diff --git a/build.gradle b/build.gradle index 31d9cb3f1..31583ec7a 100644 --- a/build.gradle +++ b/build.gradle @@ -7,7 +7,7 @@ plugins { id 'io.spring.dependency-management' version '1.0.12.RELEASE' id 'org.springframework.boot' version '2.5.15' id 'uk.gov.hmcts.java' version '0.12.12' - id 'org.owasp.dependencycheck' version '9.0.6' + id 'org.owasp.dependencycheck' version '10.0.3' id 'com.github.ben-manes.versions' version '0.46.0' } @@ -54,29 +54,34 @@ dependencies { functionalTestImplementation(sourceSets.test.output) } -tasks.withType(Copy).all { duplicatesStrategy 'warn' } +tasks.withType(Copy).configureEach { duplicatesStrategy DuplicatesStrategy.WARN } -tasks.withType(JavaCompile) { +tasks.withType(JavaCompile).configureEach { options.compilerArgs << "-Xlint:unchecked" << "-Werror" } -task functional(type: Test, description: 'Runs the functional tests.', group: 'Verification') { +tasks.register('functional', Test) { + description = 'Runs the functional tests.' + group = 'Verification' testClassesDirs = sourceSets.functionalTest.output.classesDirs classpath = sourceSets.functionalTest.runtimeClasspath } -task integration(type: Test, description: 'Runs the integration tests.', group: 'Verification') { +tasks.register('integration', Test) { + description = 'Runs the integration tests.' + group = 'Verification' testClassesDirs = sourceSets.integrationTest.output.classesDirs classpath = sourceSets.integrationTest.runtimeClasspath } -task smoke(type: Test, description: 'Runs Smoke Tests.') { +tasks.register('smoke', Test) { + description = 'Runs Smoke Tests.' testClassesDirs = sourceSets.smokeTest.output.classesDirs classpath = sourceSets.smokeTest.runtimeClasspath } -task fortifyScan(type: JavaExec) { - main = "uk.gov.hmcts.fortifyclient.FortifyClientMainApp" +tasks.register('fortifyScan', JavaExec) { + mainClass = "uk.gov.hmcts.fortifyclient.FortifyClientMainApp" classpath += sourceSets.test.runtimeClasspath jvmArgs = ['--add-opens=java.base/java.lang.reflect=ALL-UNNAMED'] } @@ -85,16 +90,16 @@ pmd { toolVersion = "6.55.0" ignoreFailures = true sourceSets = [sourceSets.main, sourceSets.test, sourceSets.functionalTest, sourceSets.integrationTest, sourceSets.smokeTest] - reportsDir = file("$project.buildDir/reports/pmd") + reportsDir = layout.buildDirectory.dir("reports/pmd").get().asFile ruleSetFiles = files("config/pmd/ruleset.xml") } jacocoTestReport { executionData(test, integration) reports { - xml.enabled = true - csv.enabled = false - xml.destination = file("${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml") + xml.required = true + csv.required = false + xml.outputLocation = layout.buildDirectory.file("reports/jacoco/test/jacocoTestReport.xml") } } @@ -143,7 +148,10 @@ repositories { url 'https://repo.spring.io/libs-milestone' } } -project.tasks['pitest'].group = "Verification" + +project.tasks.named('pitest') { + group = "Verification" +} pitest { targetClasses = ['uk.gov.hmcts.reform.sscs.*'] @@ -159,15 +167,13 @@ pitest { mutationThreshold = 90 } -task installLocalGitHook(type: Copy) { +tasks.register('installLocalGitHook', Copy) { from new File(rootProject.rootDir, 'config/git/pre-commit') - into { new File(rootProject.rootDir, '.git/hooks')} + into { new File(rootProject.rootDir, '.git/hooks') } fileMode 0775 } -compileJava.dependsOn installLocalGitHook - -task runGitPreCommitTasks { +tasks.register('runGitPreCommitTasks') { dependsOn 'test' dependsOn 'pmdMain' dependsOn 'pmdTest' @@ -176,7 +182,10 @@ task runGitPreCommitTasks { dependsOn 'checkstyleTest' } -project.tasks['sonarqube'].dependsOn test, integration, jacocoTestReport +project.tasks.named('sonarqube') { + dependsOn test, integration, jacocoTestReport +} + check.dependsOn integration checkstyleMain.shouldRunAfter(compileJava) test.shouldRunAfter(checkstyleTest) @@ -187,7 +196,7 @@ sonarqube { properties { property "sonar.projectName", "SSCS - Bulk Scan" property "sonar.projectKey", "sscs-bulk-scan" - property "sonar.coverage.jacoco.xmlReportPaths", "${project.buildDir}/reports/jacoco/test/jacocoTestReport.xml" + property "sonar.coverage.jacoco.xmlReportPaths", "${jacocoTestReport.reports.xml.outputLocation}" property "sonar.exclusions", "src/main/java/uk/gov/hmcts/reform/sscs/domain/**," + "src/main/java/uk/gov/hmcts/reform/sscs/bulkscancore/domain/**," + "src/main/java/uk/gov/hmcts/reform/sscs/BulkScanApplication.java," + @@ -239,7 +248,7 @@ dependencies { testImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.26' testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: '1.18.26' - testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.2.2', classifier: 'all' + testImplementation group: 'com.github.hmcts', name: 'fortify-client', version: '1.4.3', classifier: 'all' testImplementation group: 'com.h2database', name: 'h2', version: '2.1.214' functionalTestImplementation group: 'org.projectlombok', name: 'lombok', version: '1.18.26' @@ -252,7 +261,7 @@ dependencies { testImplementation group: 'pl.pragmatists', name: 'JUnitParams', version: '1.1.1' testImplementation group: 'net.javacrumbs.json-unit', name: 'json-unit-assertj', version: '2.36.1' testImplementation group: 'org.pitest', name: 'pitest', version: '1.11.7' - testImplementation group: 'info.solidsoft.gradle.pitest', name: 'gradle-pitest-plugin', version: '1.9.11' + testImplementation group: 'info.solidsoft.gradle.pitest', name: 'gradle-pitest-plugin', version: pitest.pitestVersion.get() testImplementation group: 'org.codehaus.sonar-plugins', name: 'sonar-pitest-plugin', version: '0.5' testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.0', { exclude group: 'junit', module: 'junit' @@ -375,14 +384,18 @@ run { } } -mainClassName = 'uk.gov.hmcts.reform.sscs.BulkScanApplication' +application { + mainClass.set('uk.gov.hmcts.reform.sscs.BulkScanApplication') +} + +compileJava.dependsOn installLocalGitHook -tasks.withType(Test) { +tasks.withType(Test).configureEach { useJUnitPlatform() } bootJar { - archiveName = 'sscs-bulk-scan.jar' + archiveFileName = 'sscs-bulk-scan.jar' manifest { attributes('Implementation-Version': project.version.toString()) diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml index 5e2e84a99..b9d71a55b 100644 --- a/config/owasp/suppressions.xml +++ b/config/owasp/suppressions.xml @@ -1,6 +1,6 @@ - + CVE-2023-35116 CVE-2023-1370 diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 943f0cbfa..e6441136f 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 508322917..09523c0e5 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,7 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip networkTimeout=10000 +validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 65dcd68d6..b740cf133 100755 --- a/gradlew +++ b/gradlew @@ -55,7 +55,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. @@ -83,10 +83,8 @@ done # This is normally unused # shellcheck disable=SC2034 APP_BASE_NAME=${0##*/} -APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit - -# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD=maximum @@ -133,10 +131,13 @@ location of your Java installation." fi else JAVACMD=java - which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the location of your Java installation." + fi fi # Increase the maximum file descriptors if we can. @@ -144,7 +145,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then case $MAX_FD in #( max*) # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. - # shellcheck disable=SC3045 + # shellcheck disable=SC2039,SC3045 MAX_FD=$( ulimit -H -n ) || warn "Could not query maximum file descriptor limit" esac @@ -152,7 +153,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then '' | soft) :;; #( *) # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. - # shellcheck disable=SC3045 + # shellcheck disable=SC2039,SC3045 ulimit -n "$MAX_FD" || warn "Could not set maximum file descriptor limit to $MAX_FD" esac @@ -197,11 +198,15 @@ if "$cygwin" || "$msys" ; then done fi -# Collect all arguments for the java command; -# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of -# shell script including quotes and variable substitutions, so put them in -# double quotes to make sure that they get re-expanded; and -# * put everything else in single quotes, so that it's not re-expanded. + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command: +# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments, +# and any embedded shellness will be escaped. +# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be +# treated as '${Hostname}' itself on the command line. set -- \ "-Dorg.gradle.appname=$APP_BASE_NAME" \ diff --git a/gradlew.bat b/gradlew.bat index 6689b85be..7101f8e46 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -43,11 +43,11 @@ set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 if %ERRORLEVEL% equ 0 goto execute -echo. -echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail @@ -57,11 +57,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe if exist "%JAVA_EXE%" goto execute -echo. -echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail