Merge pull request #1716 from matthewdunsdon/CVE-2020-15250

fix(#1713): CVE-2020-15250 (Medium) detected in junit-4.12.jar

Author: willsalt-sl

custom/build.gradle

@@ -11,5 +11,5 @@ repositories {
 }
 
 dependencies {
-    testCompile group: 'junit', name: 'junit', version: '4.12'
+    testCompile group: 'junit', name: 'junit', version: '4.13.1'
 }

gradle.properties

@@ -29,15 +29,14 @@ LEADPONY_JUSTIFY_VERSION=0.14.0
 JACKSON_VERSION=2.11.1
 MEDEIA_VALIDATOR_JACKSON_VERSION=1.1.1
 
-JUNIT_JUPITER_VERSION=5.5.1
-JUNIT_4_VERSION=4.12
-JUNIT_PLATFORM_RUNNER_VERSION=1.3.1
+JUNIT_JUPITER_VERSION=5.6.3
+JUNIT_4_VERSION=4.13.1
+JUNIT_PLATFORM_RUNNER_VERSION=1.6.3
 MOCKITO_VERSION=1.9.5
 MOCKITO_JUNIT_JUPITER_VERSION=2.28.2
 GHERKIN_VERSION=5.0.0
-CUCUMBER_VERSION=4.0.0
-CUCUMBER_EXPRESSIONS_VERSION=6.0.1
-CUCUMBER_PICOCONTAINER_VERSION=1.2.5
+CUCUMBER_VERSION=5.0.0
+CUCUMBER_PICOCONTAINER_VERSION=5.0.0
 SELENIUM_VERSION=3.141.59
 
 FAKER_VERSION=1.0.2

orchestrator/build.gradle

@@ -45,13 +45,11 @@ dependencies {
     testCompile "org.junit.platform:junit-platform-runner:${JUNIT_PLATFORM_RUNNER_VERSION}"
     testCompile "org.junit.vintage:junit-vintage-engine:${JUNIT_JUPITER_VERSION}"
     testCompile "org.junit.jupiter:junit-jupiter-params:${JUNIT_JUPITER_VERSION}"
-    testCompile "io.cucumber:cucumber-core:${CUCUMBER_VERSION}"
     testCompile "io.cucumber:cucumber-junit:${CUCUMBER_VERSION}"
     testCompile "io.cucumber:cucumber-java:${CUCUMBER_VERSION}"
-    testCompile "io.cucumber:cucumber-jvm:${CUCUMBER_VERSION}"
+    testCompile "io.cucumber:cucumber-java8:${CUCUMBER_VERSION}"
     testCompile "io.cucumber:gherkin:${GHERKIN_VERSION}"
-    testCompile "io.cucumber:cucumber-expressions:${CUCUMBER_EXPRESSIONS_VERSION}"
-    testCompile "info.cukes:cucumber-picocontainer:${CUCUMBER_PICOCONTAINER_VERSION}"
+    testCompile "io.cucumber:cucumber-picocontainer:${CUCUMBER_PICOCONTAINER_VERSION}"
     testCompile "org.mockito:mockito-all:${MOCKITO_VERSION}"
     testCompile "com.shazam:shazamcrest:${SHAZAMCREST_VERSION}"
     testCompile "org.junit.jupiter:junit-jupiter-engine:${JUNIT_JUPITER_VERSION}"

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/features/operators/general/ConstraintTypes.feature

@@ -41,9 +41,9 @@ Feature: Correct Constraint Types, validation exceptions should be raised if the
     Given there is a non nullable field foo
     And foo has type "datetime"
     And foo is in set:
-      | "aaa"|
-      | "bbb |
-      | "ccc |
+      | "aaa" |
+      | "bbb" |
+      | "ccc" |
     Then the profile is invalid
 
   Scenario Outline: <wrongType> constraint <constraint> cannot be applied to <type> fields

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/testframework/TestRunner.java

@@ -17,8 +17,8 @@
 package com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework;
 
 import com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.utils.GeneratorCucumber;
+import io.cucumber.junit.CucumberOptions;
 import org.junit.runner.RunWith;
-import cucumber.api.CucumberOptions;
 
 @RunWith(GeneratorCucumber.class)
 @CucumberOptions(

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/testframework/steps/BooleanValueStep.java

@@ -16,9 +16,11 @@
 
 package com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.steps;
 
+import com.fasterxml.jackson.core.JsonParseException;
 import com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.utils.CucumberTestState;
 import com.scottlogic.datahelix.generator.profile.dtos.constraints.ConstraintType;
-import cucumber.api.java.en.When;
+import io.cucumber.java.ParameterType;
+import io.cucumber.java.en.When;
 
 public class BooleanValueStep {
     private final CucumberTestState state;
@@ -27,6 +29,11 @@ public BooleanValueStep(CucumberTestState state) {
         this.state = state;
     }
 
+    @ParameterType(name = "boolean", value = "(true|false)$")
+    public Boolean defineBoolean(String value) throws JsonParseException {
+        return Boolean.valueOf(value);
+    }
+
     @When("{fieldVar} is equal to {boolean}")
     public void whenFieldIsConstrainedByNumericValue(String fieldName, Boolean value) {
         this.state.addConstraint(fieldName, ConstraintType.EQUAL_TO, value);

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/testframework/steps/CombinationStrategyStep.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2019 Scott Logic Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.steps;
+
+import com.scottlogic.datahelix.generator.core.config.detail.CombinationStrategyType;
+import io.cucumber.java.ParameterType;
+
+import java.util.Arrays;
+
+public class CombinationStrategyStep {
+    @ParameterType(name = "combinationStrategy", value = "(.*)$")
+    public CombinationStrategyType defineCombinationStrategy(String value) {
+        return Arrays.stream(CombinationStrategyType.values())
+            .filter(val -> val.toString().equalsIgnoreCase(value))
+            .findFirst().orElse(CombinationStrategyType.PINNING);
+    }
+}

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/testframework/steps/CucumberHooks.java

@@ -16,8 +16,8 @@
 
 package com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.steps;
 
-import cucumber.api.Scenario;
-import cucumber.api.java.Before;
+import io.cucumber.java.Before;
+import io.cucumber.java.Scenario;
 import org.junit.AssumptionViolatedException;
 
 public class CucumberHooks {

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/testframework/steps/DataGenerationStep.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2019 Scott Logic Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.steps;
+
+import com.scottlogic.datahelix.generator.core.config.detail.DataGenerationType;
+import com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.utils.CucumberGenerationMode;
+import io.cucumber.java.ParameterType;
+
+import java.util.Arrays;
+
+public class DataGenerationStep {
+    @ParameterType(name = "generationStrategy", value = "(.*)$")
+    public DataGenerationType defineGenerationStrategy(String value) {
+        return Arrays.stream(DataGenerationType.values())
+            .filter(val -> val.toString().equalsIgnoreCase(value))
+            .findFirst().orElse(DataGenerationType.FULL_SEQUENTIAL);
+    }
+
+    @ParameterType(name = "generationMode", value = "(.*)$")
+    public CucumberGenerationMode defineGenerationMode(String value) {
+        return Arrays.stream(CucumberGenerationMode.values())
+            .filter(val -> val.toString().equalsIgnoreCase(value))
+            .findFirst().orElse(CucumberGenerationMode.VALIDATING);
+    }
+}

orchestrator/src/test/java/com/scottlogic/datahelix/generator/orchestrator/cucumber/testframework/steps/DateTimeValueStep.java

@@ -20,12 +20,16 @@
 import com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.utils.CucumberTestState;
 import com.scottlogic.datahelix.generator.orchestrator.cucumber.testframework.utils.GeneratorTestUtilities;
 import com.scottlogic.datahelix.generator.profile.dtos.constraints.ConstraintType;
-import cucumber.api.java.en.And;
-import cucumber.api.java.en.Then;
-import cucumber.api.java.en.When;
+import io.cucumber.java.ParameterType;
+import io.cucumber.java.en.And;
+import io.cucumber.java.en.Then;
+import io.cucumber.java.en.When;
 
 import java.time.OffsetDateTime;
+import java.util.Arrays;
+import java.util.List;
 import java.util.function.Function;
+import java.util.stream.Collectors;
 
 public class DateTimeValueStep {
     public static final String DATETIME_REGEX = "(-?(\\d{4,19})-(\\d{2})-(\\d{2}T(\\d{2}:\\d{2}:\\d{2}\\.\\d{3}))Z?)";
@@ -37,6 +41,20 @@ public DateTimeValueStep(CucumberTestState state, CucumberTestHelper helper){
         this.helper = helper;
     }
 
+    @ParameterType(name = "date", value = DateTimeValueStep.DATETIME_REGEX)
+    public String defineDate(String value) {
+        return extractConstraint(value);
+    }
+
+    private String extractConstraint(String gherkinConstraint) {
+        List<String> allConstraints = Arrays.asList(gherkinConstraint.split(" "));
+        return allConstraints.get(0) + allConstraints
+            .stream()
+            .skip(1)
+            .map(value -> value.substring(0, 1).toUpperCase() + value.substring(1))
+            .collect(Collectors.joining());
+    }
+
     @When("^([A-z0-9]+) is equal to boolean true")
     public void equalToTrue(String fieldName) {
         state.addConstraint(fieldName, ConstraintType.EQUAL_TO, true);