(libs.azure.security.keyvault.secrets) {
exclude(group: "io.netty")
}
testImplementation libs.spring.boot.starter.test
testImplementation libs.bundles.cucumber
testImplementation libs.abort.mission.cucumber
Expand Down
8 changes: 6 additions & 2 deletions lowkey-vault-testcontainers/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,12 @@ dependencies {
testImplementation libs.bundles.jackson
testImplementation libs.httpclient
testImplementation libs.commons.codec
testImplementation libs.azure.security.keyvault.keys
testImplementation libs.azure.security.keyvault.secrets
testImplementation(libs.azure.security.keyvault.keys) {
exclude(group: "io.netty")
}
testImplementation(libs.azure.security.keyvault.secrets) {
exclude(group: "io.netty")
}
testImplementation libs.mockito.core
testImplementation libs.jupiter
testImplementation libs.logback.classic
Expand Down

0 comments on commit 9319be8

Please sign in to comment.