Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/nahsra/antisamy into 1.7.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@davewichers
davewichers committed Jul 16, 2022
2 parents 8ec8694 + 44cac5e commit 8af6b00
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 19 deletions.
7 changes: 4 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -61,7 +61,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -75,4 +75,5 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2

2 changes: 1 addition & 1 deletion .github/workflows/shiftleft-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,6 @@ jobs:
# type: python

- name: Upload report
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: reports
26 changes: 24 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<packaging>jar</packaging>
<version>1.7.0-dev</version>
<version>1.7.0</version>
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
Expand Down Expand Up @@ -44,7 +44,7 @@
<properties>
<gpg.skip>true</gpg.skip><!-- by default skip gpg -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.build.outputTimestamp>2022-06-26T19:54:30Z</project.build.outputTimestamp>
<project.build.outputTimestamp>2022-07-16T23:54:30Z</project.build.outputTimestamp>
<project.java.target>1.8</project.java.target>
<version.findsecbugs>1.12.0</version.findsecbugs>
<version.io>2.11.0</version.io>
Expand Down Expand Up @@ -295,6 +295,26 @@
</rules>
</configuration>
</execution>
<execution>
<id>check-java7API-signatures</id>
<phase>compile</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<checkSignatureRule
implementation="org.codehaus.mojo.animal_sniffer.enforcer.CheckSignatureRule">
<signature>
<groupId>org.codehaus.mojo.signature</groupId>
<!-- Check against Java 7 API -->
<artifactId>java17</artifactId>
<version>1.0</version>
</signature>
</checkSignatureRule>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin> <!-- This plugin is disabled by default. Invoke the release profile (-Prelease) to enable it. -->
Expand Down Expand Up @@ -537,6 +557,7 @@
<artifactId>findsecbugs-plugin</artifactId>
<version>${version.findsecbugs}</version>
</plugin>

</plugins>
</build>

Expand Down Expand Up @@ -621,4 +642,5 @@
</plugin>
</plugins>
</reporting>

</project>
18 changes: 7 additions & 11 deletions src/main/java/org/owasp/validator/html/scan/AntiSamySAXScanner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,18 +56,14 @@ public class AntiSamySAXScanner extends AbstractAntiSamyScanner {

static {
// Per issue #103, an IllegalArgumentException could be thrown below if the SAX parser does
// not
// support these JAXP 1.5 features. This did actually occur in certain environments where we
// let
// the TransformerFactory create whatever instance it decided to create. For example, if
// xalan:2.7.2 was on the classpath, which doesn't support these JAXP features.
// However, this should never happen anymore because, by default, we now force the use of
// the
// JDK provided Xalan SAX parser, which DOES support these features. However, if someone
// REALLY
// not support these JAXP 1.5 features. This did actually occur in certain environments where we
// let the TransformerFactory create whatever instance it decided to create. For example, if
// xalan:2.7.2 was on the classpath, which doesn't support these JAXP features. However, this
// should never happen anymore because, by default, we now force the use of the
// JDK provided Xalan SAX parser, which DOES support these features. However, if someone REALLY
// wants to use a different implementation, they can set the new property
// "antisamy.transformerfactory.impl"
// to whatever they prefer to use, but that class must implement the two attributes we set.
// "antisamy.transformerfactory.impl" to whatever they prefer to use, but that class must
// implement the two attributes we set.

String TRANSFORMER_FACTORY_IMPL =
System.getProperty(
Expand Down
5 changes: 3 additions & 2 deletions src/site/site.xml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project name="${project.name}" xmlns="http://maven.apache.org/DECORATION/1.8.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<project name="${project.name}" xmlns="http://maven.apache.org/DECORATION/1.8.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/DECORATION/1.8.0 http://maven.apache.org/xsd/decoration-1.8.0.xsd">
<bannerLeft>
<src>/images/owasp.png</src>
Expand All @@ -8,7 +9,7 @@
<skin>
<groupId>org.apache.maven.skins</groupId>
<artifactId>maven-fluido-skin</artifactId>
<version>1.9</version>
<version>1.10.0</version>
</skin>
<custom>
<fluidoSkin>
Expand Down

0 comments on commit 8af6b00

Please sign in to comment.