hmcts · sabahirfan · Mar 20, 2023 · Mar 20, 2023 · Mar 20, 2023
diff --git a/build.gradle b/build.gradle
@@ -1,7 +1,6 @@
 plugins {
   id 'application'
   id 'checkstyle'
-  id 'pmd'
   id 'jacoco'
   id 'io.spring.dependency-management' version '1.1.0'
   id 'org.springframework.boot' version '2.7.9'
@@ -15,20 +14,15 @@ version = '0.0.1'
 
 java {
   toolchain {
-    languageVersion = JavaLanguageVersion.of(17)
+    languageVersion = JavaLanguageVersion.of(11)
   }
 }
 
-configurations {
-  functionalTestImplementation.extendsFrom testImplementation
-  functionalTestRuntimeOnly.extendsFrom runtimeOnly
-
-  integrationTestImplementation.extendsFrom testImplementation
-  integrationTestRuntimeOnly.extendsFrom runtimeOnly
-
-  smokeTestImplementation.extendsFrom testImplementation
-  smokeTestRuntimeOnly.extendsFrom runtimeOnly
-}
+def versions = [
+  junit        : '5.7.0',
+  junitPlatform: '1.8.1',
+  lombok :       '1.18.26'
+]
 
 tasks.withType(JavaCompile) {
   options.compilerArgs << "-Xlint:unchecked" << "-Werror"
@@ -57,15 +51,6 @@ checkstyle {
   getConfigDirectory().set(new File(rootDir, 'config/checkstyle'))
 }
 
-pmd {
-  toolVersion = "6.55.0"
-  sourceSets = [sourceSets.main, sourceSets.test]
-  reportsDir = file("$project.buildDir/reports/pmd")
-  // https://github.com/pmd/pmd/issues/876
-  ruleSets = []
-  ruleSetFiles = files("config/pmd/ruleset.xml")
-}
-
 jacocoTestReport {
   executionData(test)
   reports {
@@ -96,6 +81,16 @@ dependencyUpdates {
   }
 }
 
+dependencyManagement {
+  dependencies {
+
+    // Solves CVE-2023-24998
+    dependency group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
+  }
+  imports {
+    mavenBom 'org.springframework.cloud:spring-cloud-dependencies:2020.0.6'
+  }
+}
 // https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html
 dependencyCheck {
   // Specifies if the build should be failed if a CVSS score above a specified level is identified.
@@ -110,53 +105,90 @@ dependencyCheck {
   skipConfigurations = [
     "checkstyle",
     "compileOnly",
-    "pmd"
   ]
 }
 
 repositories {
   mavenLocal()
   mavenCentral()
-  maven { url 'https://jitpack.io' }
+  jcenter()
+  maven {
+    url "https://jitpack.io"
+  }
+  maven {
+    url  "https://repo.spring.io/release"
+  }
+  maven {
+    url "https://dl.bintray.com/hmcts/hmcts-maven"
+  }
 }
 
 ext {
   log4JVersion = "2.19.0"
 }
 
 ext['snakeyaml.version'] = '1.33'
+ext.libraries = [
+  junit5: [
+    "org.junit.jupiter:junit-jupiter-api:${versions.junit}",
+    "org.junit.jupiter:junit-jupiter-engine:${versions.junit}",
+    "org.junit.jupiter:junit-jupiter-params:${versions.junit}",
+    "org.junit.platform:junit-platform-commons:${versions.junitPlatform}",
+    "org.junit.platform:junit-platform-engine:${versions.junitPlatform}"
+  ]
+]
 
 dependencies {
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
-  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
   implementation group: 'org.springframework.boot', name: 'spring-boot-starter-json'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
+  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-cache'
+
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '3.1.6'
+  implementation group: 'org.springframework.cloud', name: 'spring-cloud-openfeign-core', version: '3.1.6'
+  implementation group: 'io.github.openfeign', name: 'feign-httpclient', version: '11.10'
+
+  implementation group: 'org.springframework.retry', name: 'spring-retry'
+  implementation group: 'com.sendgrid', name: 'sendgrid-java', version: '4.9.3'
+  implementation group: 'com.github.hmcts', name: 'ccd-client', version: '4.9.1'
+
+  implementation group: 'commons-io', name: 'commons-io', version: '2.11.0'
+  implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.12.0'
 
-  implementation group: 'org.springdoc', name: 'springdoc-openapi-ui', version: '1.6.15'
+  implementation group: 'uk.gov.service.notify', name: 'notifications-java-client', version: '3.19.1-RELEASE'
+  implementation group: 'uk.gov.hmcts.reform', name: 'service-auth-provider-client', version: '4.0.0'
+  implementation group: 'uk.gov.hmcts.reform', name: 'idam-client', version: '2.0.0'
+  implementation group: 'uk.gov.hmcts.reform', name: 'send-letter-client', version: '3.0.3'
 
-  implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: '6.0.1'
+  implementation group: 'uk.gov.hmcts.reform', name: 'document-management-client', version: '7.0.0'
+  implementation group: 'com.github.hmcts', name: 'ccd-case-document-am-client', version: '1.7.1'
 
-  implementation group: 'org.apache.logging.log4j', name: 'log4j-api', version: log4JVersion
-  implementation group: 'org.apache.logging.log4j', name: 'log4j-to-slf4j', version: log4JVersion
+  implementation group: 'com.launchdarkly', name: 'launchdarkly-java-server-sdk', version: '5.10.7'
+  implementation group: 'com.google.guava', name: 'guava', version: '31.1-jre'
 
-  implementation group: 'io.rest-assured', name: 'rest-assured'
+  annotationProcessor group: 'org.projectlombok', name: 'lombok', version: versions.lombok
+  compileOnly group: 'org.projectlombok', name: 'lombok', version: versions.lombok
 
-  testImplementation(platform('org.junit:junit-bom:5.9.2'))
-  testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine'
+  testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: versions.lombok
+  testCompileOnly group: 'org.projectlombok', name: 'lombok', version: versions.lombok
+
+  testImplementation group: 'org.mockito', name: 'mockito-core', version: '4.2.0'
+  testImplementation group: 'org.mockito', name: 'mockito-junit-jupiter', version: '4.8.1'
+  testImplementation group: 'org.mockito', name: 'mockito-inline', version: '4.8.1'
+
+  testImplementation libraries.junit5
   testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', {
     exclude group: 'junit', module: 'junit'
-    exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
   }
 }
 
-mainClassName = 'uk.gov.hmcts.reform.demo.Application'
-
 bootJar {
-  archiveFileName = "spring-boot-template.jar"
+  enabled = false
+}
 
-  manifest {
-    attributes('Implementation-Version': project.version.toString())
-  }
+jar {
+  enabled = true
 }
 
 // Gradle 7.x issue, workaround from: https://github.com/gradle/gradle/issues/17236#issuecomment-894768083

diff --git a/config/checkstyle/checkstyle.xml b/config/checkstyle/checkstyle.xml
@@ -26,10 +26,15 @@
   <module name="FileTabCharacter">
     <property name="eachLine" value="true"/>
   </module>
-
+  <module name="RegexpMultiline">
+    <property name="format" value="^([^\n ]+ )*(class|interface) [^{]*\{\n[^\n}]"/>
+    <property name="message" value="Leave empty line after class/interface definition!"/>
+    <property name="severity" value="error"/>
+    <property name="fileExtensions" value="java"/>
+  </module>
   <module name="SuppressWarningsFilter" />
   <module name="LineLength">
-    <property name="max" value="120"/>
+    <property name="max" value="150"/>
     <property name="ignorePattern" value="^package.*|^import.*|a href|href|http://|https://|ftp://"/>
   </module>
   <module name="TreeWalker">
@@ -72,6 +77,9 @@
                 value="CLASS_DEF, METHOD_DEF, CTOR_DEF, LITERAL_FOR, LITERAL_WHILE, STATIC_INIT,
                     INSTANCE_INIT"/>
     </module>
+    <module name="WhitespaceAfter">
+      <property name="tokens" value="COMMA, SEMI"/>
+    </module>
     <module name="WhitespaceAround">
       <property name="allowEmptyConstructors" value="true"/>
       <property name="allowEmptyMethods" value="true"/>
@@ -86,11 +94,15 @@
     <module name="MultipleVariableDeclarations"/>
     <module name="ArrayTypeStyle"/>
     <module name="MissingSwitchDefault"/>
-    <module name="FallThrough"/>
+    <module name="FallThrough">
+      <property name="reliefPattern" value="FALL?[ -]?THROUGH"/>
+    </module>
     <module name="UpperEll"/>
     <module name="ModifierOrder"/>
     <module name="EmptyLineSeparator">
       <property name="allowNoEmptyLineBetweenFields" value="true"/>
+      <property name="allowMultipleEmptyLines" value="false"/>
+      <property name="allowMultipleEmptyLinesInsideClassMembers" value="false"/>
     </module>
     <module name="SeparatorWrap">
       <property name="id" value="SeparatorWrapDot"/>
@@ -185,16 +197,15 @@
     </module>
     <module name="AbbreviationAsWordInName">
       <property name="ignoreFinal" value="false"/>
-      <property name="allowedAbbreviationLength" value="1"/>
-      <property name="allowedAbbreviations" value="API"/>
+      <property name="allowedAbbreviationLength" value="3"/>
     </module>
     <module name="OverloadMethodsDeclarationOrder"/>
     <module name="VariableDeclarationUsageDistance"/>
-    <module name="CustomImportOrder">
-      <property name="sortImportsInGroupAlphabetically" value="true"/>
-      <property name="separateLineBetweenGroups" value="true"/>
-      <property name="customImportOrderRules" value="THIRD_PARTY_PACKAGE###STANDARD_JAVA_PACKAGE###STATIC"/>
-    </module>
+<!--    <module name="CustomImportOrder">-->
+<!--      <property name="sortImportsInGroupAlphabetically" value="true"/>-->
+<!--      <property name="separateLineBetweenGroups" value="true"/>-->
+<!--      <property name="customImportOrderRules" value="THIRD_PARTY_PACKAGE###STANDARD_JAVA_PACKAGE###STATIC"/>-->
+<!--    </module>-->
     <module name="MethodParamPad"/>
     <module name="NoWhitespaceBefore">
       <property name="tokens"

diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -7,6 +7,22 @@
     </notes>
     <cve>CVE-2016-1000027</cve>
   </suppress>
+  <suppress>
+    <notes>False positive. We don't have any reference to json-java_project:json-java
+      nor any reference to hutool:hutool:5.8.10. Suppressed long-term to re-assess and possibly delete.</notes>
+    <cve>CVE-2022-45688</cve>
+  </suppress>
+  <suppress>
+    <cve>CVE-2020-8908</cve>
+  </suppress>
+  <suppress until="2030-01-01">
+    <notes><![CDATA[
+                incorrectly tagging spring-security-crypto, Affects versions prior to 5.3.2
+                ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.+?$</packageUrl>
+    <cve>CVE-2020-5408</cve>
+  </suppress>
   <!--End of false positives section -->
 
   <!--Please add all the temporary suppression under the below section-->

diff --git a/config/pmd/ruleset.xml b/config/pmd/ruleset.xml
diff --git a/src/main/java/uk/gov/hmcts/reform/ccd/client/CaseAccessDataStoreApi.java b/src/main/java/uk/gov/hmcts/reform/ccd/client/CaseAccessDataStoreApi.java
@@ -0,0 +1,58 @@
+package uk.gov.hmcts.reform.ccd.client;
+
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import uk.gov.hmcts.reform.ccd.model.AddCaseAssignedUserRolesRequest;
+import uk.gov.hmcts.reform.ccd.model.AddCaseAssignedUserRolesResponse;
+import uk.gov.hmcts.reform.ccd.model.CaseAssignedUserRolesRequest;
+import uk.gov.hmcts.reform.ccd.model.CaseAssignedUserRolesResource;
+
+import java.util.List;
+
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
+import static uk.gov.hmcts.reform.ccd.client.CoreCaseDataApi.SERVICE_AUTHORIZATION;
+
+@FeignClient(name = "ccd-access-data-store-api", url = "${core_case_data.api.url}",
+    configuration = CoreCaseDataConfiguration.class)
+public interface CaseAccessDataStoreApi {
+
+    @PostMapping(
+        value = "/case-users",
+        consumes = MediaType.APPLICATION_JSON_VALUE
+    )
+    @ResponseBody
+    AddCaseAssignedUserRolesResponse addCaseUserRoles(
+        @RequestHeader(AUTHORIZATION) String authorisation,
+        @RequestHeader(SERVICE_AUTHORIZATION) String serviceAuthorization,
+        @RequestBody AddCaseAssignedUserRolesRequest caseRoleRequest
+    );
+
+    @GetMapping(
+        value = "/case-users",
+        produces = MediaType.APPLICATION_JSON_VALUE
+    )
+    @ResponseBody
+    CaseAssignedUserRolesResource getUserRoles(
+        @RequestHeader(AUTHORIZATION) String authorisation,
+        @RequestHeader(SERVICE_AUTHORIZATION) String serviceAuthorization,
+        @RequestParam("case_ids") List<String> caseIds
+    );
+
+    @DeleteMapping(
+        value = "/case-users",
+        consumes = MediaType.APPLICATION_JSON_VALUE
+    )
+    @ResponseBody
+    AddCaseAssignedUserRolesResponse removeCaseUserRoles(
+        @RequestHeader(AUTHORIZATION) String authorisation,
+        @RequestHeader(SERVICE_AUTHORIZATION) String serviceAuthorization,
+        @RequestBody CaseAssignedUserRolesRequest caseRoleRequest
+    );
+}