fix tests and cve

.github/workflows/hopsworks-tests.yml

@@ -37,6 +37,8 @@ jobs:
           java-version: '8'
           distribution: 'adopt'
           cache: 'maven'
-
+          cache-dependency-path: 'pom.xml'
+      - name: Set up .m2 settings.xml
+        run: mkdir -p ~/.m2 && echo "<settings><servers><server><id>nvd</id><password>${{ secrets.NVD_API_KEY }}</password></server></servers></settings>" > ~/.m2/settings.xml
       - name: Run vulnerability checker
         run: mvn clean install -Powasp-dependency-check,spot-bugs -DskipTests

hopsworks-IT/src/test/ruby/spec/haas_user_spec.rb

@@ -64,7 +64,9 @@
         end
 
         it "should allow starting new executions" do
-          start_execution(@project[:id], @job[:name])
+          # Job is does not have an executable
+          # 400 Job application file does not exist: hdfs:///Projects/@project/Resources/dummy_job.py
+          start_execution(@project[:id], @job[:name], expected_status: 400)
         end
 
         it "should allow stopping executions" do
@@ -80,7 +82,7 @@
         it "should get all alerts" do
           get_project_alerts(@project)
           expect_status_details(200)
-          expect(json_body[:count]).to eq(4)
+          expect(json_body[:count]).to eq(6)
         end
 
         it "should create alert" do
@@ -96,7 +98,7 @@
           expect_status_details(204)
 
           get_project_alerts(@project)
-          expect(json_body[:count]).to eq(4)
+          expect(json_body[:count]).to eq(6)
         end
 
         it "should get job alerts" do
@@ -175,7 +177,7 @@
         end
 
         it "should allow starting new executions" do
-          start_execution(@project[:id], @job[:name])
+          start_execution(@project[:id], @job[:name], expected_status: 400)
         end
 
         it "should allow stopping executions" do
@@ -185,7 +187,7 @@
         it "should get all alerts" do
           get_project_alerts(@project)
           expect_status_details(200)
-          expect(json_body[:count]).to eq(4)
+          expect(json_body[:count]).to eq(6)
         end
 
         it "should create alert" do
@@ -201,7 +203,7 @@
           expect_status_details(204)
 
           get_project_alerts(@project)
-          expect(json_body[:count]).to eq(4)
+          expect(json_body[:count]).to eq(6)
         end
 
         it "should get job alerts" do

hopsworks-IT/src/test/ruby/spec/helpers/jupyter_helper.rb

@@ -49,7 +49,8 @@ def update_jupyter(project, settings, expected_status: 200)
     expect_status_details(expected_status)
   end
 
-  def create_notebook(jupyter_port, path="")
+  def create_notebook(jupyter_port, path: "Jupyter")
+    # Permission denied: Untitled.ipynb if no path is provided
     notebook_name = SecureRandom.alphanumeric(10) + ".ipynb"
     payload = {
       'name' => notebook_name,

hopsworks-IT/src/test/ruby/spec/jupyter_spec.rb

@@ -70,7 +70,7 @@
 
             kernel_id = ""
             auth_token(token) do
-              temp_name = create_notebook(port, jupyter_home)
+              temp_name = create_notebook(port, path: jupyter_home)
               update_notebook(port, get_code_content, temp_name)
               _, kernel_id = create_notebook_session(port, temp_name, temp_name)
             end
@@ -148,7 +148,7 @@
                 config.headers["Authorization"] = "token #{token}"
               end
 
-              temp_name = create_notebook(port, jupyter_home)
+              temp_name = create_notebook(port, path: jupyter_home)
               notebook_json = read_notebook("#{ENV['PROJECT_DIR']}/hopsworks-IT/src/test/ruby/spec/auxiliary/#{notebook_name}")
 
               update_notebook(port, notebook_json, temp_name)

hopsworks-IT/src/test/ruby/spec/users_spec.rb

@@ -611,9 +611,11 @@
         get_secrets_name
         items = json_body[:items]
         found = false
-        items.each do |item|
-          if item[:name].eql? secret_name
-            found = true
+        unless items.nil? || items.empty?
+          items.each do |item|
+            if item[:name].eql? secret_name
+              found = true
+            end
           end
         end
 

pom.xml

@@ -397,6 +397,10 @@
             <groupId>com.predic8</groupId>
             <artifactId>soa-model-core</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>org.bitbucket.b_c</groupId>
+            <artifactId>jose4j</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
       <dependency>
@@ -1099,9 +1103,10 @@
           <plugin>
             <groupId>org.owasp</groupId>
             <artifactId>dependency-check-maven</artifactId>
-            <version>6.2.2</version>
+            <version>9.0.9</version>
             <inherited>false</inherited>
             <configuration>
+              <nvdApiServerId>nvd</nvdApiServerId>
               <suppressionFiles>
                 <suppressionFile>project-suppression.xml</suppressionFile>
               </suppressionFiles>

project-suppression.xml

@@ -209,18 +209,18 @@
     <cve>CVE-2022-1471</cve>
   </suppress>
   <!-- No fix in Payara 5.2022.5 which is the final release of Payara 5 Community. -->
-  <suppress>
-    <notes><![CDATA[file name: payara-embedded-web-5.2022.5.jar (shaded: com.hazelcast:hazelcast:4.2.4)]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast@.*$</packageUrl>
-    <cve>CVE-2022-0265</cve>
-    <cve>CVE-2022-36437</cve>
-  </suppress>
   <suppress>
     <notes><![CDATA[file name: payara-embedded-web-5.2022.5.jar]]></notes>
     <cve>CVE-2023-28462</cve>
     <cve>CVE-2016-4055</cve>
     <cve>CVE-2023-33265</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[file name: payara-embedded-web-5.2022.5.jar (shaded: com.hazelcast:hazelcast:4.2.5)]]></notes>
+    <packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast@.*$</packageUrl>
+    <cve>CVE-2023-45859</cve>
+    <cve>CVE-2022-36437</cve>
+  </suppress>
   <!-- Not used -->
   <suppress>
     <notes><![CDATA[file name: hive-storage-api-2.6.1.2.jar]]></notes>