From e6a0f816947015e2009feee847ff28843b2e9d82 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Thu, 24 Aug 2023 09:17:30 +0200
Subject: [PATCH 1/7] fix(protocol): VC-Flaw#1 CWE-80 do not take complete uri
 for building reference urls and reencode the reference before returning.

---
 .../agents/edc/http/AgentController.java        |  6 ++++--
 .../tractusx/agents/edc/http/HttpUtils.java     | 17 ++++++++++++++++-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java
index 474cb99..0947a7b 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java
@@ -304,8 +304,9 @@ public String getRestRepositories(
             @Context UriInfo uri
     ) {
         monitor.debug(String.format("Received a GET Rest Repositories request %s",request));
-        String url=uri.toString();
+        String url=uri.getAbsolutePath().toString();
         url=url.substring(0,url.length()-18);
+        url=HttpUtils.urlEncode(url);
         return "[\n" +
                 "    {\n" +
                 "        \"id\": \"AGENT\",\n" +
@@ -337,8 +338,9 @@ public Response getRepositories(
             @Context UriInfo uri
     ) {
         monitor.debug(String.format("Received a GET Repositories request %s",request));
-        String url=uri.toString();
+        String url=uri.getAbsolutePath().toString();
         url=url.substring(0,url.length()-13);
+        url=HttpUtils.urlEncode(url);
         Response.ResponseBuilder builder=Response.ok("uri,id,title,readable,writable\n"+url+",AGENT,Catena-X Knowledge Agent Dataspace Endpoint,true,true\n");
         builder.type("text/csv;charset=UTF-8");
         builder.header("Content-Disposition","attachment; filename=repositories.csv");
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpUtils.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpUtils.java
index 666d582..8a9feda 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpUtils.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpUtils.java
@@ -34,6 +34,21 @@ public class HttpUtils {
     /**
      * ensure that the given parameter string is correctly
      * encoded
+     * @param pattern maybe undecoded patterm
+     * @return a url encoded string 
+     */
+    public static String urlEncode(String pattern) {
+        try {
+            return URLEncoder.encode(pattern,DEFAULT_ENCODING);
+        } catch(UnsupportedEncodingException e) {
+            // this should never happen
+            return pattern;
+        }
+    }
+
+        /**
+     * ensure that the given parameter string is correctly
+     * encoded
      * TODO optimize
      * @param parameter maybe undecoded parameter
      * @return a url encoded string which additionally encodes some URL-prefix related symbols
@@ -42,7 +57,7 @@ public static String urlEncodeParameter(String parameter)  {
         if(parameter==null || parameter.length()==0) return "";
         try {
             parameter = urlDecodeParameter(parameter);
-            return encodeParameter(URLEncoder.encode(parameter, DEFAULT_ENCODING));
+            return encodeParameter(urlEncode(parameter));
         } catch(UnsupportedEncodingException e) {
             // this should never happen
             return parameter;

From 4c7ab9ad2cd6e24032ced82fbb720f2db8fbe3b5 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Thu, 24 Aug 2023 09:21:11 +0200
Subject: [PATCH 2/7] fix(protocol): VC-Flaw#2 CWE-404 clean reader resource
 automatically.

---
 .../agents/edc/sparql/QueryExecutor.java      | 37 ++++++++++---------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/QueryExecutor.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/QueryExecutor.java
index c2dc840..f3a839b 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/QueryExecutor.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/QueryExecutor.java
@@ -478,27 +478,28 @@ private Map.Entry<String,InputStream>  executeQuery(HttpRequest request) {
                 }
                 StringBuilder nextPart=null;
                 String embeddedContentType=null;
-                BufferedReader reader=new BufferedReader(new InputStreamReader(inputStream));
-                for(String line = reader.readLine(); line!=null; line=reader.readLine()) {
-                    if(boundary.equals(line)) {
-                        if(nextPart!=null && embeddedContentType!=null) {
-                            if(embeddedContentType.equals("application/cx-warnings+json")) {
-                                warnings=Optional.of(nextPart.toString());
+                try (BufferedReader reader=new BufferedReader(new InputStreamReader(inputStream))) {
+                    for(String line = reader.readLine(); line!=null; line=reader.readLine()) {
+                        if(boundary.equals(line)) {
+                            if(nextPart!=null && embeddedContentType!=null) {
+                                if(embeddedContentType.equals("application/cx-warnings+json")) {
+                                    warnings=Optional.of(nextPart.toString());
+                                } else {
+                                    inputStream=new ByteArrayInputStream(nextPart.toString().getBytes());
+                                    contentType=embeddedContentType;
+                                }
+                            }
+                            nextPart=new StringBuilder();
+                            String contentLine=reader.readLine();
+                            if(contentLine!=null && contentLine.startsWith("Content-Type: ")) {
+                                embeddedContentType=contentLine.substring(14);
                             } else {
-                                inputStream=new ByteArrayInputStream(nextPart.toString().getBytes());
-                                contentType=embeddedContentType;
+                                embeddedContentType=null;
                             }
+                        } else if(nextPart!=null) {
+                            nextPart.append(line);
+                            nextPart.append("\n");
                         }
-                        nextPart=new StringBuilder();
-                        String contentLine=reader.readLine();
-                        if(contentLine!=null && contentLine.startsWith("Content-Type: ")) {
-                            embeddedContentType=contentLine.substring(14);
-                        } else {
-                            embeddedContentType=null;
-                        }
-                    } else if(nextPart!=null) {
-                        nextPart.append(line);
-                        nextPart.append("\n");
                     }
                 }
                 if(nextPart!=null && embeddedContentType!=null) {

From fab55bdf75ddef4ff44b7b0b255a1a42a633639f Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Thu, 24 Aug 2023 12:13:48 +0200
Subject: [PATCH 3/7] chore(workflows): add latest and SNAPSHOT tags when
 building from main. login to docker when checking manifest before calling
 trivy

---
 .github/workflows/build.yml |  4 ++++
 .github/workflows/trivy.yml | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 28ed874..1873a5a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -115,6 +115,8 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=1.9.5-SNAPSHOT,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Hashicorp Container Build and push
         uses: docker/build-push-action@v3
@@ -151,6 +153,8 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=1.9.5-SNAPSHOT,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Azure Vault Container Build and push
         uses: docker/build-push-action@v3
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index bf65e68..9c6e13d 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -86,7 +86,15 @@ jobs:
     steps:
       - uses: actions/checkout@v3.5.2
 
-        ## This step will fail if the docker images is not found
+      # We need to login
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          # Use existing DockerHub credentials present as secrets
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      ## This step will fail if the docker images is not found
       - name: "Check if image exists"
         id: imageCheck
         run: |

From a39d3f3ffdbee2faf9dc6e9c9ffd7371b56476fa Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Fri, 25 Aug 2023 18:31:53 +0200
Subject: [PATCH 4/7] chore(maven): debug legal info as META-INF resources to
 the jar artifacts.

---
 agent-plane/agent-plane-protocol/pom.xml   | 10 +++++++++-
 agent-plane/agentplane-azure-vault/pom.xml | 10 +++++++++-
 agent-plane/agentplane-hashicorp/pom.xml   | 10 +++++++++-
 3 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml
index ce078dd..0b67b28 100644
--- a/agent-plane/agent-plane-protocol/pom.xml
+++ b/agent-plane/agent-plane-protocol/pom.xml
@@ -59,10 +59,18 @@
                 <directory>../../</directory>
                 <targetPath>META-INF</targetPath>
                 <includes>
-                    <include>NOTICE.md</include>
                     <include>LICENSE</include>
+                    <include>DEPENDENCIES</include>
+                    <include>SECURITY.md</include>
                 </includes>
             </resource>
+            <resource>
+                <directory>.</directory>
+                <includes>
+                    <include>README.md</include>
+                </includes>
+                <targetPath>META-INF</targetPath>
+            </resource>
         </resources>
 
         <plugins>
diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml
index a95f538..32025bd 100644
--- a/agent-plane/agentplane-azure-vault/pom.xml
+++ b/agent-plane/agentplane-azure-vault/pom.xml
@@ -59,10 +59,18 @@
                 <directory>../../</directory>
                 <targetPath>META-INF</targetPath>
                 <includes>
-                    <include>NOTICE.md</include>
                     <include>LICENSE</include>
+                    <include>DEPENDENCIES</include>
+                    <include>SECURITY.md</include>
                 </includes>
             </resource>
+            <resource>
+                <directory>.</directory>
+                <includes>
+                    <include>README.md</include>
+                </includes>
+                <targetPath>META-INF</targetPath>
+            </resource>
         </resources>
 
         <plugins>
diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml
index 7d1c2ae..de8d290 100644
--- a/agent-plane/agentplane-hashicorp/pom.xml
+++ b/agent-plane/agentplane-hashicorp/pom.xml
@@ -59,10 +59,18 @@
                 <directory>../../</directory>
                 <targetPath>META-INF</targetPath>
                 <includes>
-                    <include>NOTICE.md</include>
                     <include>LICENSE</include>
+                    <include>DEPENDENCIES</include>
+                    <include>SECURITY.md</include>
                 </includes>
             </resource>
+            <resource>
+                <directory>.</directory>
+                <includes>
+                    <include>README.md</include>
+                </includes>
+                <targetPath>META-INF</targetPath>
+            </resource>
         </resources>
 
         <plugins>

From dacabf52f272afd50965c2e725c0f821c7aa5d4a Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Fri, 25 Aug 2023 18:34:30 +0200
Subject: [PATCH 5/7] docs: remove a relict from catenax repo.

---
 COPYRIGHT.md | 17 -----------------
 1 file changed, 17 deletions(-)
 delete mode 100644 COPYRIGHT.md

diff --git a/COPYRIGHT.md b/COPYRIGHT.md
deleted file mode 100644
index 1ba4f23..0000000
--- a/COPYRIGHT.md
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
- * Copyright (C) 2022-2023 Catena-X Association and others. 
- * 
- * This program and the accompanying materials are made available under the
- * terms of the Apache License 2.0 which is available at
- * http://www.apache.org/licenses/.
- * 
- * SPDX-FileType: DOCUMENTATION
- * SPDX-FileCopyrightText: 2022-2023 Catena-X Association
- * SPDX-License-Identifier: Apache-2.0
--->
-
-# Copyright Notice
-
-All artifacts in this repository are (C) 2022-2023 Catena-X Association and others.  
-
-For more information on the contributors see [authors file](AUTHORS.md). 
\ No newline at end of file

From 55559523aebafe945d950a0250865ef1f198c6e4 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Fri, 25 Aug 2023 18:46:23 +0200
Subject: [PATCH 6/7] chore(maven): add additional legal info as META-INF
 resources to the jar artifacts.

---
 agent-plane/agent-plane-protocol/pom.xml   | 1 +
 agent-plane/agentplane-azure-vault/pom.xml | 1 +
 agent-plane/agentplane-hashicorp/pom.xml   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml
index 0b67b28..d0348fb 100644
--- a/agent-plane/agent-plane-protocol/pom.xml
+++ b/agent-plane/agent-plane-protocol/pom.xml
@@ -62,6 +62,7 @@
                     <include>LICENSE</include>
                     <include>DEPENDENCIES</include>
                     <include>SECURITY.md</include>
+                    <include>NOTICE.md</include>
                 </includes>
             </resource>
             <resource>
diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml
index 32025bd..1b947f9 100644
--- a/agent-plane/agentplane-azure-vault/pom.xml
+++ b/agent-plane/agentplane-azure-vault/pom.xml
@@ -62,6 +62,7 @@
                     <include>LICENSE</include>
                     <include>DEPENDENCIES</include>
                     <include>SECURITY.md</include>
+                    <include>NOTICE.md</include>
                 </includes>
             </resource>
             <resource>
diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml
index de8d290..77d7827 100644
--- a/agent-plane/agentplane-hashicorp/pom.xml
+++ b/agent-plane/agentplane-hashicorp/pom.xml
@@ -62,6 +62,7 @@
                     <include>LICENSE</include>
                     <include>DEPENDENCIES</include>
                     <include>SECURITY.md</include>
+                    <include>NOTICE.md</include>
                 </includes>
             </resource>
             <resource>

From e2fc047f360c7acfa303ed08cc4b3091f697fb3c Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Sat, 26 Aug 2023 11:33:09 +0200
Subject: [PATCH 7/7] docs: prepare release documentation in CHANGELOG

---
 CHANGELOG.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d45be9d..99825b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,21 +24,23 @@ All notable changes to this product will be documented in this file.
 
 # Released
 
-# Unreleased
-
-## [1.9.5-SNAPSHOT] - 
+## [1.9.5] - 
 
 ### Added
 
-- Matchmaking Agent: Possibility to invoke Skills as Services
+- Matchmaking Agent: Possibility to invoke Skills as Services according to KA-MATCH
 - Matchmaking Agent: Possibility to steer Delegation through Asset Properties
+- Matchmaking Agent: Possibility to allow/deny service requests based on URL pattern
+- Transfer: Possibility to annotate assets with service request allow/deny patterns
+- Transfer: Implement Skill Protocol of KA-TRANSFER
+- Federated Data Catalogue: Embedding Shapes Properties as Named Graphs
 - Skill Store: Implementation using EDC Control Plane/Asset Catalogue
 
 ### Changed
 
 - Adapted all Catena-X namespaces to https://w3id.org/catenax
-- Adapted to Tractus-X EDC 0.4 and the v2 Management API
 - Adapted to Tractus-X EDC 0.5 and the changed EDR callback
+- Adapted to Tractus-X EDC 0.4 and the v2 Management and Catalogue APIs
 - Upgraded to the latest possible version of dependent libraries
 - Eclipse Tractus-X standards and migration
 
@@ -46,6 +48,8 @@ All notable changes to this product will be documented in this file.
 
 - Previous EDC Control Plane Extensions regarding SPARQL/HTTP transfer
 
+# Unreleased
+
 ## [Unreleased]
 
 ## [0.8.6] - 2023-05-19