From d8d1523c9289eadc388eac929eb0b8d0db011b81 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:25 +0530 Subject: [PATCH 1/9] policy-scan.yml --- .github/workflows/policy-scan.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/policy-scan.yml diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml new file mode 100644 index 0000000..13bd362 --- /dev/null +++ b/.github/workflows/policy-scan.yml @@ -0,0 +1,27 @@ +name: Checks the security policy and configurations +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-policy: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for SECURITY.md policy file + run: | + if ! [[ -f "SECURITY.md" || -f ".github/SECURITY.md" ]]; then exit 1; fi + security-license: + if: github.event.repository.visibility == 'public' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@master + - name: Checks for License file + run: | + if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file From 275c937df0de98f705a7b5905f046a5e2b2ee20c Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:36 +0530 Subject: [PATCH 2/9] issues-jira.yml --- .github/workflows/issues-jira.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/issues-jira.yml diff --git a/.github/workflows/issues-jira.yml b/.github/workflows/issues-jira.yml new file mode 100644 index 0000000..7bf0469 --- /dev/null +++ b/.github/workflows/issues-jira.yml @@ -0,0 +1,31 @@ +name: Create Jira Ticket for Github Issue + +on: + issues: + types: [opened] + +jobs: + issue-jira: + runs-on: ubuntu-latest + steps: + + - name: Login to Jira + uses: atlassian/gajira-login@master + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + + - name: Create Jira Issue + id: create_jira + uses: atlassian/gajira-create@master + with: + project: ${{ secrets.JIRA_PROJECT }} + issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} + summary: Github | Issue | ${{ github.event.repository.name }} | ${{ github.event.issue.title }} + description: | + *GitHub Issue:* ${{ github.event.issue.html_url }} + + *Description:* + ${{ github.event.issue.body }} + fields: "${{ secrets.ISSUES_JIRA_FIELDS }}" \ No newline at end of file From 2851b445bebe5a523aadc48a21f995b157058fa0 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:36 +0530 Subject: [PATCH 3/9] Delete jira.yml --- .github/workflows/jira.yml | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/jira.yml diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml deleted file mode 100644 index 250abc7..0000000 --- a/.github/workflows/jira.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Create JIRA ISSUE -on: - pull_request: - types: [opened] -jobs: - security-jira: - if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'snyk-bot' || contains(github.event.pull_request.head.ref, 'snyk-fix-') || contains(github.event.pull_request.head.ref, 'snyk-upgrade-')}} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Login into JIRA - uses: atlassian/gajira-login@master - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - name: Create a JIRA Issue - id: create - uses: atlassian/gajira-create@master - with: - project: ${{ secrets.JIRA_PROJECT }} - issuetype: ${{ secrets.JIRA_ISSUE_TYPE }} - summary: | - Snyk | Vulnerability | ${{ github.event.repository.name }} | ${{ github.event.pull_request.title }} - description: | - PR: ${{ github.event.pull_request.html_url }} - - fields: "${{ secrets.JIRA_FIELDS }}" - - name: Transition issue - uses: atlassian/gajira-transition@v3 - with: - issue: ${{ steps.create.outputs.issue }} - transition: ${{ secrets.JIRA_TRANSITION }} From bd1037974a089b4c46d052808dccd376184b5594 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:37 +0530 Subject: [PATCH 4/9] Delete sast-scan.yml --- .github/workflows/sast-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .github/workflows/sast-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml deleted file mode 100644 index 3b9521a..0000000 --- a/.github/workflows/sast-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: SAST Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security-sast: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Semgrep Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v "${PWD}:/src" returntocorp/semgrep semgrep scan --config auto \ No newline at end of file From 46eaff184ebd77d26de58ce46d344326a43d0591 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:39 +0530 Subject: [PATCH 5/9] codeql-analysis.yml From 12441f29ce90845eed60f3cfca0d876e1e1e5b09 Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 16 Apr 2025 10:37:42 +0530 Subject: [PATCH 6/9] Updated codeowners From 4d3e0cb9716f06258284eb933399bd91bec4c26a Mon Sep 17 00:00:00 2001 From: Aravind Kumar Date: Wed, 23 Apr 2025 21:37:10 +0530 Subject: [PATCH 7/9] policy-scan.yml --- .github/workflows/policy-scan.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/policy-scan.yml b/.github/workflows/policy-scan.yml index 13bd362..ff25923 100644 --- a/.github/workflows/policy-scan.yml +++ b/.github/workflows/policy-scan.yml @@ -24,4 +24,23 @@ jobs: - uses: actions/checkout@master - name: Checks for License file run: | - if ! [[ -f "LICENSE" || -f "License.txt" || -f "LICENSE.md" ]]; then exit 1; fi \ No newline at end of file + expected_license_files=("LICENSE" "LICENSE.txt" "LICENSE.md" "License.txt") + license_file_found=false + current_year=$(date +"%Y") + + for license_file in "${expected_license_files[@]}"; do + if [ -f "$license_file" ]; then + license_file_found=true + # check the license file for the current year, if not exists, exit with error + if ! grep -q "$current_year" "$license_file"; then + echo "License file $license_file does not contain the current year." + exit 2 + fi + break + fi + done + + if [ "$license_file_found" = false ]; then + echo "No license file found. Please add a license file to the repository." + exit 1 + fi \ No newline at end of file From 8beaa587c1c6508dbf42e04415c798ab49024650 Mon Sep 17 00:00:00 2001 From: "harshitha.d" Date: Thu, 24 Apr 2025 11:00:16 +0530 Subject: [PATCH 8/9] Fix item processing in SyncStack to handle JSONObject correctly and prevent crashes --- src/main/java/com/contentstack/sdk/SyncStack.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/contentstack/sdk/SyncStack.java b/src/main/java/com/contentstack/sdk/SyncStack.java index e36e5f9..49308ad 100755 --- a/src/main/java/com/contentstack/sdk/SyncStack.java +++ b/src/main/java/com/contentstack/sdk/SyncStack.java @@ -78,8 +78,13 @@ protected synchronized void setJSON(@NotNull JSONObject jsonobject) { } } } else { - logger.warning("'items' is not a valid list. Skipping processing."); // ✅ Prevent crashes - syncItems = new ArrayList<>(); + if (itemsObj instanceof JSONObject) { + syncItems = new ArrayList<>(); + syncItems.add(sanitizeJson((JSONObject) itemsObj)); + } else { + logger.warning("'items' is not a valid list. Skipping processing."); + syncItems = new ArrayList<>(); + } } } else { syncItems = new ArrayList<>(); From 9d39ac571b0c2c99acedd793fe9a2e9110bdc70d Mon Sep 17 00:00:00 2001 From: "harshitha.d" Date: Thu, 24 Apr 2025 13:19:00 +0530 Subject: [PATCH 9/9] Add test for handling single JSONObject under "items" in SyncStack --- .../com/contentstack/sdk/TestSyncStack.java | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/test/java/com/contentstack/sdk/TestSyncStack.java b/src/test/java/com/contentstack/sdk/TestSyncStack.java index 779c714..cdd1a62 100644 --- a/src/test/java/com/contentstack/sdk/TestSyncStack.java +++ b/src/test/java/com/contentstack/sdk/TestSyncStack.java @@ -81,6 +81,39 @@ void testSetJSON_JSONInjection() { assertEquals("<script>alert('Hacked');</script>", items.get(0).optString("title")); } + /** + * ✅ Should treat a lone JSONObject under "items" the same as a one‑element + * array. + */ + @Test + void testSetJSON_handlesSingleItemObject() { + JSONObject input = new JSONObject() + .put("items", new JSONObject() + .put("title", "Single Entry") + .put("uid", "entry123") + .put("content_type", "blog")) + .put("skip", 0) + .put("total_count", 1) + .put("limit", 10) + .put("sync_token", "token123"); + + syncStack.setJSON(input); + List items = syncStack.getItems(); + + assertNotNull(items, "Items list should be initialised"); + assertEquals(1, items.size(), "Exactly one item expected"); + + JSONObject item = items.get(0); + assertEquals("Single Entry", item.optString("title")); + assertEquals("entry123", item.optString("uid")); + assertEquals("blog", item.optString("content_type")); + + assertEquals(0, syncStack.getSkip()); + assertEquals(1, syncStack.getCount()); + assertEquals(10, syncStack.getLimit()); + assertEquals("token123", syncStack.getSyncToken()); + } + /** * ✅ Test: Invalid `items` field (should not crash) */