Merge pull request #178 from contentstack/staging

DX | 01-04-2025 | Release

Author: harshithad0703

Diff for: CHANGELOG.md

@@ -1,5 +1,13 @@
 # CHANGELOG
 
+## v2.1.0
+
+### Date: 1-Apr-2025
+
+- code vulnerabilities fixes
+- timeline feature implementation
+- snyk fixes
+
 ## v2.0.3
 
 ### Date: 3-March-2025

Diff for: pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.contentstack.sdk</groupId>
     <artifactId>java</artifactId>
-    <version>2.0.3</version>
+    <version>2.1.0</version>
     <packaging>jar</packaging>
     <name>contentstack-java</name>
     <description>Java SDK for Contentstack Content Delivery API</description>
@@ -20,23 +20,23 @@
         <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
         <maven-javadoc-plugin.version>3.4.1</maven-javadoc-plugin.version>
         <dotenv-source.version>3.0.0</dotenv-source.version>
-        <rxjava-source.version>3.1.9</rxjava-source.version>
+        <rxjava-source.version>3.1.10</rxjava-source.version>
         <retrofit-source.version>2.11.0</retrofit-source.version>
         <loggin.version>5.0.0-alpha.11</loggin.version>
         <jococo-plugin.version>0.8.5</jococo-plugin.version>
-        <lombok-source.version>1.18.34</lombok-source.version>
-        <junit-jupiter.version>5.10.1</junit-jupiter.version>
+        <lombok-source.version>1.18.36</lombok-source.version>
+        <junit-jupiter.version>5.11.4</junit-jupiter.version>
         <junit-jupiter-engine.version>5.8.0-M1</junit-jupiter-engine.version>
         <gson.version>2.8.8</gson.version>
         <json-simple-version>1.1.1</json-simple-version>
         <maven-site-plugin.version>3.3</maven-site-plugin.version>
         <maven-gpg-plugin.version>1.5</maven-gpg-plugin.version>
         <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
         <nexus-staging-maven-plugin.version>1.6.13</nexus-staging-maven-plugin.version>
-        <json-version>20240303</json-version>
+        <json-version>20250107</json-version>
         <jacoco-maven-plugin-version>0.8.7</jacoco-maven-plugin-version>
         <maven-release-plugin-version>2.5.3</maven-release-plugin-version>
-        <contentstack-utils-version>1.2.7</contentstack-utils-version>
+        <contentstack-utils-version>1.2.15</contentstack-utils-version>
     </properties>
 
     <parent>
@@ -187,7 +187,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.18.0</version>
+            <version>2.18.2</version>
         </dependency>
     </dependencies>
 

Diff for: src/main/java/com/contentstack/sdk/AssetLibrary.java

@@ -31,6 +31,31 @@ protected void setStackInstance(@NotNull Stack stack) {
         this.headers = stack.headers;
     }
 
+    //Sanitization of keys
+    private boolean isValidKey(String key) {
+        return key.matches("^[a-zA-Z0-9_.]+$");
+    }
+
+    //Sanitization of values
+    private boolean isValidValue(Object value) {
+        if(value instanceof String){
+            return ((String) value).matches("^[a-zA-Z0-9_.\\-\\s]+$");
+        }
+        return true;
+    }
+
+    //Sanitization of values list
+    private boolean isValidValueList(Object[] values) {
+        for (Object value : values) {
+            if (value instanceof String) {
+                if (!((String) value).matches("^[a-zA-Z0-9_.\\-\\s]+$")) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+
     /**
      * Sets header.
      *
@@ -151,7 +176,11 @@ public int getCount() {
      *         </pre>
      */
     public AssetLibrary addParam(@NotNull String paramKey, @NotNull Object paramValue) {
-        urlQueries.put(paramKey, paramValue);
+        if (isValidKey(paramKey) && isValidValue(paramValue)) {
+            urlQueries.put(paramKey, paramValue);
+        } else {
+            logger.warning("Invalid key or value");
+        }
         return this;
     }
 
@@ -172,8 +201,12 @@ public AssetLibrary addParam(@NotNull String paramKey, @NotNull Object paramValu
      *         </pre>
      */
     public AssetLibrary removeParam(@NotNull String paramKey){
-         if(urlQueries.has(paramKey)){
-            urlQueries.remove(paramKey);
+         if(isValidKey(paramKey)) {
+            if(urlQueries.has(paramKey)){
+                urlQueries.remove(paramKey);
+            }
+        } else {
+            logger.warning("Invalid key");
         }
         return this;
     }
@@ -255,7 +288,9 @@ private HashMap<String, Object> getUrlParams(JSONObject urlQueriesJSON) {
             while (iter.hasNext()) {
                 String key = iter.next();
                 Object value = urlQueriesJSON.opt(key);
-                hashMap.put(key, value);
+                if(isValidKey(key) && isValidValue(value)) {
+                    hashMap.put(key, value);
+                }
             }
         }
         return hashMap;
@@ -311,9 +346,13 @@ public enum ORDERBY {
     }
 
     public AssetLibrary where(String key, String value) {
-        JSONObject queryParams= new JSONObject();
-        queryParams.put(key,value);
-        urlQueries.put("query", queryParams);
+        if(isValidKey(key) && isValidValue(value)){  
+            JSONObject queryParams = new JSONObject();
+            queryParams.put(key,value);
+            urlQueries.put("query", queryParams);
+        } else {
+            throw new IllegalArgumentException("Invalid key or value");
+        }
         return this;
     }
 

Diff for: src/main/java/com/contentstack/sdk/AssetsModel.java

@@ -20,10 +20,12 @@ class AssetsModel {
      */
     public AssetsModel(JSONObject response) {
         JSONArray listResponse = null;
-        Object rawAssets = response.get("assets"); // Get assets
+        Object rawAssets = response.opt("assets"); // Get assets
         if (rawAssets instanceof List) {  // Check if it's an ArrayList
             List<?> assetsList = (List<?>) rawAssets;
             listResponse = new JSONArray(assetsList); // Convert to JSONArray
+        } else if (rawAssets != null) {
+            throw new IllegalArgumentException("Invalid type for 'assets' key: " + rawAssets.getClass().getName());
         }
         if (listResponse != null) {
             listResponse.forEach(model -> {

Diff for: src/main/java/com/contentstack/sdk/CSConnectionRequest.java

@@ -83,7 +83,7 @@ public void setParams(Object... objects) {
     }
 
     @Override
-    public void sendRequest() {
+    public synchronized void sendRequest() {
         CSHttpConnection connection = new CSHttpConnection(urlToCall, this);
         connection.setController(controller);
         connection.setHeaders(header);
@@ -99,7 +99,7 @@ public void sendRequest() {
     }
 
     @Override
-    public void onRequestFailed(JSONObject error, int statusCode, ResultCallBack callBackObject) {
+    public synchronized void onRequestFailed(JSONObject error, int statusCode, ResultCallBack callBackObject) {
         Error errResp = new Error();
         if (error.has(ERROR_MESSAGE)) {
             String errMsg = error.optString(ERROR_MESSAGE);
@@ -119,7 +119,7 @@ public void onRequestFailed(JSONObject error, int statusCode, ResultCallBack cal
     }
 
     @Override
-    public void onRequestFinished(CSHttpConnection request) {
+    public synchronized void onRequestFinished(CSHttpConnection request) {
         JSONObject jsonResponse = request.getResponse();
         if (request.getController().equalsIgnoreCase(Constants.QUERYOBJECT)) {
             EntriesModel model = new EntriesModel(jsonResponse);

Diff for: src/main/java/com/contentstack/sdk/Config.java

@@ -31,6 +31,9 @@ public class Config {
     protected Proxy proxy = null;
     protected String[] earlyAccess = null;
     protected ConnectionPool connectionPool = new ConnectionPool();
+    public String releaseId;
+    public String previewTimestamp;
+
 
     protected List<ContentstackPlugin> plugins = null;
 

Diff for: src/main/java/com/contentstack/sdk/ContentTypesModel.java

@@ -20,10 +20,15 @@ public void setJSON(JSONObject responseJSON) {
         if (responseJSON != null) {
             String ctKey = "content_type";
             if (responseJSON.has(ctKey) && responseJSON.opt(ctKey) instanceof LinkedHashMap) {
-                this.response = new JSONObject((LinkedHashMap<?, ?>) responseJSON.get(ctKey));
+                try {
+                    this.response = new JSONObject((LinkedHashMap<?, ?>) responseJSON.get(ctKey));
+                } catch (Exception e) {
+                    System.err.println("Error processing 'content_type': " + e.getMessage());
+                }
             }
             String ctListKey = "content_types";
             if (responseJSON.has(ctListKey) && responseJSON.opt(ctListKey) instanceof ArrayList) {
+               try {
                 ArrayList<LinkedHashMap<?, ?>> contentTypes = (ArrayList) responseJSON.get(ctListKey);
                 List<Object> objectList = new ArrayList<>();
                 if (!contentTypes.isEmpty()) {
@@ -32,13 +37,18 @@ public void setJSON(JSONObject responseJSON) {
                             // Convert LinkedHashMap to JSONObject
                             JSONObject jsonModel = new JSONObject((LinkedHashMap<?, ?>) model);
                             objectList.add(jsonModel);
+                        } else {
+                            System.err.println("Invalid type in 'content_types' list. Expected LinkedHashMap.");
                         }
                     });
                 }
                 this.response = new JSONArray(objectList);
                 this.responseJSONArray = new JSONArray(objectList);
-            }
+            } catch (Exception e) {
+            System.err.println("Error processing 'content_types': " + e.getMessage());
         }
+      }
+    }
     }
 
     public Object getResponse() {

Diff for: src/main/java/com/contentstack/sdk/EntryModel.java

@@ -46,29 +46,47 @@ public EntryModel(JSONObject response) {
         }
 
         if (this.jsonObject.has(UID_KEY)) {
-            this.uid = (String) this.jsonObject.opt(UID_KEY);
+            this.uid = this.jsonObject.optString(UID_KEY, null);
         }
         if (this.jsonObject.has(TITLE_KEY)) {
-            this.title = (String) this.jsonObject.opt(TITLE_KEY);
+            this.title = this.jsonObject.optString(TITLE_KEY, null);
         }
         if (this.jsonObject.has(LOCALE_KEY)) {
-            this.language = (String) this.jsonObject.opt(LOCALE_KEY);
+            this.language = this.jsonObject.optString(LOCALE_KEY,null);
         }
         if (this.jsonObject.has(URL_KEY)) {
-            this.url = (String) this.jsonObject.opt(URL_KEY);
+            this.url = this.jsonObject.optString(URL_KEY,null);
         }
         if (this.jsonObject.has("description")) {
-            this.description = this.jsonObject.opt("description");
-        }
-        this.images = (JSONArray) this.jsonObject.opt("images");
-        this.isDirectory = (Boolean) this.jsonObject.opt("is_dir");
-        this.updatedAt = (String) this.jsonObject.opt("updated_at");
-        this.updatedBy = (String) this.jsonObject.opt("updated_by");
-        this.createdAt = (String) this.jsonObject.opt("created_at");
-        this.createdBy = (String) this.jsonObject.opt("created_by");
-        this.locale = (String) this.jsonObject.opt(LOCALE_KEY);
-        this.inProgress = (Boolean) this.jsonObject.opt("_in_progress");
-        this.version = this.jsonObject.opt("_version") != null ? (int) this.jsonObject.opt("_version") : 1;
+            this.description = this.jsonObject.optString("description");
+        }
+        if(this.jsonObject.has("images") && this.jsonObject.opt("images") instanceof JSONArray) {
+            this.images = this.jsonObject.optJSONArray("images");
+        }
+        if(this.jsonObject.has("is_dir") && this.jsonObject.opt("is_dir") instanceof Boolean) {
+            this.isDirectory = this.jsonObject.optBoolean("is_dir");
+        }
+        if(this.jsonObject.has("updated_at")) {
+            this.updatedAt = this.jsonObject.optString("updated_at");
+        }
+        if(this.jsonObject.has("updated_by")) {
+            this.updatedBy = this.jsonObject.optString("updated_by");
+        }
+        if(this.jsonObject.has("created_at")) {
+            this.createdAt = this.jsonObject.optString("created_at");
+        }
+        if(this.jsonObject.has("created_by")) {
+            this.createdBy = this.jsonObject.optString("created_by");
+        }
+        if(this.jsonObject.has(LOCALE_KEY)) {
+            this.locale = this.jsonObject.optString(LOCALE_KEY);
+        }
+        if(this.jsonObject.has("_in_progress") && this.jsonObject.opt("_in_progress") instanceof Boolean) {
+            this.inProgress = this.jsonObject.optBoolean("_in_progress");
+        }
+        if(this.jsonObject.has("_version") && this.jsonObject.opt("_version") instanceof Integer) {
+            this.version = this.jsonObject.optInt("_version",1);
+        }   
         if (this.jsonObject.has(PUBLISH_DETAIL_KEY)) {
             parsePublishDetail();
         }
@@ -77,12 +95,15 @@ public EntryModel(JSONObject response) {
 
     private void parsePublishDetail() {
         if (this.jsonObject.opt(PUBLISH_DETAIL_KEY) instanceof JSONObject) {
-            this.publishDetails = (JSONObject) this.jsonObject.opt(PUBLISH_DETAIL_KEY);
-            this.environment = this.publishDetails.optString("environment");
-            this.time = this.publishDetails.optString("time");
-            this.user = this.publishDetails.optString("user");
+            this.publishDetails = this.jsonObject.optJSONObject(PUBLISH_DETAIL_KEY);
+            if(this.publishDetails != null) {
+                this.environment = this.publishDetails.optString("environment");
+                this.time = this.publishDetails.optString("time");
+                this.user = this.publishDetails.optString("user");
+            }
         }
         this.metadata = new HashMap<>();
         this.metadata.put(PUBLISH_DETAIL_KEY, this.publishDetails);
     }
 }
+