Merge pull request #24 from rapid7/IAS-11301-bamboo-snyk

IAS-11301 bamboo xnyk critical fix
rapid7 · Nov 6, 2023 · ccc35f0 · ccc35f0
2 parents d713924 + 0cfd70e
commit ccc35f0
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 6 deletions.
diff --git a/help.md b/help.md
@@ -73,6 +73,7 @@ If the scan gating doesn't appear to occur as expected, confirm that the vulnera
 
 # Version History
 
+* 1.2.1 - Update dependencies
 * 1.2.0 - Add proxy connection. Add server logs debugging.
 * 1.1.2 - Update dependencies
 * 1.1.1 - Add new regions to InsightAppSec Region dropdown. Use search endpoint to retrieve scan-configs.
@@ -85,4 +86,4 @@ If the scan gating doesn't appear to occur as expected, confirm that the vulnera
 
 * [Atlassian SDK Documentation](https://developer.atlassian.com/server/framework/atlassian-sdk/downloads/)
 * [InsightAppSec API Documentation](https://help.rapid7.com/insightappsec/en-us/api/v1/docs.html)
-* [Create a Rapid7 Platform API Key](https://insightappsec.help.rapid7.com/docs/get-started-with-the-insightappsec-api)
+* [Create a Rapid7 Platform API Key](https://insightappsec.help.rapid7.com/docs/get-started-with-the-insightappsec-api)
diff --git a/manifest.json b/manifest.json
@@ -21,8 +21,13 @@
         "sourceUrl": "https://github.com/rapid7/insightappsec-bamboo-plugin",
         "licenseUrl": "https://github.com/rapid7/insightappsec-bamboo-plugin/blob/master/LICENSE"
     },
-    "version": "1.2.0",
+    "version": "1.2.1",
     "versionHistory": [
+        {
+            "version": "1.2.1",
+            "date": "",
+            "changes": "Update dependencies."
+        },
         {
             "version": "1.2.0",
             "date": "",
@@ -115,4 +120,4 @@
     ],
     "metadata": [],
     "processingInstructions": []
-}
+}
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.rapid7.ias.bamboo</groupId>
     <artifactId>insightappsec-bamboo-plugin</artifactId>
-    <version>1.2.0</version>
+    <version>1.2.1</version>
 
     <scm>
         <url>https://github.com/rapid7/insightappsec-bamboo-plugin</url>
@@ -40,6 +40,7 @@
         <gson-version>2.8.9</gson-version>
         <gson-fire-version>1.8.0</gson-fire-version>
         <mockito-core.version>2.8.9</mockito-core.version>
+        <log4j.version>1.2.17-atlassian-18</log4j.version>
     </properties>
 
     <dependencies>
@@ -53,9 +54,55 @@
                     <groupId>org.codehaus.woodstox</groupId>
                     <artifactId>stax2-api</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.apache.velocity</groupId>
+                    <artifactId>velocity</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.h2database</groupId>
+                    <artifactId>h2</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-to-slf4j</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>opensymphony</groupId>
+                    <artifactId>oscore</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.codehaus.jackson</groupId>
+                    <artifactId>jackson-mapper-asl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-beans</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.struts</groupId>
+                    <artifactId>struts2-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.commons</groupId>
+                    <artifactId>commons-text</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.activemq</groupId>
+                    <artifactId>activemq-client</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.activemq</groupId>
+                    <artifactId>activemq-openwire-legacy</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.12.0</version>
+        </dependency>
+
         <dependency>
             <groupId>com.atlassian.plugin</groupId>
             <artifactId>atlassian-spring-scanner-annotation</artifactId>
@@ -83,7 +130,13 @@
             <version>3.0.16</version>
             <scope>compile</scope>
         </dependency>
-
+
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>${log4j.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

diff --git a/src/main/java/com/rapid7/ias/bamboo/impl/InsightAppSecHelper.java b/src/main/java/com/rapid7/ias/bamboo/impl/InsightAppSecHelper.java
@@ -20,7 +20,7 @@
 
 public class InsightAppSecHelper {
 
-    private String USER_AGENT = "r7:insightappsec-bamboo/1.2.0";
+    private String USER_AGENT = "r7:insightappsec-bamboo/1.2.1";
     private String SCAN_CONFIG_QUERY = "scanconfig.app.id='%1$s' && scanconfig.name='%2$s'";
 
     private UtilityLogger logger;