Merge pull request #216 from navikt/feature/vulnerabilities

Feature/vulnerabilities

.github/dependabot.yml

@@ -0,0 +1,37 @@
+version: 2
+registries:
+  maven-github:
+    type: maven-repository
+    url: https://github-package-registry-mirror.gc.nav.no/cached/maven-release
+    username: x-access-token
+    password: no-secret-required
+updates:
+  - package-ecosystem: "maven"
+    directory: "/"
+    registries:
+      - "maven-github"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/Oslo"
+    commit-message:
+      prefix: "[dependency] "
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/Oslo"
+    commit-message:
+      prefix: "[docker] "
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "Europe/Oslo"
+    commit-message:
+      prefix: "[github-actions] "

.github/workflows/build-and-deploy.yaml

@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-java@v3
         with:
-          java-version: '17'
+          java-version: '21'
           distribution: 'temurin'
       - uses: actions/cache@v3
         with:
@@ -190,7 +190,6 @@ jobs:
       - name: feature ingresses
         if: github.ref != 'refs/heads/main'
         run: |
-          echo "INGRESS_BEREGN_SAERTILSKUDD=https://bidrag-beregn-saertilskudd-rest-feature.intern.dev.nav.no" >> $GITHUB_ENV
           echo "INGRESS_CUCUMBER=https://bidrag-cucumber-cloud-feature.ekstern.dev.nav.no" >> $GITHUB_ENV
       - run: |
           curl -H "Content-Type: application/json" -i \
@@ -237,7 +236,6 @@ jobs:
       - name: feature ingresses
         if: github.ref != 'refs/heads/main'
         run: |
-          echo "INGRESS_BEREGN_BARNEBIDRAG=https://bidrag-beregn-barnebidrag-rest-feature.intern.dev.nav.no" >> $GITHUB_ENV
           echo "INGRESS_CUCUMBER=https://bidrag-cucumber-cloud-feature.ekstern.dev.nav.no" >> $GITHUB_ENV
       - run: |
           curl -H "Content-Type: application/json" -i \

.nais/feature.yaml

@@ -12,16 +12,16 @@ access:
     grunnlag: bidrag-grunnlag-feature.intern.dev.nav.no
     vedtak: bidrag-vedtak-feature.intern.dev.nav.no
     stonad: bidrag-stonad-feature.intern.dev.nav.no
-    barnebidrag: bidrag-beregn-barnebidrag-feature.intern.dev.nav.no
+    barnebidrag: bidrag-beregn-barnebidrag.intern.dev.nav.no
     forskudd: bidrag-beregn-forskudd.intern.dev.nav.no
-    saertilskudd: bidrag-beregn-saertilskudd-feature.intern.dev.nav.no
+    saertilskudd: bidrag-beregn-saertilskudd.intern.dev.nav.no
 kafka-topic-journalpost: bidrag.journalpost-feature
 scope:
   oppgave: dev-fss.oppgavehandtering.oppgave-q1
   sak: dev-fss.bidrag.bidrag-sak-feature
-  beregn_saertilskudd: dev-gcp.bidrag.bidrag-beregn-saertilskudd-rest-feature
+  beregn_saertilskudd: dev-gcp.bidrag.bidrag-beregn-saertilskudd-rest
   beregn_forskudd: dev-gcp.bidrag.bidrag-beregn-forskudd-rest
-  beregn_barnebidrag: dev-gcp.bidrag.bidrag-beregn-barnebidrag-rest-feature
+  beregn_barnebidrag: dev-gcp.bidrag.bidrag-beregn-barnebidrag-rest
   dokument_forsendelse: dev-gcp.bidrag.bidrag-dokument-forsendelse-feature
   bidrag_vedtak: dev-gcp.bidrag.bidrag-vedtak-feature
   bidrag_grunnlag: dev-gcp.bidrag.bidrag-grunnlag-feature

.nais/nais.yaml

@@ -48,7 +48,7 @@ spec:
       cpu: 1000m
       memory: 1024Mi
     requests:
-      cpu: 500m
+      cpu: 250m
       memory: 512Mi
   ingresses:
   {{#each ingresses as |url|}}

Dockerfile

@@ -1,4 +1,4 @@
-FROM navikt/java:17
+FROM ghcr.io/navikt/baseimages/temurin:21
 LABEL maintainer="Team Bidrag" \
       email="[email protected]"
 

pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.1.2</version>
+    <version>3.2.1</version>
     <relativePath/> <!-- lookup parent from repository -->
   </parent>
 
@@ -20,22 +20,22 @@
 
   <properties>
     <!-- dependency management -->
-    <apache-httpcomponenents.version>5.2.1</apache-httpcomponenents.version>
-    <bidrag-commons.version>20230427084654_4121ef0</bidrag-commons.version>
-    <bidrag-transport.version>20231010134706_52d8d27</bidrag-transport.version>
-    <cucumber.version>7.13.0</cucumber.version>
+    <apache-httpcomponenents.version>5.3</apache-httpcomponenents.version>
+    <bidrag-felles.version>2024.0111.144947</bidrag-felles.version>
+    <cucumber.version>7.15.0</cucumber.version>
     <json-path.version>2.8.0</json-path.version>
-    <mockito-kotlin.version>4.1.0</mockito-kotlin.version>
+    <mockito-kotlin.version>5.2.1</mockito-kotlin.version>
     <mockk.version>4.0.2</mockk.version>
-    <springdoc-openapi-ui.version>2.2.0</springdoc-openapi-ui.version>
-    <snakeyaml.version>2.0</snakeyaml.version>
+    <springdoc-openapi-ui.version>2.3.0</springdoc-openapi-ui.version>
+    <snakeyaml.version>2.2</snakeyaml.version>
+    <caffeine.version>3.1.8</caffeine.version>
+    <msal4j.version>1.14.2</msal4j.version>
+    <awaitility-kotlin.version>4.2.0</awaitility-kotlin.version>
+    <ktlint.version>1.1.1</ktlint.version>
 
     <!-- build -->
-    <build-helper-maven-plugin.version>3.3.0</build-helper-maven-plugin.version>
-    <kotlin.version>1.9.10</kotlin.version>
-    <maven-assembly-plugin.version>3.5.0</maven-assembly-plugin.version>
-    <maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
-    <maven-surefire-plugin.version>3.0.0</maven-surefire-plugin.version>
+    <build-helper-maven-plugin.version>3.5.0</build-helper-maven-plugin.version>
+    <kotlin.version>1.9.22</kotlin.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
 
@@ -50,23 +50,23 @@
     <dependency>
       <groupId>com.github.ben-manes.caffeine</groupId>
       <artifactId>caffeine</artifactId>
-      <version>3.1.6</version>
+      <version>${caffeine.version}</version>
     </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.13.10</version>
+      <version>${msal4j.version}</version>
     </dependency>
     <!-- nav -->
     <dependency>
       <groupId>no.nav.bidrag</groupId>
-      <artifactId>bidrag-commons</artifactId>
-      <version>${bidrag-commons.version}</version>
+      <artifactId>bidrag-commons-felles</artifactId>
+      <version>${bidrag-felles.version}</version>
     </dependency>
     <dependency>
       <groupId>no.nav.bidrag</groupId>
-      <artifactId>bidrag-transport</artifactId>
-      <version>${bidrag-transport.version}</version>
+      <artifactId>bidrag-transport-felles</artifactId>
+      <version>${bidrag-felles.version}</version>
     </dependency>
     <!-- spring-boot -->
     <dependency>
@@ -225,7 +225,7 @@
     <dependency>
       <groupId>org.awaitility</groupId>
       <artifactId>awaitility-kotlin</artifactId>
-      <version>4.2.0</version>
+      <version>${awaitility-kotlin.version}</version>
     </dependency>
   </dependencies>
 
@@ -280,7 +280,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-antrun-plugin</artifactId>
-        <version>3.1.0</version>
+        <version>${maven-antrun-plugin.version}</version>
         <executions>
           <execution>
             <id>ktlint</id>
@@ -318,9 +318,9 @@
         </executions>
         <dependencies>
           <dependency>
-            <groupId>com.pinterest</groupId>
-            <artifactId>ktlint</artifactId>
-            <version>0.47.1</version>
+            <groupId>com.pinterest.ktlint</groupId>
+            <artifactId>ktlint-cli</artifactId>
+            <version>${ktlint.version}</version>
           </dependency>
           <!-- additional 3rd party ruleset(s) can be specified here -->
         </dependencies>

src/main/kotlin/no/nav/bidrag/cucumber/BidragCucumberCloud.kt

@@ -16,12 +16,13 @@ class BidragCucumberCloud {
 
         @JvmStatic
         fun main(args: Array<String>) {
-            val profile = if (args.isEmpty()) {
-                PROFILE_LIVE
-            } else {
-                LOGGER.info("Starter med profil (argument): $args")
-                args[0]
-            }
+            val profile =
+                if (args.isEmpty()) {
+                    PROFILE_LIVE
+                } else {
+                    LOGGER.info("Starter med profil (argument): $args")
+                    args[0]
+                }
 
             val app = SpringApplication(BidragCucumberCloud::class.java)
 

src/main/kotlin/no/nav/bidrag/cucumber/Constants.kt

@@ -21,4 +21,5 @@ internal const val CORRELATION_ID = "correlationId"
 internal const val FAGOMRADE_BIDRAG = "BID"
 
 class AzureTokenException(message: String, exception: Exception? = null) : RuntimeException(message, exception)
+
 fun usernameNotFound(): Nothing = throw RuntimeException("Fant ikke bruker")

src/main/kotlin/no/nav/bidrag/cucumber/Environment.kt

@@ -20,8 +20,11 @@ internal object Environment {
     val testUserAuth: String get() = fetchPropertyOrEnvironment(testAuthPropName()) ?: throw unknownState(testAuthPropName())
 
     fun fetchPropertyOrEnvironment(key: String): String? = System.getProperty(key) ?: System.getenv(key)
+
     private fun testAuthPropName() = TEST_AUTH + '_' + testUsername?.uppercase()
+
     private fun unknownState(name: String) = IllegalStateException("Ukjent miljøvariabel ($name), kjente: ${listKnownVariables()}!")
+
     private fun listKnownVariables() = ArrayList(System.getenv().keys).joinToString { it }
 
     fun initCucumberEnvironment(cucumberTestsModel: CucumberTestsModel) {

src/main/kotlin/no/nav/bidrag/cucumber/ScenarioManager.kt

@@ -55,7 +55,7 @@ object ScenarioManager {
             --------------
             =|>   Starting ${scenarioMessage(scenario)} with correlationId:
             =|>   https://logs.adeo.no/app/kibana#/discover?_g=($time)&_a=($columns,$index,interval:auto,$query,$sort)
-            """.trimIndent()
+            """.trimIndent(),
         )
     }
 
@@ -64,7 +64,11 @@ object ScenarioManager {
     }
 
     fun fetchCorrelationIdForScenario() = correlationIdForScenario ?: createCorrelationIdValue("unknown")
-    fun errorLog(message: String, e: Exception) {
+
+    fun errorLog(
+        message: String,
+        e: Exception,
+    ) {
         LOGGER.error(message)
         CucumberTestRun.holdExceptionForTest(e)
     }

src/main/kotlin/no/nav/bidrag/cucumber/SpringConfig.kt

@@ -22,32 +22,33 @@ import org.springframework.kafka.core.KafkaTemplate
 
 @Configuration
 @OpenAPIDefinition(
-    info = io.swagger.v3.oas.annotations.info.Info(
-        title = "bidrag-cucumber-cloud",
-        description = "Funksjonelle tester for nais applikasjoner som er sikret med azure ad og bruker rest/kafka",
-        version = "v1"
-    ),
-    security = [SecurityRequirement(name = "basicAuth")]
+    info =
+        io.swagger.v3.oas.annotations.info.Info(
+            title = "bidrag-cucumber-cloud",
+            description = "Funksjonelle tester for nais applikasjoner som er sikret med azure ad og bruker rest/kafka",
+            version = "v1",
+        ),
+    security = [SecurityRequirement(name = "basicAuth")],
 )
 @SecurityScheme(
     name = "basicAuth",
     type = SecuritySchemeType.HTTP,
-    scheme = "basic"
+    scheme = "basic",
 )
 class SpringConfig {
-
     @Bean
     fun suppressStackTraceText() = SuppressStackTraceText()
 
     @Bean
     fun correlationIdFilter() = CorrelationIdFilter()
 
     @Bean
-    fun exceptionLogger() = ExceptionLogger(
-        BidragCucumberCloud::class.java.simpleName,
-        ExceptionLoggerAspect::class.java,
-        TestFailedAdvice::class.java
-    )
+    fun exceptionLogger() =
+        ExceptionLogger(
+            BidragCucumberCloud::class.java.simpleName,
+            ExceptionLoggerAspect::class.java,
+            TestFailedAdvice::class.java,
+        )
 
     @Bean
     @Scope("prototype")
@@ -59,11 +60,10 @@ class SpringConfig {
 @Configuration
 @Profile(PROFILE_LIVE)
 class LiveSpringConfig {
-
     @Bean
     fun jornalpostKafkaHendelseProducer(
         kafkaTemplate: KafkaTemplate<String, String>,
         @Value("\${TOPIC_JOURNALPOST}") topic: String,
-        objectMapper: ObjectMapper
+        objectMapper: ObjectMapper,
     ) = JournalpostKafkaHendelseProducer(kafkaTemplate = kafkaTemplate, topic = topic, objectMapper = objectMapper)
 }

src/main/kotlin/no/nav/bidrag/cucumber/aop/ExceptionLoggerAspect.kt

@@ -10,9 +10,11 @@ import org.springframework.stereotype.Component
 @Aspect
 @Component
 class ExceptionLoggerAspect(private val exceptionLogger: ExceptionLogger) {
-
     @AfterThrowing(pointcut = "within (no.nav.bidrag.cucumber.controller..*)", throwing = "exception")
-    fun logException(joinPoint: JoinPoint, exception: Exception) {
+    fun logException(
+        joinPoint: JoinPoint,
+        exception: Exception,
+    ) {
         val logMessages = exceptionLogger.logException(exception, joinPoint.sourceLocation.withinType.toString())
         CucumberTestRun.hold(logMessages)
     }

src/main/kotlin/no/nav/bidrag/cucumber/aop/TestFailedAdvice.kt

@@ -10,20 +10,21 @@ import org.springframework.web.bind.annotation.RestControllerAdvice
 
 @RestControllerAdvice
 class TestFailedAdvice {
-
     @ResponseBody
     @ExceptionHandler
-    fun handleTestFailedException(testFailedException: TestFailedException) = ResponseEntity
-        .status(HttpStatus.NOT_ACCEPTABLE)
-        .header(HttpHeaders.WARNING, warningFrom(testFailedException))
-        .body(testFailedException.suppressedStackTraceLog)
+    fun handleTestFailedException(testFailedException: TestFailedException) =
+        ResponseEntity
+            .status(HttpStatus.NOT_ACCEPTABLE)
+            .header(HttpHeaders.WARNING, warningFrom(testFailedException))
+            .body(testFailedException.suppressedStackTraceLog)
 
     @ResponseBody
     @ExceptionHandler
-    fun handleUnknownExceptions(runtimeException: RuntimeException) = ResponseEntity
-        .status(HttpStatus.INTERNAL_SERVER_ERROR)
-        .header(HttpHeaders.WARNING, warningFrom(runtimeException))
-        .build<Any>()
+    fun handleUnknownExceptions(runtimeException: RuntimeException) =
+        ResponseEntity
+            .status(HttpStatus.INTERNAL_SERVER_ERROR)
+            .header(HttpHeaders.WARNING, warningFrom(runtimeException))
+            .build<Any>()
 
     private fun warningFrom(runtimeException: RuntimeException) = "${runtimeException.javaClass.simpleName}: ${runtimeException.message}"
 }