eclipse-tractusx · almadigabor · May 13, 2024 · May 10, 2024 · May 10, 2024 · May 10, 2024
diff --git a/.github/workflows/chart-release.yml b/.github/workflows/chart-release.yml
@@ -48,7 +48,7 @@ jobs:
           git config user.email "[email protected]"
 
       - name: Install Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 

diff --git a/.github/workflows/code-ql.yaml b/.github/workflows/code-ql.yaml
@@ -68,7 +68,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file
@@ -83,7 +83,7 @@ jobs:
       # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

diff --git a/.github/workflows/dockerbuild.yaml b/.github/workflows/dockerbuild.yaml
@@ -56,7 +56,7 @@ jobs:
       # Create SemVer or ref tags dependent of trigger event
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
            images: |
               ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
@@ -73,7 +73,7 @@ jobs:
 
       - name: DockerHub login
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
            # Use existing DockerHub credentials present as secrets
            username: ${{ secrets.DOCKER_HUB_USER }}

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
@@ -69,7 +69,7 @@ jobs:
       # Upload findings to GitHub Advanced Security Dashboard
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         if: always()
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: kicsResults/results.sarif
 
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -38,7 +38,7 @@ jobs:
 
     steps:
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@0.20.0
         with:
           image-ref: "tractusx/managed-simple-data-exchanger-backend:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner
           format: "sarif"

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,12 +32,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Refactor code for pcf, dt access API, EDC 7. 
 - Dt access api use in digital twin processing.  
 - Added test cases for PCF and policy controller.
+- Refactor code to make stable release
 
 ### Fixed
 - Remove garbage character from 'edc_request_template' path. Fixed [#147](https://github.com/eclipse-tractusx/managed-simple-data-exchanger-backend/issues/147).
 - Dependabot bump version fix in pom.xml and DEPENDENCIES file update.
 - Dockerfile image update. [#117](https://github.com/eclipse-tractusx/managed-simple-data-exchanger-backend/pull/117)
+- Dependabot bump version fixes for 24/05
 
+## [2.3.7] - 2024-05-09 
+### Fixed
+- Rename edc_request_template directory.
+- This is fixed for issue #147.
 
 ## [2.3.6] - 2024-03-06
 ### Fixed

diff --git a/DEPENDENCIES b/DEPENDENCIES
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -18,7 +18,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ################################################################################
 # our base build image
-FROM maven:3.9-eclipse-temurin-17-focal AS build
+FROM maven:3-eclipse-temurin-19-focal AS build
 
 # copy the project files
 COPY ../pom.xml ./pom.xml
@@ -27,7 +27,9 @@ COPY ../pom.xml ./pom.xml
 COPY ../modules ./modules
 
 # build for release
-RUN mvn clean install 
+#Commeting this because workflow job already building jar file
+#As SDE its require some docker enviroment to run test cases so avoid it
+#RUN mvn clean install  
 
 # our final base image
 

diff --git a/modules/sde-common/pom.xml b/modules/sde-common/pom.xml
@@ -49,7 +49,7 @@
 		<dependency>
 		    <groupId>com.networknt</groupId>
 		    <artifactId>json-schema-validator</artifactId>
-		    <version>1.0.72</version>
+		   <version>1.4.0</version>
 		</dependency>
 	</dependencies>
 

diff --git a/modules/sde-core/pom.xml b/modules/sde-core/pom.xml
@@ -63,7 +63,7 @@
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.7</version>
+			<version>2.16.1</version>
 		</dependency>
 		<dependency>
 			<groupId>com.github.ben-manes.caffeine</groupId>
@@ -105,7 +105,7 @@
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-csv</artifactId>
-			<version>1.8</version>
+			<version>1.11.0</version>
 		</dependency>
  		<dependency>  
             <groupId>org.springframework.boot</groupId>  
@@ -222,7 +222,6 @@
 		    <artifactId>spring-security-test</artifactId>
 		    <scope>test</scope>
 		</dependency>
-
 	</dependencies>
 
 	<build>

diff --git a/...s/sde-core/src/main/java/org/eclipse/tractusx/sde/core/csv/service/CsvHandlerService.java b/...s/sde-core/src/main/java/org/eclipse/tractusx/sde/core/csv/service/CsvHandlerService.java
@@ -81,13 +81,21 @@ public String storeFile(MultipartFile multipartFile) {
             }
 
             UUID uuid = UUID.randomUUID();
+
+            if (fileName.contains("..") || fileName.contains("/") || fileName.contains("\\")) {
+        		throw new IllegalArgumentException("Invalid csv filename");
+        	}
+
             fileName = fileName.replace(
                     fileName.substring(0, fileName.lastIndexOf(".")),
                     uuid.toString()
             );
             Path targetLocation = this.fileStorageLocation.resolve(fileName);
 
-
+            if (!targetLocation.startsWith(this.fileStorageLocation + File.separator)) {
+        		throw new IllegalArgumentException("Invalid csv filename");
+        	}
+
             Files.copy(stream, targetLocation, StandardCopyOption.REPLACE_EXISTING);
             stream.close();
 

diff --git a/...src/main/java/org/eclipse/tractusx/sde/core/submodel/executor/step/EDCUsecaseHandler.java b/...src/main/java/org/eclipse/tractusx/sde/core/submodel/executor/step/EDCUsecaseHandler.java
@@ -58,7 +58,8 @@ public ObjectNode run(Integer rowNumber, ObjectNode objectNode, String processId
 					SubmoduleCommonColumnsConstant.SHELL_ID);
 			String subModelId = JsonObjectUtility.getValueFromJsonObjectAsString(objectNode,
 					SubmoduleCommonColumnsConstant.SUBMODULE_ID);
-			String uuid = JsonObjectUtility.getValueFromJsonObjectAsString(objectNode, getIdentifierOfModel());
+
+			String uuid = getDatabaseIdentifierValues(objectNode, getDatabaseIdentifierSpecsOfModel());
 
 			AssetEntryRequest assetEntryRequest = assetFactory.getAssetRequest(submodule,
 					getSubmodelShortDescriptionOfModel(), shellId, subModelId, getSubmoduleUriPathOfSubmodule(), uuid,

diff --git a/modules/sde-core/src/main/java/org/eclipse/tractusx/sde/core/utils/SubmoduleUtility.java b/modules/sde-core/src/main/java/org/eclipse/tractusx/sde/core/utils/SubmoduleUtility.java
@@ -47,6 +47,7 @@ public List<String> getTableColomnHeader(Submodel schemaObj) {
 		tableColomnHeader.add(SubmoduleCommonColumnsConstant.PROCESS_ID);
 		tableColomnHeader.add(SubmoduleCommonColumnsConstant.DELETED);
 		tableColomnHeader.add(SubmoduleCommonColumnsConstant.UPDATED);
+		tableColomnHeader.add(SubmoduleCommonColumnsConstant.SHELL_ACCESS_RULE_IDS);
 		return tableColomnHeader;
 	}
 

diff --git a/modules/sde-core/src/main/resources/application.properties b/modules/sde-core/src/main/resources/application.properties
@@ -64,10 +64,12 @@ logging.level.root=info
 ## Digital Twins
 digital-twins.hostname=
 digital-twins.authentication.url=
-digital-twins.api=/api/v3.0
+digital-twins.registry.uri=
+digital-twins.registry.lookup.uri=
 digital-twins.authentication.clientId=
 digital-twins.authentication.clientSecret=
 digital-twins.authentication.grantType=client_credentials
+digital-twins.authentication.scope=
 
 ## EDC Provider
 edc.hostname=
@@ -76,6 +78,8 @@ edc.apiKeyHeader=
 edc.apiKey=
 edc.dsp.endpointpath=/api/v1/dsp
 edc.dataplane.endpointpath=/api/public
+edc.managementpath.apiversion=/v2
+edc.managementpath.apiversion.asset=/v3
 
 ## EDC Consumer
 edc.consumer.hostname=

diff --git a/modules/sde-core/src/main/resources/edc_request_template/edc_asset_lookup.json b/modules/sde-core/src/main/resources/edc_request_template/edc_asset_lookup.json
@@ -11,12 +11,12 @@
 		{
 			"edc:operandLeft": "https://w3id.org/edc/v0.0.1/ns/type",
 			"edc:operator": "=",
-			"edc:operandRight": "data.core.digitalTwinRegistry"
+			"edc:operandRight": "${assetType}"
 		},
 		{
-			"edc:operandLeft": "https://w3id.org/edc/v0.0.1/ns/registry",
+			"edc:operandLeft": "https://w3id.org/edc/v0.0.1/ns/${registryType}",
 			"edc:operator": "=",
-			"edc:operandRight": "${digitalTwinRegistry}"
+			"edc:operandRight": "${baseUrl}"
 		}
 	]
 }
diff --git a/modules/sde-core/src/main/resources/edc_request_template/edc_asset_lookup_for_exchange.json b/modules/sde-core/src/main/resources/edc_request_template/edc_asset_lookup_for_exchange.json
@@ -3,7 +3,7 @@
 		{
 			"operandLeft": "https://w3id.org/edc/v0.0.1/ns/type",
 			"operator": "=",
-			"operandRight": "data.core.digitalTwinRegistry"
+			"operandRight": "${type}"
 		}
 	]
 }
diff --git a/...s/sde-core/src/test/java/org/eclipse/tractusx/sde/controllers/ConsumerControllerTest.java b/...s/sde-core/src/test/java/org/eclipse/tractusx/sde/controllers/ConsumerControllerTest.java
@@ -1,6 +1,6 @@
 /********************************************************************************
- * Copyright (c) 2022, 2024 T-Systems International GmbH
- * Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022,2024 T-Systems International GmbH
+ * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -27,7 +27,9 @@
 import static org.mockito.Mockito.when;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import org.eclipse.tractusx.sde.common.entities.Policies;
 import org.eclipse.tractusx.sde.core.controller.ConsumerController;
@@ -66,7 +68,7 @@ class ConsumerControllerTest {
 	@Test
 	void testQueryOnDataOfferWithoutOfferModel() throws Exception {
 		when(consumerControlPanelService.queryOnDataOffers((String) any(), (String) any(), (String) any(), anyInt(),
-				anyInt())).thenReturn(new ArrayList<>());
+				anyInt())).thenReturn(new HashSet<>());
 		MockHttpServletRequestBuilder requestBuilder = MockMvcRequestBuilders.get("/query-data-offers")
 				.param("bpnNumber", "foo");
 
@@ -78,7 +80,7 @@ void testQueryOnDataOfferWithoutOfferModel() throws Exception {
 
 	@Test
 	void testQueryOnDataOffersWithOfferModel() throws Exception {
-		ArrayList<QueryDataOfferModel> queryDataOfferModelList = new ArrayList<>();
+		Set<QueryDataOfferModel> queryDataOfferModelList = new HashSet<>();
 		queryDataOfferModelList.add(QueryDataOfferModel.builder()
 				.assetId("foo")
 				.connectorId("test")