fix: Snyk security issues (minor), updated ktlint

.editorconfig

@@ -1,7 +1,11 @@
 [*.{kt, kts}]
-disabled_rules = no-wildcard-imports
+ktlint_standard_no-wildcard-imports = disabled
+ktlint_standard_filename = disabled
 indent_size = 2
 insert_final_newline = true
 # possible values: number (e.g. 120) (package name, imports & comments are ignored), "off"
 # it's automatically set to 100 on `ktlint --android ...` (per Android Kotlin Style Guide)
 max_line_length = 120
+
+[backend/data/src/main/kotlin/io/tolgee/service/dataImport/processors/messageFormat/data/PluralData.kt]
+max_line_length = 500

.github/workflows/test.yml

@@ -435,4 +435,4 @@ jobs:
  key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('gradle/wrapper/gradle-wrapper.properties') }}
 
  - name: Run ktlint
- run: ./gradlew ktlint
+ run: ./gradlew ktlintCheck

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AdministrationController.kt

@@ -5,8 +5,8 @@ import io.tolgee.constants.Message
 import io.tolgee.exceptions.BadRequestException
 import io.tolgee.hateoas.organization.OrganizationModel
 import io.tolgee.hateoas.organization.OrganizationModelAssembler
-import io.tolgee.hateoas.user_account.UserAccountModel
-import io.tolgee.hateoas.user_account.UserAccountModelAssembler
+import io.tolgee.hateoas.userAccount.UserAccountModel
+import io.tolgee.hateoas.userAccount.UserAccountModelAssembler
 import io.tolgee.model.UserAccount
 import io.tolgee.model.views.OrganizationView
 import io.tolgee.security.authentication.AuthenticationFacade
@@ -33,8 +33,8 @@ import io.swagger.v3.oas.annotations.tags.Tag as OpenApiTag
 @CrossOrigin(origins = ["*"])
 @RequestMapping(
  value = [
- "/v2/administration"
- ]
+ "/v2/administration",
+ ],
 )
 @OpenApiTag(name = "Admin", description = "Server administration")
 class AdministrationController(
@@ -45,15 +45,16 @@ class AdministrationController(
  private val userAccountService: UserAccountService,
  private val pagedResourcesAssembler: PagedResourcesAssembler<UserAccount>,
  private val userAccountModelAssembler: UserAccountModelAssembler,
- private val jwtService: JwtService
+ private val jwtService: JwtService,
 ) : IController {
-
  @GetMapping(value = ["/organizations"])
  @Operation(summary = "Get all server organizations")
  @RequiresSuperAuthentication
  fun getOrganizations(
- @ParameterObject @SortDefault(sort = ["name"]) pageable: Pageable,
- search: String? = null
+ @ParameterObject
+ @SortDefault(sort = ["name"])
+ pageable: Pageable,
+ search: String? = null,
  ): PagedModel<OrganizationModel> {
  val organizations = organizationService.findAllPaged(pageable, search, authenticationFacade.authenticatedUser.id)
  return pagedOrganizationResourcesAssembler.toModel(organizations, organizationModelAssembler)
@@ -63,8 +64,10 @@ class AdministrationController(
  @Operation(summary = "Get all server users")
  @RequiresSuperAuthentication
  fun getUsers(
- @ParameterObject @SortDefault(sort = ["name"]) pageable: Pageable,
- search: String? = null
+ @ParameterObject
+ @SortDefault(sort = ["name"])
+ pageable: Pageable,
+ search: String? = null,
  ): PagedModel<UserAccountModel> {
  val users = userAccountService.findAllWithDisabledPaged(pageable, search)
  return pagedResourcesAssembler.toModel(users, userAccountModelAssembler)
@@ -73,7 +76,9 @@ class AdministrationController(
  @DeleteMapping(value = ["/users/{userId}"])
  @Operation(summary = "Deletes an user")
  @RequiresSuperAuthentication
- fun deleteUser(@PathVariable userId: Long) {
+ fun deleteUser(
+ @PathVariable userId: Long,
+ ) {
  if (userId == authenticationFacade.authenticatedUser.id) {
  throw BadRequestException(Message.CANNOT_DELETE_YOUR_OWN_ACCOUNT)
  }
@@ -83,7 +88,9 @@ class AdministrationController(
  @PutMapping(value = ["/users/{userId}/disable"])
  @Operation(summary = "Deletes an user")
  @RequiresSuperAuthentication
- fun disableUser(@PathVariable userId: Long) {
+ fun disableUser(
+ @PathVariable userId: Long,
+ ) {
  if (userId == authenticationFacade.authenticatedUser.id) {
  throw BadRequestException(Message.CANNOT_DISABLE_YOUR_OWN_ACCOUNT)
  }
@@ -93,7 +100,9 @@ class AdministrationController(
  @PutMapping(value = ["/users/{userId}/enable"])
  @Operation(summary = "Deletes an user")
  @RequiresSuperAuthentication
- fun enableUser(@PathVariable userId: Long) {
+ fun enableUser(
+ @PathVariable userId: Long,
+ ) {
  userAccountService.enable(userId)
  }
 
@@ -102,7 +111,7 @@ class AdministrationController(
  @RequiresSuperAuthentication
  fun setRole(
  @PathVariable userId: Long,
- @PathVariable role: UserAccount.Role
+ @PathVariable role: UserAccount.Role,
  ) {
  val user = userAccountService.get(userId)
  user.role = role

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AllKeysController.kt

@@ -22,7 +22,7 @@ import org.springframework.web.bind.annotation.RestController
 @RequestMapping(
  value = [
  "/v2/projects/{projectId}/all-keys",
- ]
+ ],
 )
 @Tag(name = "All localization keys", description = "All localization keys in the project")
 class AllKeysController(

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AnnouncementController.kt

@@ -17,12 +17,12 @@ import org.springframework.web.bind.annotation.RestController
 @RequestMapping(
  value = [
  "/v2/announcement",
- ]
+ ],
 )
 @Tag(name = "New features announcements")
 class AnnouncementController(
  private val announcementService: AnnouncementService,
- private val authenticationFacade: AuthenticationFacade
+ private val authenticationFacade: AuthenticationFacade,
 ) : IController {
  @GetMapping("")
  @Operation(description = "Get latest announcement")

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/ApiKeyController.kt

@@ -65,11 +65,13 @@ class ApiKeyController(
  private val pagedResourcesAssembler: PagedResourcesAssembler<ApiKey>,
  private val permissionService: PermissionService,
 ) {
-
  @PostMapping(path = ["/api-keys"])
  @Operation(summary = "Creates new API key with provided scopes")
  @RequiresSuperAuthentication
- fun create(@RequestBody @Valid dto: CreateApiKeyDto): RevealedApiKeyModel {
+ fun create(
+ @RequestBody @Valid
+ dto: CreateApiKeyDto,
+ ): RevealedApiKeyModel {
  val project = projectService.get(dto.projectId)
  if (authenticationFacade.authenticatedUser.role != UserAccount.Role.ADMIN) {
  securityService.checkApiKeyScopes(dto.scopes, project)
@@ -79,22 +81,27 @@ class ApiKeyController(
  scopes = dto.scopes,
  project = project,
  expiresAt = dto.expiresAt,
- description = dto.description
+ description = dto.description,
  ).let {
  revealedApiKeyModelAssembler.toModel(it)
  }
  }
 
  @Operation(summary = "Returns user's api keys")
  @GetMapping(path = ["/api-keys"])
- fun allByUser(pageable: Pageable, @RequestParam filterProjectId: Long?): PagedModel<ApiKeyModel> {
+ fun allByUser(
+ pageable: Pageable,
+ @RequestParam filterProjectId: Long?,
+ ): PagedModel<ApiKeyModel> {
  return apiKeyService.getAllByUser(authenticationFacade.authenticatedUser.id, filterProjectId, pageable)
  .let { pagedResourcesAssembler.toModel(it, apiKeyModelAssembler) }
  }
 
  @Operation(summary = "Returns specific API key info")
  @GetMapping(path = ["/api-keys/{keyId:[0-9]+}"])
- fun get(@PathVariable keyId: Long): ApiKeyModel {
+ fun get(
+ @PathVariable keyId: Long,
+ ): ApiKeyModel {
  val apiKey = apiKeyService.findOptional(keyId).orElseThrow { NotFoundException() }
  if (apiKey.userAccount.id != authenticationFacade.authenticatedUser.id) {
  securityService.checkProjectPermission(apiKey.project.id, Scope.ADMIN)
@@ -112,17 +119,18 @@ class ApiKeyController(
 
  val apiKey = authenticationFacade.projectApiKeyEntity
 
- val permissionData = permissionService.getProjectPermissionData(
- apiKey.project.id,
- authenticationFacade.authenticatedUser.id
- )
+ val permissionData =
+ permissionService.getProjectPermissionData(
+ apiKey.project.id,
+ authenticationFacade.authenticatedUser.id,
+ )
 
  val translateLanguageIds =
  permissionData.computedPermissions.translateLanguageIds.toNormalizedPermittedLanguageSet()
 
  return ApiKeyWithLanguagesModel(
  apiKeyModelAssembler.toModel(apiKey),
- permittedLanguageIds = translateLanguageIds
+ permittedLanguageIds = translateLanguageIds,
  )
  }
 
@@ -131,39 +139,43 @@ class ApiKeyController(
  @AllowApiAccess()
  fun getCurrentPermissions(
  @RequestParam
- @Parameter(description = "Required when using with PAT") projectId: Long?
+ @Parameter(description = "Required when using with PAT")
+ projectId: Long?,
  ): ApiKeyPermissionsModel {
  val apiKeyAuthentication = authenticationFacade.isProjectApiKeyAuth
  val personalAccessTokenAuth = authenticationFacade.isPersonalAccessTokenAuth
 
- val projectIdNotNull = when {
- apiKeyAuthentication ->
- authenticationFacade.projectApiKey.projectId
+ val projectIdNotNull =
+ when {
+ apiKeyAuthentication ->
+ authenticationFacade.projectApiKey.projectId
 
- personalAccessTokenAuth ->
- projectId ?: throw BadRequestException(Message.NO_PROJECT_ID_PROVIDED)
+  personalAccessTokenAuth ->
+  projectId ?: throw BadRequestException(Message.NO_PROJECT_ID_PROVIDED)
 
- else -> throw BadRequestException(Message.INVALID_AUTHENTICATION_METHOD)
- }
+  else -> throw BadRequestException(Message.INVALID_AUTHENTICATION_METHOD)
+  }
 
- val permissionData = permissionService.getProjectPermissionData(
- projectIdNotNull,
- authenticationFacade.authenticatedUser.id
- )
+ val permissionData =
+ permissionService.getProjectPermissionData(
+ projectIdNotNull,
+ authenticationFacade.authenticatedUser.id,
+ )
 
  val computed = permissionData.computedPermissions
- val scopes = when {
- apiKeyAuthentication -> authenticationFacade.projectApiKey.scopes.toTypedArray()
- else -> computed.scopes
- }
+ val scopes =
+ when {
+ apiKeyAuthentication -> authenticationFacade.projectApiKey.scopes.toTypedArray()
+ else -> computed.scopes
+ }
 
  return ApiKeyPermissionsModel(
  projectIdNotNull,
  type = if (apiKeyAuthentication) null else computed.type,
  translateLanguageIds = computed.translateLanguageIds.toNormalizedPermittedLanguageSet(),
  viewLanguageIds = computed.viewLanguageIds.toNormalizedPermittedLanguageSet(),
  stateChangeLanguageIds = computed.stateChangeLanguageIds.toNormalizedPermittedLanguageSet(),
- scopes = scopes
+ scopes = scopes,
  )
  }
 
@@ -185,7 +197,11 @@ class ApiKeyController(
  @PutMapping(path = ["/api-keys/{apiKeyId:[0-9]+}"])
  @Operation(summary = "Edits existing API key")
  @RequiresSuperAuthentication
- fun update(@RequestBody @Valid dto: V2EditApiKeyDto, @PathVariable apiKeyId: Long): ApiKeyModel {
+ fun update(
+ @RequestBody @Valid
+ dto: V2EditApiKeyDto,
+ @PathVariable apiKeyId: Long,
+ ): ApiKeyModel {
  val apiKey = apiKeyService.get(apiKeyId)
  checkOwner(apiKey)
  securityService.checkApiKeyScopes(dto.scopes, apiKey.project)
@@ -195,12 +211,13 @@ class ApiKeyController(
 
  @PutMapping(value = ["/api-keys/{apiKeyId:[0-9]+}/regenerate"])
  @Operation(
- summary = "Regenerates API key. It generates new API key value and updates its time of expiration."
+ summary = "Regenerates API key. It generates new API key value and updates its time of expiration.",
  )
  @RequiresSuperAuthentication
  fun regenerate(
- @RequestBody @Valid dto: RegenerateApiKeyDto,
- @PathVariable apiKeyId: Long
+ @RequestBody @Valid
+ dto: RegenerateApiKeyDto,
+ @PathVariable apiKeyId: Long,
  ): RevealedApiKeyModel {
  checkOwner(apiKeyId)
  return revealedApiKeyModelAssembler.toModel(apiKeyService.regenerate(apiKeyId, dto.expiresAt))
@@ -209,7 +226,9 @@ class ApiKeyController(
  @DeleteMapping(path = ["/api-keys/{apiKeyId:[0-9]+}"])
  @Operation(summary = "Deletes API key")
  @RequiresSuperAuthentication
- fun delete(@PathVariable apiKeyId: Long) {
+ fun delete(
+ @PathVariable apiKeyId: Long,
+ ) {
  val apiKey = apiKeyService.findOptional(apiKeyId).orElseThrow { NotFoundException(Message.API_KEY_NOT_FOUND) }
  checkOwner(apiKey)
  apiKeyService.deleteApiKey(apiKey)
@@ -239,8 +258,9 @@ class ApiKeyController(
  content = [
  Content(
  mediaType = "application/json",
- schema = Schema(
- example = """
+ schema =
+ Schema(
+ example = """
  {
  "TRANSLATE":[
  "translations.view",
@@ -267,12 +287,12 @@ class ApiKeyController(
  "translations.view",
  "screenshots.view"
  ]
- }"""
- )
- )
- ]
- )
- ]
+ }""",
+  ),
+ ),
+ ],
+ ),
+ ],
  )
  @Deprecated(message = "Don't use this endpoint, it's useless.")
  val scopes: Map<String, List<String>> by lazy {