Universal: Update aws-java-sdk-s3 due to CVE-2022-31159 (#268)

Author: samruddhikhandale

src/universal/.devcontainer/local-features/setup-user/install.sh

@@ -20,6 +20,16 @@ chmod +x /etc/profile.d/00-restore-env.sh
 
 export DEBIAN_FRONTEND=noninteractive
 
+# Temporary: Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31159
+# Delete the current plugin
+GRADLE_PATH=$(cd /usr/local/sdkman/candidates/gradle/7*/lib/plugins/ && pwd)
+rm -f ${GRADLE_PATH}/aws-java-sdk-s3-*
+
+# Install "aws-java-sdk-s3" plugin with version >= 1.12.261
+curl -sSL https://github.com/aws/aws-sdk-java/archive/refs/tags/1.12.363.tar.gz | tar -xzC /tmp 2>&1
+jar cf ${GRADLE_PATH}/aws-java-sdk-s3-1.12.363.jar /tmp/aws-sdk-java-1.12.363/aws-java-sdk-s3
+rm -rf /tmp/aws-sdk-java-1.12.363
+
 # Temporary: Upgrade NPM packages due to mentioned CVEs.
 # decode-uri-component: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38900
 # ansi-regex: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807

src/universal/test-project/test.sh

@@ -170,6 +170,10 @@ check "oryx-install-java-12.0.2" oryx prep --skip-detection --platforms-and-vers
 check "java-12.0.2-installed-by-oryx" ls /opt/java/ | grep 12.0.2
 check "java-version-on-path-is-12.0.2" java --version | grep 12.0.2
 
+# Test patches
+GRADLE_PATH=$(cd /usr/local/sdkman/candidates/gradle/7*/lib/plugins && pwd)
+check "aws-java-sdk-s3-plugin" bash -c "ls ${GRADLE_PATH} | grep aws-java-sdk-s3-1.12.363.jar"
+
 cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm
 decodeVersion=$(npm ls --depth 1 --json | jq -r '.dependencies."decode-uri-component".version')
 check-version-ge "decode-uri-component" "${decodeVersion}" "0.2.1"