Increase column size for validation rule signature to max 20_000 (#187)

* Increase column size for validation rule signature to max 20_000 * update vulnerable dependencies * update owasp suppresions
eu-digital-green-certificates · May 31, 2022 · b6d098d · b6d098d
1 parent ac0e41a
commit b6d098d
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 4 deletions.
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
@@ -8,5 +8,13 @@
     <notes>False Positive</notes>
     <cve>CVE-2016-1000027</cve>
   </suppress>
+  <suppress>
+    <notes>False Positive - Updated to newest version</notes>
+    <cve>CVE-2018-14335</cve>
+  </suppress>
+  <suppress>
+    <notes>False Positive</notes>
+    <cve>CVE-2020-5408</cve>
+  </suppress>
 
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.7</version>
+        <version>2.6.8</version>
         <relativePath/>
     </parent>
 
@@ -44,7 +44,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- dependencies -->
         <owasp.version>7.1.0</owasp.version>
-        <spring.security.version>5.6.2</spring.security.version>
+        <spring.security.version>5.6.5</spring.security.version>
         <lombok.version>1.18.22</lombok.version>
         <liquibase.version>4.9.0</liquibase.version>
         <springdoc.version>1.6.6</springdoc.version>
@@ -55,7 +55,7 @@
         <json-schema.version>1.14.0</json-schema.version>
         <shedlock.version>4.33.0</shedlock.version>
         <spring.cloud.version>2021.0.1</spring.cloud.version>
-        <h2.version>2.1.210</h2.version>
+        <h2.version>2.1.212</h2.version>
         <hibernate.version>5.6.5.Final</hibernate.version>
         <dgc.lib.version>1.3.1</dgc.lib.version>
         <!-- plugins -->

diff --git a/src/main/java/eu/europa/ec/dgc/gateway/entity/ValidationRuleEntity.java b/src/main/java/eu/europa/ec/dgc/gateway/entity/ValidationRuleEntity.java
@@ -60,7 +60,7 @@ public class ValidationRuleEntity {
     /**
      * CMS containing the whole JSON validation rule.
      */
-    @Column(name = "signature", nullable = false, length = 10000)
+    @Column(name = "signature", nullable = false, length = 20000)
     private String cms;
 
     /**

diff --git a/src/main/resources/db/changelog.xml b/src/main/resources/db/changelog.xml
@@ -18,4 +18,5 @@
     <include file="db/changelog/add-trusted-issuer-table.xml"/>
     <include file="db/changelog/alter-signer-information-for-deletion.xml"/>
     <include file="db/changelog/add-uuid-and-domain-for-trusted-issuer.xml"/>
+    <include file="db/changelog/increase-column-size-for-validation-rule-signature.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/increase-column-size-for-validation-rule-signature.xml b/src/main/resources/db/changelog/increase-column-size-for-validation-rule-signature.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.3.xsd"
+        objectQuotingStrategy="QUOTE_ONLY_RESERVED_WORDS">
+    <changeSet id="increase-column-size-validation-rule-sig" author="bergmann-dierk">
+        <modifyDataType columnName="signature" newDataType="VARCHAR(20000)" tableName="validation_rule"/>
+    </changeSet>
+
+</databaseChangeLog>