diff --git a/core/src/main/java/se/su/dsv/scipro/workerthreads/AbstractWorker.java b/core/src/main/java/se/su/dsv/scipro/workerthreads/AbstractWorker.java
index 9c97efdb03..940668b430 100755
--- a/core/src/main/java/se/su/dsv/scipro/workerthreads/AbstractWorker.java
+++ b/core/src/main/java/se/su/dsv/scipro/workerthreads/AbstractWorker.java
@@ -1,9 +1,6 @@
package se.su.dsv.scipro.workerthreads;
import jakarta.inject.Inject;
-import jakarta.inject.Provider;
-import jakarta.persistence.EntityManager;
-import jakarta.persistence.EntityTransaction;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,6 +55,22 @@ public abstract class AbstractWorker implements Worker {
* Do manually transaction-handled work
*/
try {
+ // When the switch from Guice to Spring happened all workers became singletons
+ // because that's the default in Spring. In Guice they were "prototype" scoped
+ // and therefore the worker object was re-created before each execution which
+ // reset the successfulWorker field to true.
+ //
+ // Now that they're singletons the field is never reset to true after a
+ // failure and the worker will be stuck in a failed state even after a
+ // subsequent successful run.
+ //
+ // TODO:
+ // In the future this flag should be removed and any execution that does
+ // not throw an exception should be considered successful.
+ // If a worker needs to signal a non-exception as a failure that should
+ // be an internal matter and not something the scheduler should consider.
+ setSuccessfulWorker(true);
+
doWork();
} catch (RuntimeException ex) {
LOGGER.info("Worker {} threw an exception", getClass().getSimpleName());
diff --git a/core/src/main/xsd/daisy_api.xsd b/core/src/main/xsd/daisy_api.xsd
index 806769ad48..a01921eadd 100755
--- a/core/src/main/xsd/daisy_api.xsd
+++ b/core/src/main/xsd/daisy_api.xsd
@@ -75,6 +75,8 @@
<xs:sequence>
<xs:element name="level" type="educationalLevel" minOccurs="1">
</xs:element>
+ <xs:element name="courseCredits" type="xs:decimal" minOccurs="0">
+ </xs:element>
<xs:element name="department" type="serializableUnit" minOccurs="1">
</xs:element>
</xs:sequence>
@@ -615,6 +617,8 @@
</xs:element>
<xs:element name="break" type="xs:boolean" minOccurs="1">
</xs:element>
+ <xs:element name="reparticipant" type="xs:boolean" minOccurs="1">
+ </xs:element>
<xs:element name="inactive" type="xs:boolean" minOccurs="1">
</xs:element>
<xs:element name="userName" type="xs:string" minOccurs="0">
diff --git a/daisy-integration/src/main/java/se/su/dsv/scipro/io/impl/ExternalExporterDaisyImpl.java b/daisy-integration/src/main/java/se/su/dsv/scipro/io/impl/ExternalExporterDaisyImpl.java
index 90aaca25c2..d9362a5d74 100755
--- a/daisy-integration/src/main/java/se/su/dsv/scipro/io/impl/ExternalExporterDaisyImpl.java
+++ b/daisy-integration/src/main/java/se/su/dsv/scipro/io/impl/ExternalExporterDaisyImpl.java
@@ -2,9 +2,8 @@ package se.su.dsv.scipro.io.impl;
import jakarta.inject.Inject;
import jakarta.ws.rs.core.Response;
+import java.math.BigDecimal;
import java.util.Calendar;
-import java.util.HashMap;
-import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.su.dsv.scipro.daisyExternal.http.DaisyAPI;
@@ -13,7 +12,6 @@ import se.su.dsv.scipro.io.dto.*;
import se.su.dsv.scipro.io.exceptions.ExternalExportException;
import se.su.dsv.scipro.project.Project;
import se.su.dsv.scipro.reusable.SciProUtilities;
-import se.su.dsv.scipro.system.DegreeType;
import se.su.dsv.scipro.system.Unit;
import se.su.dsv.scipro.system.User;
@@ -23,14 +21,6 @@ public class ExternalExporterDaisyImpl implements ExternalExporter {
static final int MAX_TITLE_LENGTH = 255;
private static final int DSV = 4;
- private static Map<DegreeType, EducationalLevel> classMap = new HashMap<>() {
- {
- put(DegreeType.NONE, EducationalLevel.UNKNOWN);
- put(DegreeType.BACHELOR, EducationalLevel.FIRST_CYCLE);
- put(DegreeType.MAGISTER, EducationalLevel.SECOND_CYCLE);
- put(DegreeType.MASTER, EducationalLevel.SECOND_CYCLE);
- }
- };
private final DaisyAPI api;
@@ -82,7 +72,21 @@ public class ExternalExporterDaisyImpl implements ExternalExporter {
}
private EducationalLevel toDaisyLevel(Project project) {
- return classMap.get(project.getProjectTypeDegreeType());
+ return switch (project.getProjectTypeDegreeType()) {
+ case NONE -> EducationalLevel.UNKNOWN;
+ case BACHELOR -> EducationalLevel.FIRST_CYCLE;
+ case MAGISTER -> EducationalLevel.SECOND_CYCLE;
+ case MASTER -> EducationalLevel.SECOND_CYCLE;
+ };
+ }
+
+ private static BigDecimal toDaisyCredits(Project project) {
+ return switch (project.getProjectTypeDegreeType()) {
+ case BACHELOR -> BigDecimal.valueOf(15);
+ case MAGISTER -> BigDecimal.valueOf(15);
+ case MASTER -> BigDecimal.valueOf(30);
+ case NONE -> null;
+ };
}
@Override
@@ -95,6 +99,7 @@ public class ExternalExporterDaisyImpl implements ExternalExporter {
AddThesisAuthorCourse authorCourse = new AddThesisAuthorCourse();
authorCourse.setLevel(toDaisyLevel(project));
authorCourse.setDepartment(department);
+ authorCourse.setCourseCredits(toDaisyCredits(project));
AddThesisAuthor addThesisAuthor = new AddThesisAuthor();
addThesisAuthor.setCourse(authorCourse);
diff --git a/owasp.xml b/owasp.xml
index c504d51e0f..125e5e37f6 100644
--- a/owasp.xml
+++ b/owasp.xml
@@ -72,4 +72,22 @@
</notes>
<cve>CVE-2024-23076</cve>
</suppress>
+ <suppress>
+ <notes>
+ https://nvd.nist.gov/vuln/detail/CVE-2024-49203
+ https://github.com/querydsl/querydsl/issues/3757
+
+ Basically if you allow untrusted user input to be used in the "ORDER BY" clause
+ you can be vulnerable to SQL injection.
+
+ I believe this is nonsense and akin to saying every Java application has a
+ security vulnerability because JDBC allows you to execute arbitrary SQL if you
+ do not properly use PreparedStatement with parameters over a string-concatenated
+ Statement.
+
+ Even if this is considered a valid vulnerability we do not, currently, allow
+ untrusted user input to be used in the "ORDER BY" clause.
+ </notes>
+ <cve>CVE-2024-49203</cve>
+ </suppress>
</suppressions>