servicemix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject servicemix-bundles git commit: [SM-3202] Create OSGi bundle for antisamy 1.5.5
Date Sun, 01 Jan 2017 06:22:03 GMT
Repository: servicemix-bundles
Updated Branches:
  refs/heads/master 6ac49ee1d -> 1098ddda2


[SM-3202] Create OSGi bundle for antisamy 1.5.5


Project: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/repo
Commit: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/commit/1098ddda
Tree: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/tree/1098ddda
Diff: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/diff/1098ddda

Branch: refs/heads/master
Commit: 1098ddda299f8106a77477042bf81cd1d1ab63bf
Parents: 6ac49ee
Author: Jean-Baptiste Onofré <jbonofre@apache.org>
Authored: Sun Jan 1 07:21:39 2017 +0100
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Sun Jan 1 07:21:39 2017 +0100

----------------------------------------------------------------------
 antisamy-1.5.5/pom.xml                          | 115 +++++++++++++++++++
 .../src/main/resources/OSGI-INF/bundle.info     |  30 +++++
 pom.xml                                         |   1 +
 3 files changed, 146 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/1098ddda/antisamy-1.5.5/pom.xml
----------------------------------------------------------------------
diff --git a/antisamy-1.5.5/pom.xml b/antisamy-1.5.5/pom.xml
new file mode 100644
index 0000000..e3808bc
--- /dev/null
+++ b/antisamy-1.5.5/pom.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <!--
+
+        Licensed to the Apache Software Foundation (ASF) under one or more
+        contributor license agreements.  See the NOTICE file distributed with
+        this work for additional information regarding copyright ownership.
+        The ASF licenses this file to You under the Apache License, Version 2.0
+        (the "License"); you may not use this file except in compliance with
+        the License.  You may obtain a copy of the License at
+
+           http://www.apache.org/licenses/LICENSE-2.0
+
+        Unless required by applicable law or agreed to in writing, software
+        distributed under the License is distributed on an "AS IS" BASIS,
+        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+        See the License for the specific language governing permissions and
+        limitations under the License.
+    -->
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.apache.servicemix.bundles</groupId>
+        <artifactId>bundles-pom</artifactId>
+        <version>12</version>
+        <relativePath>../bundles-pom/pom.xml</relativePath>
+    </parent>
+
+    <groupId>org.apache.servicemix.bundles</groupId>
+    <artifactId>org.apache.servicemix.bundles.antisamy</artifactId>
+    <version>1.5.5_1-SNAPSHOT</version>
+    <packaging>bundle</packaging>
+    <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name>
+    <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description>
+
+    <scm>
+        <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection>
+        <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection>
+        <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url>
+        <tag>HEAD</tag>
+    </scm>
+
+    <properties>
+        <pkgGroupId>org.owasp.antisamy</pkgGroupId>
+        <pkgArtifactId>antisamy</pkgArtifactId>
+        <pkgVersion>1.5.5</pkgVersion>
+        <servicemix.osgi.export.pkg>
+            org.owasp.validator
+        </servicemix.osgi.export.pkg>
+        <servicemix.osgi.import.pkg>
+            javax.xml*,
+            org.apache.batik.css.parser;resolution:=optional,
+            org.apache.commons.httpclient*;resolution:=optional,
+            org.apache.xerces*,
+            org.apache.xml.serialize,
+            org.cyberneko.html*;resolution:=optional,
+            org.w3c.css.sac;resolution:=optional,
+            org.w3c.dom,
+            org.xml.sax
+        </servicemix.osgi.import.pkg>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>${pkgGroupId}</groupId>
+            <artifactId>${pkgArtifactId}</artifactId>
+            <version>${pkgVersion}</version>
+        </dependency>
+
+        <!-- sources -->
+        <dependency>
+            <groupId>${pkgGroupId}</groupId>
+            <artifactId>${pkgArtifactId}</artifactId>
+            <version>${pkgVersion}</version>
+            <classifier>sources</classifier>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <artifactSet>
+                                <includes>
+                                    <include>${pkgGroupId}:${pkgArtifactId}</include>
+                                </includes>
+                            </artifactSet>
+                            <filters>
+                                <filter>
+                                    <artifact>${pkgGroupId}:${pkgArtifactId}</artifact>
+                                    <includes>
+                                        <include>*.xsd</include>
+                                        <include>*.properties</include>
+                                    </includes>
+                                </filter>
+                            </filters>
+                            <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
+                            <createDependencyReducedPom>true</createDependencyReducedPom>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/1098ddda/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
----------------------------------------------------------------------
diff --git a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
new file mode 100644
index 0000000..c98a7c0
--- /dev/null
+++ b/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
@@ -0,0 +1,30 @@
+\u001B[1mSYNOPSIS\u001B[0m
+    ${project.description}
+
+    Original Maven URL:
+        \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m
+
+\u001B[1mDESCRIPTION\u001B[0m
+    The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied
HTML/CSS is in
+    compliance within an application's rules. Another way of saying that could be: It's an
API that helps you make
+    sure that clients don't supply malicious cargo code in the HTML they supply for their
profile, comments, etc.,
+    that get persisted on the server. The term "malicious code" in regards to web applications
usually mean
+    "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the
JavaScript engine. However,
+    there are many situations where "normal" HTML and CSS can be used in a malicious manner.
So we take care of that
+    too.
+
+    Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally,
the security mechanism
+    and user have a communication that is virtually one way, for good reason. Letting the
potential attacker know
+    details about the validation is considered unwise as it allows the attacker to "learn"
and "recon" the mechanism
+    for weaknesses. These types of information leaks can also hurt in ways you don't expect.
A login mechanism that
+    tells the user, "Username invalid" leaks the fact that a user by that name does not exist.
A user could use a
+    dictionary or phone book or both to remotely come up with a list of valid usernames.
Using this information, an
+    attacker could launch a brute force attack or massive account lock denial-of-service.
We get that.
+
+    Unfortunately, that's just not very usable in this situation. Typical Internet users
are largely pretty bad when it
+    comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it
from somewhere out on the web.
+    Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed
users go somewhere else to
+    do their social networking.
+
+\u001B[1mSEE ALSO\u001B[0m
+    \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m

http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/1098ddda/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 8fb13a5..feaa585 100644
--- a/pom.xml
+++ b/pom.xml
@@ -126,6 +126,7 @@
         <module>hbase-1.2.4</module>
         <module>orbitz-consul-client-0.13.8</module>
         <module>quickfix-1.6.3</module>
+        <module>antisamy-1.5.5</module>
     </modules>
 
 </project>


Mime
View raw message