Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LOW PRIORITY - effective-pom.xml has http: urls for xsds #284

Open
dwinchell opened this issue Jul 19, 2022 · 0 comments
Open

LOW PRIORITY - effective-pom.xml has http: urls for xsds #284

dwinchell opened this issue Jul 19, 2022 · 0 comments

Comments

@dwinchell
Copy link
Contributor

If an application runs some kind of coding style scan that looks for http: urls (instead of https:), that scan turns up a finding because PSR generates an effective-pom.xml file that has xsd imports using the http protocol.

The maintainer of the app being built by ploigos can work around this by suppressing the finding, but that is not ideal because it (slightly) increases the effort to onboard the app to PSR.

We should generate effective-pom.xml using https: urls for the xsd imports.

Example:

  • An app running the maven checkstyle plugin turns up warnings like
Error:  [ERROR] step-runner-working/unit-test/effective-pom.xml:[5,12] (extension) NoHttp: http:// URLs are not allowed but got 'http://maven.apache.org/plugins/maven-help-plugin/'. Use https:// instead.
  • App developer has to add a suppression rule like this (this is not a great rule but you get the idea).
<suppress files=".+\.(jar|git|ico|p12|gif|jks|jpg|svg|xml)" checks="NoHttp"/>

How to start implementing the fix:
Change this line in the relevant unit test to check for the new behavior
https://github.com/ploigos/ploigos-step-runner/blob/main/tests/utils/test_xml.py#L36

@dwinchell dwinchell changed the title effective-pom.xml has http: urls for xsds LOW PRIORITY - effective-pom.xml has http: urls for xsds Jul 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant