Release 1.19.0 (#13)

* [skip ci] Update project to latest tag verifica-firma-eidas-1.19.0 * Fix pom.xml * [maven-release-plugin] prepare release verifica-firma-eidas-1.19.0 * [maven-release-plugin] prepare for next development iteration * Update CI * Update CI * Update CI * Update CI --------- Co-authored-by: parerworker <DevPARER@regione.emilia-romagna.it> Co-authored-by: GitHub Actions <actions@github.com>
RegioneER · Jul 4, 2024 · 35a4eb9 · 35a4eb9
1 parent 479ae47
commit 35a4eb9
Show file tree

Hide file tree

Showing 10 changed files with 39 additions and 15 deletions.
diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml
@@ -3,7 +3,10 @@ on:
   push:
     # Pattern matched against refs/tags
     tags:        
-      - '*' # every new tag  
+      - '*' # every new tag
+    branches:
+      - master
+      - main        
 jobs:
   release:
     uses: RegioneER/parer-github-template/.github/workflows/github-release.yml@v1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,9 @@
 
+## 1.19.0 (31-05-2024)
+
+### Novità: 1
+- [#32644](https://parermine.regione.emilia-romagna.it/issues/32644) Introduzione logging JSON body request
+
 ## 1.18.0 (22-05-2024)
 
 ### Novità: 1

diff --git a/CONTAINER-SCAN-REPORT.md b/CONTAINER-SCAN-REPORT.md
@@ -1,10 +1,16 @@
 ## Container scan evidence CVE
 <strong>Image name:</strong> registry.ente.regione.emr.it/parer/okd/verifica-firma-eidas:sast
-<br/><strong>Run date:</strong> Wed May 22 15:30:46 CEST 2024
-<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/verifica-firma-eidas/-/jobs/243866">Job</a>
-<br/><strong>CVE founded:</strong> 3
+<br/><strong>Run date:</strong> Fri May 31 16:28:08 CEST 2024
+<br/><strong>Produced by:</strong> <a href="https://gitlab.ente.regione.emr.it/parer/okd/verifica-firma-eidas/-/jobs/252065">Job</a>
+<br/><strong>CVE founded:</strong> 9
 | CVE | Description | Severity | Solution | 
 |:---:|:---|:---:|:---|
-| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc to 2.28-236.el8_9.13|
-| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-common to 2.28-236.el8_9.13|
-| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-minimal-langpack to 2.28-236.el8_9.13|
+| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc to 2.28-251.el8_10.1|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3339)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow.  This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc to 2.28-251.el8_10.2|
+| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-common to 2.28-251.el8_10.1|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3339)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow.  This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-common to 2.28-251.el8_10.2|
+| [CVE-2024-2961](http://www.openwall.com/lists/oss-security/2024/04/17/9)|The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.1|
+| [CVE-2024-33599](https://access.redhat.com/errata/RHSA-2024:3339)|nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow.  This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.|High|Upgrade glibc-minimal-langpack to 2.28-251.el8_10.2|
+| [CVE-2024-4741](https://access.redhat.com/security/cve/CVE-2024-4741)|A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.|High|No solution provided|
+| [CVE-2023-6597](http://www.openwall.com/lists/oss-security/2024/03/20/5)|An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.|High|Upgrade platform-python to 3.6.8-62.el8_10|
+| [CVE-2023-6597](http://www.openwall.com/lists/oss-security/2024/03/20/5)|An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.|High|Upgrade python3-libs to 3.6.8-62.el8_10|
diff --git a/Dockerfile b/Dockerfile
@@ -77,7 +77,7 @@
 #   accessed directly. (example: "foo.example.com,bar.example.com")
 #
 ###
-FROM registry.access.redhat.com/ubi8/openjdk-17:1.18
+FROM registry.access.redhat.com/ubi8/openjdk-17:1.19
 
 LABEL io.k8s.description="Microservizio verifica firma EIDAS (basato su immagine ubi RedHat)" \
       io.k8s.display-name="Verifica firma EIDAS" \

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,4 +1,4 @@
-## 1.18.0 (22-05-2024)
+## 1.19.0 (31-05-2024)
 
 ### Novità: 1
-- [#32595](https://parermine.regione.emilia-romagna.it/issues/32595) Introduzione Apache basic client "no-retry" per recupero oggetto da object storage
+- [#32644](https://parermine.regione.emilia-romagna.it/issues/32644) Introduzione logging JSON body request
diff --git a/pdfdocs/CHANGELOG.pdf b/pdfdocs/CHANGELOG.pdf
diff --git a/pdfdocs/RELEASE-NOTES.pdf b/pdfdocs/RELEASE-NOTES.pdf
diff --git a/pom.xml b/pom.xml
@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>verifica-firma-eidas</artifactId>
-	<version>1.18.1-SNAPSHOT</version>
+	<version>1.19.1-SNAPSHOT</version>
 	<packaging>${packaging.type}</packaging>
 	<name>Verifica Firma EIDAS</name>
 	<description>Progetto per effettuare firme e validazioni con librerie DSS (EIDAS)</description>

diff --git a/src/main/java/it/eng/parer/eidas/web/config/DSSBeanConfig.java b/src/main/java/it/eng/parer/eidas/web/config/DSSBeanConfig.java
@@ -161,11 +161,11 @@ public class DSSBeanConfig {
     private boolean revokeRemoveExpired;
 
     /* in ms */
-    @Value("${dataloader.timeoutconnection:1200000}")
+    @Value("${dataloader.timeoutconnection:120000}")
     private int timeoutConnection;
 
     /* in ms */
-    @Value("${dataloader.timeoutsocket:1200000}")
+    @Value("${dataloader.timeoutsocket:120000}")
     private int timeoutSocket;
 
     @Value("${dataloader.connectionsmaxtotal:40}")
@@ -175,11 +175,11 @@ public class DSSBeanConfig {
     private int connectionsMaxPerRoute;
 
     /* in ms */
-    @Value("${dataloader.connectiontimetolive:1200000}")
+    @Value("${dataloader.connectiontimetolive:120000}")
     private int connectionTimeToLive;
 
     /* in ms */
-    @Value("${dataloader.ldaptimeoutconnection:1200000}")
+    @Value("${dataloader.ldaptimeoutconnection:120000}")
     private String ldapTimeoutConnection;
 
     @Value("${cache.enabled:true}")

diff --git a/src/main/java/it/eng/parer/eidas/web/rest/VerificaFirmaWs.java b/src/main/java/it/eng/parer/eidas/web/rest/VerificaFirmaWs.java
@@ -22,6 +22,9 @@
 
 import java.util.Optional;
 
+import org.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
@@ -59,6 +62,9 @@
 @RequestMapping(URL_API_BASE)
 public class VerificaFirmaWs {
 
+    private static final Logger log = LoggerFactory.getLogger(VerificaFirmaWs.class);
+
+
     /* constants */
     private static final String ETAG = "RVv1.0";
 
@@ -99,6 +105,10 @@ public ResponseEntity<EidasWSReportsDTOTree> validateJson(
             HttpServletRequest request) {
         // LOG UUID
         MDC.put(Constants.UUID_LOG_MDC, metadata.getUuid());
+        // LOG BODY
+        if (log.isDebugEnabled()){ 
+            log.atDebug().log("RequestBody {}",  new JSONObject(metadata).toString());
+        }
         EidasWSReportsDTOTree body = verificaFirma.validateSignatureOnJson(metadata, request);
         return ResponseEntity.ok().lastModified(body.getEndValidation().toInstant()).eTag(ETAG).body(body);
     }