Merge pull request #179 from spdx/mustache

Update Mustache version

RELEASE-CHECKLIST.md

@@ -2,6 +2,7 @@
 
 - [ ] Check for any warnings from the compiler and findbugs
 - [ ] Run unit tests for all packages that depend on the library
+- [ ] Run the the publisher against the current license list and check for any errors
 - [ ] Run dependency check to find any potential vulnerabilities `mvn dependency-check:check`
 - [ ] Run `mvn release:prepare` - you will be prompted for the release - typically take the defaults
 - [ ] Run `mvn release:perform`

Test/org/spdx/licenselistpublisher/UnitTestHelper.java

@@ -16,14 +16,13 @@
 */
 package org.spdx.licenselistpublisher;
 
-import java.io.File;
 import java.io.IOException;
 import java.nio.charset.Charset;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.Collection;
 import java.util.Objects;
 
-import com.google.common.io.Files;
-
 /**
  * Helper class for unit tests
  * @author Gary
@@ -68,7 +67,7 @@ public static boolean isArraysEqual(Object[] a1,
 	 * @throws IOException
 	 */
 	public static String fileToText(String filePath) throws IOException {
-		return Files.toString(new File(filePath), Charset.forName("UTF-8"));
+		return new String(Files.readAllBytes(Path.of(filePath)), Charset.forName("UTF-8"));
 	}
 
 

dependency-check-supress.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+<suppress>
+   <notes><![CDATA[
+   file name: jackson-core-2.15.3.jar
+   Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
+   <cve>CVE-2023-5072</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jackson-core-2.15.3.jar
+   Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
+   <cve>CVE-2023-5072</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jackson-databind-2.15.3.jar
+   he vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+   <cve>CVE-2023-35116</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jakarta.json-2.0.1.jar
+   Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.json@.*$</packageUrl>
+   <cve>CVE-2022-45688</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jakarta.json-2.0.1.jar
+    Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.json@.*$</packageUrl>
+   <cve>CVE-2023-5072</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jsonld-java-0.13.4.jar
+   Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$</packageUrl>
+   <cve>CVE-2022-45688</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jackson-core-2.15.3.jar
+   Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
+   <cve>CVE-2022-45688</cve>
+</suppress>
+<suppress>
+   <notes><![CDATA[
+   file name: jsonld-java-0.13.4.jar
+   Since the JSON input files are generated, this vulnerability can not occur
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$</packageUrl>
+   <cve>CVE-2023-5072</cve>
+</suppress>
+</suppressions>

pom.xml

@@ -73,7 +73,7 @@
 		<dependency>
 			<groupId>com.github.spullara.mustache.java</groupId>
 			<artifactId>compiler</artifactId>
-			<version>0.7.9</version>
+			<version>0.9.1</version>
 		</dependency>
 		<dependency>
 			<groupId>net.sf.opencsv</groupId>
@@ -279,6 +279,9 @@
    				<groupId>org.owasp</groupId>
    				<artifactId>dependency-check-maven</artifactId>
    				<version>${dependency-check-maven.version}</version>
+   				<configuration>
+   					<suppressionFiles>dependency-check-supress.xml</suppressionFiles>
+   				</configuration>
 			</plugin>
 			<plugin>
 				<groupId>org.spdx</groupId>

src/org/spdx/crossref/Wayback.java

@@ -19,8 +19,6 @@
 
 import java.util.concurrent.Callable;
 
-import org.apache.commons.validator.UrlValidator;
-
 /**
  * Determines whether a url is from the wayback machine or not
  * @author Smith Tanjong

src/org/spdx/htmltemplates/ExceptionHtmlToc.java

@@ -20,7 +20,9 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
+import java.util.ArrayList;
 import java.util.Comparator;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -31,8 +33,6 @@
 import com.github.mustachejava.DefaultMustacheFactory;
 import com.github.mustachejava.Mustache;
 import com.github.mustachejava.MustacheException;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 
 /**
  * Generates the HTML Table of Contents for License Exceptions
@@ -209,8 +209,8 @@ public ExceptionRow(String licenseExceptionId, String exceptionName,
 		}
 	}
 
-	List<ExceptionRow> exceptions = Lists.newArrayList();
-	List<DeprecatedExceptionRow> deprecatedExceptions = Lists.newArrayList();
+	List<ExceptionRow> exceptions = new ArrayList<>();
+	List<DeprecatedExceptionRow> deprecatedExceptions = new ArrayList<>();
 
 	int currentRefNum = 1;
 
@@ -245,7 +245,7 @@ public void addDeprecatedException(LicenseException exception,
 	 */
 	public void writeToFile(File exceptionTocFile, String version) throws MustacheException, IOException {
 
-		Map<String, Object> mustacheMap = Maps.newHashMap();
+		Map<String, Object> mustacheMap = new HashMap<>();
 		mustacheMap.put("version", StringEscapeUtils.escapeHtml4(version));
 		exceptions.sort(new Comparator<ExceptionRow>() {
 

src/org/spdx/htmltemplates/LicenseHTMLFile.java

@@ -23,6 +23,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -40,8 +41,6 @@
 import com.github.mustachejava.DefaultMustacheFactory;
 import com.github.mustachejava.Mustache;
 import com.github.mustachejava.MustacheException;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 
 /**
  * This class contains a formatted HTML file for a given license.  Specific
@@ -221,7 +220,7 @@ public void writeToFile(File htmlFile, String tableOfContentsReference) throws I
 	 * @throws LicenseTemplateRuleException
 	 */
 	private Map<String, Object> buildMustachMap() throws InvalidLicenseTemplateException, InvalidSPDXAnalysisException {
-		Map<String, Object> retval = Maps.newHashMap();
+		Map<String, Object> retval = new HashMap<>();
 		if (license != null) {
 			retval.put("licenseId", license.getLicenseId());
 			String licenseTextHtml = license.getLicenseTextHtml();
@@ -242,7 +241,7 @@ private Map<String, Object> buildMustachMap() throws InvalidLicenseTemplateExcep
 			retval.put("osiApproved", license.isOsiApproved());
 			retval.put("fsfLibre", license.isFsfLibre());
 			retval.put("notFsfLibre", license.isNotFsfLibre());
-			List<FormattedUrl> otherWebPages = Lists.newArrayList();
+			List<FormattedUrl> otherWebPages = new ArrayList<>();
 			try {
 				List<CrossRef> crossRefCopy = new ArrayList<>();
 				for (CrossRef crossRef:license.getCrossRef()) {

src/org/spdx/htmltemplates/LicenseTOCHTMLFile.java

@@ -20,7 +20,9 @@
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
+import java.util.ArrayList;
 import java.util.Comparator;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -30,8 +32,6 @@
 import com.github.mustachejava.DefaultMustacheFactory;
 import com.github.mustachejava.Mustache;
 import com.github.mustachejava.MustacheException;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 
 /**
  * This class holds a formatted HTML file for a license table of contents
@@ -241,8 +241,8 @@ public void setLicenseName(String licenseName) {
 		}
 	}
 
-	List<ListedSpdxLicense> listedLicenses = Lists.newArrayList();
-	List<DeprecatedLicense> deprecatedLicenses = Lists.newArrayList();
+	List<ListedSpdxLicense> listedLicenses = new ArrayList<>();
+	List<DeprecatedLicense> deprecatedLicenses = new ArrayList<>();
 
       private int currentRefNumber = 1;
 
@@ -304,7 +304,7 @@ public void writeToFile(File htmlFile) throws IOException, MustacheException {
 	 * @return
 	 */
 	private Map<String, Object> buildMustachMap() {
-		Map<String, Object> retval = Maps.newHashMap();
+		Map<String, Object> retval = new HashMap<>();
 		retval.put("version", generateVersionString(version, releaseDate));
 		this.listedLicenses.sort(new Comparator<ListedSpdxLicense>() {
 

src/org/spdx/licenselistpublisher/LicenseRDFAGenerator.java

@@ -25,6 +25,10 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.StringReader;
+import java.nio.file.Files;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -57,11 +61,6 @@
 import org.spdx.licenselistpublisher.licensegenerator.SimpleLicenseTester;
 import org.spdx.licenselistpublisher.licensegenerator.SpdxWebsiteFormatWriter;
 
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
 import au.com.bytecode.opencsv.CSVReader;
 
 /**
@@ -96,7 +95,7 @@
  */
 public class LicenseRDFAGenerator {
 
-	static final Set<Character> INVALID_TEXT_CHARS = Sets.newHashSet();
+	static final Set<Character> INVALID_TEXT_CHARS = new HashSet<>();
 
 	static {
 		INVALID_TEXT_CHARS.add('\uFFFD');
@@ -247,8 +246,8 @@ public static void main(String[] args) {
 	 */
 	public static List<String> generateLicenseData(File licenseXml, File dir,
 			String version, String releaseDate, File testFileDir, boolean useTestText) throws LicenseGeneratorException {
-		List<String> warnings = Lists.newArrayList();
-		List<ILicenseFormatWriter> writers = Lists.newArrayList();
+		List<String> warnings = new ArrayList<>();
+		List<ILicenseFormatWriter> writers = new ArrayList<>();
 		ISpdxListedLicenseProvider licenseProvider = null;
 		try {
 			File licenseXmlOutputFolder = new File(dir.getPath() + File.separator +  LICENSE_XML_FOLDER_NAME);
@@ -260,7 +259,7 @@ public static List<String> generateLicenseData(File licenseXml, File dir,
 				FileUtils.copyDirectory(licenseXml, licenseXmlOutputFolder);
 			} else {
 				licenseProvider = new XmlLicenseProviderSingleFile(licenseXml);
-				Files.copy(licenseXml, new File(licenseXmlOutputFolder.getAbsolutePath() + File.separator + licenseXml.getName()));
+				Files.copy(licenseXml.toPath(), licenseXmlOutputFolder.toPath().resolve(licenseXml.getName()));
 			}
 			File textFolder = new File(dir.getPath() + File.separator +  TEXT_FOLDER_NAME);
 			if (!textFolder.isDirectory() && !textFolder.mkdir()) {
@@ -380,7 +379,7 @@ private static void writeExceptionList(String version, String releaseDate,
 			ILicenseTester tester, Set<String> licenseIds, boolean useTestText) throws IOException, LicenseGeneratorException, InvalidLicenseTemplateException, InvalidSPDXAnalysisException {
 		// Collect license ID's to check for any duplicate ID's being used (e.g. license ID == exception ID)
 		Iterator<ListedLicenseException> exceptionIter = licenseProvider.getExceptionIterator();
-		Map<String, String> addedExceptionsMap = Maps.newHashMap();
+		Map<String, String> addedExceptionsMap = new HashMap<>();
 		while (exceptionIter.hasNext()) {
 			System.out.print(".");
 			ListedLicenseException nextException = exceptionIter.next();
@@ -487,7 +486,7 @@ private static Set<String> writeLicenseList(String version, String releaseDate,
 			List<ILicenseFormatWriter> writers, ILicenseTester tester, boolean useTestText) throws LicenseGeneratorException, InvalidSPDXAnalysisException, IOException, SpdxListedLicenseException, SpdxCompareException, InvalidLicenseTemplateException {
 		Iterator<SpdxListedLicense> licenseIter = licenseProvider.getLicenseIterator();
 		try {
-			Map<String, String> addedLicIdTextMap = Maps.newHashMap();	// keep track for duplicate checking
+			Map<String, String> addedLicIdTextMap = new HashMap<>();	// keep track for duplicate checking
 			while (licenseIter.hasNext()) {
 				System.out.print(".");
 				SpdxListedLicense license = licenseIter.next();
@@ -576,7 +575,7 @@ private static void addExternalMetaData(SpdxListedLicense license) throws Licens
 	private static void copyResourceFile(String resourceFileName, File destination) throws IOException {
 		File resourceFile = new File(resourceFileName);
 		if (resourceFile.exists()) {
-			Files.copy(resourceFile, destination);
+			Files.copy(resourceFile.toPath(), destination.toPath());
 		} else {
 			InputStream is = LicenseRDFAGenerator.class.getClassLoader().getResourceAsStream(resourceFileName);
 			InputStreamReader reader = new InputStreamReader(is);

src/org/spdx/licenselistpublisher/licensegenerator/FsfLicenseDataParser.java

@@ -23,6 +23,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -35,8 +36,6 @@
 import org.slf4j.LoggerFactory;
 import org.spdx.licenselistpublisher.LicenseGeneratorException;
 
-import com.google.common.collect.Maps;
-
 /**
  * Singleton class which returns information maintained by the Free Software Foundation
  *
@@ -83,7 +82,7 @@ public class FsfLicenseDataParser {
 	private String licenseJsonUrl = DEFAULT_FSF_JSON_URL;
 
 	private FsfLicenseDataParser() throws LicenseGeneratorException {
-		licenseIdToFsfFree = Maps.newHashMap();
+		licenseIdToFsfFree = new HashMap<>();
 		useOnlyLocalFile = Boolean.parseBoolean(System.getProperty(PROP_USE_ONLY_LOCAL_FILE, "false"));
 		licenseJsonUrl = System.getProperty(PROP_FSF_FREE_JSON_URL, DEFAULT_FSF_JSON_URL);
 		InputStream input = null;

src/org/spdx/licenselistpublisher/licensegenerator/LicenseHtmlFormatWriter.java

@@ -18,6 +18,8 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.charset.Charset;
+import java.nio.file.Files;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.spdx.library.InvalidSPDXAnalysisException;
@@ -26,9 +28,6 @@
 import org.spdx.licenseTemplate.InvalidLicenseTemplateException;
 import org.spdx.licenseTemplate.SpdxLicenseTemplateHelper;
 
-import com.google.common.collect.Sets;
-import com.google.common.io.Files;
-
 /**
  * Generates HTML fragments with formatted license information
  *
@@ -37,7 +36,7 @@
  */
 public class LicenseHtmlFormatWriter implements ILicenseFormatWriter {
 
-	static final Set<Character> INVALID_FILENAME_CHARS = Sets.newHashSet();
+	static final Set<Character> INVALID_FILENAME_CHARS = new HashSet<>();
 
 	static {
 
@@ -85,9 +84,9 @@ public void writeLicense(SpdxListedLicense license, boolean deprecated, String d
 		String licHtmlFileName = licBaseHtmlFileName + ".html";
 		File htmlTextFile = new File(htmlFolder.getPath() + File.separator + licHtmlFileName);
 		try {
-			Files.write(license.getLicenseTextHtml(), htmlTextFile, utf8);
+			Files.write(htmlTextFile.toPath(), license.getLicenseTextHtml().getBytes(utf8));
 		} catch (InvalidLicenseTemplateException e) {
-			Files.write(SpdxLicenseTemplateHelper.formatEscapeHTML(license.getLicenseText()), htmlTextFile, utf8);
+			Files.write(htmlTextFile.toPath(), SpdxLicenseTemplateHelper.formatEscapeHTML(license.getLicenseText()).getBytes(utf8));
 		}
 	}
 
@@ -124,7 +123,7 @@ public void writeException(ListedLicenseException exception)
 			throws IOException, InvalidSPDXAnalysisException {
 		String exceptionHtmlFileName = formLicenseHTMLFileName(exception.getLicenseExceptionId());
 		File htmlTextFile = new File(htmlFolder.getPath() + File.separator + exceptionHtmlFileName + ".html");
-		Files.write(exception.getExceptionTextHtml(), htmlTextFile, utf8);
+		Files.write(htmlTextFile.toPath(), exception.getExceptionTextHtml().getBytes(utf8));
 	}
 
 }