From 884e6c0f9415060608a4da3d6d45e1c0d9c6e87b Mon Sep 17 00:00:00 2001
From: Vincent Fazio <vjf@users.noreply.github.com>
Date: Tue, 19 Nov 2024 11:45:32 +1100
Subject: [PATCH] AUS-4268 Update versions minimise security issues

---
 pom.xml                                       | 49 +++++------
 .../web/controllers/VocabController.java      | 20 ++---
 .../web/controllers/TestVocabController.java  | 87 ++-----------------
 3 files changed, 35 insertions(+), 121 deletions(-)

diff --git a/pom.xml b/pom.xml
index 891d8a5ce..01f2e22eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,7 +45,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.1.9</version>
+        <version>3.2.11</version>
     </parent>
     
     <!-- Repositories section -->
@@ -74,24 +74,13 @@
         </repository>
     </repositories>
 
-    <!-- Dependency Management -->
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>org.yaml</groupId>
-                <artifactId>snakeyaml</artifactId>
-                <version>1.33</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
     <!-- Dependencies section -->
     <dependencies>
 		<dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
         </dependency>
-        
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -186,21 +175,22 @@
         </dependency>
 
         <dependency>
-            <groupId>mysql</groupId>
-            <artifactId>mysql-connector-java</artifactId>
-            <version>8.0.28</version>
+            <groupId>com.mysql</groupId>
+            <artifactId>mysql-connector-j</artifactId>
+            <version>8.2.0</version>
         </dependency>
         
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
             <scope>runtime</scope>
+            <version>42.6.1</version>
         </dependency>
         
         <dependency>
             <groupId>org.apache.jena</groupId>
             <artifactId>apache-jena-libs</artifactId>
-            <version>4.10.0</version>
+            <version>5.0.0</version>
             <type>pom</type>
         </dependency>
 
@@ -220,19 +210,20 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        
+
         <dependency>
             <groupId>org.jmock</groupId>
             <artifactId>jmock-imposters</artifactId>
             <version>2.12.0</version>
             <scope>test</scope>
         </dependency>
-        
+
         <dependency>
             <groupId>org.xmlunit</groupId>
             <artifactId>xmlunit-core</artifactId>
             <scope>test</scope>
         </dependency>
+
         <dependency>
             <groupId>org.xmlunit</groupId>
             <artifactId>xmlunit-legacy</artifactId>
@@ -244,17 +235,17 @@
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-core</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+        </dependency>
+
         <dependency>
-          <groupId>com.fasterxml.jackson.core</groupId>
-	  <artifactId>jackson-databind</artifactId>
-          <version>2.13.4.2</version>
-      </dependency>
-      
-      <dependency>
-        <groupId>com.azure.spring</groupId>
-        <artifactId>spring-cloud-azure-appconfiguration-config</artifactId>
-        <version>5.5.0</version>
-      </dependency>
+            <groupId>com.azure.spring</groupId>
+            <artifactId>spring-cloud-azure-appconfiguration-config</artifactId>
+            <version>5.14.0</version>
+        </dependency>
     </dependencies>
 
     <!-- Build section -->
diff --git a/src/main/java/org/auscope/portal/server/web/controllers/VocabController.java b/src/main/java/org/auscope/portal/server/web/controllers/VocabController.java
index 59a1c69ab..6a9007d2d 100644
--- a/src/main/java/org/auscope/portal/server/web/controllers/VocabController.java
+++ b/src/main/java/org/auscope/portal/server/web/controllers/VocabController.java
@@ -19,14 +19,14 @@
 
 import org.apache.jena.rdf.model.Property;
 import org.apache.jena.rdf.model.ResourceFactory;
-import org.apache.jena.rdf.model.Selector;
-import org.apache.jena.rdf.model.SimpleSelector;
 import org.apache.jena.vocabulary.DCTerms;
 import org.apache.jena.vocabulary.RDF;
 import org.apache.jena.vocabulary.SKOS;
 
 import au.gov.geoscience.portal.services.vocabularies.VocabularyLookup;
 
+import org.auscope.portal.core.util.structure.RDFTriple;
+
 /**
  * Controller that enables access to vocabulary services.
  */
@@ -121,28 +121,26 @@ public ModelAndView getAllJorcCategories() {
 
         Property sourceProperty = DCTerms.source;
 
-        Selector selector = new SimpleSelector(null, sourceProperty, "CRIRSCO Code; JORC 2004", "en");
+        RDFTriple triple = new RDFTriple(null, sourceProperty, "CRIRSCO Code; JORC 2004", "en");
 
 
         Map<String, String> jorcCategoryMappings = new HashMap<String, String>();
         jorcCategoryMappings.put(VocabularyLookup.RESERVE_CATEGORY.uri(), "any reserves");
         jorcCategoryMappings.put(VocabularyLookup.RESOURCE_CATEGORY.uri(), "any resources");
 
-        Map<String, String> resourceCategoryMappings = this.vocabularyFilterService.getVocabularyById(RESOURCE_VOCABULARY_ID, selector);
-        Map<String, String> reserveCategoryMappings = this.vocabularyFilterService.getVocabularyById(RESERVE_VOCABULARY_ID, selector);
+        Map<String, String> resourceCategoryMappings = this.vocabularyFilterService.getVocabularyById(RESOURCE_VOCABULARY_ID, triple);
+        Map<String, String> reserveCategoryMappings = this.vocabularyFilterService.getVocabularyById(RESERVE_VOCABULARY_ID, triple);
         jorcCategoryMappings.putAll(resourceCategoryMappings);
         jorcCategoryMappings.putAll(reserveCategoryMappings);
 
         return getVocabularyMappings(jorcCategoryMappings);
-
-
     }
 
 
     /**
      * Queries the vocabulary service for a list of time scales
      *
-     * @return vocublary mapping in JSON format
+     * @return vocubulary mapping in JSON format
      */
     @RequestMapping("getAllTimescales.do")
     public ModelAndView getAllTimescales() {
@@ -153,11 +151,11 @@ public ModelAndView getAllTimescales() {
 
         Property typeProperty = RDF.type;
 
-        Selector[] selectors = new Selector[ranks.length];
+        RDFTriple[] triples = new RDFTriple[ranks.length];
         for (int i = 0; i < ranks.length; i++) {
-            selectors[i] = new SimpleSelector(null, typeProperty, ResourceFactory.createResource(ranks[i]));
+            triples[i] = new RDFTriple(null, typeProperty, ResourceFactory.createResource(ranks[i]));
         }
-        Map<String, String> vocabularyMappings = this.vocabularyFilterService.getVocabularyById(TIMESCALE_VOCABULARY_ID, selectors);
+        Map<String, String> vocabularyMappings = this.vocabularyFilterService.getVocabularyById(TIMESCALE_VOCABULARY_ID, triples);
 
         return getVocabularyMappings(vocabularyMappings);
     }
diff --git a/src/test/java/org/auscope/portal/server/web/controllers/TestVocabController.java b/src/test/java/org/auscope/portal/server/web/controllers/TestVocabController.java
index df24303ea..dbf57cf86 100644
--- a/src/test/java/org/auscope/portal/server/web/controllers/TestVocabController.java
+++ b/src/test/java/org/auscope/portal/server/web/controllers/TestVocabController.java
@@ -8,6 +8,7 @@
 
 import org.auscope.portal.core.services.VocabularyFilterService;
 import org.auscope.portal.core.test.PortalTestClass;
+import org.auscope.portal.core.util.structure.RDFTriple;
 
 import org.hamcrest.Matcher;
 import org.jmock.Expectations;
@@ -16,7 +17,6 @@
 import org.junit.Test;
 
 import org.springframework.web.servlet.ModelAndView;
-import org.apache.jena.rdf.model.SimpleSelector;
 import org.apache.jena.vocabulary.SKOS;
 
 import au.gov.geoscience.portal.services.vocabularies.VocabularyLookup;
@@ -102,23 +102,6 @@ public void testGetAllCommodities() throws Exception {
                 serviceResult.size());
     }
 
-//    /**
-//     * @throws Exception
-//     */
-//    @Test
-//    public void testGetAllCommoditiesError() throws Exception {
-//        context.checking(new Expectations() {
-//            {
-//                oneOf(mockVocabularyFilterService).getVocabularyById(VocabularyController.COMMODITY_VOCABULARY_ID);
-//                will(throwException(new PortalServiceException("")));
-//            }
-//        });
-//
-//        ModelAndView mav = vocabularyController.getAllCommodities();
-//        Assert.assertNotNull(mav);
-//        Assert.assertFalse((Boolean) mav.getModel().get("success"));
-//    }
-
     /**
      * @throws Exception
      */
@@ -161,23 +144,6 @@ public void testGetAllMineStatuses() throws Exception {
                 serviceResult.size());
     }
 
-//    /**
-//     * @throws Exception
-//     */
-//    @Test
-//    public void testGetAllMineStatusesError() throws Exception {
-//        context.checking(new Expectations() {
-//            {
-//                oneOf(mockVocabularyFilterService).getVocabularyById(VocabularyController.MINE_STATUS_VOCABULARY_ID);
-//                will(throwException(new PortalServiceException("")));
-//            }
-//        });
-//
-//        ModelAndView mav = vocabularyController.getAllMineStatuses();
-//        Assert.assertNotNull(mav);
-//        Assert.assertFalse((Boolean) mav.getModel().get("success"));
-//    }
-
     /**
      * @throws Exception
      */
@@ -202,10 +168,10 @@ public void testGetAllJorcCategories() throws Exception {
 
         context.checking(new Expectations() {
             {
-                Matcher<SimpleSelector[]> anySelectorArray = anything();
-                oneOf(mockVocabularyFilterService).getVocabularyById(with(same(VocabController.RESOURCE_VOCABULARY_ID)),with(anySelectorArray));
+                Matcher<RDFTriple[]> anyTripleArray = anything();
+                oneOf(mockVocabularyFilterService).getVocabularyById(with(same(VocabController.RESOURCE_VOCABULARY_ID)),with(anyTripleArray));
                 will(returnValue(serviceResult1));
-                oneOf(mockVocabularyFilterService).getVocabularyById(with(same(VocabController.RESERVE_VOCABULARY_ID)),with(anySelectorArray));
+                oneOf(mockVocabularyFilterService).getVocabularyById(with(same(VocabController.RESERVE_VOCABULARY_ID)),with(anyTripleArray));
                 will(returnValue(serviceResult2));
             }
         });
@@ -235,27 +201,6 @@ public void testGetAllJorcCategories() throws Exception {
                 serviceResults.size());
     }
 
-    /**
-     * @throws Exception
-     */
-//    @Test
-//    public void testGetAllJorcCategoriesError() throws Exception {
-//        context.checking(new Expectations() {
-//            {
-//                oneOf(mockVocabularyFilterService).getFilteredVocabularyById(VocabularyController.RESOURCE_VOCABULARY_ID);
-//
-//                oneOf(mockVocabularyFilterService).getFilteredVocabularyById(VocabularyController.RESERVE_VOCABULARY_ID);
-//
-//                will(throwException(new PortalServiceException("")));
-//
-//            }
-//        });
-//
-//        ModelAndView mav = vocabularyController.getAllJorcCategories();
-//        Assert.assertNotNull(mav);
-//        Assert.assertFalse((Boolean) mav.getModel().get("success"));
-//    }
-
     /**
      * @throws Exception
      */
@@ -268,8 +213,8 @@ public void testGetAllTimescales() throws Exception {
 
         context.checking(new Expectations() {
             {
-                Matcher<SimpleSelector[]> anySelectorArray = anything();
-                oneOf(mockVocabularyFilterService).getVocabularyById(with(same(VocabController.TIMESCALE_VOCABULARY_ID)),with(anySelectorArray));
+                Matcher<RDFTriple[]> anyRDFTripleArray = anything();
+                oneOf(mockVocabularyFilterService).getVocabularyById(with(same(VocabController.TIMESCALE_VOCABULARY_ID)),with(anyRDFTripleArray));
                 will(returnValue(serviceResult));
             }
         });
@@ -299,24 +244,4 @@ public void testGetAllTimescales() throws Exception {
                 serviceResult.size());
     }
 
-//    /**
-//     * @throws Exception
-//     */
-//    @Test
-//    public void testGetAllTimescalesError() throws Exception {
-//
-//        context.checking(new Expectations() {
-//            {
-//                Matcher<SimpleSelector[]> anySelectorArray = anything();
-//                oneOf(mockVocabularyFilterService).getFilteredVocabularyById(with(same(VocabularyController.TIMESCALE_VOCABULARY_ID)),with(anySelectorArray));
-//                will(throwException(new PortalServiceException("")));
-//            }
-//        });
-//
-//
-//        ModelAndView mav = vocabularyController.getAllTimescales();
-//        Assert.assertNotNull(mav);
-//        Assert.assertFalse((Boolean) mav.getModel().get("success"));
-//    }
-
 }