DMC/scipro
7
0
Fork 0
Code Issues 32 Pull Requests 4 Actions 5 Projects 1 Wiki Activity

Require authors to fill in background, literature, problem, method, and interests when submitting ideas #72

Merged
niat8586 merged 7 commits from student-idea-form-required-fields into develop 2025-01-17 09:45:28 +01:00
Conversation 14 Commits 7 Files Changed 5 +55 -15
4 changed files with 55 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 45e7d5bade - Show all commits

19
core/src/main/java/se/su/dsv/scipro/workerthreads/AbstractWorker.java
View File

@ -1,9 +1,6 @@
package se.su.dsv.scipro.workerthreads;
import jakarta.inject.Inject;
import jakarta.inject.Provider;
import jakarta.persistence.EntityManager;
import jakarta.persistence.EntityTransaction;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -58,6 +55,22 @@ public abstract class AbstractWorker implements Worker {
* Do manually transaction-handled work
*/
try {
// When the switch from Guice to Spring happened all workers became singletons
// because that's the default in Spring. In Guice they were "prototype" scoped
// and therefore the worker object was re-created before each execution which
// reset the successfulWorker field to true.
//
// Now that they're singletons the field is never reset to true after a
// failure and the worker will be stuck in a failed state even after a
// subsequent successful run.
//
// TODO:
// In the future this flag should be removed and any execution that does
// not throw an exception should be considered successful.
// If a worker needs to signal a non-exception as a failure that should
// be an internal matter and not something the scheduler should consider.
setSuccessfulWorker(true);
doWork();
} catch (RuntimeException ex) {
LOGGER.info("Worker {} threw an exception", getClass().getSimpleName());

4
core/src/main/xsd/daisy_api.xsd
View File

@ -75,6 +75,8 @@
<xs:sequence>
<xs:element name="level" type="educationalLevel" minOccurs="1">
</xs:element>
<xs:element name="courseCredits" type="xs:decimal" minOccurs="0">
</xs:element>
<xs:element name="department" type="serializableUnit" minOccurs="1">
</xs:element>
</xs:sequence>
@ -615,6 +617,8 @@
</xs:element>
<xs:element name="break" type="xs:boolean" minOccurs="1">
</xs:element>
<xs:element name="reparticipant" type="xs:boolean" minOccurs="1">
</xs:element>
<xs:element name="inactive" type="xs:boolean" minOccurs="1">
</xs:element>
<xs:element name="userName" type="xs:string" minOccurs="0">

29
daisy-integration/src/main/java/se/su/dsv/scipro/io/impl/ExternalExporterDaisyImpl.java
View File

@ -2,9 +2,8 @@ package se.su.dsv.scipro.io.impl;
import jakarta.inject.Inject;
import jakarta.ws.rs.core.Response;
import java.math.BigDecimal;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.su.dsv.scipro.daisyExternal.http.DaisyAPI;
@ -13,7 +12,6 @@ import se.su.dsv.scipro.io.dto.*;
import se.su.dsv.scipro.io.exceptions.ExternalExportException;
import se.su.dsv.scipro.project.Project;
import se.su.dsv.scipro.reusable.SciProUtilities;
import se.su.dsv.scipro.system.DegreeType;
import se.su.dsv.scipro.system.Unit;
import se.su.dsv.scipro.system.User;
@ -23,14 +21,6 @@ public class ExternalExporterDaisyImpl implements ExternalExporter {
static final int MAX_TITLE_LENGTH = 255;
private static final int DSV = 4;
private static Map<DegreeType, EducationalLevel> classMap = new HashMap<>() {
{
put(DegreeType.NONE, EducationalLevel.UNKNOWN);
put(DegreeType.BACHELOR, EducationalLevel.FIRST_CYCLE);
put(DegreeType.MAGISTER, EducationalLevel.SECOND_CYCLE);
put(DegreeType.MASTER, EducationalLevel.SECOND_CYCLE);
}
};
private final DaisyAPI api;
@ -82,7 +72,21 @@ public class ExternalExporterDaisyImpl implements ExternalExporter {
}
private EducationalLevel toDaisyLevel(Project project) {
return classMap.get(project.getProjectTypeDegreeType());
return switch (project.getProjectTypeDegreeType()) {
case NONE -> EducationalLevel.UNKNOWN;
case BACHELOR -> EducationalLevel.FIRST_CYCLE;
case MAGISTER -> EducationalLevel.SECOND_CYCLE;
case MASTER -> EducationalLevel.SECOND_CYCLE;
};
}
private static BigDecimal toDaisyCredits(Project project) {
return switch (project.getProjectTypeDegreeType()) {
case BACHELOR -> BigDecimal.valueOf(15);
case MAGISTER -> BigDecimal.valueOf(15);
case MASTER -> BigDecimal.valueOf(30);
case NONE -> null;
};
}
@Override
@ -95,6 +99,7 @@ public class ExternalExporterDaisyImpl implements ExternalExporter {
AddThesisAuthorCourse authorCourse = new AddThesisAuthorCourse();
authorCourse.setLevel(toDaisyLevel(project));
authorCourse.setDepartment(department);
authorCourse.setCourseCredits(toDaisyCredits(project));
AddThesisAuthor addThesisAuthor = new AddThesisAuthor();
addThesisAuthor.setCourse(authorCourse);

18
owasp.xml
View File

@ -72,4 +72,22 @@
</notes>
<cve>CVE-2024-23076</cve>
</suppress>
<suppress>
<notes>
https://nvd.nist.gov/vuln/detail/CVE-2024-49203
https://github.com/querydsl/querydsl/issues/3757
Basically if you allow untrusted user input to be used in the "ORDER BY" clause
you can be vulnerable to SQL injection.
I believe this is nonsense and akin to saying every Java application has a
security vulnerability because JDBC allows you to execute arbitrary SQL if you
do not properly use PreparedStatement with parameters over a string-concatenated
Statement.
Even if this is considered a valid vulnerability we do not, currently, allow
untrusted user input to be used in the "ORDER BY" clause.
</notes>
<cve>CVE-2024-49203</cve>
</suppress>
</suppressions>