From b6d098df5833606860a9e1aea7d6d942906a2809 Mon Sep 17 00:00:00 2001
From: bergmann-dierk <84856774+bergmann-dierk@users.noreply.github.com>
Date: Tue, 31 May 2022 12:02:59 +0200
Subject: [PATCH] Increase column size for validation rule signature to max
 20_000 (#187)

* Increase column size for validation rule signature to max 20_000

* update vulnerable dependencies

* update owasp suppresions
---
 owasp/suppressions.xml                               |  8 ++++++++
 pom.xml                                              |  6 +++---
 .../ec/dgc/gateway/entity/ValidationRuleEntity.java  |  2 +-
 src/main/resources/db/changelog.xml                  |  1 +
 ...ase-column-size-for-validation-rule-signature.xml | 12 ++++++++++++
 5 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 src/main/resources/db/changelog/increase-column-size-for-validation-rule-signature.xml

diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index 2ed151a0..bb94a97b 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -8,5 +8,13 @@
     <notes>False Positive</notes>
     <cve>CVE-2016-1000027</cve>
   </suppress>
+  <suppress>
+    <notes>False Positive - Updated to newest version</notes>
+    <cve>CVE-2018-14335</cve>
+  </suppress>
+  <suppress>
+    <notes>False Positive</notes>
+    <cve>CVE-2020-5408</cve>
+  </suppress>
 
 </suppressions>
diff --git a/pom.xml b/pom.xml
index 1e91c9ae..310fa3f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.6.7</version>
+        <version>2.6.8</version>
         <relativePath/>
     </parent>
 
@@ -44,7 +44,7 @@
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- dependencies -->
         <owasp.version>7.1.0</owasp.version>
-        <spring.security.version>5.6.2</spring.security.version>
+        <spring.security.version>5.6.5</spring.security.version>
         <lombok.version>1.18.22</lombok.version>
         <liquibase.version>4.9.0</liquibase.version>
         <springdoc.version>1.6.6</springdoc.version>
@@ -55,7 +55,7 @@
         <json-schema.version>1.14.0</json-schema.version>
         <shedlock.version>4.33.0</shedlock.version>
         <spring.cloud.version>2021.0.1</spring.cloud.version>
-        <h2.version>2.1.210</h2.version>
+        <h2.version>2.1.212</h2.version>
         <hibernate.version>5.6.5.Final</hibernate.version>
         <dgc.lib.version>1.3.1</dgc.lib.version>
         <!-- plugins -->
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/entity/ValidationRuleEntity.java b/src/main/java/eu/europa/ec/dgc/gateway/entity/ValidationRuleEntity.java
index 984462c0..ead22415 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/entity/ValidationRuleEntity.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/entity/ValidationRuleEntity.java
@@ -60,7 +60,7 @@ public class ValidationRuleEntity {
     /**
      * CMS containing the whole JSON validation rule.
      */
-    @Column(name = "signature", nullable = false, length = 10000)
+    @Column(name = "signature", nullable = false, length = 20000)
     private String cms;
 
     /**
diff --git a/src/main/resources/db/changelog.xml b/src/main/resources/db/changelog.xml
index 3b4c70e8..4a97c4dd 100644
--- a/src/main/resources/db/changelog.xml
+++ b/src/main/resources/db/changelog.xml
@@ -18,4 +18,5 @@
     <include file="db/changelog/add-trusted-issuer-table.xml"/>
     <include file="db/changelog/alter-signer-information-for-deletion.xml"/>
     <include file="db/changelog/add-uuid-and-domain-for-trusted-issuer.xml"/>
+    <include file="db/changelog/increase-column-size-for-validation-rule-signature.xml"/>
 </databaseChangeLog>
diff --git a/src/main/resources/db/changelog/increase-column-size-for-validation-rule-signature.xml b/src/main/resources/db/changelog/increase-column-size-for-validation-rule-signature.xml
new file mode 100644
index 00000000..51be5a86
--- /dev/null
+++ b/src/main/resources/db/changelog/increase-column-size-for-validation-rule-signature.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.3.xsd"
+        objectQuotingStrategy="QUOTE_ONLY_RESERVED_WORDS">
+    <changeSet id="increase-column-size-validation-rule-sig" author="bergmann-dierk">
+        <modifyDataType columnName="signature" newDataType="VARCHAR(20000)" tableName="validation_rule"/>
+    </changeSet>
+
+</databaseChangeLog>
\ No newline at end of file