From 0baaec7a843d91c6e21150932ded3fe760a0f010 Mon Sep 17 00:00:00 2001 From: Gary O'Neall Date: Wed, 3 Jan 2024 15:15:54 -0800 Subject: [PATCH] Update Mustache version Signed-off-by: Gary O'Neall --- RELEASE-CHECKLIST.md | 1 + .../licenselistpublisher/UnitTestHelper.java | 7 +- dependency-check-supress.xml | 67 +++++++++++++++++++ pom.xml | 5 +- src/org/spdx/crossref/Wayback.java | 2 - .../spdx/htmltemplates/ExceptionHtmlToc.java | 10 +-- .../spdx/htmltemplates/LicenseHTMLFile.java | 7 +- .../htmltemplates/LicenseTOCHTMLFile.java | 10 +-- .../LicenseRDFAGenerator.java | 23 +++---- .../FsfLicenseDataParser.java | 5 +- .../LicenseHtmlFormatWriter.java | 13 ++-- .../LicenseTemplateFormatWriter.java | 9 ++- .../spdx/licensexml/XmlLicenseProvider.java | 5 +- 13 files changed, 113 insertions(+), 51 deletions(-) create mode 100644 dependency-check-supress.xml diff --git a/RELEASE-CHECKLIST.md b/RELEASE-CHECKLIST.md index dfeb4fd..d8502f2 100644 --- a/RELEASE-CHECKLIST.md +++ b/RELEASE-CHECKLIST.md @@ -2,6 +2,7 @@ - [ ] Check for any warnings from the compiler and findbugs - [ ] Run unit tests for all packages that depend on the library +- [ ] Run the the publisher against the current license list and check for any errors - [ ] Run dependency check to find any potential vulnerabilities `mvn dependency-check:check` - [ ] Run `mvn release:prepare` - you will be prompted for the release - typically take the defaults - [ ] Run `mvn release:perform` diff --git a/Test/org/spdx/licenselistpublisher/UnitTestHelper.java b/Test/org/spdx/licenselistpublisher/UnitTestHelper.java index a24a6d7..6d0b832 100644 --- a/Test/org/spdx/licenselistpublisher/UnitTestHelper.java +++ b/Test/org/spdx/licenselistpublisher/UnitTestHelper.java @@ -16,14 +16,13 @@ */ package org.spdx.licenselistpublisher; -import java.io.File; import java.io.IOException; import java.nio.charset.Charset; +import java.nio.file.Files; +import java.nio.file.Path; import java.util.Collection; import java.util.Objects; -import com.google.common.io.Files; - /** * Helper class for unit tests * @author Gary @@ -68,7 +67,7 @@ public static boolean isArraysEqual(Object[] a1, * @throws IOException */ public static String fileToText(String filePath) throws IOException { - return Files.toString(new File(filePath), Charset.forName("UTF-8")); + return new String(Files.readAllBytes(Path.of(filePath)), Charset.forName("UTF-8")); } diff --git a/dependency-check-supress.xml b/dependency-check-supress.xml new file mode 100644 index 0000000..6984b4e --- /dev/null +++ b/dependency-check-supress.xml @@ -0,0 +1,67 @@ + + + + + ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$ + CVE-2023-5072 + + + + ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$ + CVE-2023-5072 + + + + ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$ + CVE-2023-35116 + + + + ^pkg:maven/org\.glassfish/jakarta\.json@.*$ + CVE-2022-45688 + + + + ^pkg:maven/org\.glassfish/jakarta\.json@.*$ + CVE-2023-5072 + + + + ^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$ + CVE-2022-45688 + + + + ^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$ + CVE-2022-45688 + + + + ^pkg:maven/com\.github\.jsonld\-java/jsonld\-java@.*$ + CVE-2023-5072 + + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 519e4e6..3bcab86 100644 --- a/pom.xml +++ b/pom.xml @@ -73,7 +73,7 @@ com.github.spullara.mustache.java compiler - 0.7.9 + 0.9.1 net.sf.opencsv @@ -279,6 +279,9 @@ org.owasp dependency-check-maven ${dependency-check-maven.version} + + dependency-check-supress.xml + org.spdx diff --git a/src/org/spdx/crossref/Wayback.java b/src/org/spdx/crossref/Wayback.java index eac3bc8..79255a4 100644 --- a/src/org/spdx/crossref/Wayback.java +++ b/src/org/spdx/crossref/Wayback.java @@ -19,8 +19,6 @@ import java.util.concurrent.Callable; -import org.apache.commons.validator.UrlValidator; - /** * Determines whether a url is from the wayback machine or not * @author Smith Tanjong diff --git a/src/org/spdx/htmltemplates/ExceptionHtmlToc.java b/src/org/spdx/htmltemplates/ExceptionHtmlToc.java index 8eded0b..ae6fcb5 100644 --- a/src/org/spdx/htmltemplates/ExceptionHtmlToc.java +++ b/src/org/spdx/htmltemplates/ExceptionHtmlToc.java @@ -20,7 +20,9 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStreamWriter; +import java.util.ArrayList; import java.util.Comparator; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -31,8 +33,6 @@ import com.github.mustachejava.DefaultMustacheFactory; import com.github.mustachejava.Mustache; import com.github.mustachejava.MustacheException; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; /** * Generates the HTML Table of Contents for License Exceptions @@ -209,8 +209,8 @@ public ExceptionRow(String licenseExceptionId, String exceptionName, } } - List exceptions = Lists.newArrayList(); - List deprecatedExceptions = Lists.newArrayList(); + List exceptions = new ArrayList<>(); + List deprecatedExceptions = new ArrayList<>(); int currentRefNum = 1; @@ -245,7 +245,7 @@ public void addDeprecatedException(LicenseException exception, */ public void writeToFile(File exceptionTocFile, String version) throws MustacheException, IOException { - Map mustacheMap = Maps.newHashMap(); + Map mustacheMap = new HashMap<>(); mustacheMap.put("version", StringEscapeUtils.escapeHtml4(version)); exceptions.sort(new Comparator() { diff --git a/src/org/spdx/htmltemplates/LicenseHTMLFile.java b/src/org/spdx/htmltemplates/LicenseHTMLFile.java index 11b3e23..1227bbf 100644 --- a/src/org/spdx/htmltemplates/LicenseHTMLFile.java +++ b/src/org/spdx/htmltemplates/LicenseHTMLFile.java @@ -23,6 +23,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; @@ -40,8 +41,6 @@ import com.github.mustachejava.DefaultMustacheFactory; import com.github.mustachejava.Mustache; import com.github.mustachejava.MustacheException; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; /** * This class contains a formatted HTML file for a given license. Specific @@ -221,7 +220,7 @@ public void writeToFile(File htmlFile, String tableOfContentsReference) throws I * @throws LicenseTemplateRuleException */ private Map buildMustachMap() throws InvalidLicenseTemplateException, InvalidSPDXAnalysisException { - Map retval = Maps.newHashMap(); + Map retval = new HashMap<>(); if (license != null) { retval.put("licenseId", license.getLicenseId()); String licenseTextHtml = license.getLicenseTextHtml(); @@ -242,7 +241,7 @@ private Map buildMustachMap() throws InvalidLicenseTemplateExcep retval.put("osiApproved", license.isOsiApproved()); retval.put("fsfLibre", license.isFsfLibre()); retval.put("notFsfLibre", license.isNotFsfLibre()); - List otherWebPages = Lists.newArrayList(); + List otherWebPages = new ArrayList<>(); try { List crossRefCopy = new ArrayList<>(); for (CrossRef crossRef:license.getCrossRef()) { diff --git a/src/org/spdx/htmltemplates/LicenseTOCHTMLFile.java b/src/org/spdx/htmltemplates/LicenseTOCHTMLFile.java index 44b3594..1b59af2 100644 --- a/src/org/spdx/htmltemplates/LicenseTOCHTMLFile.java +++ b/src/org/spdx/htmltemplates/LicenseTOCHTMLFile.java @@ -20,7 +20,9 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStreamWriter; +import java.util.ArrayList; import java.util.Comparator; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -30,8 +32,6 @@ import com.github.mustachejava.DefaultMustacheFactory; import com.github.mustachejava.Mustache; import com.github.mustachejava.MustacheException; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; /** * This class holds a formatted HTML file for a license table of contents @@ -241,8 +241,8 @@ public void setLicenseName(String licenseName) { } } - List listedLicenses = Lists.newArrayList(); - List deprecatedLicenses = Lists.newArrayList(); + List listedLicenses = new ArrayList<>(); + List deprecatedLicenses = new ArrayList<>(); private int currentRefNumber = 1; @@ -304,7 +304,7 @@ public void writeToFile(File htmlFile) throws IOException, MustacheException { * @return */ private Map buildMustachMap() { - Map retval = Maps.newHashMap(); + Map retval = new HashMap<>(); retval.put("version", generateVersionString(version, releaseDate)); this.listedLicenses.sort(new Comparator() { diff --git a/src/org/spdx/licenselistpublisher/LicenseRDFAGenerator.java b/src/org/spdx/licenselistpublisher/LicenseRDFAGenerator.java index 56c9c38..d10d4a2 100644 --- a/src/org/spdx/licenselistpublisher/LicenseRDFAGenerator.java +++ b/src/org/spdx/licenselistpublisher/LicenseRDFAGenerator.java @@ -25,6 +25,10 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.StringReader; +import java.nio.file.Files; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; @@ -57,11 +61,6 @@ import org.spdx.licenselistpublisher.licensegenerator.SimpleLicenseTester; import org.spdx.licenselistpublisher.licensegenerator.SpdxWebsiteFormatWriter; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - import au.com.bytecode.opencsv.CSVReader; /** @@ -96,7 +95,7 @@ */ public class LicenseRDFAGenerator { - static final Set INVALID_TEXT_CHARS = Sets.newHashSet(); + static final Set INVALID_TEXT_CHARS = new HashSet<>(); static { INVALID_TEXT_CHARS.add('\uFFFD'); @@ -247,8 +246,8 @@ public static void main(String[] args) { */ public static List generateLicenseData(File licenseXml, File dir, String version, String releaseDate, File testFileDir, boolean useTestText) throws LicenseGeneratorException { - List warnings = Lists.newArrayList(); - List writers = Lists.newArrayList(); + List warnings = new ArrayList<>(); + List writers = new ArrayList<>(); ISpdxListedLicenseProvider licenseProvider = null; try { File licenseXmlOutputFolder = new File(dir.getPath() + File.separator + LICENSE_XML_FOLDER_NAME); @@ -260,7 +259,7 @@ public static List generateLicenseData(File licenseXml, File dir, FileUtils.copyDirectory(licenseXml, licenseXmlOutputFolder); } else { licenseProvider = new XmlLicenseProviderSingleFile(licenseXml); - Files.copy(licenseXml, new File(licenseXmlOutputFolder.getAbsolutePath() + File.separator + licenseXml.getName())); + Files.copy(licenseXml.toPath(), licenseXmlOutputFolder.toPath().resolve(licenseXml.getName())); } File textFolder = new File(dir.getPath() + File.separator + TEXT_FOLDER_NAME); if (!textFolder.isDirectory() && !textFolder.mkdir()) { @@ -380,7 +379,7 @@ private static void writeExceptionList(String version, String releaseDate, ILicenseTester tester, Set licenseIds, boolean useTestText) throws IOException, LicenseGeneratorException, InvalidLicenseTemplateException, InvalidSPDXAnalysisException { // Collect license ID's to check for any duplicate ID's being used (e.g. license ID == exception ID) Iterator exceptionIter = licenseProvider.getExceptionIterator(); - Map addedExceptionsMap = Maps.newHashMap(); + Map addedExceptionsMap = new HashMap<>(); while (exceptionIter.hasNext()) { System.out.print("."); ListedLicenseException nextException = exceptionIter.next(); @@ -487,7 +486,7 @@ private static Set writeLicenseList(String version, String releaseDate, List writers, ILicenseTester tester, boolean useTestText) throws LicenseGeneratorException, InvalidSPDXAnalysisException, IOException, SpdxListedLicenseException, SpdxCompareException, InvalidLicenseTemplateException { Iterator licenseIter = licenseProvider.getLicenseIterator(); try { - Map addedLicIdTextMap = Maps.newHashMap(); // keep track for duplicate checking + Map addedLicIdTextMap = new HashMap<>(); // keep track for duplicate checking while (licenseIter.hasNext()) { System.out.print("."); SpdxListedLicense license = licenseIter.next(); @@ -576,7 +575,7 @@ private static void addExternalMetaData(SpdxListedLicense license) throws Licens private static void copyResourceFile(String resourceFileName, File destination) throws IOException { File resourceFile = new File(resourceFileName); if (resourceFile.exists()) { - Files.copy(resourceFile, destination); + Files.copy(resourceFile.toPath(), destination.toPath()); } else { InputStream is = LicenseRDFAGenerator.class.getClassLoader().getResourceAsStream(resourceFileName); InputStreamReader reader = new InputStreamReader(is); diff --git a/src/org/spdx/licenselistpublisher/licensegenerator/FsfLicenseDataParser.java b/src/org/spdx/licenselistpublisher/licensegenerator/FsfLicenseDataParser.java index 5e5d222..15dd4f7 100644 --- a/src/org/spdx/licenselistpublisher/licensegenerator/FsfLicenseDataParser.java +++ b/src/org/spdx/licenselistpublisher/licensegenerator/FsfLicenseDataParser.java @@ -23,6 +23,7 @@ import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; @@ -35,8 +36,6 @@ import org.slf4j.LoggerFactory; import org.spdx.licenselistpublisher.LicenseGeneratorException; -import com.google.common.collect.Maps; - /** * Singleton class which returns information maintained by the Free Software Foundation * @@ -83,7 +82,7 @@ public class FsfLicenseDataParser { private String licenseJsonUrl = DEFAULT_FSF_JSON_URL; private FsfLicenseDataParser() throws LicenseGeneratorException { - licenseIdToFsfFree = Maps.newHashMap(); + licenseIdToFsfFree = new HashMap<>(); useOnlyLocalFile = Boolean.parseBoolean(System.getProperty(PROP_USE_ONLY_LOCAL_FILE, "false")); licenseJsonUrl = System.getProperty(PROP_FSF_FREE_JSON_URL, DEFAULT_FSF_JSON_URL); InputStream input = null; diff --git a/src/org/spdx/licenselistpublisher/licensegenerator/LicenseHtmlFormatWriter.java b/src/org/spdx/licenselistpublisher/licensegenerator/LicenseHtmlFormatWriter.java index 5bfc574..5acbbe1 100644 --- a/src/org/spdx/licenselistpublisher/licensegenerator/LicenseHtmlFormatWriter.java +++ b/src/org/spdx/licenselistpublisher/licensegenerator/LicenseHtmlFormatWriter.java @@ -18,6 +18,8 @@ import java.io.File; import java.io.IOException; import java.nio.charset.Charset; +import java.nio.file.Files; +import java.util.HashSet; import java.util.Set; import org.spdx.library.InvalidSPDXAnalysisException; @@ -26,9 +28,6 @@ import org.spdx.licenseTemplate.InvalidLicenseTemplateException; import org.spdx.licenseTemplate.SpdxLicenseTemplateHelper; -import com.google.common.collect.Sets; -import com.google.common.io.Files; - /** * Generates HTML fragments with formatted license information * @@ -37,7 +36,7 @@ */ public class LicenseHtmlFormatWriter implements ILicenseFormatWriter { - static final Set INVALID_FILENAME_CHARS = Sets.newHashSet(); + static final Set INVALID_FILENAME_CHARS = new HashSet<>(); static { @@ -85,9 +84,9 @@ public void writeLicense(SpdxListedLicense license, boolean deprecated, String d String licHtmlFileName = licBaseHtmlFileName + ".html"; File htmlTextFile = new File(htmlFolder.getPath() + File.separator + licHtmlFileName); try { - Files.write(license.getLicenseTextHtml(), htmlTextFile, utf8); + Files.write(htmlTextFile.toPath(), license.getLicenseTextHtml().getBytes(utf8)); } catch (InvalidLicenseTemplateException e) { - Files.write(SpdxLicenseTemplateHelper.formatEscapeHTML(license.getLicenseText()), htmlTextFile, utf8); + Files.write(htmlTextFile.toPath(), SpdxLicenseTemplateHelper.formatEscapeHTML(license.getLicenseText()).getBytes(utf8)); } } @@ -124,7 +123,7 @@ public void writeException(ListedLicenseException exception) throws IOException, InvalidSPDXAnalysisException { String exceptionHtmlFileName = formLicenseHTMLFileName(exception.getLicenseExceptionId()); File htmlTextFile = new File(htmlFolder.getPath() + File.separator + exceptionHtmlFileName + ".html"); - Files.write(exception.getExceptionTextHtml(), htmlTextFile, utf8); + Files.write(htmlTextFile.toPath(), exception.getExceptionTextHtml().getBytes(utf8)); } } diff --git a/src/org/spdx/licenselistpublisher/licensegenerator/LicenseTemplateFormatWriter.java b/src/org/spdx/licenselistpublisher/licensegenerator/LicenseTemplateFormatWriter.java index e558dfc..8f987bf 100644 --- a/src/org/spdx/licenselistpublisher/licensegenerator/LicenseTemplateFormatWriter.java +++ b/src/org/spdx/licenselistpublisher/licensegenerator/LicenseTemplateFormatWriter.java @@ -18,14 +18,13 @@ import java.io.File; import java.io.IOException; import java.nio.charset.Charset; +import java.nio.file.Files; import org.spdx.library.InvalidSPDXAnalysisException; import org.spdx.library.model.license.ListedLicenseException; import org.spdx.library.model.license.SpdxListedLicense; import org.spdx.licenselistpublisher.LicenseGeneratorException; -import com.google.common.io.Files; - /** * Write license template format as described in the SPDX spec * @author Gary O'Neall @@ -68,9 +67,9 @@ public void writeLicense(SpdxListedLicense license, boolean deprecated, String d } File templateFile = new File(templateFolder.getPath() + File.separator + licBaseHtmlFileName + ".template.txt"); if (license.getStandardLicenseTemplate() != null && !license.getStandardLicenseTemplate().trim().isEmpty()) { - Files.write(license.getStandardLicenseTemplate(), templateFile, utf8); + Files.write(templateFile.toPath(), license.getStandardLicenseTemplate().getBytes(utf8)); } else { - Files.write(license.getLicenseText(), templateFile, utf8); + Files.write(templateFile.toPath(), license.getLicenseText().getBytes(utf8)); } } @@ -94,6 +93,6 @@ public void writeException(ListedLicenseException exception) licBaseHtmlFileName = "deprecated_" + licBaseHtmlFileName; } File templateFile = new File(templateFolder.getPath() + File.separator + licBaseHtmlFileName + ".template.txt"); - Files.write(exception.getLicenseExceptionTemplate(), templateFile, utf8); + Files.write(templateFile.toPath(), exception.getLicenseExceptionTemplate().getBytes(utf8)); } } diff --git a/src/org/spdx/licensexml/XmlLicenseProvider.java b/src/org/spdx/licensexml/XmlLicenseProvider.java index e7b492f..bd19a68 100644 --- a/src/org/spdx/licensexml/XmlLicenseProvider.java +++ b/src/org/spdx/licensexml/XmlLicenseProvider.java @@ -24,6 +24,7 @@ import java.util.NoSuchElementException; import java.util.Objects; +import org.apache.commons.compress.utils.FileNameUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.spdx.library.InvalidSPDXAnalysisException; @@ -32,8 +33,6 @@ import org.spdx.library.model.license.SpdxListedLicenseException; import org.spdx.licenselistpublisher.ISpdxListedLicenseProvider; -import com.google.common.io.Files; - /** * Provide license information from XML files * @author Gary O'Neall @@ -219,7 +218,7 @@ public boolean accept(File pathname) { @Override public boolean accept(File pathname) { - return pathname.isFile() && "xml".equals(Files.getFileExtension(pathname.getName().toLowerCase())); + return pathname.isFile() && "xml".equals(FileNameUtils.getExtension(pathname.toPath()).toLowerCase()); } });