Merge pull request #239 from satsen/remove-libs

Removed 2 libraries with vulnerabilities

appkit/src/main/java/org/ergoplatform/appkit/RestApiErgoClient.java

@@ -1,7 +1,5 @@
 package org.ergoplatform.appkit;
 
-import com.google.common.base.Strings;
-
 import org.ergoplatform.appkit.config.ErgoNodeConfig;
 import org.ergoplatform.appkit.impl.BlockchainContextBuilderImpl;
 import org.ergoplatform.appkit.impl.NodeAndExplorerDataSourceImpl;
@@ -52,7 +50,7 @@ public class RestApiErgoClient implements ErgoClient {
         nodeClient.configureFromOkClientBuilder(httpClientBuilder);
 
         ExplorerApiClient explorerClient;
-        if (!Strings.isNullOrEmpty(explorerUrl)) {
+        if (explorerUrl != null && !explorerUrl.isEmpty()) {
             explorerClient = new ExplorerApiClient(explorerUrl);
             explorerClient.configureFromOkClientBuilder(httpClientBuilder);
         } else {

appkit/src/test/scala/org/ergoplatform/appkit/FileUtil.scala

@@ -0,0 +1,9 @@
+package org.ergoplatform.appkit
+
+import java.io.File
+import java.nio.charset.Charset
+import java.nio.file.Files
+
+object FileUtil {
+  def read(file: File): String = new String(Files.readAllBytes(file.toPath), Charset.defaultCharset())
+}

build.sbt

@@ -189,8 +189,7 @@ lazy val common = (project in file("common"))
       libraryDependencies ++= Seq(
         sigmaState,
         ergoWallet,
-        "com.google.guava" % "guava" % "23.0",
-        "commons-io" % "commons-io" % "2.5"
+        "com.google.code.findbugs" % "jsr305" % "1.3.9"
       ),
       publish / skip := true
     )

common/src/main/java/org/ergoplatform/appkit/Address.java

@@ -1,6 +1,5 @@
 package org.ergoplatform.appkit;
 
-import com.google.common.base.Objects;
 import org.ergoplatform.ErgoAddress;
 import org.ergoplatform.ErgoAddressEncoder;
 import org.ergoplatform.P2PKAddress;
@@ -22,7 +21,7 @@
 import sigmastate.utils.Helpers;
 import sigma.GroupElement;
 
-import static com.google.common.base.Preconditions.checkArgument;
+import java.util.Objects;
 
 public class Address {
     private final String _base58String;
@@ -86,7 +85,7 @@ public NetworkType getNetworkType() {
      * @throws IllegalArgumentException if this instance is not P2PK address
      */
     public P2PKAddress asP2PK() {
-        checkArgument(isP2PK(), "This instance %s is not P2PKAddress", this);
+        InternalUtil.checkArgument(isP2PK(), "This instance %s is not P2PKAddress", this);
         return (P2PKAddress) _address;
     }
 
@@ -100,7 +99,7 @@ public P2PKAddress asP2PK() {
      * @throws IllegalArgumentException if this instance is not P2S address
      */
     public Pay2SAddress asP2S() {
-        checkArgument(isP2S(), "This instance %s is not Pay2SAddress", this);
+        InternalUtil.checkArgument(isP2S(), "This instance %s is not Pay2SAddress", this);
         return (Pay2SAddress) _address;
     }
 
@@ -279,7 +278,7 @@ public String toString() {
 
     @Override
     public int hashCode() {
-        return Objects.hashCode(_address.hashCode(), _address.networkPrefix());
+        return Objects.hash(_address.hashCode(), _address.networkPrefix());
     }
 
     @Override

common/src/main/java/org/ergoplatform/appkit/InternalUtil.java

@@ -0,0 +1,24 @@
+package org.ergoplatform.appkit;
+
+import javax.annotation.Nullable;
+
+public class InternalUtil {
+
+    public static void checkArgument(boolean expression, @Nullable Object errorMessage) {
+        if (!expression) {
+            throw new IllegalArgumentException(String.valueOf(errorMessage));
+        }
+    }
+
+    public static void checkArgument(boolean expression, String errorMessageFormat, Object... errorMessageArgs) {
+        if (!expression) {
+            throw new IllegalArgumentException(String.format(errorMessageFormat, errorMessageArgs));
+        }
+    }
+
+    public static void checkState(boolean expression, @Nullable Object errorMessage) {
+        if (!expression) {
+            throw new IllegalStateException(String.valueOf(errorMessage));
+        }
+    }
+}

common/src/test/scala/org/ergoplatform/appkit/SecretStorageSpec.scala

@@ -1,12 +1,13 @@
 package org.ergoplatform.appkit
 
 import java.io.File
-import com.google.common.io.Files
 import org.ergoplatform.sdk.JavaHelpers
 import org.scalatest.matchers.should.Matchers
 import org.scalatest.propspec.AnyPropSpec
 import org.scalatestplus.scalacheck.ScalaCheckDrivenPropertyChecks
 
+import java.nio.file.Files
+
 class SecretStorageSpec extends AnyPropSpec with Matchers with ScalaCheckDrivenPropertyChecks
     with AppkitTestingCommon {
   val mnemonicWithPassword = Mnemonic.create("phrase".toCharArray, "mnemonic pass".toCharArray)
@@ -69,7 +70,7 @@ class SecretStorageSpec extends AnyPropSpec with Matchers with ScalaCheckDrivenP
   }
 
   def withTempDir(block: File => Unit): Unit = {
-    val dir = Files.createTempDir()
+    val dir = Files.createTempDirectory("").toFile
     try {
       block(dir)
     }

lib-api/src/main/java/org/ergoplatform/appkit/BoxOperations.java

@@ -1,10 +1,8 @@
 package org.ergoplatform.appkit;
 
-import static com.google.common.base.Preconditions.checkState;
 import static org.ergoplatform.appkit.BlockchainContext.DEFAULT_LIMIT_FOR_API;
 import static org.ergoplatform.appkit.Parameters.MinFee;
 
-import com.google.common.base.Preconditions;
 import org.ergoplatform.sdk.ErgoToken;
 import org.ergoplatform.sdk.SecretString;
 
@@ -63,7 +61,7 @@ public static BoxOperations createForSenders(List<Address> senders, BlockchainCo
      */
     public static BoxOperations createForEip3Prover(ErgoProver senderProver, BlockchainContext ctx) {
         List<Address> eip3Addresses = senderProver.getEip3Addresses();
-        checkState(eip3Addresses.size() > 0,
+        InternalUtil.checkState(!eip3Addresses.isEmpty(),
             "EIP-3 addresses are not derived in the prover (use ErgoProverBuilder.withEip3Secret)");
         return new BoxOperations(ctx, eip3Addresses, senderProver);
     }
@@ -433,7 +431,7 @@ private static CoveringBoxes getCoveringBoxesFor(long amountToSpend,
                                                      Function<Integer, List<InputBox>> inputBoxesLoader,
                                                      int maxBoxesToSelect) {
         SelectTokensHelper tokensRemaining = new SelectTokensHelper(tokensToSpend);
-        Preconditions.checkArgument(amountToSpend > 0 ||
+        InternalUtil.checkArgument(amountToSpend > 0 ||
             !tokensRemaining.areTokensCovered(), "amountToSpend or tokens to spend should be > 0");
         ArrayList<InputBox> selectedCoveringBoxes = new ArrayList<>();
         long remainingAmountToCover = amountToSpend;

lib-impl/src/main/java/org/ergoplatform/appkit/impl/NodeAndExplorerDataSourceImpl.java

@@ -1,7 +1,5 @@
 package org.ergoplatform.appkit.impl;
 
-import com.google.common.base.Preconditions;
-
 import org.ergoplatform.appkit.Address;
 import org.ergoplatform.appkit.ErgoClient;
 import org.ergoplatform.appkit.ErgoClientException;

lib-impl/src/main/java/org/ergoplatform/appkit/impl/OutBoxBuilderImpl.scala

@@ -1,7 +1,5 @@
 package org.ergoplatform.appkit.impl
 
-import com.google.common.base.Preconditions
-import com.google.common.base.Preconditions.checkState
 import org.ergoplatform.SigmaConstants
 import org.ergoplatform.appkit._
 import org.ergoplatform.sdk.ErgoToken
@@ -65,7 +63,7 @@ class OutBoxBuilderImpl(_txB: UnsignedTransactionBuilderImpl) extends OutBoxBuil
 
 
   override def registers(registers: ErgoValue[_]*): OutBoxBuilderImpl = {
-    Preconditions.checkArgument(registers.nonEmpty,
+    InternalUtil.checkArgument(registers.nonEmpty,
       "At least one register should be specified": Any)
     _registers.clear()
     _registers ++= registers
@@ -78,7 +76,7 @@ class OutBoxBuilderImpl(_txB: UnsignedTransactionBuilderImpl) extends OutBoxBuil
   }
 
   override def build: OutBox = {
-    checkState(_contract != null, "Contract is not defined": Any)
+    InternalUtil.checkState(_contract != null, "Contract is not defined")
     val tree = _contract.getErgoTree
     val ergoBoxCandidate = AppkitHelpers.createBoxCandidate(
       _value, tree, _tokens.toSeq, _registers.toSeq,