From cd1a78c5b15fa917b746c0e41d17ed3fa18d92a1 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Thu, 13 Mar 2014 20:19:08 +0100 Subject: [PATCH 1/4] define global exclude for commons-logging and log4j --- scm-webapp/pom.xml | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml index 9064b4c571..4df3111dc8 100644 --- a/scm-webapp/pom.xml +++ b/scm-webapp/pom.xml @@ -165,12 +165,6 @@ commons-beanutils commons-beanutils 1.9.1 - - - commons-logging - commons-logging - - @@ -306,12 +300,6 @@ selenium-java ${selenium.version} test - - - commons-logging - commons-logging - - @@ -333,12 +321,22 @@ jersey-apache-client ${jersey.version} test - - - commons-logging - commons-logging - - + + + + + + commons-logging + commons-logging + 1.1.3 + provided + + + + log4j + log4j + 1.2.17 + provided From 33b9bec2421518cc526ca4b03ea7fc92f4b965ce Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Thu, 13 Mar 2014 20:23:16 +0100 Subject: [PATCH 2/4] include version 1.8 of commons-codec to fix htpasswd-plugin --- scm-webapp/pom.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml index 4df3111dc8..f6f21431d6 100644 --- a/scm-webapp/pom.xml +++ b/scm-webapp/pom.xml @@ -173,6 +173,17 @@ 3.2.1 + + + + commons-codec + commons-codec + 1.8 + + asm asm From 9d70a5aa09ce09dbb860771ff093da930019d824 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Thu, 13 Mar 2014 20:57:02 +0100 Subject: [PATCH 3/4] implement plugin dependency blacklist --- ...ter.java => AbstractDependencyFilter.java} | 119 ++++++++---------- .../main/java/sonia/scm/plugin/Aether.java | 8 +- .../scm/plugin/BlacklistDependencyFilter.java | 65 ++++++++++ .../scm/plugin/CoreDependencyFilter.java | 65 ++++++++++ .../sonia/scm/plugin/DependencyFilters.java | 110 ++++++++++++++++ .../src/main/resources/config/blacklist.list | 10 ++ 6 files changed, 309 insertions(+), 68 deletions(-) rename scm-webapp/src/main/java/sonia/scm/plugin/{AetherDependencyFilter.java => AbstractDependencyFilter.java} (73%) create mode 100644 scm-webapp/src/main/java/sonia/scm/plugin/BlacklistDependencyFilter.java create mode 100644 scm-webapp/src/main/java/sonia/scm/plugin/CoreDependencyFilter.java create mode 100644 scm-webapp/src/main/java/sonia/scm/plugin/DependencyFilters.java create mode 100644 scm-webapp/src/main/resources/config/blacklist.list diff --git a/scm-webapp/src/main/java/sonia/scm/plugin/AetherDependencyFilter.java b/scm-webapp/src/main/java/sonia/scm/plugin/AbstractDependencyFilter.java similarity index 73% rename from scm-webapp/src/main/java/sonia/scm/plugin/AetherDependencyFilter.java rename to scm-webapp/src/main/java/sonia/scm/plugin/AbstractDependencyFilter.java index 1d89ddec7a..d448358b64 100644 --- a/scm-webapp/src/main/java/sonia/scm/plugin/AetherDependencyFilter.java +++ b/scm-webapp/src/main/java/sonia/scm/plugin/AbstractDependencyFilter.java @@ -35,42 +35,47 @@ package sonia.scm.plugin; //~--- non-JDK imports -------------------------------------------------------- +import com.google.common.base.Throwables; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import org.sonatype.aether.artifact.Artifact; import org.sonatype.aether.graph.DependencyFilter; import org.sonatype.aether.graph.DependencyNode; -import sonia.scm.util.Util; - //~--- JDK imports ------------------------------------------------------------ -import java.util.HashSet; +import java.io.IOException; + import java.util.List; -import java.util.Scanner; import java.util.Set; /** * * @author Sebastian Sdorra */ -public class AetherDependencyFilter implements DependencyFilter +public abstract class AbstractDependencyFilter implements DependencyFilter { - /** Field description */ - public static final String EXCLUDE_LIST = "/config/dependencies.list"; - - //~--- constructors --------------------------------------------------------- - /** - * Constructs ... - * + * the logger for AbstractDependencyFilter */ - public AetherDependencyFilter() - { - loadExcludes(); - } + private static final Logger logger = + LoggerFactory.getLogger(AbstractDependencyFilter.class); //~--- methods -------------------------------------------------------------- + /** + * Method description + * + * + * @return + * + * @throws IOException + */ + protected abstract Set loadExcludeSet() throws IOException; + /** * Method description * @@ -91,63 +96,45 @@ public class AetherDependencyFilter implements DependencyFilter if (artifact != null) { - result = !exludeSet.contains(getId(artifact)); + String id = getId(artifact); + + result = !getExludeSet().contains(id); + + if (!result && logger.isDebugEnabled()) + { + logger.debug("exlcude dependency {} because it is blacklisted", id); + } } } return result; } - /** - * Method description - * - */ - private void loadExcludes() - { - Scanner scanner = null; - - try - { - scanner = new Scanner( - AetherDependencyFilter.class.getResourceAsStream(EXCLUDE_LIST)); - - while (scanner.hasNextLine()) - { - parseLine(scanner.nextLine()); - } - } - finally - { - if (scanner != null) - { - scanner.close(); - } - } - } - - /** - * Method description - * - * - * @param line - */ - private void parseLine(String line) - { - line = line.trim(); - - if (Util.isNotEmpty(line)) - { - String[] parts = line.split(":"); - - if (parts.length >= 2) - { - exludeSet.add(parts[0].concat(":").concat(parts[1])); - } - } - } - //~--- get methods ---------------------------------------------------------- + /** + * Method description + * + * + * @return + */ + private Set getExludeSet() + { + if (exludeSet == null) + { + try + { + exludeSet = loadExcludeSet(); + } + catch (IOException ex) + { + throw Throwables.propagate(ex); + } + } + + return exludeSet; + } + /** * Method description * @@ -164,5 +151,5 @@ public class AetherDependencyFilter implements DependencyFilter //~--- fields --------------------------------------------------------------- /** Field description */ - private Set exludeSet = new HashSet(); + private Set exludeSet; } diff --git a/scm-webapp/src/main/java/sonia/scm/plugin/Aether.java b/scm-webapp/src/main/java/sonia/scm/plugin/Aether.java index 80f99cd918..6a27d5758f 100644 --- a/scm-webapp/src/main/java/sonia/scm/plugin/Aether.java +++ b/scm-webapp/src/main/java/sonia/scm/plugin/Aether.java @@ -57,6 +57,7 @@ import org.sonatype.aether.resolution.DependencyRequest; import org.sonatype.aether.resolution.DependencyResolutionException; import org.sonatype.aether.util.artifact.DefaultArtifact; import org.sonatype.aether.util.artifact.JavaScopes; +import org.sonatype.aether.util.filter.AndDependencyFilter; import org.sonatype.aether.util.filter.DependencyFilterUtils; import org.sonatype.aether.util.graph.transformer .ChainedDependencyGraphTransformer; @@ -77,7 +78,11 @@ public final class Aether { /** Field description */ - private static final DependencyFilter FILTER = new AetherDependencyFilter(); + private static final DependencyFilter FILTER = + new AndDependencyFilter( + new CoreDependencyFilter(), + new BlacklistDependencyFilter() + ); /** * the logger for Aether @@ -167,7 +172,6 @@ public final class Aether * * * @param system - * @param repositoryManager * @param localRepository * @param configuration * diff --git a/scm-webapp/src/main/java/sonia/scm/plugin/BlacklistDependencyFilter.java b/scm-webapp/src/main/java/sonia/scm/plugin/BlacklistDependencyFilter.java new file mode 100644 index 0000000000..b01da86a32 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/plugin/BlacklistDependencyFilter.java @@ -0,0 +1,65 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.plugin; + +//~--- JDK imports ------------------------------------------------------------ + +import java.io.IOException; + +import java.util.Set; + +/** + * + * @author Sebastian Sdorra + */ +public class BlacklistDependencyFilter extends AbstractDependencyFilter +{ + + /** Field description */ + private static final String BLACKLIST = "/config/blacklist.list"; + + //~--- methods -------------------------------------------------------------- + + /** + * Method description + * + * + * @return + * + * @throws IOException + */ + @Override + protected Set loadExcludeSet() throws IOException + { + return DependencyFilters.loadDependencySet(BLACKLIST); + } +} diff --git a/scm-webapp/src/main/java/sonia/scm/plugin/CoreDependencyFilter.java b/scm-webapp/src/main/java/sonia/scm/plugin/CoreDependencyFilter.java new file mode 100644 index 0000000000..528cc19ef5 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/plugin/CoreDependencyFilter.java @@ -0,0 +1,65 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.plugin; + +//~--- JDK imports ------------------------------------------------------------ + +import java.io.IOException; + +import java.util.Set; + +/** + * + * @author Sebastian Sdorra + */ +public class CoreDependencyFilter extends AbstractDependencyFilter +{ + + /** Field description */ + private static final String CORE_DEPENDENCIES = "/config/dependencies.list"; + + //~--- methods -------------------------------------------------------------- + + /** + * Method description + * + * + * @return + * + * @throws IOException + */ + @Override + protected Set loadExcludeSet() throws IOException + { + return DependencyFilters.loadDependencySet(CORE_DEPENDENCIES); + } +} diff --git a/scm-webapp/src/main/java/sonia/scm/plugin/DependencyFilters.java b/scm-webapp/src/main/java/sonia/scm/plugin/DependencyFilters.java new file mode 100644 index 0000000000..a2088f07b2 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/plugin/DependencyFilters.java @@ -0,0 +1,110 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.plugin; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.common.base.Charsets; +import com.google.common.base.Strings; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.ImmutableSet.Builder; +import com.google.common.io.Resources; + +//~--- JDK imports ------------------------------------------------------------ + +import java.io.IOException; + +import java.net.URL; + +import java.util.List; +import java.util.Set; + +/** + * + * @author Sebastian Sdorra + */ +public final class DependencyFilters +{ + + /** + * Method description + * + * + * @param path + * + * @return + * + * @throws IOException + */ + public static Set loadDependencySet(String path) throws IOException + { + URL url = Resources.getResource(DependencyFilters.class, path); + + if (url == null) + { + throw new IllegalArgumentException( + "could not find dependency set at ".concat(path)); + } + + Builder builder = ImmutableSet.builder(); + List lines = Resources.readLines(url, Charsets.UTF_8); + + for (String line : lines) + { + parseAndAppendLine(builder, line); + } + + return builder.build(); + } + + /** + * Method description + * + * + * @param builder + * @param line + */ + private static void parseAndAppendLine(Builder builder, String line) + { + line = line.trim(); + + if (!Strings.isNullOrEmpty(line)) + { + String[] parts = line.split(":"); + + if (parts.length >= 2) + { + builder.add(parts[0].concat(":").concat(parts[1])); + } + } + } +} diff --git a/scm-webapp/src/main/resources/config/blacklist.list b/scm-webapp/src/main/resources/config/blacklist.list new file mode 100644 index 0000000000..e6fb1b0be7 --- /dev/null +++ b/scm-webapp/src/main/resources/config/blacklist.list @@ -0,0 +1,10 @@ + +The following dependencies are blacklisted + commons-logging:commons-logging + log4j:log4j + junit:junit + org.mockito:mockito-core + org.mockito:mockito-all + org.mockito:mockito-junit + org.testng:testng + org.powermock:powermock \ No newline at end of file From 61f186129f49cfafb0b462a8f66618fcc7615570 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Sun, 16 Mar 2014 11:52:18 +0100 Subject: [PATCH 4/4] close branch issue-549