search

SpectoLabs / hoverfly-java

Java binding for Hoverfly
Apache License 2.0
168 stars 58 forks source link

importing hoverfly breaks the spring webflux/spring cloud gateway project #286

Closed eau-de-la-seine closed 1 year ago

eau-de-la-seine commented 1 year ago

Description of the bug

importing hoverfly breaks the project

Steps to reproduce the issue

in order to reproduce the problem, import hoverfly:

<dependency>
    <groupId>io.specto</groupId>
    <artifactId>hoverfly-java</artifactId>
    <version>0.14.4</version>
    <scope>test</scope>
</dependency>

...in your Spring Webflux/Spring Cloud Gateway project generated by Spring Initialzr, here my pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.1.3</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>gokan</groupId>
    <artifactId>wc-gateway</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>wc-gateway</name>
    <description>wc-gateway</description>
    <properties>
        <java.version>17</java.version>
        <spring-cloud.version>2022.0.4</spring-cloud.version>
        <dynamodb-enhanced.version>2.20.128</dynamodb-enhanced.version>
        <lombok.version>1.18.28</lombok.version>
        <wiremock.version>2.27.2</wiremock.version>
        <hoverfly-java.version>0.14.4</hoverfly-java.version>
        <awaitility.version>4.2.0</awaitility.version>
        <maven-surefire-plugin.version>3.1.2</maven-surefire-plugin.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-gateway</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>software.amazon.awssdk</groupId>
            <artifactId>dynamodb-enhanced</artifactId>
            <version>${dynamodb-enhanced.version}</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>${lombok.version}</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>com.github.tomakehurst</groupId>
            <artifactId>wiremock-standalone</artifactId>
            <version>${wiremock.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.awaitility</groupId>
            <artifactId>awaitility</artifactId>
            <version>${awaitility.version}</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>
</project>

The test entrypoint class (generated by Spring Initialzr):

package gokan.wc.gateway;

import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;

@SpringBootTest
class WcGatewayApplicationTests {

    @Test
    void contextLoads() {
    }

}

Observed result

The error:

[ERROR]   WcGatewayApplicationTests.contextLoads » IllegalState Failed to load ApplicationContext for [ReactiveWebMergedContextConfiguration@21422231 testClass = gokan.wc.gateway.WcGatewayApplicationTests, locations = [], classes = [gokan.wc.gateway.WcGatewayApplication], contextInitializerClasses = [], activeProfiles = [], propertySourceLocations = [], propertySourceProperties = ["org.springframework.boot.test.context.SpringBootTestContextBootstrapper=true"], contextCustomizers = [org.springframework.boot.test.context.filter.ExcludeFilterContextCustomizer@7bd4937b, org.springframework.boot.test.json.DuplicateJsonObjectContextCustomizerFactory$DuplicateJsonObjectContextCustomizer@58d75e99, org.springframework.boot.test.mock.mockito.MockitoContextCustomizer@0, org.springframework.boot.test.web.client.TestRestTemplateContextCustomizer@2805d709, org.springframework.boot.test.web.reactive.server.WebTestClientContextCustomizer@f0da945, org.springframework.boot.test.autoconfigure.actuate.observability.ObservabilityContextCustomizerFactory$DisableObservabilityContextCustomizer@1f, org.springframework.boot.test.autoconfigure.properties.PropertyMappingContextCustomizer@0, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverContextCustomizer@4c1909a3, org.springframework.boot.test.context.SpringBootTestAnnotation@60f582ee], contextLoader = org.springframework.boot.test.context.SpringBootContextLoader, parent = null]

Additional relevant information

  1. Hoverfly version: 0.14.4 (currently the latest)
  2. I'm under Linux Ubuntu 22.04 LTS, using OpenJDK 17.0.1

I've noticed that you have 11 security issues in your lib: CVE-2023-2976 CVE-2023-26049 CVE-2023-26048 CVE-2021-34428 CVE-2019-10247 CVE-2019-10246 CVE-2019-10241 CVE-2018-12545 CVE-2018-12536 CVE-2017-9735 CVE-2017-7658 CVE-2017-7657 CVE-2017-7656 CVE-2016-1000027

tommysitu commented 1 year ago

@eau-de-la-seine thanks for reporting this, could you send me an example repo which I can debug? Thanks.

eau-de-la-seine commented 1 year ago

Hello @tommysitu , unfortunately I'm working on a private project for a company and I'm not allowed to give you accesses, but you already have all the required informations and should be able to easily test it with the given pom.xml in a project generated with Spring Initialzr with Spring Cloud Gateway, then execute the mvn clean install command. Anyway since wiremock 3 has been released, I'm able to do the tests that I wasn't able to do with wiremock 2... so I do not depend on hoverfly anymore, sorry :(

tommysitu commented 1 year ago

@eau-de-la-seine, there is no need to say sorry. I don't own the project, and I'm just trying to give you free help. By the way, the security vulnerabilities you saw are for the test dependencies only.