Skip to content

Commit

Permalink
Merge branch 'main' into jakarta
Browse files Browse the repository at this point in the history
  • Loading branch information
poikilotherm committed Jun 28, 2023
2 parents a1a9c23 + da23b79 commit 88fbb25
Show file tree
Hide file tree
Showing 5 changed files with 126 additions and 29 deletions.
38 changes: 38 additions & 0 deletions .github/workflows/maven-branch-checks.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Branch Push Verification and Security Scan
on:
push:
branches:
- main
- jakarta
jobs:
verify:
runs-on: ubuntu-latest
strategy:
matrix:
java: [11,17]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up Maven Central Repository
uses: actions/setup-java@v3
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Scan with Sonarcloud
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B -Pcoverage -Djdk.version=${{ matrix.java }} verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
16 changes: 14 additions & 2 deletions .github/workflows/maven-pr-checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,32 @@ jobs:
java: [11,17]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up Maven Central Repository
uses: actions/setup-java@v3
with:
java-version: ${{ matrix.java }}
distribution: 'adopt'
- name: Cache SonarCloud packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Build, test, verify
run: mvn -B verify -Djdk.version=${{ matrix.java }}
- name: Build, test, verify and send to Sonarcloud
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: mvn -B -Pcoverage -Djdk.version=${{ matrix.java }} verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- name: Scan with OWASP
if: always() # do not skip this step if Sonarcloud/verify fails the mvn build
run: mvn -B -Powasp dependency-check:check
- name: Upload scan results as SARIF report to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v2
Expand Down
94 changes: 68 additions & 26 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -22,27 +22,27 @@
<jdk.version>11</jdk.version>

<!-- Dependency versions -->
<servlet-api.version>5.0.0</servlet-api.version>
<servlet-api.version>6.0.0</servlet-api.version>
<jersey.version>3.0.4</jersey.version>
<abdera.version>1.1.3</abdera.version>
<fileupload.version>1.4</fileupload.version>
<jena.version>4.5.0</jena.version>
<fileupload.version>1.5</fileupload.version>
<jena.version>4.7.0</jena.version>
<slf4j.version>1.7.36</slf4j.version>

<!-- Transitive dependency versions -->
<io.version>2.11.0</io.version>

<!-- Official Maven Plugins -->
<maven-compiler-plugin.version>3.10.1</maven-compiler-plugin.version>
<maven-jar-plugin.version>3.2.2</maven-jar-plugin.version>
<maven-dependency-plugin.version>3.3.0</maven-dependency-plugin.version>
<maven-site-plugin.version>3.12.0</maven-site-plugin.version>
<maven-surefire-plugin.version>3.0.0-M6</maven-surefire-plugin.version>
<maven-failsafe-plugin.version>3.0.0-M6</maven-failsafe-plugin.version>
<maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
<maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
<maven-dependency-plugin.version>3.5.0</maven-dependency-plugin.version>
<maven-site-plugin.version>3.12.1</maven-site-plugin.version>
<maven-surefire-plugin.version>3.1.2</maven-surefire-plugin.version>
<maven-failsafe-plugin.version>3.1.2</maven-failsafe-plugin.version>
<maven-surefire-report-plugin.version>3.0.0-M5</maven-surefire-report-plugin.version>
<maven-gpg-plugin>3.0.1</maven-gpg-plugin>
<dependency-check-maven.version>7.1.0</dependency-check-maven.version>
<pmd.version>6.45.0</pmd.version>
<dependency-check-maven.version>8.3.1</dependency-check-maven.version>
<pmd.version>6.55.0</pmd.version>
</properties>
<scm>
<connection>scm:git:https://github.com/gdcc/${project.artifactId}.git</connection>
Expand Down Expand Up @@ -157,7 +157,7 @@
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.6.0.0</version>
<version>4.7.3.5</version>
<configuration>
<skip>${skipAnalysis}</skip>
<excludeFilterFile>spotbugsExcludeFilter.xml</excludeFilterFile>
Expand All @@ -175,7 +175,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.16.0</version>
<version>3.20.0</version>
<configuration>
<rulesets>
<ruleset>pmd.xml</ruleset>
Expand Down Expand Up @@ -208,7 +208,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.2</version>
<version>3.3.0</version>
<configuration>
<configLocation>checkstyle.xml</configLocation>
<encoding>UTF-8</encoding>
Expand All @@ -219,7 +219,7 @@
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>10.2</version>
<version>10.12.1</version>
</dependency>
</dependencies>
<executions>
Expand Down Expand Up @@ -249,9 +249,6 @@
<excludes>
<exclude>**/it/**</exclude>
</excludes>
<reportsDirectory>
${project.build.directory}/test-reports/unit
</reportsDirectory>
</configuration>
</execution>
</executions>
Expand All @@ -276,9 +273,6 @@
<includes>
<include>**/it/**</include>
</includes>
<reportsDirectory>
${project.build.directory}/test-reports/it
</reportsDirectory>
</configuration>
</execution>
</executions>
Expand All @@ -298,12 +292,12 @@
<plugin>
<groupId>org.kordamp.maven</groupId>
<artifactId>pomchecker-maven-plugin</artifactId>
<version>1.2.0</version>
<version>1.8.0</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.0.0-M5</version>
<version>3.0.1</version>
</plugin>
</plugins>
</build>
Expand All @@ -330,7 +324,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.4.0</version>
<version>3.5.0</version>
<executions>
<execution>
<id>attach-javadocs</id>
Expand Down Expand Up @@ -360,7 +354,7 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>flatten-maven-plugin</artifactId>
<version>1.2.7</version>
<version>1.5.0</version>
<configuration>
<updatePomFile>true</updatePomFile>
<flattenMode>oss</flattenMode>
Expand Down Expand Up @@ -419,6 +413,54 @@
</plugins>
</build>
</profile>
<profile>
<id>coverage</id>
<properties>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
<sonar.organization>gdcc</sonar.organization>
<sonar.projectKey>gdcc_sword2</sonar.projectKey>
<sonar.moduleKey>${project.groupId}:${project.artifactId}</sonar.moduleKey>
<jacoco.version>0.8.8</jacoco.version>
<sonar.version>3.9.1.2184</sonar.version>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>${sonar.version}</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<goals>
<goal>report</goal>
</goals>
<configuration>
<formats>
<format>XML</format>
</formats>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>

<dependencyManagement>
Expand Down Expand Up @@ -480,7 +522,7 @@
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>5.8.2</version>
<version>5.9.3</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/swordapp/server/ChecksumUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,9 @@ public static String hashAndCopy(final InputStream input, final OutputStream out

try (
DigestOutputStream digestStream = new DigestOutputStream(output, md);
) {
ReadableByteChannel in = Channels.newChannel(input);
WritableByteChannel out = Channels.newChannel(digestStream);
) {
ByteBuffer buffer = ByteBuffer.allocate(LARGE_BUFFER);

while (in.read(buffer) != -1) {
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/org/swordapp/server/ErrorDocument.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import org.w3c.dom.Element;

import jakarta.servlet.http.HttpServletResponse;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
Expand Down Expand Up @@ -150,6 +151,10 @@ public void writeTo(final Writer out, final SwordConfiguration config) throws Sw

// Actually write the model to a stream
TransformerFactory transformerFactory = TransformerFactory.newInstance();
// Prohibit the use of all protocols by external entities (we don't here, but it's good practice anyway)
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");

Transformer transformer = transformerFactory.newTransformer();
DOMSource source = new DOMSource(doc);
transformer.setOutputProperty(OutputKeys.STANDALONE, "yes");
Expand Down

0 comments on commit 88fbb25

Please sign in to comment.