Merge pull request #126 from pagopa/release-uat

fix: Release uat

Author: antonioT90

.grype.yaml

@@ -1,6 +1,6 @@
 ignore:
   # false positive match on reactor-netty packages due to a bug on grype: https://github.com/anchore/grype/issues/431
-  # Actually we are using netty 4.1.94
+  # Actually we are using netty 4.1.100
   - vulnerability: CVE-2014-3488  # solved in netty 3.9.2
   - vulnerability: CVE-2015-2156  # solved in netty 4.1.42
   - vulnerability: CVE-2019-16869 # solved in netty 4.1.42
@@ -15,3 +15,4 @@ ignore:
   - vulnerability: CVE-2022-24823 # solved in netty 4.1.77
   - vulnerability: CVE-2022-41881 # solved in netty 4.1.86
   - vulnerability: CVE-2023-34462 # solved in netty 4.1.94
+  - vulnerability: CVE-2023-44487 # solved in netty 4.1.100

Dockerfile

@@ -1,7 +1,7 @@
 #
 # Build
 #
-FROM maven:3.9.4-amazoncorretto-17-al2023@sha256:c7719f952f62e301c6c24b86ef9a2ea1cd0a314a862ed12e51f0ffbc3fbb96b5 AS buildtime
+FROM maven:3.9.5-amazoncorretto-17-al2023@sha256:b7f94a5f1b6582a045692e31c2c97ef6f0ed867961669a0adbc2d5f0bbf8bc85 AS buildtime
 
 WORKDIR /build
 COPY . .
@@ -11,7 +11,7 @@ RUN mvn clean package -DskipTests
 #
 # Docker RUNTIME
 #
-FROM amazoncorretto:17.0.8-alpine3.18@sha256:34650d7c653af234dad21cd2d89d2f0dbdb1bad54041014932e51b3492e0dec5 AS runtime
+FROM amazoncorretto:17.0.9-alpine3.18@sha256:df48bf2e183230040890460ddb4359a10aa6c7aad24bd88899482c52053c7e17 AS runtime
 
 RUN apk add shadow
 RUN useradd --uid 10000 runner
@@ -21,7 +21,7 @@ WORKDIR /app
 
 COPY --from=buildtime /build/target/*.jar /app/app.jar
 # The agent is enabled at runtime via JAVA_TOOL_OPTIONS.
-ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.4.16/applicationinsights-agent-3.4.16.jar /app/applicationinsights-agent.jar
+ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.4.17/applicationinsights-agent-3.4.17.jar /app/applicationinsights-agent.jar
 
 RUN chown -R runner:runner /app
 

pom.xml

@@ -5,14 +5,15 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.1.3</version>
-		<relativePath/> <!-- lookup parent from repository -->
+		<version>3.1.5</version>
 	</parent>
+
 	<groupId>it.gov.pagopa</groupId>
 	<artifactId>idpay-transactions</artifactId>
-	<version>1.1.0</version>
 	<name>idpay-transactions</name>
 	<description>Transactions Microservice</description>
+	<version>1.1.2</version>
+
 	<properties>
 		<java.version>17</java.version>
 	</properties>
@@ -49,7 +50,7 @@
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
 			<optional>true</optional>
-			<version>1.18.28</version>
+			<version>1.18.30</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
@@ -59,7 +60,7 @@
 		<dependency>
 			<groupId>org.springdoc</groupId>
 			<artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
-			<version>2.1.0</version>
+			<version>2.2.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.codehaus.janino</groupId>
@@ -68,30 +69,18 @@
 		</dependency>
 
 		<!-- Security fixes -->
-		<dependency>
-			<groupId>org.yaml</groupId>
-			<artifactId>snakeyaml</artifactId>
-			<!-- Forced to 2.0 due to https://nvd.nist.gov/vuln/detail/CVE-2022-1471 -->
-			<version>2.0</version>
-		</dependency>
 		<dependency>
 			<groupId>org.xerial.snappy</groupId>
 			<artifactId>snappy-java</artifactId>
-			<!-- Forced to 2.0 due to https://nvd.nist.gov/vuln/detail/CVE-2023-34453 -->
-			<version>1.1.10.3</version>
+			<!-- Forced to > 1.1.10.3 due to https://nvd.nist.gov/vuln/detail/CVE-2023-34453 -->
+			<version>1.1.10.5</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
-			<groupId>com.squareup.okhttp3</groupId>
-			<artifactId>okhttp</artifactId>
-			<!-- Forced to 4.11.0 in order to update dependency of okio -->
-			<version>4.11.0</version>
-		</dependency>
-		<dependency>
-			<groupId>com.squareup.okio</groupId>
-			<artifactId>okio</artifactId>
-			<!-- Forced to 3.4.0 due to https://nvd.nist.gov/vuln/detail/CVE-2023-3635 -->
-			<version>3.4.0</version>
+			<groupId>org.yaml</groupId>
+			<artifactId>snakeyaml</artifactId>
+			<!-- Forced to > 2.0 due to https://nvd.nist.gov/vuln/detail/CVE-2022-1471 -->
+			<version>2.2</version>
 		</dependency>
 
 		<!--TEST-->
@@ -114,7 +103,7 @@
 		<dependency>
 			<groupId>de.flapdoodle.embed</groupId>
 			<artifactId>de.flapdoodle.embed.mongo.spring30x</artifactId>
-			<version>4.7.0</version>
+			<version>4.9.3</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
@@ -140,6 +129,15 @@
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+
+			<dependency>
+				<groupId>io.netty</groupId>
+				<artifactId>netty-bom</artifactId>
+				<!-- Forced to 4.1.100 due to https://nvd.nist.gov/vuln/detail/CVE-2023-44487 -->
+				<version>4.1.100.Final</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>
 	<build>

src/main/java/it/gov/pagopa/common/reactive/mongo/retry/MongoRequestRateTooLargeAutomaticRetryAspect.java

@@ -1,6 +1,7 @@
 package it.gov.pagopa.common.reactive.mongo.retry;
 
 import it.gov.pagopa.common.reactive.web.ReactiveRequestContextHolder;
+import lombok.Generated;
 import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -47,6 +48,12 @@ public MongoRequestRateTooLargeAutomaticRetryAspect(
         this.maxMillisElapsedBatch = maxMillisElapsedBatch;
     }
 
+    @Generated
+    @Pointcut("execution(* org.springframework.data.mongodb.repository.*MongoRepository+.*(..))")
+    public void inSpringRepositoryClass() {
+    }
+
+    @Generated
     @Pointcut("within(*..*Repository*)")
     public void inRepositoryClass() {
     }
@@ -59,48 +66,48 @@ public void returnMono() {
     public void returnFlux() {
     }
 
-    @Around("inRepositoryClass() && returnMono()")
+    @Around("(inRepositoryClass() or inSpringRepositoryClass()) && returnMono()")
     public Object decorateMonoRepositoryMethods(ProceedingJoinPoint pjp) throws Throwable {
         Mono<?> out = (Mono<?>) pjp.proceed();
-
-        return Mono.deferContextual(ctx -> decorateMethod(out, ctx));
+        String flowName = pjp.getSignature().toShortString();
+        return Mono.deferContextual(ctx -> decorateMethod(flowName, out, ctx));
     }
 
-    @Around("inRepositoryClass() && returnFlux()")
+    @Around("(inRepositoryClass() or inSpringRepositoryClass()) && returnFlux()")
     public Object decorateFluxRepositoryMethods(ProceedingJoinPoint pjp) throws Throwable {
         @SuppressWarnings("unchecked") // only with Flux the compiler return error when using wildcard, so here we are using Object
         Flux<Object> out = (Flux<Object>) pjp.proceed();
-
-        return Flux.deferContextual(ctx -> decorateMethod(out, ctx));
+        String flowName = pjp.getSignature().toShortString();
+        return Flux.deferContextual(ctx -> decorateMethod(flowName, out, ctx));
     }
 
-    private <T extends Publisher<?>> T decorateMethod(T out, ContextView ctx) {
+    private <T extends Publisher<?>> T decorateMethod(String flowName, T out, ContextView ctx) {
         Optional<ServerWebExchange> serverWebExchange = ctx.getOrEmpty(ReactiveRequestContextHolder.CONTEXT_KEY);
         if (serverWebExchange.isEmpty()) {
             if(enabledBatch) {
-                return invokeWithRetry(out, maxRetryBatch, maxMillisElapsedBatch);
+                return invokeWithRetry(flowName, out, maxRetryBatch, maxMillisElapsedBatch);
             }else {
                 return out;
             }
         } else {
             MongoRequestRateTooLargeApiRetryable apiRetryableConfig = getRequestRateTooLargeApiRetryableConfig(serverWebExchange.get());
             if(apiRetryableConfig!=null){
-                return invokeWithRetry(out, apiRetryableConfig.maxRetry(), apiRetryableConfig.maxMillisElapsed());
+                return invokeWithRetry(flowName, out, apiRetryableConfig.maxRetry(), apiRetryableConfig.maxMillisElapsed());
             } else if(enabledApi){
-                return invokeWithRetry(out,  maxRetryApi, maxMillisElapsedApi);
+                return invokeWithRetry(flowName, out,  maxRetryApi, maxMillisElapsedApi);
             }else {
                 return out;
             }
         }
     }
 
     @SuppressWarnings("unchecked")
-    private <T extends Publisher<?>> T invokeWithRetry(T out, long maxRetry, long maxMillisElapsed) {
+    private <T extends Publisher<?>> T invokeWithRetry(String flowName, T out, long maxRetry, long maxMillisElapsed) {
         if(out instanceof Mono<?> mono) {
-            return (T) MongoRequestRateTooLargeRetryer.withRetry(mono, maxRetry,
+            return (T) MongoRequestRateTooLargeRetryer.withRetry(flowName, mono, maxRetry,
                 maxMillisElapsed);
         } else {
-            return (T) MongoRequestRateTooLargeRetryer.withRetry((Flux<?>) out, maxRetry,
+            return (T) MongoRequestRateTooLargeRetryer.withRetry(flowName, (Flux<?>) out, maxRetry,
                 maxMillisElapsed);
         }
     }

src/main/java/it/gov/pagopa/common/reactive/mongo/retry/MongoRequestRateTooLargeRetryer.java

@@ -2,7 +2,6 @@
 
 import it.gov.pagopa.common.reactive.mongo.retry.exception.MongoRequestRateTooLargeRetryExpiredException;
 import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
 import org.springframework.dao.DataAccessException;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
@@ -22,15 +21,15 @@ private MongoRequestRateTooLargeRetryer() {
 
     private static final Pattern RETRY_AFTER_MS_PATTERN = Pattern.compile("RetryAfterMs=(\\d+)");
 
-    public static <T> Mono<T> withRetry(Mono<T> publisher, long maxRetry, long maxMillisElapsed){
-        return publisher.retryWhen( buildRetry(maxRetry, maxMillisElapsed, System.currentTimeMillis()));
+    public static <T> Mono<T> withRetry(String flowName, Mono<T> publisher, long maxRetry, long maxMillisElapsed){
+        return publisher.retryWhen( buildRetry(flowName, maxRetry, maxMillisElapsed, System.currentTimeMillis()));
     }
 
-    public static <T> Flux<T> withRetry(Flux<T> publisher, long maxRetry, long maxMillisElapsed){
-        return publisher.retryWhen( buildRetry(maxRetry, maxMillisElapsed, System.currentTimeMillis()));
+    public static <T> Flux<T> withRetry(String flowName, Flux<T> publisher, long maxRetry, long maxMillisElapsed){
+        return publisher.retryWhen( buildRetry(flowName, maxRetry, maxMillisElapsed, System.currentTimeMillis()));
     }
 
-    private static Retry buildRetry(long maxRetry, long maxMillisElapsed, long startTime) {
+    private static Retry buildRetry(String flowName, long maxRetry, long maxMillisElapsed, long startTime) {
         Long[] retryAfterMs = {null};
         return buildBaseRetry(maxRetry)
                 .filter(MongoRequestRateTooLargeRetryer::isRequestRateTooLargeException)
@@ -44,32 +43,30 @@ private static Retry buildRetry(long maxRetry, long maxMillisElapsed, long start
                     }
 
                     if (maxMillisElapsed > 0 && millisElapsed > maxMillisElapsed){
-                        return Mono.error(buildMongoRequestRateTooLargeRetryExpiredException(maxRetry, e,
+                        return Mono.error(buildMongoRequestRateTooLargeRetryExpiredException(flowName, maxRetry, e,
                                 maxMillisElapsed, millisElapsed, retryAfterMs[0]));
                     }
 
                     if (retryAfterMs[0] != null) {
                         log.info(
-                                "[REQUEST_RATE_TOO_LARGE_RETRY] Retrying after {} ms due to RequestRateTooLargeException: attempt {} of {} after {} ms of max {} ms",
-                                retryAfterMs[0], counter, maxRetry, millisElapsed, maxMillisElapsed);
+                                "[REQUEST_RATE_TOO_LARGE_RETRY][{}] Retrying after {} ms due to RequestRateTooLargeException: attempt {} of {} after {} ms of max {} ms",
+                                flowName, retryAfterMs[0], counter, maxRetry, millisElapsed, maxMillisElapsed);
                         return Mono.delay(Duration.ofMillis(retryAfterMs[0])).then();
                     }else {
                         log.info(
-                                "[REQUEST_RATE_TOO_LARGE_RETRY] Retrying for RequestRateTooLargeException: attempt {} of {} after {} ms of max {} ms",
-                                counter, maxRetry, millisElapsed, maxMillisElapsed);
+                                "[REQUEST_RATE_TOO_LARGE_RETRY][{}] Retrying for RequestRateTooLargeException: attempt {} of {} after {} ms of max {} ms",
+                                flowName, counter, maxRetry, millisElapsed, maxMillisElapsed);
                         return Mono.empty();
                     }
                 })
                 .onRetryExhaustedThrow((r, e) -> buildMongoRequestRateTooLargeRetryExpiredException(
-                        maxRetry, e, maxMillisElapsed,
+                        flowName, maxRetry, e, maxMillisElapsed,
                         System.currentTimeMillis() - startTime, retryAfterMs[0]));
     }
 
-
-    @NotNull
     private static MongoRequestRateTooLargeRetryExpiredException buildMongoRequestRateTooLargeRetryExpiredException(
-            long maxRetry, RetrySignal e, long maxMillisElapsed, long startTime, Long retryAfterMs) {
-        return new MongoRequestRateTooLargeRetryExpiredException(maxRetry, e.totalRetries() + 1,
+            String flowName, long maxRetry, RetrySignal e, long maxMillisElapsed, long startTime, Long retryAfterMs) {
+        return new MongoRequestRateTooLargeRetryExpiredException(flowName, maxRetry, e.totalRetries() + 1,
                 maxMillisElapsed, startTime, retryAfterMs, e.failure());
     }
 
@@ -89,7 +86,7 @@ public static Long getRetryAfterMs(Throwable ex) {
     }
 
     public static boolean isRequestRateTooLargeException(Throwable ex) {
-        return ex instanceof DataAccessException && ex.getMessage().contains("TooManyRequests");
+        return ex instanceof DataAccessException && (ex.getMessage().contains("TooManyRequests") || ex.getMessage().contains("Error=16500,"));
     }
 
 }

src/main/java/it/gov/pagopa/common/reactive/mongo/retry/exception/MongoRequestRateTooLargeRetryExpiredException.java

@@ -12,10 +12,10 @@ public class MongoRequestRateTooLargeRetryExpiredException extends RuntimeExcept
     private final Long retryAfterMs;
 
 
-    public MongoRequestRateTooLargeRetryExpiredException(long maxRetry, long counter,
+    public MongoRequestRateTooLargeRetryExpiredException(String flowName, long maxRetry, long counter,
                                                          long maxMillisElapsed, long millisElapsed, Long retryAfterMs, Throwable cause) {
-        super("[REQUEST_RATE_TOO_LARGE_RETRY_EXPIRED] Expired retry for RequestRateTooLargeException: attempt %d of %d after %d ms of max %d ms, suggested retry after %s ms"
-                        .formatted(counter, maxRetry, millisElapsed, maxMillisElapsed, String.valueOf(retryAfterMs)),
+        super("[REQUEST_RATE_TOO_LARGE_RETRY_EXPIRED][%s] Expired retry for RequestRateTooLargeException: attempt %d of %d after %d ms of max %d ms, suggested retry after %s ms"
+                        .formatted(flowName, counter, maxRetry, millisElapsed, maxMillisElapsed, String.valueOf(retryAfterMs)),
                 cause);
         this.maxRetry = maxRetry;
         this.counter = counter;

src/main/java/it/gov/pagopa/common/stream/StreamsHealthIndicator.java

@@ -1,7 +1,6 @@
 package it.gov.pagopa.common.stream;
 
 import lombok.NonNull;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.health.AbstractHealthIndicator;
 import org.springframework.boot.actuate.health.Health;
 import org.springframework.cloud.stream.messaging.DirectWithAttributesChannel;
@@ -23,11 +22,14 @@
 @GlobalChannelInterceptor
 public class StreamsHealthIndicator extends AbstractHealthIndicator implements ChannelInterceptor {
 
-    @Autowired
-    private ApplicationContext applicationContext;
+    private final ApplicationContext applicationContext;
 
     private final Set<String> disconnectedSubscribers = new HashSet<>();
 
+    public StreamsHealthIndicator(ApplicationContext applicationContext) {
+        this.applicationContext = applicationContext;
+    }
+
     @Override
     protected void doHealthCheck(Health.Builder builder) {
         Map<String, Integer> publisherSubscriptionCounts = applicationContext.getBeansOfType(DirectWithAttributesChannel.class).entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().getSubscriberCount()));

src/main/java/it/gov/pagopa/common/web/exception/MongoExceptionHandler.java

@@ -4,8 +4,6 @@
 import it.gov.pagopa.common.reactive.mongo.retry.exception.MongoRequestRateTooLargeRetryExpiredException;
 import it.gov.pagopa.common.web.dto.ErrorDTO;
 import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.dao.DataAccessException;
@@ -23,8 +21,11 @@
 @Order(Ordered.HIGHEST_PRECEDENCE)
 public class MongoExceptionHandler {
 
-    @Autowired
-    private ErrorManager errorManager;
+    private final ErrorManager errorManager;
+
+    public MongoExceptionHandler(ErrorManager errorManager) {
+        this.errorManager = errorManager;
+    }
 
     @ExceptionHandler(DataAccessException.class)
     protected ResponseEntity<ErrorDTO> handleDataAccessException(
@@ -46,7 +47,6 @@ protected ResponseEntity<ErrorDTO> handleMongoRequestRateTooLargeRetryExpiredExc
         return getErrorDTOResponseEntity(ex, request, ex.getRetryAfterMs());
     }
 
-    @NotNull
     private ResponseEntity<ErrorDTO> getErrorDTOResponseEntity(Exception ex,
                                                                ServerWebExchange request, Long retryAfterMs) {
         String message = ex.getMessage();