From 3697ae0f1af719e4382a37f85f97e44393b44fef Mon Sep 17 00:00:00 2001
From: "aravind.est" <aravindhan.a@est.tech>
Date: Fri, 5 Sep 2025 19:23:36 +0100
Subject: [PATCH] Fix Unit test logging failure

Spring Boot Version 3.2.0(Last used before upgrade) contains logback library version 1.4.11.
logback version 1.4.11 is vulnerable to CVE-2023-6378. This CVE is related to creating missing parent directories.
It is fixed as part of 1.4.12+ (https://github.com/advisories/GHSA-vmq6-5m68-f53m). The fix is to avoid creating missing parent directories.

We are getting couple of reports related to this issue in the ApplicationTest unit test(After Spring Boot upgrade to 3.5.5 (Which includes logback 1.5.18)).

So the fix is to introduce a temporary application log file for the unit test.

This doesn't happen when running this container because the /var/log/information-coordinator-service is created as part of the Docker build (In Dockerfile).

Issue-ID: INT-193
Change-Id: I63088541045b3faf0038223c4e81f7ab35d7a878
Signed-off-by: aravind.est <aravindhan.a@est.tech>
---
 src/test/java/org/oransc/ics/ApplicationTest.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/java/org/oransc/ics/ApplicationTest.java b/src/test/java/org/oransc/ics/ApplicationTest.java
index 8c60f51..df9b699 100644
--- a/src/test/java/org/oransc/ics/ApplicationTest.java
+++ b/src/test/java/org/oransc/ics/ApplicationTest.java
@@ -113,6 +113,7 @@ import reactor.test.StepVerifier;
         "app.webclient.trust-store=./config/truststore.jks", //
         "app.webclient.trust-store-used=true", //
         "app.vardata-directory=/tmp/ics", //
+        "logging.file.name=/tmp/ics.log",
         "app.s3.bucket=" // If this is set, S3 will be used to store data.
     })
 class ApplicationTest {
-- 
2.16.6