servicemix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject servicemix-bundles git commit: [SM-3476] Create OSGi bundle for antisamy 1.5.6
Date Sat, 02 Sep 2017 06:36:45 GMT
Repository: servicemix-bundles
Updated Branches:
  refs/heads/master c1f4e537c -> 8fcd0d0af


[SM-3476] Create OSGi bundle for antisamy 1.5.6


Project: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/repo
Commit: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/commit/8fcd0d0a
Tree: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/tree/8fcd0d0a
Diff: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/diff/8fcd0d0a

Branch: refs/heads/master
Commit: 8fcd0d0af4f79c9af1558f6ebc90b0eda80f60f7
Parents: c1f4e53
Author: Jean-Baptiste Onofré <jbonofre@apache.org>
Authored: Sat Sep 2 08:36:21 2017 +0200
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Sat Sep 2 08:36:21 2017 +0200

----------------------------------------------------------------------
 antisamy-1.5.5/pom.xml                          | 115 -------------------
 .../src/main/resources/OSGI-INF/bundle.info     |  30 -----
 antisamy-1.5.6/pom.xml                          | 114 ++++++++++++++++++
 .../src/main/resources/OSGI-INF/bundle.info     |  30 +++++
 pom.xml                                         |   1 +
 5 files changed, 145 insertions(+), 145 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.5/pom.xml
----------------------------------------------------------------------
diff --git a/antisamy-1.5.5/pom.xml b/antisamy-1.5.5/pom.xml
deleted file mode 100644
index 22913b2..0000000
--- a/antisamy-1.5.5/pom.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-
-    <!--
-
-        Licensed to the Apache Software Foundation (ASF) under one or more
-        contributor license agreements.  See the NOTICE file distributed with
-        this work for additional information regarding copyright ownership.
-        The ASF licenses this file to You under the Apache License, Version 2.0
-        (the "License"); you may not use this file except in compliance with
-        the License.  You may obtain a copy of the License at
-
-           http://www.apache.org/licenses/LICENSE-2.0
-
-        Unless required by applicable law or agreed to in writing, software
-        distributed under the License is distributed on an "AS IS" BASIS,
-        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-        See the License for the specific language governing permissions and
-        limitations under the License.
-    -->
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>org.apache.servicemix.bundles</groupId>
-        <artifactId>bundles-pom</artifactId>
-        <version>12</version>
-        <relativePath>../bundles-pom/pom.xml</relativePath>
-    </parent>
-
-    <groupId>org.apache.servicemix.bundles</groupId>
-    <artifactId>org.apache.servicemix.bundles.antisamy</artifactId>
-    <version>1.5.5_2-SNAPSHOT</version>
-    <packaging>bundle</packaging>
-    <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name>
-    <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description>
-
-    <scm>
-        <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection>
-        <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection>
-        <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url>
-        <tag>HEAD</tag>
-    </scm>
-
-    <properties>
-        <pkgGroupId>org.owasp.antisamy</pkgGroupId>
-        <pkgArtifactId>antisamy</pkgArtifactId>
-        <pkgVersion>1.5.5</pkgVersion>
-        <servicemix.osgi.export.pkg>
-            org.owasp.validator
-        </servicemix.osgi.export.pkg>
-        <servicemix.osgi.import.pkg>
-            javax.xml*,
-            org.apache.batik.css.parser;resolution:=optional,
-            org.apache.commons.httpclient*;resolution:=optional,
-            org.apache.xerces*,
-            org.apache.xml.serialize,
-            org.cyberneko.html*;resolution:=optional,
-            org.w3c.css.sac;resolution:=optional,
-            org.w3c.dom,
-            org.xml.sax
-        </servicemix.osgi.import.pkg>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>${pkgGroupId}</groupId>
-            <artifactId>${pkgArtifactId}</artifactId>
-            <version>${pkgVersion}</version>
-        </dependency>
-
-        <!-- sources -->
-        <dependency>
-            <groupId>${pkgGroupId}</groupId>
-            <artifactId>${pkgArtifactId}</artifactId>
-            <version>${pkgVersion}</version>
-            <classifier>sources</classifier>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-shade-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>shade</goal>
-                        </goals>
-                        <configuration>
-                            <artifactSet>
-                                <includes>
-                                    <include>${pkgGroupId}:${pkgArtifactId}</include>
-                                </includes>
-                            </artifactSet>
-                            <filters>
-                                <filter>
-                                    <artifact>${pkgGroupId}:${pkgArtifactId}</artifact>
-                                    <includes>
-                                        <include>*.xsd</include>
-                                        <include>*.properties</include>
-                                    </includes>
-                                </filter>
-                            </filters>
-                            <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
-                            <createDependencyReducedPom>true</createDependencyReducedPom>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-</project>

http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
----------------------------------------------------------------------
diff --git a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
deleted file mode 100644
index c98a7c0..0000000
--- a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
+++ /dev/null
@@ -1,30 +0,0 @@
-\u001B[1mSYNOPSIS\u001B[0m
-    ${project.description}
-
-    Original Maven URL:
-        \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m
-
-\u001B[1mDESCRIPTION\u001B[0m
-    The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied
HTML/CSS is in
-    compliance within an application's rules. Another way of saying that could be: It's an
API that helps you make
-    sure that clients don't supply malicious cargo code in the HTML they supply for their
profile, comments, etc.,
-    that get persisted on the server. The term "malicious code" in regards to web applications
usually mean
-    "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the
JavaScript engine. However,
-    there are many situations where "normal" HTML and CSS can be used in a malicious manner.
So we take care of that
-    too.
-
-    Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally,
the security mechanism
-    and user have a communication that is virtually one way, for good reason. Letting the
potential attacker know
-    details about the validation is considered unwise as it allows the attacker to "learn"
and "recon" the mechanism
-    for weaknesses. These types of information leaks can also hurt in ways you don't expect.
A login mechanism that
-    tells the user, "Username invalid" leaks the fact that a user by that name does not exist.
A user could use a
-    dictionary or phone book or both to remotely come up with a list of valid usernames.
Using this information, an
-    attacker could launch a brute force attack or massive account lock denial-of-service.
We get that.
-
-    Unfortunately, that's just not very usable in this situation. Typical Internet users
are largely pretty bad when it
-    comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it
from somewhere out on the web.
-    Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed
users go somewhere else to
-    do their social networking.
-
-\u001B[1mSEE ALSO\u001B[0m
-    \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m

http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.6/pom.xml
----------------------------------------------------------------------
diff --git a/antisamy-1.5.6/pom.xml b/antisamy-1.5.6/pom.xml
new file mode 100644
index 0000000..1616214
--- /dev/null
+++ b/antisamy-1.5.6/pom.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <!--
+
+        Licensed to the Apache Software Foundation (ASF) under one or more
+        contributor license agreements.  See the NOTICE file distributed with
+        this work for additional information regarding copyright ownership.
+        The ASF licenses this file to You under the Apache License, Version 2.0
+        (the "License"); you may not use this file except in compliance with
+        the License.  You may obtain a copy of the License at
+
+           http://www.apache.org/licenses/LICENSE-2.0
+
+        Unless required by applicable law or agreed to in writing, software
+        distributed under the License is distributed on an "AS IS" BASIS,
+        WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+        See the License for the specific language governing permissions and
+        limitations under the License.
+    -->
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.apache.servicemix.bundles</groupId>
+        <artifactId>bundles-pom</artifactId>
+        <version>13</version>
+        <relativePath>../bundles-pom/pom.xml</relativePath>
+    </parent>
+
+    <groupId>org.apache.servicemix.bundles</groupId>
+    <artifactId>org.apache.servicemix.bundles.antisamy</artifactId>
+    <version>1.5.6_1-SNAPSHOT</version>
+    <packaging>bundle</packaging>
+    <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name>
+    <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description>
+
+    <scm>
+        <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection>
+        <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection>
+        <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url>
+    </scm>
+
+    <properties>
+        <pkgGroupId>org.owasp.antisamy</pkgGroupId>
+        <pkgArtifactId>antisamy</pkgArtifactId>
+        <pkgVersion>1.5.6</pkgVersion>
+        <servicemix.osgi.export.pkg>
+            org.owasp.validator
+        </servicemix.osgi.export.pkg>
+        <servicemix.osgi.import.pkg>
+            javax.xml*,
+            org.apache.batik.css.parser;resolution:=optional,
+            org.apache.commons.httpclient*;resolution:=optional,
+            org.apache.xerces*,
+            org.apache.xml.serialize,
+            org.cyberneko.html*;resolution:=optional,
+            org.w3c.css.sac;resolution:=optional,
+            org.w3c.dom,
+            org.xml.sax
+        </servicemix.osgi.import.pkg>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>${pkgGroupId}</groupId>
+            <artifactId>${pkgArtifactId}</artifactId>
+            <version>${pkgVersion}</version>
+        </dependency>
+
+        <!-- sources -->
+        <dependency>
+            <groupId>${pkgGroupId}</groupId>
+            <artifactId>${pkgArtifactId}</artifactId>
+            <version>${pkgVersion}</version>
+            <classifier>sources</classifier>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <artifactSet>
+                                <includes>
+                                    <include>${pkgGroupId}:${pkgArtifactId}</include>
+                                </includes>
+                            </artifactSet>
+                            <filters>
+                                <filter>
+                                    <artifact>${pkgGroupId}:${pkgArtifactId}</artifact>
+                                    <includes>
+                                        <include>*.xsd</include>
+                                        <include>*.properties</include>
+                                    </includes>
+                                </filter>
+                            </filters>
+                            <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
+                            <createDependencyReducedPom>true</createDependencyReducedPom>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info
----------------------------------------------------------------------
diff --git a/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info
new file mode 100644
index 0000000..c98a7c0
--- /dev/null
+++ b/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info
@@ -0,0 +1,30 @@
+\u001B[1mSYNOPSIS\u001B[0m
+    ${project.description}
+
+    Original Maven URL:
+        \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m
+
+\u001B[1mDESCRIPTION\u001B[0m
+    The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied
HTML/CSS is in
+    compliance within an application's rules. Another way of saying that could be: It's an
API that helps you make
+    sure that clients don't supply malicious cargo code in the HTML they supply for their
profile, comments, etc.,
+    that get persisted on the server. The term "malicious code" in regards to web applications
usually mean
+    "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the
JavaScript engine. However,
+    there are many situations where "normal" HTML and CSS can be used in a malicious manner.
So we take care of that
+    too.
+
+    Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally,
the security mechanism
+    and user have a communication that is virtually one way, for good reason. Letting the
potential attacker know
+    details about the validation is considered unwise as it allows the attacker to "learn"
and "recon" the mechanism
+    for weaknesses. These types of information leaks can also hurt in ways you don't expect.
A login mechanism that
+    tells the user, "Username invalid" leaks the fact that a user by that name does not exist.
A user could use a
+    dictionary or phone book or both to remotely come up with a list of valid usernames.
Using this information, an
+    attacker could launch a brute force attack or massive account lock denial-of-service.
We get that.
+
+    Unfortunately, that's just not very usable in this situation. Typical Internet users
are largely pretty bad when it
+    comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it
from somewhere out on the web.
+    Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed
users go somewhere else to
+    do their social networking.
+
+\u001B[1mSEE ALSO\u001B[0m
+    \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m

http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 992595f..40a242a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,6 +65,7 @@
         <module>java_nats-0.7.1</module>
         <module>rhino-1.7.7.2</module>
         <module>json4s-3.5.3</module>
+        <module>antisamy-1.5.6</module>
     </modules>
 
 </project>


Mime
View raw message