From e07efa3314a1123e65321f8308b701e5a33ee64d Mon Sep 17 00:00:00 2001 From: Bernhard Fuchs Date: Tue, 31 Oct 2023 14:11:54 +0100 Subject: [PATCH] Fix security vulnerabilities (#1) * fix: OS vulnerabilities and use uni-resolver 0.8.0 * chore: use eclipse-temurin image for build image * chore: update parent to 0.15.0 * chore: add maven ci profile with maven-enforcer-plugin * fix: remove install goal to fix issue with multiple maven-source-plugin invocations --- docker/Dockerfile | 6 +-- pom.xml | 47 +++++++++++++++---- .../driver/did/dns/DidDnsDriver.java | 2 +- .../driver/did/dns/DnsResolver.java | 1 + 4 files changed, 42 insertions(+), 14 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index daf3eaf..f4312d8 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,14 +1,14 @@ # Dockerfile for universalresolver/driver-did-dns -FROM maven:3-jdk-11 AS build +FROM maven:3-eclipse-temurin-17-focal AS build MAINTAINER Markus Sabadello # build driver-did-dns ADD . /opt/driver-did-dns -RUN cd /opt/driver-did-dns && mvn clean install package -P war -N -DskipTests +RUN cd /opt/driver-did-dns && mvn clean package -P war -N -DskipTests -FROM jetty:9.4-jre11 +FROM jetty:9.4.53-jre17-alpine-eclipse-temurin MAINTAINER Markus Sabadello USER jetty diff --git a/pom.xml b/pom.xml index de867a2..d03054e 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ decentralized-identity uni-resolver - 0.5.0 + 0.15.0 @@ -29,21 +29,48 @@ UTF-8 - 11 + 17 + + 2.0.9 + 2.21.0 - - + ci + jar + + + + org.apache.maven.plugins + maven-enforcer-plugin + 3.0.0 + + + enforce-no-snapshots + + enforce + + + + + No Snapshots Allowed! + + + true + + + + + + + + default true jar - - - war war @@ -90,19 +117,19 @@ - - org.slf4j jcl-over-slf4j + ${jcl-over-slf4j.version} org.apache.logging.log4j - log4j-slf4j-impl + log4j-slf4j2-impl + ${log4j-slf4j2-impl.version} decentralized-identity diff --git a/src/main/java/uniresolver/driver/did/dns/DidDnsDriver.java b/src/main/java/uniresolver/driver/did/dns/DidDnsDriver.java index acb1dfd..7d882b6 100644 --- a/src/main/java/uniresolver/driver/did/dns/DidDnsDriver.java +++ b/src/main/java/uniresolver/driver/did/dns/DidDnsDriver.java @@ -235,7 +235,7 @@ private List rewriteIdAndController(List verificationMethods, St JsonLDUtils.jsonLdRemove(verificationMethodJsonLd, JsonLDKeywords.JSONLD_TERM_ID); JsonLDUtils.jsonLdAdd(verificationMethodJsonLd, JsonLDKeywords.JSONLD_TERM_ID, rewrittenVerificationMethodId); - String verificationMethodController = verificationMethodJsonLd.getController(); + String verificationMethodController = String.valueOf(verificationMethodJsonLd.getController()); if (! verificationMethodController.equals(didKeyDid)) { log.warn("Skipping unexpected verification method controller, since it is not \"" + didKeyDid + "\": " + verificationMethodController); continue; diff --git a/src/main/java/uniresolver/driver/did/dns/DnsResolver.java b/src/main/java/uniresolver/driver/did/dns/DnsResolver.java index ffbdfa7..dd03113 100644 --- a/src/main/java/uniresolver/driver/did/dns/DnsResolver.java +++ b/src/main/java/uniresolver/driver/did/dns/DnsResolver.java @@ -3,6 +3,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xbill.DNS.*; +import org.xbill.DNS.Record; import uniresolver.ResolutionException; import java.net.InetSocketAddress;