Skip to content

Commit

Permalink
EP-4672-2 (#1572)
Browse files Browse the repository at this point in the history
  • Loading branch information
@oplekal
oplekal authored Feb 17, 2025
1 parent 0f73460 commit 2278de8
Show file tree
Hide file tree
Showing 10 changed files with 71 additions and 96 deletions.
12 changes: 10 additions & 2 deletions ...e/src/main/java/fi/vm/sade/eperusteet/service/impl/PerusteenMuokkaustietoServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import static java.util.Comparator.comparing;
import static java.util.Comparator.comparingLong;
import static java.util.stream.Collectors.collectingAndThen;
import static java.util.stream.Collectors.toCollection;
Expand Down Expand Up @@ -150,7 +151,14 @@ public List<PerusteenMuutostietoDto> getVersionMuutostiedot(Long perusteId, Inte
// ei löydy vanhempaa julkista julkaisua, johon verrata
return new ArrayList<>();
}
return filterTapahtumat(getVersioidenValisetMuutokset(perusteId, edellinenJulkinenJulkaisu.getLuotu(), tarkasteltavaJulkaisu.getLuotu()));
return filterTapahtumat(
getVersioidenValisetMuutokset(
perusteId,
edellinenJulkinenJulkaisu.getLuotu(),
tarkasteltavaJulkaisu.getLuotu())
.stream().sorted(comparing(PerusteenMuokkaustietoDto::getLuotu).reversed())
.toList()
);
}

private List<PerusteenMuokkaustietoDto> getVersioidenValisetMuutokset(Long perusteId, Date edellinenLuotu, Date nykyinenLuotu) {
Expand Down Expand Up @@ -232,7 +240,7 @@ private List<PerusteenMuokkaustietoDto> filterMuokkaustiedotByTyyppi(List<Perust
private List<PerusteenMuokkaustietoDto> filterMuokkaustiedotByTapahtuma(List<PerusteenMuokkaustietoDto> muokkaustiedot, MuokkausTapahtuma tapahtuma) {
return muokkaustiedot.stream()
.filter(t -> t.getTapahtuma().equals(tapahtuma) && t.getKohdeId() != null)
.collect(collectingAndThen(toCollection(() -> new TreeSet<>(comparingLong(PerusteenMuokkaustietoDto::getKohdeId))), ArrayList::new));
.toList();
}

private void addMuutostapahtuma(List<PerusteenMuokkaustietoDto> tiedotTyypeittain, MuokkausTapahtuma muokkausTapahtuma, List<MuutostapahtumaDto> tapahtumat) {
Expand Down
16 changes: 12 additions & 4 deletions ...sults/eperusteet-amosaa-ui_2025-02-04.txt → ...sults/eperusteet-amosaa-ui_2025-02-17.txt
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

yarn.lock (yarn)
================
Total: 75 (LOW: 14, MEDIUM: 22, HIGH: 33, CRITICAL: 6)
Total: 77 (LOW: 14, MEDIUM: 23, HIGH: 33, CRITICAL: 7)

┌────────────────────────┬─────────────────────┬──────────┬──────────┬───────────────────┬────────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
Expand Down Expand Up @@ -56,7 +56,11 @@ Total: 75 (LOW: 14, MEDIUM: 22, HIGH: 33, CRITICAL: 6)
│ │ │ │ │ │ │ 3.1.10 for ...... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-33883 │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ elliptic │ CVE-2024-42459 │ LOW │ │ 6.5.4 │ 6.5.7 │ elliptic: nodejs/elliptic: EDDSA signature malleability due │
│ elliptic │ GHSA-vjh7-7g9h-fjfh │ CRITICAL │ │ 6.5.4 │ 6.6.1 │ Elliptic's private key extraction in ECDSA upon signing a │
│ │ │ │ │ │ │ malformed input (e.g.... │
│ │ │ │ │ │ │ https://github.com/advisories/GHSA-vjh7-7g9h-fjfh │
│ ├─────────────────────┼──────────┤ │ ├────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-42459 │ LOW │ │ │ 6.5.7 │ elliptic: nodejs/elliptic: EDDSA signature malleability due │
│ │ │ │ │ │ │ to missing signature length check │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-42459 │
│ ├─────────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
Expand Down Expand Up @@ -214,8 +218,12 @@ Total: 75 (LOW: 14, MEDIUM: 22, HIGH: 33, CRITICAL: 6)
├────────────────────────┼─────────────────────┼──────────┼──────────┼───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ send │ CVE-2024-43799 │ LOW │ fixed │ 0.18.0 │ 0.19.0 │ send: Code Execution Vulnerability in Send Library │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-43799 │
├────────────────────────┼─────────────────────┤ │ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ serve-static │ CVE-2024-43800 │ │ │ 1.15.0 │ 1.16.0, 2.1.0 │ serve-static: Improper Sanitization in serve-static │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ serialize-javascript │ CVE-2024-11831 │ MEDIUM │ │ 4.0.0 │ 6.0.2 │ npm-serialize-javascript: Cross-site Scripting (XSS) in │
│ │ │ │ │ │ │ serialize-javascript │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-11831 │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ serve-static │ CVE-2024-43800 │ LOW │ │ 1.15.0 │ 1.16.0, 2.1.0 │ serve-static: Improper Sanitization in serve-static │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-43800 │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ tough-cookie │ CVE-2023-26136 │ MEDIUM │ │ 2.4.3 │ 4.1.3 │ tough-cookie: prototype pollution in cookie memstore │
Expand Down
0 .../results/eperusteet-amosaa_2025-02-04.txt → .../results/eperusteet-amosaa_2025-02-17.txt
View file
File renamed without changes.
16 changes: 12 additions & 4 deletions .../eperusteet-frontend-utils_2025-02-04.txt → .../eperusteet-frontend-utils_2025-02-17.txt
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

vue/yarn.lock (yarn)
====================
Total: 66 (LOW: 12, MEDIUM: 20, HIGH: 28, CRITICAL: 6)
Total: 68 (LOW: 12, MEDIUM: 21, HIGH: 28, CRITICAL: 7)

┌────────────────────────┬─────────────────────┬──────────┬──────────┬───────────────────┬────────────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
Expand Down Expand Up @@ -49,7 +49,11 @@ Total: 66 (LOW: 12, MEDIUM: 20, HIGH: 28, CRITICAL: 6)
│ │ │ │ │ │ │ 3.1.10 for ...... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-33883 │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ elliptic │ CVE-2024-42459 │ LOW │ │ 6.5.6 │ 6.5.7 │ elliptic: nodejs/elliptic: EDDSA signature malleability due │
│ elliptic │ GHSA-vjh7-7g9h-fjfh │ CRITICAL │ │ 6.5.6 │ 6.6.1 │ Elliptic's private key extraction in ECDSA upon signing a │
│ │ │ │ │ │ │ malformed input (e.g.... │
│ │ │ │ │ │ │ https://github.com/advisories/GHSA-vjh7-7g9h-fjfh │
│ ├─────────────────────┼──────────┤ │ ├────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-42459 │ LOW │ │ │ 6.5.7 │ elliptic: nodejs/elliptic: EDDSA signature malleability due │
│ │ │ │ │ │ │ to missing signature length check │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-42459 │
│ ├─────────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
Expand Down Expand Up @@ -193,8 +197,12 @@ Total: 66 (LOW: 12, MEDIUM: 20, HIGH: 28, CRITICAL: 6)
├────────────────────────┼─────────────────────┼──────────┼──────────┼───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ send │ CVE-2024-43799 │ LOW │ fixed │ 0.18.0 │ 0.19.0 │ send: Code Execution Vulnerability in Send Library │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-43799 │
├────────────────────────┼─────────────────────┤ │ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ serve-static │ CVE-2024-43800 │ │ │ 1.15.0 │ 1.16.0, 2.1.0 │ serve-static: Improper Sanitization in serve-static │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ serialize-javascript │ CVE-2024-11831 │ MEDIUM │ │ 4.0.0 │ 6.0.2 │ npm-serialize-javascript: Cross-site Scripting (XSS) in │
│ │ │ │ │ │ │ serialize-javascript │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-11831 │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ serve-static │ CVE-2024-43800 │ LOW │ │ 1.15.0 │ 1.16.0, 2.1.0 │ serve-static: Improper Sanitization in serve-static │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-43800 │
├────────────────────────┼─────────────────────┼──────────┤ ├───────────────────┼────────────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ tough-cookie │ CVE-2023-26136 │ MEDIUM │ │ 2.4.3 │ 4.1.3 │ tough-cookie: prototype pollution in cookie memstore │
Expand Down
Loading

0 comments on commit 2278de8

Please sign in to comment.