mirror of
https://github.com/jlengrand/github-api.git
synced 2026-03-10 08:21:21 +00:00
Merge pull request #1124 from alexanderkjall/upgrade-commons-io
upgrade commons-io due to CVE-2021-29425
This commit is contained in:
Liam Newman
2
pom.xml
2
pom.xml
@@ -429,7 +429,7 @@
|
||||
<dependency>
|
||||
<groupId>commons-io</groupId>
|
||||
<artifactId>commons-io</artifactId>
|
||||
<version>2.4</version>
|
||||
<version>2.8.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.infradna.tool</groupId>
|
||||
|
||||
@@ -1,19 +1,42 @@
|
||||
package org.kohsuke.github;
|
||||
|
||||
import com.tngtech.archunit.base.DescribedPredicate;
|
||||
import com.tngtech.archunit.core.domain.JavaAnnotation;
|
||||
import com.tngtech.archunit.core.domain.JavaClasses;
|
||||
import com.tngtech.archunit.core.domain.*;
|
||||
import com.tngtech.archunit.core.domain.properties.HasName;
|
||||
import com.tngtech.archunit.core.domain.properties.HasOwner;
|
||||
import com.tngtech.archunit.core.importer.ClassFileImporter;
|
||||
import com.tngtech.archunit.core.importer.ImportOption;
|
||||
import com.tngtech.archunit.lang.ArchCondition;
|
||||
import com.tngtech.archunit.lang.ArchRule;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
|
||||
import org.apache.commons.lang3.builder.ToStringBuilder;
|
||||
import org.apache.commons.lang3.builder.ToStringStyle;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.Closeable;
|
||||
import java.io.InputStream;
|
||||
import java.io.Reader;
|
||||
import java.lang.reflect.Field;
|
||||
import java.nio.charset.Charset;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static com.tngtech.archunit.core.domain.JavaCall.Predicates.target;
|
||||
import static com.tngtech.archunit.core.domain.JavaClass.Predicates.resideInAPackage;
|
||||
import static com.tngtech.archunit.core.domain.JavaClass.Predicates.type;
|
||||
import static com.tngtech.archunit.core.domain.JavaClass.namesOf;
|
||||
import static com.tngtech.archunit.core.domain.properties.HasName.Predicates.name;
|
||||
import static com.tngtech.archunit.core.domain.properties.HasName.Predicates.nameContaining;
|
||||
import static com.tngtech.archunit.core.domain.properties.HasOwner.Predicates.With.owner;
|
||||
import static com.tngtech.archunit.core.domain.properties.HasParameterTypes.Predicates.rawParameterTypes;
|
||||
import static com.tngtech.archunit.lang.conditions.ArchConditions.*;
|
||||
import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.classes;
|
||||
import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.fields;
|
||||
import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.methods;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
|
||||
public class ArchTests {
|
||||
|
||||
@@ -22,7 +45,9 @@ public class ArchTests {
|
||||
.withImportOption(new ImportOption.DoNotIncludeJars())
|
||||
.importPackages("org.kohsuke.github");
|
||||
|
||||
private static final JavaClasses tesetClassFiles = new ClassFileImporter()
|
||||
private static final JavaClasses apacheCommons = new ClassFileImporter().importPackages("org.apache.commons.lang3");
|
||||
|
||||
private static final JavaClasses testClassFiles = new ClassFileImporter()
|
||||
.withImportOption(new ImportOption.OnlyIncludeTests())
|
||||
.withImportOption(new ImportOption.DoNotIncludeJars())
|
||||
.importPackages("org.kohsuke.github");
|
||||
@@ -40,7 +65,7 @@ public class ArchTests {
|
||||
|
||||
@BeforeClass
|
||||
public static void beforeClass() {
|
||||
assertTrue(classFiles.size() > 0);
|
||||
assertThat(classFiles.size(), greaterThan(0));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -113,14 +138,103 @@ public class ArchTests {
|
||||
@Test
|
||||
public void testRequireUseOfAssertThat() {
|
||||
|
||||
String reason = "This project uses `assertThat(...)` instead of other assert*() methods.";
|
||||
final String reason = "This project uses `assertThat(...)` instead of other `assert*()` methods.";
|
||||
|
||||
ArchRule onlyAssertThatRule = methods().that()
|
||||
.haveNameContaining("assert")
|
||||
.should()
|
||||
.haveName("assertThat")
|
||||
final DescribedPredicate<HasName> assertMethodOtherThanAssertThat = nameContaining("assert")
|
||||
.and(DescribedPredicate.not(name("assertThat")));
|
||||
|
||||
final ArchRule onlyAssertThatRule = classes()
|
||||
.should(not(callMethodWhere(target(assertMethodOtherThanAssertThat))))
|
||||
.because(reason);
|
||||
|
||||
onlyAssertThatRule.check(tesetClassFiles);
|
||||
onlyAssertThatRule.check(testClassFiles);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRequireUseOfOnlySpecificApacheCommons() {
|
||||
|
||||
final ArchRule onlyApprovedApacheCommonsMethods = classes()
|
||||
.should(notCallMethodsInPackageUnless("org.apache.commons..",
|
||||
// unless it is one of these methods
|
||||
targetMethodIs(StringUtils.class, "capitalize", String.class),
|
||||
targetMethodIs(StringUtils.class, "defaultString", String.class, String.class),
|
||||
targetMethodIs(StringUtils.class, "equals", CharSequence.class, CharSequence.class),
|
||||
targetMethodIs(StringUtils.class, "isBlank", CharSequence.class),
|
||||
targetMethodIs(StringUtils.class, "isEmpty", CharSequence.class),
|
||||
targetMethodIs(StringUtils.class, "join", Iterable.class, String.class),
|
||||
targetMethodIs(StringUtils.class,
|
||||
"prependIfMissing",
|
||||
String.class,
|
||||
CharSequence.class,
|
||||
CharSequence[].class),
|
||||
targetMethodIs(ToStringBuilder.class, "toString"),
|
||||
targetMethodIs(ToStringBuilder.class, "append", String.class, Object.class),
|
||||
targetMethodIs(ToStringBuilder.class, "append", String.class, long.class),
|
||||
targetMethodIs(ToStringBuilder.class, "append", String.class, int.class),
|
||||
targetMethodIs(ToStringBuilder.class, "isEmpty"),
|
||||
targetMethodIs(ToStringBuilder.class, "equals"),
|
||||
targetMethodIs(ToStringBuilder.class, "capitalize"),
|
||||
targetMethodIs(ToStringStyle.class,
|
||||
"append",
|
||||
StringBuffer.class,
|
||||
String.class,
|
||||
Object.class,
|
||||
Boolean.class),
|
||||
targetMethodIs(ReflectionToStringBuilder.class, "accept", Field.class),
|
||||
targetMethodIs(IOUtils.class, "closeQuietly", InputStream.class),
|
||||
targetMethodIs(IOUtils.class, "closeQuietly", Closeable.class),
|
||||
targetMethodIs(IOUtils.class, "toString", InputStream.class, Charset.class),
|
||||
targetMethodIs(IOUtils.class, "toString", Reader.class),
|
||||
targetMethodIs(IOUtils.class, "toByteArray", InputStream.class)))
|
||||
.because(
|
||||
"Commons methods must be manually verified to be compatible with commons-io:2.4 or earlier and commons-lang3:3.9 or earlier.");
|
||||
|
||||
onlyApprovedApacheCommonsMethods.check(classFiles);
|
||||
}
|
||||
|
||||
public static ArchCondition<JavaClass> notCallMethodsInPackageUnless(final String packageIdentifier,
|
||||
final DescribedPredicate<JavaCall<?>>... unlessPredicates) {
|
||||
DescribedPredicate<JavaCall<?>> restrictedPackageCalls = target(
|
||||
HasOwner.Predicates.With.<JavaClass>owner(resideInAPackage(packageIdentifier)));
|
||||
|
||||
if (unlessPredicates.length > 0) {
|
||||
DescribedPredicate<JavaCall<?>> allowed = unlessPredicates[0];
|
||||
for (int x = 1; x < unlessPredicates.length; x++) {
|
||||
allowed = allowed.or(unlessPredicates[x]);
|
||||
}
|
||||
restrictedPackageCalls = unless(restrictedPackageCalls, allowed);
|
||||
}
|
||||
return not(callMethodWhere(restrictedPackageCalls));
|
||||
}
|
||||
|
||||
public static DescribedPredicate<JavaCall<?>> targetMethodIs(Class<?> owner,
|
||||
String methodName,
|
||||
Class<?>... parameterTypes) {
|
||||
return JavaCall.Predicates.target(owner(type(owner)))
|
||||
.and(JavaCall.Predicates.target(name(methodName)))
|
||||
.and(JavaCall.Predicates.target(rawParameterTypes(parameterTypes)))
|
||||
.as("method is %s",
|
||||
Formatters.formatMethodSimple(owner.getSimpleName(), methodName, namesOf(parameterTypes)));
|
||||
}
|
||||
|
||||
public static <T> DescribedPredicate<T> unless(DescribedPredicate<? super T> first,
|
||||
DescribedPredicate<? super T> second) {
|
||||
return new UnlessPredicate(first, second);
|
||||
}
|
||||
|
||||
private static class UnlessPredicate<T> extends DescribedPredicate<T> {
|
||||
private final DescribedPredicate<T> current;
|
||||
private final DescribedPredicate<? super T> other;
|
||||
|
||||
UnlessPredicate(DescribedPredicate<T> current, DescribedPredicate<? super T> other) {
|
||||
super(current.getDescription() + " unless " + other.getDescription());
|
||||
this.current = checkNotNull(current);
|
||||
this.other = checkNotNull(other);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean apply(T input) {
|
||||
return current.apply(input) && !other.apply(input);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ import org.junit.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@@ -15,7 +15,7 @@ public class GHPullRequestMockTest {
|
||||
GHPullRequest pullRequest = mock(GHPullRequest.class);
|
||||
when(pullRequest.isDraft()).thenReturn(true);
|
||||
|
||||
assertTrue("Mock should return true", pullRequest.isDraft());
|
||||
assertThat("Mock should return true", pullRequest.isDraft());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -2,19 +2,24 @@ package org.kohsuke.github.internal;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.*;
|
||||
|
||||
public class EnumUtilsTest {
|
||||
|
||||
@Test
|
||||
public void testGetEnum() {
|
||||
assertNull(EnumUtils.getNullableEnumOrDefault(TestEnum.class, null, TestEnum.UNKNOWN));
|
||||
assertEquals(TestEnum.UNKNOWN, EnumUtils.getNullableEnumOrDefault(TestEnum.class, "foobar", TestEnum.UNKNOWN));
|
||||
assertEquals(TestEnum.VALUE_1, EnumUtils.getNullableEnumOrDefault(TestEnum.class, "VALUE_1", TestEnum.UNKNOWN));
|
||||
assertEquals(TestEnum.VALUE_1, EnumUtils.getNullableEnumOrDefault(TestEnum.class, "value_1", TestEnum.UNKNOWN));
|
||||
assertEquals(TestEnum.VALUE_2, EnumUtils.getNullableEnumOrDefault(TestEnum.class, "VALUE_2", TestEnum.UNKNOWN));
|
||||
assertEquals(TestEnum.VALUE_2, EnumUtils.getNullableEnumOrDefault(TestEnum.class, "value_2", TestEnum.UNKNOWN));
|
||||
assertThat(EnumUtils.getNullableEnumOrDefault(TestEnum.class, null, TestEnum.UNKNOWN), nullValue());
|
||||
assertThat(EnumUtils.getNullableEnumOrDefault(TestEnum.class, "foobar", TestEnum.UNKNOWN),
|
||||
equalTo(TestEnum.UNKNOWN));
|
||||
assertThat(EnumUtils.getNullableEnumOrDefault(TestEnum.class, "VALUE_1", TestEnum.UNKNOWN),
|
||||
equalTo(TestEnum.VALUE_1));
|
||||
assertThat(EnumUtils.getNullableEnumOrDefault(TestEnum.class, "value_1", TestEnum.UNKNOWN),
|
||||
equalTo(TestEnum.VALUE_1));
|
||||
assertThat(EnumUtils.getNullableEnumOrDefault(TestEnum.class, "VALUE_2", TestEnum.UNKNOWN),
|
||||
equalTo(TestEnum.VALUE_2));
|
||||
assertThat(EnumUtils.getNullableEnumOrDefault(TestEnum.class, "vAlUe_2", TestEnum.UNKNOWN),
|
||||
equalTo(TestEnum.VALUE_2));
|
||||
}
|
||||
|
||||
private enum TestEnum {
|
||||
|
||||
Reference in New Issue
Block a user