Patrick.Sy/spring-petclinic
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-petclinic.git synced 2025-07-21 23:35:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Review

Browse source
This commit is contained in:
Navaneeth Mysore Govindarajan 2024-02-13 13:36:25 -05:00
parent b5acf03417
commit ebc7157030
2 changed files with 16 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
pom.xml
View file

@ -20,7 +20,6 @@
<clm.serverUrl>http://ec2-107-23-150-171.compute-1.amazonaws.com:8070/</clm.serverUrl> <clm.serverUrl>http://ec2-107-23-150-171.compute-1.amazonaws.com:8070/</clm.serverUrl>
<clm.serverId>ec2-107-23-150-171.compute-1.amazonaws.com</clm.serverId> <clm.serverId>ec2-107-23-150-171.compute-1.amazonaws.com</clm.serverId>
<clm.stage>stage-release</clm.stage> <clm.stage>stage-release</clm.stage>
<clm.skip>false</clm.skip>
<!-- Generic properties --> <!-- Generic properties -->
<java.version>17</java.version> <java.version>17</java.version>
@ -149,28 +148,6 @@
<build> <build>
<plugins> <plugins>
<!--
Demo: Copy dependencies so runtime-agent.jar location is know for -javaagent and also helps with iq-cli scans.
-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>dependency-copy-dependencies</id>
<phase>generate-resources</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/lib</outputDirectory>
<stripVersion>false</stripVersion>
<includeScope>compile</includeScope>
</configuration>
</execution>
</executions>
</plugin>
<!-- Demo: CLM plugin --> <!-- Demo: CLM plugin -->
<plugin> <plugin>
<groupId>com.sonatype.clm</groupId> <groupId>com.sonatype.clm</groupId>
@ -179,13 +156,19 @@
<configuration> <configuration>
<applicationId>${artifactId}</applicationId> <applicationId>${artifactId}</applicationId>
<stage>stage-release</stage> <stage>stage-release</stage>
<skip>true</skip>
</configuration> </configuration>
<executions> <executions>
<execution> <execution>
<phase>package</phase> <id>sonatype-prepare</id>
<phase>test-compile</phase>
<goals>
<goal>evaluate</goal>
</goals>
</execution>
<execution>
<id>sonatype-reevaluate-after-run</id>
<phase>prepare-package</phase>
<goals> <goals>
<goal>index</goal>
<goal>evaluate</goal> <goal>evaluate</goal>
</goals> </goals>
</execution> </execution>
@ -211,8 +194,8 @@
-Dsonatype.runtime.agent.iq.protocol=http -Dsonatype.runtime.agent.iq.protocol=http
-Dsonatype.runtime.agent.iq.host=ec2-107-23-150-171.compute-1.amazonaws.com -Dsonatype.runtime.agent.iq.host=ec2-107-23-150-171.compute-1.amazonaws.com
-Dsonatype.runtime.agent.iq.port=8070 -Dsonatype.runtime.agent.iq.port=8070
-Dsonatype.runtime.agent.iq.user=IQ_USER -Dsonatype.runtime.agent.iq.user=${env.IQ_USER}
-Dsonatype.runtime.agent.iq.password=IQ_PASSWORD -Dsonatype.runtime.agent.iq.password=${env.IQ_PASSWORD}
-Dsonatype.runtime.agent.iq.applicationId=spring-petclinic-runtime-agent -Dsonatype.runtime.agent.iq.applicationId=spring-petclinic-runtime-agent
-Dsonatype.runtime.agent.isIqApplicationIdPublic=true -Dsonatype.runtime.agent.isIqApplicationIdPublic=true
-Dsonatype.runtime.agent.blockedRunOnStartup=true -Dsonatype.runtime.agent.blockedRunOnStartup=true

9
readme.md
View file

@ -14,7 +14,8 @@ Spring Petclinic is a [Spring Boot](https://spring.io/guides/gs/spring-boot) app
git clone https://github.com/spring-projects/spring-petclinic.git git clone https://github.com/spring-projects/spring-petclinic.git
cd spring-petclinic cd spring-petclinic
# This runs the integration tests which invoke vulnerable methods and the runtime labels set in IQ on: # This runs the integration tests which will invoke some vulnerable methods as part of tests coverage and the
# runtime labels set in IQ on:
# - ch.qos.logback : logback-core : 1.4.11 # - ch.qos.logback : logback-core : 1.4.11
# - ch.qos.logback : logback-classic : 1.4.11 # - ch.qos.logback : logback-classic : 1.4.11
# - org.springframework : spring-core : 6.1.1 # - org.springframework : spring-core : 6.1.1
@ -22,7 +23,7 @@ cd spring-petclinic
# Note: Change the path the runtime-agent-1.0.7.jar as necessary # Note: Change the path the runtime-agent-1.0.7.jar as necessary
# After starting the app, by navigating to http://localhost:8080/vets.html invokes vulnerable method call. # After starting the app, by navigating to http://localhost:8080/vets.html invokes vulnerable method call.
# This will log the method call and set the runtime labels in IQ. # This will log additional vulnerable method calls that were not covered by unit tests and sets the runtime labels in IQ.
# If the label is already set due to integration tests, it will log as such. # If the label is already set due to integration tests, it will log as such.
# If needed, the labels can be deleted manually in IQ before starting the app. # If needed, the labels can be deleted manually in IQ before starting the app.
java -javaagent:../runtime-agent-1.0.7.jar \ java -javaagent:../runtime-agent-1.0.7.jar \
@ -31,8 +32,8 @@ java -javaagent:../runtime-agent-1.0.7.jar \
-Dsonatype.runtime.agent.iq.protocol=http \ -Dsonatype.runtime.agent.iq.protocol=http \
-Dsonatype.runtime.agent.iq.host=ec2-107-23-150-171.compute-1.amazonaws.com \ -Dsonatype.runtime.agent.iq.host=ec2-107-23-150-171.compute-1.amazonaws.com \
-Dsonatype.runtime.agent.iq.port=8070 \ -Dsonatype.runtime.agent.iq.port=8070 \
-Dsonatype.runtime.agent.iq.user=IQ_USER \ -Dsonatype.runtime.agent.iq.user=${IQ_USER} \
-Dsonatype.runtime.agent.iq.password=IQ_PASSWORD \ -Dsonatype.runtime.agent.iq.password=${IQ_PASSWORD} \
-Dsonatype.runtime.agent.iq.applicationId=spring-petclinic-runtime-agent \ -Dsonatype.runtime.agent.iq.applicationId=spring-petclinic-runtime-agent \
-Dsonatype.runtime.agent.isIqApplicationIdPublic=true \ -Dsonatype.runtime.agent.isIqApplicationIdPublic=true \
-Dsonatype.runtime.agent.blockedRunOnStartup=true \ -Dsonatype.runtime.agent.blockedRunOnStartup=true \