Merge pull request #64 from OpenSRP/security-fixes

Security fixes

gradle.properties

@@ -1,4 +1,4 @@
-VERSION_NAME=1.1.20-SNAPSHOT
+VERSION_NAME=1.1.21-SNAPSHOT
 VERSION_CODE=1
 GROUP=org.smartregister
 POM_SETTING_DESCRIPTION=OpenSRP Client Growth Monitoring Application

opensrp-growth-monitoring/build.gradle

@@ -87,14 +87,16 @@ allprojects {
 }
 
 dependencies {
-    implementation('org.smartregister:opensrp-client-core:1.9.2-SNAPSHOT@aar') {
+
+    implementation('org.smartregister:opensrp-client-core:1.10.1-SNAPSHOT@aar') {
         transitive = true
         exclude group: 'com.github.bmelnychuk', module: 'atv'
     }
 
-    implementation('org.smartregister:opensrp-client-native-form:1.7.27-SNAPSHOT@aar') {
+    implementation('org.smartregister:opensrp-client-native-form:1.7.32-SNAPSHOT@aar') {
         transitive = true
         exclude group: 'com.android.support', module: 'recyclerview-v7'
+        exclude group: 'com.google.code.gson', module: 'gson'
     }
 
     implementation 'com.android.support:design:28.0.0'
@@ -107,26 +109,22 @@ dependencies {
 
     testImplementation 'junit:junit:4.12'
 
-    testImplementation('org.robolectric:robolectric:3.8') {
-
-        exclude group: 'com.google.guava', module: 'guava'
-        exclude group: 'org.apache.maven', module: 'maven-model'
-        exclude group: 'org.apache.maven', module: 'maven-ant-tasks'
-        exclude group: 'com.android.support'
-        exclude group: 'com.thoughtworks.xstream', module: 'xstream'
-    }
 
-    testImplementation("org.robolectric:shadows-multidex:3.8") {
-        exclude group: 'com.google.guava', module: 'guava'
+    def robolectricVersion = '3.8'
+    testImplementation("org.robolectric:robolectric:$robolectricVersion") {
+        exclude group: 'com.google.auto.service', module: 'auto-service'
     }
+    testImplementation "org.robolectric:shadows-multidex:$robolectricVersion"
+    testImplementation "org.robolectric:shadows-support-v4:3.1"
+    testImplementation "org.robolectric:shadows-support-v4:3.3.2"
 
     androidTestImplementation('com.android.support.test.espresso:espresso-core:2.+') {
         exclude group: 'com.android.support', module: 'support-annotations'
         exclude group: 'junit', module: 'junit'
     }
 
     // PowerMock
-    def powerMockVersion = '1.7.1'
+    def powerMockVersion = '1.7.4'
     testImplementation "org.powermock:powermock-module-junit4:$powerMockVersion"
     testImplementation "org.powermock:powermock-module-junit4-rule:$powerMockVersion"
     testImplementation "org.powermock:powermock-api-mockito2:$powerMockVersion"

opensrp-growth-monitoring/src/main/java/org/smartregister/growthmonitoring/fragment/EditGrowthDialogFragment.java

@@ -209,11 +209,12 @@ public View onCreateView(final LayoutInflater inflater, final ViewGroup containe
     @NotNull
     private ViewGroup setUpViews(LayoutInflater inflater, ViewGroup container) {
         ViewGroup dialogView = (ViewGroup) inflater.inflate(R.layout.edit_growth_dialog_view, container, false);
+        dialogView.setFilterTouchesWhenObscured(true);
         getDialog().getWindow().setSoftInputMode(WindowManager.LayoutParams.SOFT_INPUT_ADJUST_RESIZE);
 
         editWeight = dialogView.findViewById(R.id.edit_weight);
         editHeight = dialogView.findViewById(R.id.edit_height);
-        earlierDatePicker = dialogView.findViewById(isNumericDatePicker ? R.id.earlier_date_picker_numeric :R.id.earlier_date_picker);
+        earlierDatePicker = dialogView.findViewById(isNumericDatePicker ? R.id.earlier_date_picker_numeric : R.id.earlier_date_picker);
         nameView = dialogView.findViewById(R.id.child_name);
         numberView = dialogView.findViewById(R.id.child_zeir_id);
         ageView = dialogView.findViewById(R.id.child_age);

opensrp-growth-monitoring/src/main/java/org/smartregister/growthmonitoring/fragment/GrowthDialogFragment.java

@@ -185,7 +185,7 @@ public View onCreateView(final LayoutInflater inflater, final ViewGroup containe
 
         String personId = Utils.getValue(personDetails.getColumnmaps(), GrowthMonitoringConstants.ZEIR_ID, false);
         if (StringUtils.isNotBlank(personId)) {
-            numberView.setText(String.format("%s: %s", getString(R.string.label_zeir), personId));
+            numberView.setText(String.format("%s: %s", getActivity().getString(R.string.label_zeir), personId));
         } else {
             numberView.setText("");
         }
@@ -251,6 +251,7 @@ public View onCreateView(final LayoutInflater inflater, final ViewGroup containe
     @NotNull
     private ViewGroup setUpViews(LayoutInflater inflater, ViewGroup container) {
         final ViewGroup dialogView = (ViewGroup) inflater.inflate(R.layout.growth_dialog_view, container, false);
+        dialogView.setFilterTouchesWhenObscured(true);
         getDialog().getWindow().setSoftInputMode(WindowManager.LayoutParams.SOFT_INPUT_ADJUST_RESIZE);
 
         tabLayout = dialogView.findViewById(R.id.growth_tab_layout);

opensrp-growth-monitoring/src/main/java/org/smartregister/growthmonitoring/fragment/HeightMonitoringFragment.java

@@ -42,7 +42,7 @@
 import lecho.lib.hellocharts.view.LineChartView;
 
 public class HeightMonitoringFragment extends Fragment {
-    private static final String TAG = HeightMonitoringFragment.class.getName();
+    public static final String TAG = HeightMonitoringFragment.class.getName();
     private List<Height> heights;
     private Calendar maxRecordingDate = null;
     private Calendar minRecordingDate = null;
@@ -58,16 +58,13 @@ public static HeightMonitoringFragment createInstance(String dobString, Gender g
         return heightMonitoringFragment;
     }
 
-    public static String getTAG() {
-        return TAG;
-    }
-
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         final ViewGroup heightTabView = (ViewGroup) inflater.inflate(R.layout.growth_monitoring_fragment, container, false);
+        heightTabView.setFilterTouchesWhenObscured(true);
         final ImageButton scrollButton = heightTabView.findViewById(R.id.scroll_button);
-        CustomFontTextView txt_metric_label = heightTabView.findViewById(R.id.metric_label);
-        txt_metric_label.setText(getString(R.string.height));
+        CustomFontTextView textMetricLabel = heightTabView.findViewById(R.id.metric_label);
+        textMetricLabel.setText(getActivity().getString(R.string.height));
 
         Date dob = getDate();
         scrollButtonClickAction(heightTabView, scrollButton);

opensrp-growth-monitoring/src/main/java/org/smartregister/growthmonitoring/fragment/RecordGrowthDialogFragment.java

@@ -216,6 +216,7 @@ private boolean getBundle() {
     private ViewGroup setUpViews(LayoutInflater inflater, ViewGroup container) {
 
         ViewGroup dialogView = (ViewGroup) inflater.inflate(R.layout.record_growth_dialog_view, container, false);
+        dialogView.setFilterTouchesWhenObscured(true);
         getDialog().getWindow().setSoftInputMode(WindowManager.LayoutParams.SOFT_INPUT_ADJUST_RESIZE);
 
         editWeight = dialogView.findViewById(R.id.edit_weight);

opensrp-growth-monitoring/src/main/java/org/smartregister/growthmonitoring/fragment/WeightMonitoringFragment.java

@@ -61,9 +61,10 @@ public static WeightMonitoringFragment createInstance(String dobString, Gender g
     @Override
     public View onCreateView(@NotNull LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         final View weightTabView = inflater.inflate(R.layout.growth_monitoring_fragment, container, false);
+        weightTabView.setFilterTouchesWhenObscured(true);
         final ImageButton scrollButton = weightTabView.findViewById(R.id.scroll_button);
-        CustomFontTextView txt_metric_label = weightTabView.findViewById(R.id.metric_label);
-        txt_metric_label.setText(getString(R.string.weight));
+        CustomFontTextView textMetricLabel = weightTabView.findViewById(R.id.metric_label);
+        textMetricLabel.setText(getActivity().getString(R.string.weight));
         Date dob = getDate();
         scrollButtonClickAction(weightTabView, scrollButton);
         try {

opensrp-growth-monitoring/src/test/java/org/smartregister/growthmonitoring/BaseUnitTest.java

@@ -2,17 +2,135 @@
 
 import android.os.Build;
 
+import org.jetbrains.annotations.NotNull;
 import org.junit.runner.RunWith;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
-import org.powermock.modules.junit4.PowerMockRunner;
-import org.powermock.modules.junit4.PowerMockRunnerDelegate;
 import org.robolectric.RobolectricTestRunner;
 import org.robolectric.annotation.Config;
+import org.smartregister.commonregistry.CommonPersonObjectClient;
+import org.smartregister.growthmonitoring.domain.Height;
+import org.smartregister.growthmonitoring.domain.Weight;
 
-@RunWith(PowerMockRunner.class)
-@PowerMockRunnerDelegate(RobolectricTestRunner.class)
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.HashMap;
+import java.util.List;
+
+@RunWith(RobolectricTestRunner.class)
 @Config(constants = BuildConfig.class, sdk = Build.VERSION_CODES.O_MR1)
-@PowerMockIgnore({"org.mockito.*", "org.robolectric.*", "android.*"})
+@PowerMockIgnore({"android.*",
+        "androidx.*",
+        "com.android.internal.policy.*",
+        "com.sun.org.*",
+        "javax.xml.*",
+        "org.apache.log4j.*",
+        "org.mockito.*",
+        "org.powermock.*",
+        "org.robolectric.*",
+        "org.springframework.context.*",
+        "org.w3c.dom.*",
+        "org.xml.sax.*",
+        "org.xmlpull*",
+        "org.mockito.*",
+        "org.xmlpull.v1.*"})
 public abstract class BaseUnitTest {
     protected static final String TEST_BASE_ENTITY_ID = "test-base-entity-id";
+    protected static final String TEST_STRING = "test-string-param";
+
+    public static CommonPersonObjectClient dummydetails() {
+        HashMap<String, String> columnMap = new HashMap<>();
+        columnMap.put("first_name", "Test");
+        columnMap.put("last_name", "Doe");
+        columnMap.put("zeir_id", "1");
+        columnMap.put("dob", "2018-09-03");
+        columnMap.put("gender", "Male");
+
+
+        CommonPersonObjectClient personDetails = new CommonPersonObjectClient(TEST_BASE_ENTITY_ID, columnMap, "Test");
+        personDetails.setColumnmaps(columnMap);
+
+        return personDetails;
+    }
+
+
+    @NotNull
+    protected List<Height> getHeights() {
+        List<Height> heightArrayList = new ArrayList<>();
+
+        Height height;
+//recorded April
+        Calendar cal = Calendar.getInstance();
+        cal.set(Calendar.MONTH, 3);
+        height = new Height();
+        height.setDate(cal.getTime());
+        height.setAnmId("demo");
+        height.setBaseEntityId(TEST_BASE_ENTITY_ID);
+        height.setChildLocationId(TEST_STRING);
+        height.setCm(30.4f);
+        heightArrayList.add(height);
+
+//recorded March
+        height = new Height();
+        cal = Calendar.getInstance();
+        cal.set(Calendar.MONTH, 2);
+        height.setDate(cal.getTime());
+        height.setAnmId("demo");
+        height.setBaseEntityId(TEST_BASE_ENTITY_ID);
+        height.setChildLocationId(TEST_STRING);
+        height.setCm(10.0f);
+        heightArrayList.add(height);
+
+//recorded August
+        height = new Height();
+        cal = Calendar.getInstance();
+        cal.set(Calendar.MONTH, 9);
+        height.setDate(cal.getTime());
+        height.setAnmId("demo");
+        height.setBaseEntityId(TEST_BASE_ENTITY_ID);
+        height.setChildLocationId(TEST_STRING);
+        height.setCm(50.2f);
+        heightArrayList.add(height);
+
+//recorded May
+        height = new Height();
+        cal = Calendar.getInstance();
+        cal.set(Calendar.MONTH, 6);
+        height.setDate(cal.getTime());
+        height.setAnmId("demo");
+        height.setBaseEntityId(TEST_BASE_ENTITY_ID);
+        height.setChildLocationId(TEST_STRING);
+        height.setCm(40.3f);
+        heightArrayList.add(height);
+
+
+        return heightArrayList;
+    }
+
+    @NotNull
+    protected List<Weight> getWeights() {
+        List<Weight> weightArrayList = new ArrayList<>();
+
+        Weight weight = new Weight();
+        Calendar cal = Calendar.getInstance();
+        cal.set(Calendar.MONTH, 3);
+        weight.setDate(cal.getTime());
+        weight.setAnmId("demo");
+        weight.setBaseEntityId(TEST_BASE_ENTITY_ID);
+        weight.setChildLocationId(TEST_STRING);
+        weight.setKg(3.4f);
+
+        weightArrayList.add(weight);
+
+        weight = new Weight();
+        cal = Calendar.getInstance();
+        cal.set(Calendar.MONTH, 9);
+        weight.setDate(cal.getTime());
+        weight.setAnmId("demo");
+        weight.setBaseEntityId(TEST_BASE_ENTITY_ID);
+        weight.setChildLocationId(TEST_STRING);
+        weight.setKg(5.2f);
+
+        weightArrayList.add(weight);
+        return weightArrayList;
+    }
 }

opensrp-growth-monitoring/src/test/java/org/smartregister/growthmonitoring/domain/HeightZScoreTests.java

@@ -1,4 +1,4 @@
-package org.smartregister.growthmonitoring.domian;
+package org.smartregister.growthmonitoring.domain;
 
 import org.joda.time.LocalDate;
 import org.junit.Assert;
@@ -14,7 +14,6 @@
 import org.powermock.modules.junit4.rule.PowerMockRule;
 import org.smartregister.growthmonitoring.BaseUnitTest;
 import org.smartregister.growthmonitoring.GrowthMonitoringLibrary;
-import org.smartregister.growthmonitoring.domain.HeightZScore;
 import org.smartregister.growthmonitoring.repository.HeightZScoreRepository;
 
 import java.util.ArrayList;

opensrp-growth-monitoring/src/test/java/org/smartregister/growthmonitoring/domain/WeightZScoreTests.java

@@ -1,4 +1,4 @@
-package org.smartregister.growthmonitoring.domian;
+package org.smartregister.growthmonitoring.domain;
 
 import org.joda.time.LocalDate;
 import org.junit.Assert;
@@ -14,7 +14,6 @@
 import org.powermock.modules.junit4.rule.PowerMockRule;
 import org.smartregister.growthmonitoring.BaseUnitTest;
 import org.smartregister.growthmonitoring.GrowthMonitoringLibrary;
-import org.smartregister.growthmonitoring.domain.WeightZScore;
 import org.smartregister.growthmonitoring.repository.WeightZScoreRepository;
 
 import java.util.ArrayList;