upgraded json path lib to 2.9 fixing some vulnerabilities

cerberustesting · Dec 27, 2024 · 459768e · 459768e
1 parent ca0a9d0
commit 459768e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 12 deletions.
diff --git a/source/pom.xml b/source/pom.xml
@@ -47,7 +47,7 @@
         <jackson-databind.version>2.14.0-rc1</jackson-databind.version>
         <jackson-datatype-jsr310.version>2.13.2</jackson-datatype-jsr310.version>
         <!-- jsonpath -->
-        <jsonxpath.version>2.7.0</jsonxpath.version>
+        <jsonxpath.version>2.9.0</jsonxpath.version>
         <!-- Groovy Version -->
         <groovy.version>3.0.11</groovy.version>
         <!--        <groovy-dateutil.version>3.0.11</groovy-dateutil.version>-->
@@ -81,7 +81,7 @@
         <!-- Mappers -->
         <mapstruct.version>1.4.2.Final</mapstruct.version>
         <!-- Swagger generator -->
-        <springfox.version>2.9.2</springfox.version>
+        <swagger.version>2.9.2</swagger.version>
         <!-- REST API Calls -->
         <httpmime.version>4.5.14</httpmime.version>
         <!-- Compile scope -->
@@ -490,12 +490,12 @@
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger2</artifactId>
-            <version>${springfox.version}</version>
+            <version>${swagger.version}</version>
         </dependency>
         <dependency>
             <groupId>io.springfox</groupId>
             <artifactId>springfox-swagger-ui</artifactId>
-            <version>${springfox.version}</version>
+            <version>${swagger.version}</version>
         </dependency>
 
         <!-- PDF Generation -->

diff --git a/source/src/main/java/org/cerberus/core/service/json/impl/JsonService.java b/source/src/main/java/org/cerberus/core/service/json/impl/JsonService.java
@@ -25,10 +25,7 @@
 import com.jayway.jsonpath.Configuration;
 import com.jayway.jsonpath.InvalidPathException;
 import com.jayway.jsonpath.JsonPath;
-import com.jayway.jsonpath.TypeRef;
 import com.jayway.jsonpath.spi.json.JacksonJsonNodeJsonProvider;
-import net.minidev.json.JSONArray;
-import net.minidev.json.JSONStyle;
 import org.cerberus.core.crud.entity.TestCaseCountryProperties;
 import org.cerberus.core.service.json.IJsonService;
 import org.springframework.stereotype.Service;
@@ -42,6 +39,7 @@
 import java.util.List;
 import java.util.Random;
 import java.util.stream.Collectors;
+import org.json.JSONArray;
 
 /**
  * @author bcivel
@@ -111,15 +109,15 @@ public String getFromJson(String jsonMessage, String url, String attributeToFind
 
         switch (output) {
             case (TestCaseCountryProperties.VALUE3_COUNT):
-                valueFromJSON = String.valueOf(((JSONArray) JsonPath.read(document, jsonPath)).size());
+                valueFromJSON = String.valueOf(((JSONArray) JsonPath.read(document, jsonPath)).length());
                 break;
             case (TestCaseCountryProperties.VALUE3_VALUELIST):
                 valueFromJSON = castObjectAccordingToJson(JsonPath.read(document, jsonPath));
                 break;
             case (TestCaseCountryProperties.VALUE3_VALUE):
                 if (random) {
                     Random r = new Random();
-                    rank = r.nextInt(((JSONArray) JsonPath.read(document, jsonPath)).size());
+                    rank = r.nextInt(((JSONArray) JsonPath.read(document, jsonPath)).length());
                 }
                 valueFromJSON = ((JSONArray) JsonPath.read(document, jsonPath)).get(rank).toString();
                 break;
@@ -222,7 +220,7 @@ private String castObjectAccordingToJson(Object value) {
         } else if (value instanceof Boolean) {
             return ((Boolean) value).toString();
         } else if (value instanceof JSONArray) {
-            return ((JSONArray) value).toString(JSONStyle.LT_COMPRESS);
+            return ((JSONArray) value).toString(1);
         } else if (value instanceof Double) {
             return ((Double) value).toString();
         } else {

diff --git a/source/src/main/java/org/cerberus/core/servlet/crud/test/testcase/ExportTestCase.java b/source/src/main/java/org/cerberus/core/servlet/crud/test/testcase/ExportTestCase.java
@@ -28,7 +28,6 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import net.minidev.json.JSONArray;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.cerberus.core.crud.entity.Application;
@@ -37,6 +36,7 @@
 import org.cerberus.core.exception.CerberusException;
 import org.cerberus.core.crud.service.ITestCaseService;
 import org.cerberus.core.version.Infos;
+import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.owasp.html.PolicyFactory;
@@ -94,7 +94,7 @@ protected void processRequest(HttpServletRequest httpServletRequest, HttpServlet
             tcInfoJSON.put("conditionOptions", tcInfo.getConditionOptions());
 
             JSONArray tcJA = new JSONArray();
-            tcJA.add(tcInfoJSON);
+            tcJA.put(tcInfoJSON);
             export.put("testcases", tcJA);
 
             // Contain the ** application ** of the testcase