Merge pull request #1973 from reportportal/merge-hotfix/5.11.1

Merge hotfix/5.11.1

.github/workflows/release.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   GH_USER_NAME: github.actor
-  RELEASE_VERSION: 5.11.0
+  RELEASE_VERSION: 5.11.1
   REPOSITORY_URL: 'https://maven.pkg.github.com/'
 
 jobs:

build.gradle

@@ -57,7 +57,7 @@ ext['spring-boot.version'] = '2.5.15'
 
 dependencyManagement {
     imports {
-        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.11.6' : 'com.epam.reportportal:commons-bom:5.11.6')
+        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.11.7' : 'com.epam.reportportal:commons-bom:5.11.7')
         mavenBom('io.zonky.test.postgres:embedded-postgres-binaries-bom:16.2.0')
     }
 }
@@ -66,12 +66,12 @@ dependencies {
     if (releaseMode) {
         implementation 'com.epam.reportportal:commons-dao'
         implementation 'com.epam.reportportal:commons'
-        implementation 'com.epam.reportportal:plugin-api'
+        implementation 'com.epam.reportportal:plugin-api:5.11.1'
     } else {
-        implementation 'com.github.reportportal:commons-dao:495edfb'
+        implementation 'com.github.reportportal:commons-dao:073aa934a5'
         implementation 'com.github.reportportal:commons-reporting:d99e842'
         implementation 'com.github.reportportal:commons:d7f9bec'
-        implementation 'com.github.reportportal:plugin-api:3ecb915657'
+        implementation 'com.github.reportportal:plugin-api:17962f8c32'
     }
 
     implementation 'org.springframework.boot:spring-boot-starter-aop'
@@ -83,12 +83,19 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-batch'
 
     implementation 'org.springframework:spring-jdbc:6.1.5'
+    //Fix CVE-2023-34050
+    implementation 'org.springframework.amqp:spring-amqp:2.4.17'
+
+    //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
+    implementation 'org.springframework:spring-webmvc:5.3.33'
+    implementation 'org.springframework:spring-web:5.3.33'
+
     implementation 'com.opencsv:opencsv:5.8'
 
-    // Fix CVE-2021-41079, CVE-2022-23181, CVE-2021-33037, CVE-2021-30640, CVE-2022-42252
-    implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.82'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.82'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.82'
+    // Fix CVE-2023-46589, CVE-2024-24549
+    implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.86'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.86'
+    implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.86'
     //
 
     //https://nvd.nist.gov/vuln/detail/CVE-2020-5411
@@ -131,10 +138,15 @@ dependencies {
     implementation 'org.codehaus.jettison:jettison:1.5.4'
     // Fix CVE-2020-15522
     implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
-    implementation 'org.apache.commons:commons-compress:1.25.0'
+    // Fix CVE-2024-25710, CVE-2024-26308
+    implementation 'org.apache.commons:commons-compress:1.26.0'
     implementation 'org.yaml:snakeyaml:1.33'
     implementation 'org.hibernate:hibernate-core:5.6.15.Final'
 
+    //Fix CVE-2023-6378, CVE-2023-6481, CVE-2023-6378, CVE-2023-6481
+    implementation 'ch.qos.logback:logback-classic:1.2.13'
+    implementation 'ch.qos.logback:logback-core:1.2.13'
+
     // Metrics
     implementation 'io.micrometer:micrometer-registry-prometheus:1.8.13'
 

gradle.properties

@@ -1,4 +1,4 @@
-version=5.11.0
+version=5.11.2
 description=EPAM ReportPortal. Main API Service
 dockerPrepareEnvironment=
 dockerJavaOpts=-Xmx1g -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom

src/main/java/com/epam/ta/reportportal/core/integration/plugin/PluginLoader.java

@@ -22,7 +22,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Path;
-import org.pf4j.PluginException;
+import org.pf4j.PluginRuntimeException;
 import org.pf4j.PluginWrapper;
 
 /**
@@ -35,9 +35,9 @@ public interface PluginLoader {
    *
    * @param pluginPath Plugin's path
    * @return {@link PluginInfo} with {@link PluginInfo#getId()} and {@link PluginInfo#getVersion()}
-   * @throws PluginException if there is an issue in loading the plugin or the plugin is not found in the specified path
+   * @throws PluginRuntimeException if there is an issue in loading the plugin or the plugin is not found in the specified path
    */
-  PluginInfo extractPluginInfo(Path pluginPath) throws PluginException;
+  PluginInfo extractPluginInfo(Path pluginPath) throws PluginRuntimeException;
 
   /**
    * Creates the {@link IntegrationTypeDetails} object based on the params of the plugin

src/main/java/com/epam/ta/reportportal/core/integration/plugin/impl/PluginLoaderImpl.java

@@ -48,7 +48,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.pf4j.PluginDescriptor;
 import org.pf4j.PluginDescriptorFinder;
-import org.pf4j.PluginException;
+import org.pf4j.PluginRuntimeException;
 import org.pf4j.PluginWrapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -87,7 +87,7 @@ public PluginLoaderImpl(DataStore dataStore, IntegrationTypeRepository integrati
 
   @Override
   @NotNull
-  public PluginInfo extractPluginInfo(Path pluginPath) throws PluginException {
+  public PluginInfo extractPluginInfo(Path pluginPath) throws PluginRuntimeException {
     PluginDescriptor pluginDescriptor = pluginDescriptorFinder.find(pluginPath);
     return new PluginInfo(pluginDescriptor.getPluginId(), pluginDescriptor.getVersion());
   }
@@ -99,8 +99,7 @@ public IntegrationTypeDetails resolvePluginDetails(PluginInfo pluginInfo) {
         .flatMap(it -> ofNullable(it.getDetails())).flatMap(
             typeDetails -> IntegrationTypeProperties.VERSION.getValue(typeDetails.getDetails())
                 .map(String::valueOf)).ifPresent(
-                    version -> BusinessRule.expect(version, v -> !v.equalsIgnoreCase(
-                pluginInfo.getVersion()))
+            version -> BusinessRule.expect(version, v -> !v.equalsIgnoreCase(pluginInfo.getVersion()))
                 .verify(
                     ErrorType.PLUGIN_UPLOAD_ERROR, Suppliers.formattedSupplier(
                         "Plugin with ID = '{}' of the same VERSION = '{}' "

src/main/java/com/epam/ta/reportportal/core/item/impl/status/ChangeStatusHandlerImpl.java

@@ -19,6 +19,7 @@
 import static com.epam.ta.reportportal.entity.enums.StatusEnum.FAILED;
 import static com.epam.ta.reportportal.entity.enums.StatusEnum.INFO;
 import static com.epam.ta.reportportal.entity.enums.StatusEnum.PASSED;
+import static com.epam.ta.reportportal.entity.enums.StatusEnum.SKIPPED;
 import static com.epam.ta.reportportal.entity.enums.StatusEnum.WARN;
 import static com.epam.ta.reportportal.ws.converter.converters.TestItemConverter.TO_ACTIVITY_RESOURCE;
 import static java.util.Optional.ofNullable;
@@ -92,9 +93,9 @@ private boolean isParentStatusUpdateRequired(TestItem parent) {
     return parent.getItemResults().getStatus() != StatusEnum.IN_PROGRESS
         && parent.getItemResults().getStatus() != PASSED
         && parent.getItemResults().getStatus() != FAILED
+        && parent.getItemResults().getStatus() != SKIPPED
         && !testItemRepository.hasItemsInStatusByParent(parent.getItemId(), parent.getPath(),
-        StatusEnum.IN_PROGRESS.name()
-    );
+        StatusEnum.IN_PROGRESS.name());
   }
 
   private StatusEnum resolveStatus(Long itemId) {

src/main/java/com/epam/ta/reportportal/core/project/GetProjectHandler.java

@@ -21,6 +21,7 @@
 import com.epam.ta.reportportal.commons.querygen.Queryable;
 import com.epam.ta.reportportal.entity.jasper.ReportFormat;
 import com.epam.ta.reportportal.entity.project.Project;
+import com.epam.ta.reportportal.entity.user.UserRole;
 import com.epam.ta.reportportal.model.project.ProjectResource;
 import com.epam.ta.reportportal.model.user.SearchUserResource;
 import com.epam.ta.reportportal.model.user.UserResource;
@@ -88,6 +89,7 @@ public interface GetProjectHandler {
    * @return List of found user resources
    */
   Iterable<SearchUserResource> getUserNames(String value,
+     UserRole userRole,
       ReportPortalUser.ProjectDetails projectDetails, Pageable pageable);
 
   /**

src/main/java/com/epam/ta/reportportal/core/project/impl/GetProjectHandlerImpl.java

@@ -42,6 +42,7 @@
 import com.epam.ta.reportportal.entity.project.ProjectInfo;
 import com.epam.ta.reportportal.entity.user.User;
 import com.epam.reportportal.rules.exception.ReportPortalException;
+import com.epam.ta.reportportal.entity.user.UserRole;
 import com.epam.ta.reportportal.model.project.ProjectResource;
 import com.epam.ta.reportportal.model.user.SearchUserResource;
 import com.epam.ta.reportportal.model.user.UserResource;
@@ -60,6 +61,7 @@
 import org.jooq.Operator;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.stereotype.Service;
@@ -82,6 +84,9 @@ public class GetProjectHandlerImpl implements GetProjectHandler {
 
   private final ProjectConverter projectConverter;
 
+  @Value("${rp.environment.variable.user.suggestions:true}")
+  boolean isUserSuggestions;
+
   @Autowired
   public GetProjectHandlerImpl(ProjectRepository projectRepository, UserRepository userRepository,
       @Qualifier("projectJasperReportHandler")
@@ -161,10 +166,12 @@ private void checkBusinessRuleLessThan1Symbol(String value) {
 
   @Override
   public Iterable<SearchUserResource> getUserNames(String value,
-      ReportPortalUser.ProjectDetails projectDetails, Pageable pageable) {
+      UserRole userRole,ReportPortalUser.ProjectDetails projectDetails, Pageable pageable) {
     checkBusinessRuleLessThan1Symbol(value);
 
-    final CompositeFilterCondition userCondition = getUserSearchCondition(value);
+    final CompositeFilterCondition userCondition =
+				(userRole.equals(UserRole.ADMINISTRATOR) || isUserSuggestions)
+						? getUserSearchSuggestCondition(value) : getUserSearchCondition(value);
 
     final Filter filter = Filter.builder().withTarget(User.class).withCondition(userCondition)
         .withCondition(
@@ -176,13 +183,18 @@ public Iterable<SearchUserResource> getUserNames(String value,
         .apply(userRepository.findByFilterExcludingProjects(filter, pageable));
   }
 
-  private CompositeFilterCondition getUserSearchCondition(String value) {
-    return new CompositeFilterCondition(
-        List.of(new FilterCondition(Operator.OR, Condition.CONTAINS, false, value, CRITERIA_USER),
-            new FilterCondition(Operator.OR, Condition.CONTAINS, false, value, CRITERIA_FULL_NAME),
-            new FilterCondition(Operator.OR, Condition.CONTAINS, false, value, CRITERIA_EMAIL)
-        ), Operator.AND);
-  }
+	private CompositeFilterCondition getUserSearchSuggestCondition(String value) {
+		return new CompositeFilterCondition(List.of(new FilterCondition(Operator.OR, Condition.CONTAINS, false, value, CRITERIA_USER),
+				new FilterCondition(Operator.OR, Condition.CONTAINS, false, value, CRITERIA_FULL_NAME),
+				new FilterCondition(Operator.OR, Condition.CONTAINS, false, value, CRITERIA_EMAIL)
+		), Operator.AND);
+	}
+
+	private CompositeFilterCondition getUserSearchCondition(String value) {
+		return new CompositeFilterCondition(List.of(
+				new FilterCondition(Operator.OR, Condition.EQUALS, false, value, CRITERIA_EMAIL)
+		), Operator.AND);
+	}
 
   @Override
   public List<String> getAllProjectNames() {

src/main/java/com/epam/ta/reportportal/plugin/Pf4jPluginManager.java

@@ -53,8 +53,8 @@
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.pf4j.PluginException;
 import org.pf4j.PluginManager;
+import org.pf4j.PluginRuntimeException;
 import org.pf4j.PluginState;
 import org.pf4j.PluginWrapper;
 import org.slf4j.Logger;
@@ -385,7 +385,7 @@ private PluginInfo resolvePluginInfo(final String fileName, InputStream fileStre
       BusinessRule.expect(validatePluginMetaInfo(newPluginInfo), equalTo(Boolean.TRUE))
           .verify(ErrorType.PLUGIN_UPLOAD_ERROR, "Plugin version should be specified.");
       return newPluginInfo;
-    } catch (PluginException e) {
+    } catch (PluginRuntimeException e) {
       removeUploadingPlugin(fileName);
       throw new ReportPortalException(ErrorType.PLUGIN_UPLOAD_ERROR, e.getMessage());
     }
@@ -746,7 +746,7 @@ private PluginState loadPreviousPlugin(PluginWrapper previousPlugin,
                         previousPlugin.getPluginId())
                     .get()
             )));
-      } catch (PluginException e) {
+      } catch (PluginRuntimeException e) {
         throw new ReportPortalException(ErrorType.PLUGIN_UPLOAD_ERROR,
             Suppliers.formattedSupplier("Unable to reload previousPlugin with id = '{}': '{}'",
                 previousPlugin.getPluginId(),

src/main/java/com/epam/ta/reportportal/plugin/ReportPortalExtensionFactory.java

@@ -44,18 +44,18 @@ public ReportPortalExtensionFactory(String resourcesDir, PluginManager pluginMan
   }
 
   @Override
-  public Object create(Class<?> extensionClass) {
+  public <T> T create(Class<T> extensionClass) {
     PluginWrapper pluginWrapper = pluginManager.whichPlugin(extensionClass);
     if (beanFactory.containsSingleton(pluginWrapper.getPluginId())) {
-      return beanFactory.getSingleton(pluginWrapper.getPluginId());
+      return extensionClass.cast(beanFactory.getSingleton(pluginWrapper.getPluginId()));
     } else {
-      return createExtension(extensionClass, pluginWrapper);
+      return extensionClass.cast(createExtension(extensionClass, pluginWrapper));
     }
   }
 
-  private Object createExtension(Class<?> extensionClass, PluginWrapper pluginWrapper) {
+  private <T> T createExtension(Class<T> extensionClass, PluginWrapper pluginWrapper) {
     Map<String, Object> initParams = getInitParams(pluginWrapper);
-    Object plugin = createPlugin(extensionClass, initParams);
+    T plugin = createPlugin(extensionClass, initParams);
     beanFactory.autowireBean(plugin);
     beanFactory.initializeBean(plugin, pluginWrapper.getDescriptor().getPluginId());
     beanFactory.registerSingleton(pluginWrapper.getDescriptor().getPluginId(), plugin);
@@ -66,7 +66,7 @@ private Object createExtension(Class<?> extensionClass, PluginWrapper pluginWrap
     return plugin;
   }
 
-  private Object createPlugin(Class<?> extensionClass, Map<String, Object> initParams) {
+  private <T> T createPlugin(Class<T> extensionClass, Map<String, Object> initParams) {
     try {
       return extensionClass.getDeclaredConstructor(Map.class).newInstance(initParams);
     } catch (Exception ex) {

src/main/java/com/epam/ta/reportportal/ws/controller/ProjectController.java

@@ -275,11 +275,10 @@ public List<String> getProjectUsers(@PathVariable String projectName,
   @ResponseStatus(OK)
   @PreAuthorize(PROJECT_MANAGER)
   public Iterable<SearchUserResource> searchForUser(@PathVariable String projectName,
-      @RequestParam(value = "term") String term, Pageable pageable,
-      @AuthenticationPrincipal ReportPortalUser user) {
-    return getProjectHandler.getUserNames(term,
-        projectExtractor.extractProjectDetails(user, projectName), pageable
-    );
+      @RequestParam(value = "term") String term,
+      Pageable pageable, @AuthenticationPrincipal ReportPortalUser user) {
+    return getProjectHandler.getUserNames(term, user.getUserRole(),
+        projectExtractor.extractProjectDetails(user, projectName), pageable);
   }
 
   @Transactional

src/test/java/com/epam/ta/reportportal/core/integration/plugin/impl/PluginLoaderTest.java

@@ -36,8 +36,8 @@
 import org.junit.jupiter.api.Test;
 import org.pf4j.PluginDescriptor;
 import org.pf4j.PluginDescriptorFinder;
-import org.pf4j.PluginException;
 import org.pf4j.PluginManager;
+import org.pf4j.PluginRuntimeException;
 import org.pf4j.PluginWrapper;
 
 /**
@@ -72,7 +72,7 @@ class PluginLoaderTest {
       );
 
   @Test
-  void shouldExtractPluginIdWhenExists() throws PluginException {
+  void shouldExtractPluginIdWhenExists() throws PluginRuntimeException {
 
     Path path = Paths.get("dir", FILE_NAME);
 

src/test/java/com/epam/ta/reportportal/core/project/impl/GetProjectHandlerImplTest.java

@@ -39,18 +39,22 @@
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
+import org.mockito.Spy;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.data.domain.PageRequest;
+import org.springframework.test.context.TestPropertySource;
 
 /**
  * @author <a href="mailto:[email protected]">Ihar Kahadouski</a>
  */
 @ExtendWith(MockitoExtension.class)
+@TestPropertySource(properties = {"rp.environment.variable.user.suggestions=true"})
 class GetProjectHandlerImplTest {
 
   @Mock
   private ProjectRepository projectRepository;
 
+  @Spy
   @InjectMocks
   private GetProjectHandlerImpl handler;
 
@@ -124,17 +128,11 @@ void getUserNamesByIncorrectTerm() {
     );
   }
 
-  @Test
-  void getUserNamesNegative() {
-    ReportPortalException exception = assertThrows(
-        ReportPortalException.class, () -> handler.getUserNames("",
-            new ReportPortalUser.ProjectDetails(1L, "superadmin_personal",
-                ProjectRole.PROJECT_MANAGER
-            ), PageRequest.of(0, 10)
-        ));
-    assertEquals(
-        "Incorrect filtering parameters. Length of the filtering string '' is less than 1 symbol",
-        exception.getMessage()
-    );
-  }
+	@Test
+	void getUserNamesNegative() {
+		ReportPortalException exception = assertThrows(ReportPortalException.class, () -> handler.getUserNames("", UserRole.ADMINISTRATOR,
+				new ReportPortalUser.ProjectDetails(1L, "superadmin_personal", ProjectRole.PROJECT_MANAGER),
+				PageRequest.of(0, 10)));
+		assertEquals("Incorrect filtering parameters. Length of the filtering string '' is less than 1 symbol", exception.getMessage());
+	}
 }