Merge branch 'master' into remove/ngsiv1-deadcode

.github/workflows/codeql.yml

@@ -0,0 +1,135 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '33 5 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: c-cpp
+          build-mode: manual
+        - language: go
+          build-mode: autobuild
+        - language: javascript-typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # If the analyze step fails for one of the languages you are analyzing with
+    # "We were unable to automatically build your code", modify the matrix above
+    # to set the build mode to "manual" for that language. Then modify this step
+    # to build your code.
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        # Ref: https://github.com/telefonicaid/fiware-orion/blob/master/doc/manuals/admin/build_source.md#debian-12-officially-supported
+        # Ref: https://github.com/telefonicaid/fiware-orion/blob/master/docker/Dockerfile
+        export ORION_SRC=$(pwd)
+        # Install dependencies
+        sudo apt-get install make cmake g++ libssl-dev libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev
+        # Install libmicrohttpd from source
+        cd /opt
+        curl -kOL https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz
+        tar xvf libmicrohttpd-1.0.1.tar.gz
+        cd libmicrohttpd-1.0.1
+        ./configure --disable-messages --disable-postprocessor --disable-dauth
+        make
+        sudo make install
+        sudo ldconfig
+        # Install mosquitto from source
+        cd /opt
+        curl -kOL https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz
+        tar xvf mosquitto-2.0.20.tar.gz
+        cd mosquitto-2.0.20
+        sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk
+        sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk
+        sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk
+        make
+        sudo make install
+        sudo ldconfig
+        # Install mongodb driver from source
+        cd /opt
+        curl -kOL https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz
+        tar xfvz mongo-c-driver-1.29.0.tar.gz
+        cd mongo-c-driver-1.29.0
+        mkdir cmake-build
+        cd cmake-build
+        cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF -DMONGOC_TEST_USE_CRYPT_SHARED=FALSE ..
+        make
+        sudo make install
+        # Install rapidjson from source
+        cd /opt && \
+        curl -kOL https://github.com/miloyip/rapidjson/archive/v1.1.0.tar.gz
+        tar xfz v1.1.0.tar.gz
+        sudo mv rapidjson-1.1.0/include/rapidjson/ /usr/local/include
+        # Build orion
+        cd $ORION_SRC
+        make
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

CHANGES_NEXT_RELEASE

@@ -1 +1,6 @@
 - Fix: registrations with more than one contextRegistration element (not possible in NGSIv2) are logged as Runtime Errors
+- Fix: improve attribute and metadata invalid format dates for DateTime types in logs (#4616)
+- Hardening: upgrade microhttpd dependency from 0.9.76 to 1.0.1
+- Hardening: upgrade libmosquitto dependency from 2.0.15 to 2.0.20
+- Hardening: upgrade libmongoc dependency from 1.24.3 to 1.29.0
+- Upgrade Debian version from 12.6 to 12.7 in Dockerfile

CMakeLists.txt

@@ -229,8 +229,8 @@ SET (BOOST_MT
 
 # See http://mongoc.org/libmongoc/current/tutorial.html#cmake
 # This find_package() command provides the mongo::mongoc_static used in
-# SET for common static libs. We use 1.24.3 as reference version.
-find_package (mongoc-1.0 1.24.3 EXACT)
+# SET for common static libs. We use 1.29.0 as reference version.
+find_package (mongoc-1.0 1.29.0 EXACT)
 
 # Is cjexl lib available?
 find_library (HAVE_CJEXL cjexl PATHS /usr/lib /usr/lib64 /usr/local/lib64 /usr/local/lib)

ci/deb/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:12.6-slim
+FROM debian:12.7-slim
 
 ADD build.sh /opt/bin/
 ADD build-dep.sh /opt/bin/

ci/deb/build-dep.sh

@@ -68,8 +68,8 @@ echo "INSTALL: python special dependencies" \
 # Recommended setting for DENABLE_AUTOMATIC_INIT_AND_CLEANUP, to be removed in 2.0.0
 # see http://mongoc.org/libmongoc/current/init-cleanup.html#deprecated-feature-automatic-initialization-and-cleanup
 echo "INSTALL: mongodb c driver" \
-&& curl -L https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz | tar xzC /opt/ \
-&& cd /opt/mongo-c-driver-1.24.3 \
+&& curl -L https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz | tar xzC /opt/ \
+&& cd /opt/mongo-c-driver-1.29.0 \
 && mkdir cmake-build \
 && cd cmake-build \
 && cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF .. \
@@ -81,8 +81,8 @@ echo "INSTALL: rapidjson" \
 && mv /opt/rapidjson-1.1.0/include/rapidjson/ /usr/local/include
 
 echo "INSTALL: libmicrohttpd" \
-&& curl -L https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz | tar xzC /opt/ \
-&& cd /opt/libmicrohttpd-0.9.76  \
+&& curl -L https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz | tar xzC /opt/ \
+&& cd /opt/libmicrohttpd-1.0.1  \
 && ./configure --disable-messages --disable-postprocessor --disable-dauth  \
 && make \
 && make install
@@ -96,8 +96,8 @@ echo "INSTALL: gmock" \
 && make install
 
 echo "INSTALL: mosquitto" \
-&& curl -kL https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz | tar xzC /opt/ \
-&& cd /opt/mosquitto-2.0.15 \
+&& curl -kL https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz | tar xzC /opt/ \
+&& cd /opt/mosquitto-2.0.20 \
 && sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk \
 && sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk \
 && sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk \
@@ -107,8 +107,8 @@ echo "INSTALL: mosquitto" \
 ldconfig
 
 apt-get -y clean \
-&& rm -Rf /opt/mongo-c-driver-1.24.3 \
+&& rm -Rf /opt/mongo-c-driver-1.29.0 \
 && rm -Rf /opt/rapidjson-1.1.0 \
-&& rm -Rf /opt/libmicrohttpd-0.9.76 \
-&& rm -Rf /opt/mosquitto-2.0.15 \
+&& rm -Rf /opt/libmicrohttpd-1.0.1 \
+&& rm -Rf /opt/mosquitto-2.0.20 \
 && rm -Rf /opt/gmock-1.5.0

doc/manuals.jp/admin/build_source.md

@@ -11,12 +11,12 @@ Orion Context Broker のリファレンス配布は Debian 12 です。これは
 Orion Context Broker は、以下のライブラリをビルドの依存関係として使用します :
 
 * boost: 1.74
-* libmicrohttpd: 0.9.76 (ソースから)
+* libmicrohttpd: 1.0.1 (ソースから)
 * libcurl: 7.88.1
-* openssl: 3.0.13
+* openssl: 3.0.14
 * libuuid: 2.38.1
-* libmosquitto: 2.0.15 (ソースから)
-* Mongo C driver: 1.24.3 (ソースから)
+* libmosquitto: 2.0.20 (ソースから)
+* Mongo C driver: 1.29.0 (ソースから)
 * rapidjson: 1.1.0 (ソースから)
 * gtest (`make unit_test` ビルディング・ターゲットのみ) : 1.5 (ソースから)
 * gmock (`make unit_test` ビルディング・ターゲットのみ) : 1.5 (ソースから)
@@ -33,9 +33,9 @@ Orion Context Broker は、以下のライブラリをビルドの依存関係
 
 * ソースから Mongo Driver をインストールします
 
-        wget https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz
-        tar xfvz mongo-c-driver-1.24.3.tar.gz
-        cd mongo-c-driver-1.24.3
+        wget https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz
+        tar xfvz mongo-c-driver-1.29.0.tar.gz
+        cd mongo-c-driver-1.29.0
         mkdir cmake-build
         cd cmake-build
         cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF ..
@@ -50,19 +50,19 @@ Orion Context Broker は、以下のライブラリをビルドの依存関係
 
 * ソースから libmicrohttpd をインストールします (`./configure` 下のコマンドはライブラリの最小限のフットプリントを得るための推奨ビルド設定を示していますが、上級ユーザの方は好きなように設定できます)
 
-        wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz
-        tar xvf libmicrohttpd-0.9.76.tar.gz
-        cd libmicrohttpd-0.9.76
+        wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz
+        tar xvf libmicrohttpd-1.0.1.tar.gz
+        cd libmicrohttpd-1.0.1
         ./configure --disable-messages --disable-postprocessor --disable-dauth
         make
         sudo make install  # installation puts .h files in /usr/local/include and library in /usr/local/lib
         sudo ldconfig      # just in case... it doesn't hurt :)
 
-* ソースから mosquitto をインストールします (WITH_CJSON, WITH_STATIC_LIBRARIES, WITH_SHARED_LIBRARIES の設定を変更することで、mosquitto-2.0.15/ の下の config.mk ファイルを変更してビルドを微調整できます)
+* ソースから mosquitto をインストールします (WITH_CJSON, WITH_STATIC_LIBRARIES, WITH_SHARED_LIBRARIES の設定を変更することで、mosquitto-2.0.20/ の下の config.mk ファイルを変更してビルドを微調整できます)
 
-        wget https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz
-        tar xvf mosquitto-2.0.15.tar.gz
-        cd mosquitto-2.0.15
+        wget https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz
+        tar xvf mosquitto-2.0.20.tar.gz
+        cd mosquitto-2.0.20
         sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk
         sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk
         sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk

doc/manuals.jp/admin/install.md

@@ -26,7 +26,7 @@ Docker hub で公式の Orion docker コンテナを使用してインストー
 
 必要なソースから ビルドした Orion をインストールする場合：
 
-* オペレーティングシステム: Debian。リファレンス・オペレーティングシステムは Debian 12.6 ですが、それ以降の
+* オペレーティングシステム: Debian。リファレンス・オペレーティングシステムは Debian 12.7 ですが、それ以降の
   Debian 12 バージョンでも動作するはずです
 * データベース: MongoDB は、Orion Context Broker がインストールされるのと同じホストで実行するか、ネットワーク経由で
   アクセスできる別のホストで実行する必要があります。推奨される MongoDB バージョンは 6.0 です (Orion は古いバージョンで

doc/manuals.jp/orion-api.md

@@ -1337,6 +1337,30 @@ PUT /v2/entities/E/attrs/A
 
 属性Aの値を `[1, 2, 3, 3]` に変更します。
 
+前回の結果の後に次のリクエストが実行される場合:
+
+```
+PUT /v2/entities/E/attrs/A
+{
+  "value": { "$push": { "$each": [4, 5]} },
+  "type": "Array"
+}
+```
+
+属性 A の値は `[1, 2, 3, 3, 4, 5]` に変更されます。
+
+前の結果の後に次のリクエストが実行される場合:
+
+```
+PUT /v2/entities/E/attrs/A
+{
+  "value": { "$push": { "$each": [ -1, 0 ], "$position": 0} },
+  "type": "Array"
+}
+```
+
+属性 A の値は `[-1, 0, 1, 2, 3, 3, 4, 5]` に変更されます。
+
 <a name="addtoset"></a>
 
 #### `$addToSet`
@@ -3309,7 +3333,7 @@ https://www.epochconverter.com で、1720606949 が 2024-07-10T10:22:29+00:00 
 フェイルセーフ動作として、評価は次の場合に `null` を返します:
 
 * 式で使用されている変換の一部が不明です (例: `A|undefinedExpression`)
-* コンテキストで定義されていない識別子を使用した演算が使用されています。たとえば、`(A==null)?0:A` は、`A` がコンテキストにない場合、`null` (`0` ではありません) になります。これは、`==` が未定義の識別子では実行できない演算であるためです。ただし、`||` は `A` に対する演算とは見なされないため、`A||0` は機能します (つまり、`A` がコンテキストにない場合は `0` になります)
+* コンテキストで定義されていない識別子を使用した演算が使用されています。たとえば、`(A==null)?0:A` は、`A` がコンテキストにない場合、`null` (`0` ではありません) になります。これは、`==` が未定義の識別子では実行できない演算であるためです。ただし、`||` は `A` に対する演算とは見なされないため、`A||0` は機能します (つまり、`A` がコンテキストにない場合は `0` になります)。もう 1 つの可能性は、`==` とは異なる動作をする `!=` 演算子を使用することです。この場合、`A != null ? 1: 0` であり、`A` がコンテキスト内にない場合は値 `0` が割り当てられます。
 * JEXL 式の構文エラーです (例: `A[0|uppercase`)
 
 <a name="known-limitations"></a>

doc/manuals/admin/build_source.md

@@ -11,12 +11,12 @@ You can also have a look to [3.1 Building in not official distributions](../../.
 The Orion Context Broker uses the following libraries as build dependencies:
 
 * boost: 1.74
-* libmicrohttpd: 0.9.76 (from source)
+* libmicrohttpd: 1.0.1 (from source)
 * libcurl: 7.88.1
-* openssl: 3.0.13
+* openssl: 3.0.14
 * libuuid: 2.38.1
-* libmosquitto: 2.0.15 (from source)
-* Mongo C driver: 1.24.3 (from source)
+* libmosquitto: 2.0.20 (from source)
+* Mongo C driver: 1.29.0 (from source)
 * rapidjson: 1.1.0 (from source)
 * gtest (only for `make unit_test` building target): 1.5 (from sources)
 * gmock (only for `make unit_test` building target): 1.5 (from sources)
@@ -34,9 +34,9 @@ commands that require root privilege):
 
 * Install the Mongo Driver from source.
 
-        wget https://github.com/mongodb/mongo-c-driver/releases/download/1.24.3/mongo-c-driver-1.24.3.tar.gz
-        tar xfvz mongo-c-driver-1.24.3.tar.gz
-        cd mongo-c-driver-1.24.3
+        wget https://github.com/mongodb/mongo-c-driver/releases/download/1.29.0/mongo-c-driver-1.29.0.tar.gz
+        tar xfvz mongo-c-driver-1.29.0.tar.gz
+        cd mongo-c-driver-1.29.0
         mkdir cmake-build
         cd cmake-build
         cmake -DENABLE_AUTOMATIC_INIT_AND_CLEANUP=OFF ..
@@ -51,19 +51,19 @@ commands that require root privilege):
 
 * Install libmicrohttpd from sources (the `./configure` command below shows the recommended build configuration to get minimum library footprint, but if you are an advanced user, you can configure as you prefer)
 
-        wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz
-        tar xvf libmicrohttpd-0.9.76.tar.gz
-        cd libmicrohttpd-0.9.76
+        wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz
+        tar xvf libmicrohttpd-1.0.1.tar.gz
+        cd libmicrohttpd-1.0.1
         ./configure --disable-messages --disable-postprocessor --disable-dauth
         make
         sudo make install  # installation puts .h files in /usr/local/include and library in /usr/local/lib
         sudo ldconfig      # just in case... it doesn't hurt :)
 
-* Install mosquitto from sources (appart from changing WITH_CJSON, WITH_STATIC_LIBRARIES and WITH_SHARED_LIBRARIES settings, config.mk file under mosquitto-2.0.15/ can be modified to fine tune the build)
+* Install mosquitto from sources (appart from changing WITH_CJSON, WITH_STATIC_LIBRARIES and WITH_SHARED_LIBRARIES settings, config.mk file under mosquitto-2.0.20/ can be modified to fine tune the build)
 
-        wget https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz
-        tar xvf mosquitto-2.0.15.tar.gz
-        cd mosquitto-2.0.15
+        wget https://mosquitto.org/files/source/mosquitto-2.0.20.tar.gz
+        tar xvf mosquitto-2.0.20.tar.gz
+        cd mosquitto-2.0.20
         sed -i 's/WITH_CJSON:=yes/WITH_CJSON:=no/g' config.mk
         sed -i 's/WITH_STATIC_LIBRARIES:=no/WITH_STATIC_LIBRARIES:=yes/g' config.mk
         sed -i 's/WITH_SHARED_LIBRARIES:=yes/WITH_SHARED_LIBRARIES:=no/g' config.mk

doc/manuals/admin/install.md

@@ -23,7 +23,7 @@ In the case you install using the official Orion docker container at Dockerhub,
 
 In the case you are installing Orion building from sources you need:
 
-* Operating system: Debian. The reference operating system is Debian 12.6
+* Operating system: Debian. The reference operating system is Debian 12.7
   but it should work also in any later Debian 12 version.
 * Database: MongoDB is required to run either in the same host where Orion Context Broker is to be installed or in a different host accessible through the network. The recommended MongoDB version
   is 6.0 (Orion may work with older versions but we don't recommend it at all!).