From a06d83daef571a0943d7b420552adaef846f94cc Mon Sep 17 00:00:00 2001
From: kyonRay <rui.kwok@outlook.com>
Date: Tue, 27 Feb 2024 22:35:01 +0800
Subject: [PATCH] <fix>(build): update build for secure issues.

---
 build.gradle                                  | 36 +++++++++----------
 .../webank/wecrosssdk/common/Constant.java    |  1 -
 .../wecrosssdk/rpc/common/RequestUtility.java | 16 ++++-----
 .../rpc/service/WeCrossRPCService.java        |  4 +--
 .../com/webank/wecrosssdk/utils/RPCUtils.java |  9 -----
 5 files changed, 26 insertions(+), 40 deletions(-)

diff --git a/build.gradle b/build.gradle
index dfb35cc..aaee5b4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -83,30 +83,30 @@ List logger = [
 ]
 
 dependencies {
-    compile logger
-    compile 'com.moandjiezana.toml:toml4j:0.7.2'
-    compile 'com.google.code.gson:gson:2.8.9'
-    compile 'com.fasterxml.jackson.core:jackson-databind:2.14.2'
-    compile ('org.springframework.boot:spring-boot-starter-web:2.7.18'){
+    implementation logger
+    implementation 'com.moandjiezana.toml:toml4j:0.7.2'
+    implementation 'com.google.code.gson:gson:2.8.9'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.2'
+    implementation ('org.springframework.boot:spring-boot-starter-web:2.7.18'){
         exclude group: 'org.springframework', module: 'spring-core'
     }
-    compile 'org.springframework.boot:spring-boot-starter-aop:2.7.18'
-    compile 'org.springframework.boot:spring-boot-starter-security:2.7.18'
-    compile 'org.springframework:spring-aspects:5.3.32'
-    compile 'org.springframework:spring-core:5.3.32'
-    compile 'org.springframework:spring-web:5.3.32'
-    compile 'org.springframework:spring-webmvc:5.3.32'
-    compile 'org.springframework:spring-aop:5.3.32'
+    implementation 'org.springframework.boot:spring-boot-starter-aop:2.7.18'
+    implementation ('org.springframework.boot:spring-boot-starter-security:2.7.18')
+    implementation 'org.springframework:spring-aspects:5.3.32'
+    implementation 'org.springframework:spring-web:5.3.32'
+    implementation 'org.springframework:spring-webmvc:5.3.32'
+    implementation 'org.springframework:spring-core:5.3.32'
+    implementation 'org.springframework:spring-aop:5.3.32'
     implementation ('org.asynchttpclient:async-http-client:2.12.3'){
         exclude group : 'io.netty'
     }
     implementation 'io.netty:netty-all:4.1.101.Final'
     implementation 'com.google.guava:guava:32.0.1-jre'
-    compile 'commons-codec:commons-codec:1.14'
-    compile 'org.bouncycastle:bcprov-jdk18on:1.77'
-    compile 'junit:junit:4.13.1'
-    compile 'org.aspectj:aspectjrt:1.9.7'
-    compile 'org.aspectj:aspectjweaver:1.9.7'
+    implementation 'commons-codec:commons-codec:1.14'
+    implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
+    implementation 'junit:junit:4.13.1'
+    implementation 'org.aspectj:aspectjrt:1.9.7'
+    implementation 'org.aspectj:aspectjweaver:1.9.7'
 }
 configurations.compile.exclude(group: 'ch.qos.logback')
 jar {
@@ -153,7 +153,7 @@ jar {
             into 'dist/conf'
         }
         copy {
-            from configurations.runtime
+            from configurations.runtimeClasspath
             into 'dist/lib'
         }
         copy {
diff --git a/src/main/java/com/webank/wecrosssdk/common/Constant.java b/src/main/java/com/webank/wecrosssdk/common/Constant.java
index 2cb1680..fac4a40 100644
--- a/src/main/java/com/webank/wecrosssdk/common/Constant.java
+++ b/src/main/java/com/webank/wecrosssdk/common/Constant.java
@@ -2,7 +2,6 @@
 
 public class Constant {
     public static final String APPLICATION_CONFIG_FILE = "classpath:application.toml";
-    public static final String TEMPLATE_URL = "http://127.0.0.1:8250/";
     public static final String XA_TRANSACTION_ID_KEY = "XA_TRANSACTION_ID";
     public static final String XA_TRANSACTION_SEQ_KEY = "XA_TRANSACTION_SEQ";
     /** alphabet(upper or lower case) + digit + character("_-") ，length in (4,16) */
diff --git a/src/main/java/com/webank/wecrosssdk/rpc/common/RequestUtility.java b/src/main/java/com/webank/wecrosssdk/rpc/common/RequestUtility.java
index 6bffc41..4f9cf9c 100644
--- a/src/main/java/com/webank/wecrosssdk/rpc/common/RequestUtility.java
+++ b/src/main/java/com/webank/wecrosssdk/rpc/common/RequestUtility.java
@@ -26,11 +26,9 @@ public static String buildLoginParams(WeCrossRPC weCrossRPC, String username, St
         String confusedPassword = DigestUtils.sha256Hex(LoginSalt.LoginSalt + password);
 
         if (logger.isDebugEnabled()) {
-            logger.debug(
-                    "login username: {}, pub: {}, randomToken: {}",
-                    username,
-                    pub,
-                    authCode.getRandomToken());
+            username = username.replace("\n", "");
+            username = username.replace("\r", "");
+            logger.debug("login username: {}", username);
         }
 
         LoginRequest loginRequest = new LoginRequest();
@@ -56,11 +54,9 @@ public static String buildRegisterParams(
         String confusedPassword = DigestUtils.sha256Hex(LoginSalt.LoginSalt + password);
 
         if (logger.isDebugEnabled()) {
-            logger.debug(
-                    "register username: {}, pub: {}, randomToken: {}",
-                    username,
-                    pub,
-                    authCode.getRandomToken());
+            username = username.replace("\n", "");
+            username = username.replace("\r", "");
+            logger.debug("login username: {}", username);
         }
 
         RegisterRequest registerRequest = new RegisterRequest();
diff --git a/src/main/java/com/webank/wecrosssdk/rpc/service/WeCrossRPCService.java b/src/main/java/com/webank/wecrosssdk/rpc/service/WeCrossRPCService.java
index ea4285e..269c553 100644
--- a/src/main/java/com/webank/wecrosssdk/rpc/service/WeCrossRPCService.java
+++ b/src/main/java/com/webank/wecrosssdk/rpc/service/WeCrossRPCService.java
@@ -191,8 +191,8 @@ public <T extends Response> void asyncSend(
             } else {
                 url = server + uri;
             }
-            if (logger.isDebugEnabled()) {
-                logger.debug("request: {}; url: {}", objectMapper.writeValueAsString(request), url);
+            if (logger.isTraceEnabled()) {
+                logger.trace("request: {}; url: {}", objectMapper.writeValueAsString(request), url);
             }
 
             checkRequest(request);
diff --git a/src/main/java/com/webank/wecrosssdk/utils/RPCUtils.java b/src/main/java/com/webank/wecrosssdk/utils/RPCUtils.java
index a5d4645..8f70424 100644
--- a/src/main/java/com/webank/wecrosssdk/utils/RPCUtils.java
+++ b/src/main/java/com/webank/wecrosssdk/utils/RPCUtils.java
@@ -1,9 +1,7 @@
 package com.webank.wecrosssdk.utils;
 
-import com.webank.wecrosssdk.common.Constant;
 import com.webank.wecrosssdk.exception.ErrorCode;
 import com.webank.wecrosssdk.exception.WeCrossSDKException;
-import java.net.URL;
 import java.util.UUID;
 import java.util.regex.Pattern;
 import org.slf4j.Logger;
@@ -18,13 +16,6 @@ public static void checkPath(String path) throws WeCrossSDKException {
         if (!path.matches("^[A-Za-z]*.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*$") || sp.length != 3) {
             throw new WeCrossSDKException(ErrorCode.RESOURCE_ERROR, "Invalid iPath: " + path);
         }
-        String templateUrl = Constant.TEMPLATE_URL + path.replace('.', '/');
-
-        try {
-            new URL(templateUrl);
-        } catch (Exception e) {
-            throw new WeCrossSDKException(ErrorCode.ILLEGAL_SYMBOL, "Invalid iPath: " + path);
-        }
     }
 
     public static String uriToUrl(String protocol, String prefix, String path) {