Remove apache commons io library, security update (#261)

tommysitu · web-flow · commit 6306a81b0c75 · 2021-05-01T12:06:18.000+01:00
* Remove apache commons io library, security update

* Should reset tempdirectory to null after a purge

* Speed up file assertion
diff --git a/build.gradle b/build.gradle
@@ -36,15 +36,15 @@ dependencies {
     compile "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:$jacksonVersion"
     compile "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:$jacksonVersion"
     compile 'org.apache.commons:commons-lang3:3.8.1'
-    compile 'org.zeroturnaround:zt-exec:1.10'
+    compile 'org.zeroturnaround:zt-exec:1.11'
     compile 'org.slf4j:slf4j-api:1.7.25'
     compile 'ch.qos.logback:logback-classic:1.2.3'
     compileOnly 'junit:junit:4.12'
     testCompile 'com.sun.jersey:jersey-client:1.19.4'
     testCompile 'com.google.guava:guava:20.0'
     testCompile 'org.springframework:spring-web:4.3.20.RELEASE'
     testCompile 'org.apache.httpcomponents:httpclient:4.5.6'
-    testCompile 'org.assertj:assertj-core:3.11.1'
+    testCompile 'org.assertj:assertj-core:3.19.0'
     testCompile 'net.javacrumbs.json-unit:json-unit:1.31.1'
     testCompile 'net.javacrumbs.json-unit:json-unit-fluent:1.31.1'
     testCompile 'org.eclipse.jetty:jetty-server:9.3.11.v20160721'
diff --git a/src/main/java/io/specto/hoverfly/junit/core/TempFileManager.java b/src/main/java/io/specto/hoverfly/junit/core/TempFileManager.java
@@ -1,22 +1,21 @@
 package io.specto.hoverfly.junit.core;
 
-import org.apache.commons.io.FileUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import static io.specto.hoverfly.junit.core.SystemConfigFactory.OsName.WINDOWS;
+import static java.nio.file.attribute.PosixFilePermission.OWNER_EXECUTE;
+import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
+import static java.util.Arrays.asList;
 
 import java.io.File;
 import java.io.IOException;
-import java.net.URL;
+import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+import java.util.Comparator;
 import java.util.HashSet;
-
-import static io.specto.hoverfly.junit.core.HoverflyUtils.findResourceOnClasspath;
-import static io.specto.hoverfly.junit.core.SystemConfigFactory.OsName.WINDOWS;
-import static java.nio.file.attribute.PosixFilePermission.OWNER_EXECUTE;
-import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
-import static java.util.Arrays.asList;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Manage temporary files for running hoverfly
@@ -36,22 +35,24 @@ void purge() {
             return;
         }
         try {
-            FileUtils.deleteDirectory(tempDirectory.toFile());
+            Files.walk(tempDirectory)
+                .sorted(Comparator.reverseOrder())
+                .map(Path::toFile)
+                .forEach(File::delete);
+            tempDirectory = null;
         } catch (IOException e) {
             LOGGER.warn("Failed to delete hoverfly binary, will try again on JVM shutdown.", e);
         }
-
     }
 
     /**
      * Copy classpath resource to hoverfly temporary directory
      */
     Path copyClassPathResource(String resourcePath, String targetName) {
-        URL sourceUrl = HoverflyUtils.findResourceOnClasspath(resourcePath);
 
         Path targetPath = getOrCreateTempDirectory().resolve(targetName);
-        try {
-            FileUtils.copyURLToFile(sourceUrl, targetPath.toFile());
+        try (InputStream resourceAsStream = HoverflyUtils.getClasspathResourceAsStream(resourcePath)) {
+            Files.copy(resourceAsStream, targetPath, StandardCopyOption.REPLACE_EXISTING);
         } catch (IOException e) {
             throw new IllegalStateException("Failed to copy classpath resource " + resourcePath, e);
         }
@@ -66,13 +67,13 @@ Path copyClassPathResource(String resourcePath, String targetName) {
     Path copyHoverflyBinary(SystemConfig systemConfig) {
         String binaryName = systemConfig.getHoverflyBinaryName();
         LOGGER.info("Selecting the following binary based on the current operating system: {}", binaryName);
-        final URL sourceUrl = findResourceOnClasspath(HOVERFLY_BINARIES_ROOT_PATH + binaryName);
-        final Path targetPath = getOrCreateTempDirectory().resolve(binaryName);
+        Path targetPath = getOrCreateTempDirectory().resolve(binaryName);
         LOGGER.info("Storing binary in temporary directory {}", targetPath);
-        final File targetFile = targetPath.toFile();
-        try {
-            FileUtils.copyURLToFile(sourceUrl, targetFile);
+
+        try (InputStream resourceAsStream = HoverflyUtils.getClasspathResourceAsStream(HOVERFLY_BINARIES_ROOT_PATH + binaryName)) {
+            Files.copy(resourceAsStream, targetPath, StandardCopyOption.REPLACE_EXISTING);
             if (systemConfig.getOsName() == WINDOWS) {
+                final File targetFile = targetPath.toFile();
                 targetFile.setExecutable(true);
                 targetFile.setReadable(true);
                 targetFile.setWritable(true);
diff --git a/src/test/java/io/specto/hoverfly/junit/core/MultiCaptureTest.java b/src/test/java/io/specto/hoverfly/junit/core/MultiCaptureTest.java
@@ -3,7 +3,7 @@
 import com.google.common.io.Resources;
 import io.specto.hoverfly.junit.rule.HoverflyRule;
 import io.specto.hoverfly.webserver.CaptureModeTestWebServer;
-import org.apache.commons.io.FileUtils;
+import java.util.Comparator;
 import org.json.JSONException;
 import org.junit.AfterClass;
 import org.junit.Before;
@@ -42,20 +42,16 @@ public class MultiCaptureTest {
     public void setUp() throws Exception {
 
         // Delete directory and contents
-        final File firstSimulationDirectory = FIRST_RECORDED_SIMULATION_FILE.getParent().toFile();
-        if(firstSimulationDirectory.exists()) {
-            FileUtils.forceDelete(firstSimulationDirectory);
-        }
+        Path firstSimulationDirectory = FIRST_RECORDED_SIMULATION_FILE.getParent();
+        recursiveDeleteIfExists(firstSimulationDirectory);
 
         // Delete individual file
         Files.deleteIfExists(SECOND_RECORDED_SIMULATION_FILE);
         Files.deleteIfExists(FORTH_RECORDED_SIMULATION_FILE);
 
         // Delete directory and contents
-        final File thirdSimulationDirectory = THIRD_RECORDED_SIMULATION_FILE.getParent().toFile();
-        if(thirdSimulationDirectory.exists()) {
-            FileUtils.forceDelete(thirdSimulationDirectory);
-        }
+        Path thirdSimulationDirectory = THIRD_RECORDED_SIMULATION_FILE.getParent();
+        recursiveDeleteIfExists(thirdSimulationDirectory);
 
         webServerBaseUrl = CaptureModeTestWebServer.run();
     }
@@ -106,5 +102,14 @@ public static void after() throws IOException, JSONException {
         CaptureModeTestWebServer.terminate();
     }
 
+    private void recursiveDeleteIfExists(Path directory) throws IOException {
+        if (directory.toFile().exists()) {
+            Files.walk(directory)
+                .sorted(Comparator.reverseOrder())
+                .map(Path::toFile)
+                .forEach(File::delete);
+        }
+    }
+
 
 }
diff --git a/src/test/java/io/specto/hoverfly/junit/core/TempFileManagerTest.java b/src/test/java/io/specto/hoverfly/junit/core/TempFileManagerTest.java
@@ -1,18 +1,17 @@
 package io.specto.hoverfly.junit.core;
 
 
-import com.google.common.io.Resources;
-import org.apache.commons.io.FileUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
+import static org.assertj.core.api.Assertions.assertThat;
 
+import com.google.common.io.Resources;
+import java.io.FileInputStream;
 import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-
-import static org.assertj.core.api.Assertions.assertThat;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
 
 public class TempFileManagerTest {
 
@@ -45,6 +44,7 @@ public void shouldPurgeAllCreatedTempFiles() {
 
         assertThat(Files.exists(tempResourcePath)).isFalse();
         assertThat(Files.exists(tempResourcePath.getParent())).isFalse();
+        assertThat(tempFileManager.getTempDirectory()).isNull();
     }
 
     @Test
@@ -58,7 +58,7 @@ public void shouldCopyClassPathResourceToCurrentTempDirectory() throws Exception
         assertThat(Files.isRegularFile(targetFile)).isTrue();
         assertThat(Files.isReadable(targetFile)).isTrue();
         assertThat(targetFile.getParent()).isEqualTo(tempFileManager.getTempDirectory());
-        assertThat(FileUtils.contentEquals(sourceFile.toFile(), targetFile.toFile())).isTrue();
+        assertThat(targetFile).hasSameContentAs(sourceFile);
     }
 
     @Test
@@ -78,11 +78,12 @@ public void shouldCopyHoverflyBinary() throws Exception {
         assertThat(Files.isReadable(targetFile)).isTrue();
         assertThat(Files.isExecutable(targetFile)).isTrue();
         assertThat(targetFile.getParent()).isEqualTo(tempFileManager.getTempDirectory());
-        assertThat(FileUtils.contentEquals(sourceFile.toFile(), targetFile.toFile())).isTrue();
+        assertThat(new FileInputStream(targetFile.toFile())).hasSameContentAs(new FileInputStream(sourceFile.toFile()));
+
     }
 
     @After
     public void tearDown() {
         tempFileManager.purge();
     }
-}
+}
