Merge pull request #171 from catenax-ng/hotfix/v2.0.1-security-patch

Hotfix/v2.0.1 security patch: Fixed security Issues
eclipse-tractusx · Jan 3, 2024 · 06c810d · 06c810d
2 parents 8132939 + 82a1a62
commit 06c810d
Show file tree

Hide file tree

Showing 29 changed files with 645 additions and 216 deletions.
diff --git a/AUTHORS.md b/AUTHORS.md
@@ -24,7 +24,7 @@
 
 The following people have contributed to this repository:
 
-* Braun Jochen, CGI, https://github.com/jocbra
+* Jochen Braun, CGI, https://github.com/jocbra
 * Muhammad Saud Khan, CGI, https://github.com/saudkhan116
 * Mathias Brunkow Moser, CGI, https://github.com/matbmoser
 * David Zynda, BASF, https://github.com/davidzynda

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,8 +1,9 @@
 <!--
   Catena-X - Product Passport Consumer Frontend
  
-  Copyright (c) 2022, 2023 BASF SE, BMW AG, Henkel AG & Co. KGaA
- 
+  Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+  Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
+
   See the NOTICE file(s) distributed with this work for additional
   information regarding copyright ownership.
  
@@ -24,6 +25,27 @@
 
 The changelog format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [released]
+## [v2.0.1] - 03-01-2024
+## Added
+- Added function to check for duplicated DTRs in the temporaryStorage
+- Added check for skipping the check of all BPNs when the DTRs are not available for security and optimization
+- Added `vue-i18n v9.2.2` library that will be used in the release `v2.1.0` with the translations
+- Added check to fix bug related to invalid BPN endpoints in cache
+
+## Updated
+- Updated header license of modified files to match the new year 2024
+
+## Security Issues
+- Updated Axios from version `v0.8.1` -> `v1.6.0`
+- Updated Spring Boot from version `v3.1.5` -> `v3.2.1`
+- Logback from Log4j got updated with the Spring Boot `v1.4.11` ->  `v1.4.14` 
+
+## Issues Fixed
+- Fixed the backend IRS exception handling, for detecting failure when job does not start
+- Fixed misconfiguration of config maps related to the temporaryStorage
+- Fixed incorrect authors names
+
 ## [released]
 ## [v2.0.0] - 22-12-2023
 

diff --git a/DEPENDENCIES_BACKEND b/DEPENDENCIES_BACKEND
diff --git a/DEPENDENCIES_FRONTEND b/DEPENDENCIES_FRONTEND
@@ -11,7 +11,8 @@ npm/npmjs/-/ansi-styles/4.3.0, MIT, approved, clearlydefined
 npm/npmjs/-/anymatch/3.1.3, ISC, approved, #5050
 npm/npmjs/-/argparse/1.0.10, MIT, approved, #2174
 npm/npmjs/-/astral-regex/2.0.0, MIT, approved, clearlydefined
-npm/npmjs/-/axios/0.26.0, MIT, approved, clearlydefined
+npm/npmjs/-/asynckit/0.4.0, MIT, approved, clearlydefined
+npm/npmjs/-/axios/1.6.3, MIT, approved, #11338
 npm/npmjs/-/balanced-match/1.0.2, MIT, approved, clearlydefined
 npm/npmjs/-/base64-js/1.5.1, MIT, approved, clearlydefined
 npm/npmjs/-/binary-extensions/2.2.0, MIT, approved, clearlydefined
@@ -29,6 +30,7 @@ npm/npmjs/-/color-convert/1.9.3, MIT, approved, clearlydefined
 npm/npmjs/-/color-convert/2.0.1, MIT, approved, clearlydefined
 npm/npmjs/-/color-name/1.1.3, MIT, approved, clearlydefined
 npm/npmjs/-/color-name/1.1.4, MIT, approved, clearlydefined
+npm/npmjs/-/combined-stream/1.0.8, MIT, approved, clearlydefined
 npm/npmjs/-/commander/8.3.0, MIT, approved, clearlydefined
 npm/npmjs/-/commondir/1.0.1, MIT, approved, clearlydefined
 npm/npmjs/-/concat-map/0.0.1, MIT, approved, clearlydefined
@@ -42,6 +44,7 @@ npm/npmjs/-/debug/4.3.4, MIT, approved, clearlydefined
 npm/npmjs/-/deep-is/0.1.4, MIT, approved, #2130
 npm/npmjs/-/deepmerge/4.2.2, MIT, approved, clearlydefined
 npm/npmjs/-/define-lazy-prop/2.0.0, MIT, approved, clearlydefined
+npm/npmjs/-/delayed-stream/1.0.0, MIT, approved, clearlydefined
 npm/npmjs/-/doctrine/3.0.0, Apache-2.0 AND BSD-2-Clause, approved, CQ22628
 npm/npmjs/-/emoji-regex/8.0.0, MIT, approved, clearlydefined
 npm/npmjs/-/enquirer/2.3.6, MIT AND (ISC AND MIT), approved, #2727
@@ -79,7 +82,8 @@ npm/npmjs/-/find-cache-dir/3.3.2, MIT, approved, clearlydefined
 npm/npmjs/-/find-up/4.1.0, MIT, approved, clearlydefined
 npm/npmjs/-/flat-cache/3.0.4, MIT, approved, clearlydefined
 npm/npmjs/-/flatted/3.2.7, ISC AND (ISC AND MIT), approved, #2430
-npm/npmjs/-/follow-redirects/1.14.9, MIT, approved, clearlydefined
+npm/npmjs/-/follow-redirects/1.15.4, MIT, approved, #10782
+npm/npmjs/-/form-data/4.0.0, MIT, approved, clearlydefined
 npm/npmjs/-/fs-extra/11.1.0, MIT, approved, #5742
 npm/npmjs/-/fs.realpath/1.0.0, ISC, approved, clearlydefined
 npm/npmjs/-/fsevents/2.3.2, MIT, approved, #2967
@@ -127,6 +131,8 @@ npm/npmjs/-/magic-string/0.25.9, MIT, approved, clearlydefined
 npm/npmjs/-/make-dir/3.1.0, MIT, approved, clearlydefined
 npm/npmjs/-/merge2/1.4.1, MIT, approved, clearlydefined
 npm/npmjs/-/micromatch/4.0.5, MIT, approved, clearlydefined
+npm/npmjs/-/mime-db/1.52.0, MIT, approved, clearlydefined
+npm/npmjs/-/mime-types/2.1.35, MIT, approved, clearlydefined
 npm/npmjs/-/minimatch/3.1.2, ISC, approved, clearlydefined
 npm/npmjs/-/minimatch/5.1.6, ISC, approved, #5952
 npm/npmjs/-/ms/2.1.2, MIT, approved, #5895
@@ -156,6 +162,7 @@ npm/npmjs/-/postcss/8.4.31, MIT, approved, #3545
 npm/npmjs/-/prelude-ls/1.2.1, MIT, approved, clearlydefined
 npm/npmjs/-/process/0.11.10, MIT, approved, CQ23452
 npm/npmjs/-/progress/2.0.3, MIT, approved, clearlydefined
+npm/npmjs/-/proxy-from-env/1.1.0, MIT, approved, clearlydefined
 npm/npmjs/-/punycode/2.3.0, MIT, approved, #6373
 npm/npmjs/-/queue-microtask/1.2.3, MIT, approved, clearlydefined
 npm/npmjs/-/readdirp/3.6.0, MIT, approved, #2977
@@ -211,6 +218,7 @@ npm/npmjs/-/vscode-languageserver-types/3.16.0, MIT, approved, clearlydefined
 npm/npmjs/-/vscode-languageserver/7.0.0, MIT, approved, clearlydefined
 npm/npmjs/-/vscode-uri/3.0.7, MIT, approved, #5741
 npm/npmjs/-/vue-eslint-parser/9.1.0, MIT, approved, #7091
+npm/npmjs/-/vue-i18n/9.2.2, MIT, approved, clearlydefined
 npm/npmjs/-/vue-router/4.0.13, MIT, approved, clearlydefined
 npm/npmjs/-/vue-template-compiler/2.7.14, 0BSD AND MIT AND MIT, approved, #3476
 npm/npmjs/-/vue-tsc/1.0.24, MIT, approved, clearlydefined
@@ -260,6 +268,11 @@ npm/npmjs/@esbuild/win32-x64/0.17.19, Apache-2.0 AND MIT AND BSD-3-Clause AND (B
 npm/npmjs/@eslint/eslintrc/0.4.3, MIT, approved, clearlydefined
 npm/npmjs/@humanwhocodes/config-array/0.5.0, Apache-2.0, approved, clearlydefined
 npm/npmjs/@humanwhocodes/object-schema/1.2.1, BSD-3-Clause, approved, clearlydefined
+npm/npmjs/@intlify/core-base/9.2.2, MIT, approved, clearlydefined
+npm/npmjs/@intlify/devtools-if/9.2.2, MIT, approved, clearlydefined
+npm/npmjs/@intlify/message-compiler/9.2.2, MIT, approved, clearlydefined
+npm/npmjs/@intlify/shared/9.2.2, MIT, approved, clearlydefined
+npm/npmjs/@intlify/vue-devtools/9.2.2, MIT, approved, clearlydefined
 npm/npmjs/@mdi/font/5.9.55, Apache-2.0, approved, clearlydefined
 npm/npmjs/@nodelib/fs.scandir/2.1.5, MIT, approved, clearlydefined
 npm/npmjs/@nodelib/fs.stat/2.0.5, MIT, approved, clearlydefined
@@ -275,7 +288,7 @@ npm/npmjs/@vue/compiler-core/3.2.47, MIT, approved, #7097
 npm/npmjs/@vue/compiler-dom/3.2.47, MIT, approved, #7093
 npm/npmjs/@vue/compiler-sfc/3.2.47, MIT, approved, #3104
 npm/npmjs/@vue/compiler-ssr/3.2.47, MIT, approved, #7098
-npm/npmjs/@vue/devtools-api/6.0.12, MIT, approved, clearlydefined
+npm/npmjs/@vue/devtools-api/6.5.1, MIT, approved, clearlydefined
 npm/npmjs/@vue/reactivity-transform/3.2.47, MIT, approved, #3096
 npm/npmjs/@vue/reactivity/3.2.47, MIT, approved, #7088
 npm/npmjs/@vue/runtime-core/3.2.47, MIT, approved, #7086

diff --git a/README.md b/README.md
@@ -1,8 +1,9 @@
 <!--
   Catena-X - Product Passport Consumer Frontend
  
-  Copyright (c) 2022, 2023 BASF SE, BMW AG, Henkel AG & Co. KGaA
- 
+  Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+  Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
+
   See the NOTICE file(s) distributed with this work for additional
   information regarding copyright ownership.
  
@@ -35,9 +36,9 @@ In particular, the appliction is used to access the battery passport data provid
 
 ### Software Version
 #### Helm Chart Version
-<pre id="helm-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/digital-product-pass-2.0.0">2.0.0</a></pre>
+<pre id="helm-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/digital-product-pass-2.0.1">2.0.1</a></pre>
 #### Application Version
-<pre id="app-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/v2.0.0">v2.0.0</a></pre>
+<pre id="app-version"><a href="https://github.com/eclipse-tractusx/digital-product-pass/releases/tag/v2.0.1">v2.0.1</a></pre>
 
 
 ## Application Preview

diff --git a/charts/digital-product-pass/Chart.yaml b/charts/digital-product-pass/Chart.yaml
@@ -40,10 +40,10 @@ type: application
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 
-version: 2.0.0
+version: 2.0.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.0.0"
+appVersion: "2.0.1"
diff --git a/charts/digital-product-pass/README.md b/charts/digital-product-pass/README.md
@@ -1,6 +1,6 @@
 # digital-product-pass
 
-![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.0](https://img.shields.io/badge/AppVersion-1.5.0-informational?style=flat-square)
+![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)
 
 A Helm chart for Tractus-X Digital Product Pass Kubernetes
 
@@ -15,15 +15,16 @@ A Helm chart for Tractus-X Digital Product Pass Kubernetes
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
-| backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"temporaryStorage":{"enabled":true},"timeouts":{"digitalTwin":20,"negotiation":40,"search":10,"transfer":10}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","transfer":"/transferprocesses"},"delay":100,"endpoint":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"},"hostname":"localhost","image":{"pullPolicy":"Always","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"enabled":false,"hosts":[{"host":"localhost","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false,"enabled":false},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"}}` | Backend configuration |
-| backend.digitalTwinRegistry.temporaryStorage | object | `{"enabled":true}` | temporary storage of dDTRs for optimization |
+| backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"temporaryStorage":{"enabled":true,"lifetime":12},"timeouts":{"digitalTwin":20,"negotiation":40,"search":10,"transfer":10}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","transfer":"/transferprocesses"},"delay":100,"hostname":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"},"hostname":"localhost","image":{"pullPolicy":"Always","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"enabled":false,"hosts":[{"host":"localhost","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"}}` | Backend configuration |
+| backend.digitalTwinRegistry.temporaryStorage | object | `{"enabled":true,"lifetime":12}` | temporary storage of dDTRs for optimization |
+| backend.digitalTwinRegistry.temporaryStorage.lifetime | int | `12` | lifetime of the temporaryStorage in hours |
 | backend.digitalTwinRegistry.timeouts | object | `{"digitalTwin":20,"negotiation":40,"search":10,"transfer":10}` | timeouts for the digital twin registry async negotiation |
 | backend.discovery | object | `{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""}` | discovery configuration |
 | backend.discovery.bpnDiscovery | object | `{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"}` | bpn discovery configuration |
 | backend.discovery.edcDiscovery | object | `{"key":"bpn"}` | edc discovery configuration |
 | backend.discovery.hostname | string | `""` | discovery finder configuration |
-| backend.edc | object | `{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","transfer":"/transferprocesses"},"delay":100,"endpoint":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"}` | in this section we configure the values that are inserted as secrets in the backend |
-| backend.edc.endpoint | string | `""` | edc consumer connection configuration |
+| backend.edc | object | `{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","transfer":"/transferprocesses"},"delay":100,"hostname":"","participantId":"<Add participant id here>","xApiKey":"<Add API key here>"}` | in this section we configure the values that are inserted as secrets in the backend |
+| backend.edc.hostname | string | `""` | edc consumer connection configuration |
 | backend.edc.participantId | string | `"<Add participant id here>"` | BPN Number |
 | backend.edc.xApiKey | string | `"<Add API key here>"` | the secret for assesing the edc management API |
 | backend.hostname | string | `"localhost"` | backend hostname (without protocol prefix [DEFAULT HTTPS] for security ) |
@@ -37,7 +38,7 @@ A Helm chart for Tractus-X Digital Product Pass Kubernetes
 | backend.passport.aspects | list | `["urn:bamm:io.catenax.generic.digital_product_passport:1.0.0#DigitalProductPassport","urn:bamm:io.catenax.battery.battery_pass:3.0.1#BatteryPass","urn:bamm:io.catenax.transmission.transmission_pass:1.0.0#TransmissionPass"]` | passport versions and aspects allowed |
 | backend.process | object | `{"encryptionKey":""}` | digital twin registry configuration |
 | backend.process.encryptionKey | string | `""` | unique sha512 hash key used for the passport encryption |
-| backend.securityCheck | object | `{"bpn":false,"edc":false,"enabled":false}` | security configuration |
+| backend.securityCheck | object | `{"bpn":false,"edc":false}` | security configuration |
 | backend.serverPort | int | `8888` | configuration of the spring boot server |
 | backend.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service |
 | frontend.api | object | `{"delay":1000,"max_retries":30,"timeout":90000}` | api timeouts |
@@ -64,7 +65,7 @@ A Helm chart for Tractus-X Digital Product Pass Kubernetes
 | oauth.bpnCheck | object | `{"bpn":"<Add participant id here>","enabled":false}` | configure here the bpn check for the application |
 | oauth.bpnCheck.bpn | string | `"<Add participant id here>"` | this bpn needs to be included in the user login information when the check is enabled |
 | oauth.hostname | string | `""` | url of the identity provider service |
-| oauth.roleCheck | object | `{"enabled":false}` | the role check checks if the user has access roles for the appId   |
+| oauth.roleCheck | object | `{"enabled":false}` | the role check checks if the user has access roles for the appId |
 | oauth.techUser | object | `{"clientId":"<Add client id here>","clientSecret":"<Add client secret here>"}` | note: this credentials need to have access to the Discovery Finder, BPN Discovery and EDC Discovery |
 | replicaCount | int | `1` |  |
 | resources.limits.cpu | string | `"500m"` |  |

diff --git a/charts/digital-product-pass/templates/configmap-backend.yaml b/charts/digital-product-pass/templates/configmap-backend.yaml
@@ -1,7 +1,8 @@
 #################################################################################
-# Catena-X - Product Passport Consumer Application
+# Catena-X - Digital Product Pass Application
 #
-# Copyright (c) 2022, 2023 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -101,7 +102,9 @@ data:
           transfer: {{ .Values.backend.digitalTwinRegistry.timeouts.transfer }}
           digitalTwin: {{ .Values.backend.digitalTwinRegistry.timeouts.digitalTwin }}
         # -- temporary storage of dDTRs for optimization
-        temporaryStorage: {{ .Values.backend.digitalTwinRegistry.temporaryStorage.enabled }}
+        temporaryStorage:
+          enabled: {{ .Values.backend.digitalTwinRegistry.temporaryStorage.enabled }}
+          lifetime: {{ .Values.backend.digitalTwinRegistry.temporaryStorage.lifetime }}
       # -- discovery configuration
       discovery:
         # -- discovery finder configuration

diff --git a/charts/digital-product-pass/values.yaml b/charts/digital-product-pass/values.yaml
@@ -1,7 +1,8 @@
 #################################################################################
-# Catena-X - Product Passport Consumer Application
+# Catena-X - Digital Product Pass Application
 #
-# Copyright (c) 2022, 2023 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
+# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -20,7 +21,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #################################################################################
 
-# Default values for dpp-frontend.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
@@ -120,6 +120,8 @@ backend:
     # -- temporary storage of dDTRs for optimization
     temporaryStorage:
       enabled: true
+      # -- lifetime of the temporaryStorage in hours
+      lifetime: 12
 
   # -- discovery configuration
   discovery:
@@ -188,8 +190,8 @@ oauth:
   techUser:
     clientId: "<Add client id here>"
     clientSecret: "<Add client secret here>"
-  realm: ""
-  appId: ""
+  realm: "<realm>"
+  appId: "<app-id>"
   onLoad: "login-required"
   # -- configure here the bpn check for the application
   bpnCheck: