phoedos/pmd
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Exclude commons-io (CVE-2021-29425)

Browse Source 
Refactor last test usages to use PMD's IOUtil instead.
This commit is contained in:
Andreas Dangel
2022-06-09 16:15:19 +02:00
parent 872111f2a1
commit 4b2c3fa1a4
5 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pmd-apex/src/test/java/net/sourceforge/pmd/cpd/ApexCpdTest.java
View File

@ -11,18 +11,18 @@ import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import org.apache.commons.io.FilenameUtils;
import org.junit.Before;
import org.junit.Test;
import net.sourceforge.pmd.lang.apex.ApexLanguageModule;
import net.sourceforge.pmd.util.IOUtil;
public class ApexCpdTest {
private File testdir;
@Before
public void setUp() {
String path = FilenameUtils.normalize("src/test/resources/net/sourceforge/pmd/cpd/issue427");
String path = IOUtil.normalizePath("src/test/resources/net/sourceforge/pmd/cpd/issue427");
testdir = new File(path);
}

11
pmd-apex/src/test/java/net/sourceforge/pmd/lang/apex/ast/ApexParserTest.java
View File

@ -14,13 +14,12 @@ import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.Test;
import net.sourceforge.pmd.lang.ast.Node;
import net.sourceforge.pmd.lang.ast.xpath.internal.FileNameXPathFunction;
import net.sourceforge.pmd.util.IOUtil;
import apex.jorje.semantic.ast.compilation.Compilation;
@ -154,7 +153,7 @@ public class ApexParserTest extends ApexParserTestBase {
for (File file : fList) {
if (file.isFile() && file.getName().endsWith(".cls")) {
String sourceCode = FileUtils.readFileToString(file, StandardCharsets.UTF_8);
String sourceCode = IOUtil.readFileToString(file, StandardCharsets.UTF_8);
ApexNode<Compilation> rootNode = parse(sourceCode);
Assert.assertNotNull(rootNode);
}
@ -167,7 +166,7 @@ public class ApexParserTest extends ApexParserTestBase {
*/
@Test
public void parseInheritedSharingClass() throws IOException {
String source = IOUtils.toString(ApexParserTest.class.getResourceAsStream("InheritedSharing.cls"),
String source = IOUtil.readToString(ApexParserTest.class.getResourceAsStream("InheritedSharing.cls"),
StandardCharsets.UTF_8);
ApexNode<Compilation> rootNode = parse(source);
Assert.assertNotNull(rootNode);
@ -180,7 +179,7 @@ public class ApexParserTest extends ApexParserTestBase {
*/
@Test
public void stackOverflowDuringClassParsing() throws Exception {
String source = IOUtils.toString(ApexParserTest.class.getResourceAsStream("StackOverflowClass.cls"),
String source = IOUtil.readToString(ApexParserTest.class.getResourceAsStream("StackOverflowClass.cls"),
StandardCharsets.UTF_8);
ApexNode<Compilation> rootNode = parse(source);
Assert.assertNotNull(rootNode);
@ -191,7 +190,7 @@ public class ApexParserTest extends ApexParserTestBase {
@Test
public void verifyLineColumnNumbersInnerClasses() throws Exception {
String source = IOUtils.toString(ApexParserTest.class.getResourceAsStream("InnerClassLocations.cls"),
String source = IOUtil.readToString(ApexParserTest.class.getResourceAsStream("InnerClassLocations.cls"),
StandardCharsets.UTF_8);
source = source.replaceAll("\r\n", "\n");
ApexNode<Compilation> rootNode = parse(source);

6
pmd-java/src/test/java/net/sourceforge/pmd/ant/PMDTaskTest.java
View File

@ -9,15 +9,17 @@ import static org.junit.Assert.assertTrue;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Locale;
import org.apache.commons.io.FileUtils;
import org.junit.Rule;
import org.junit.Test;
import org.junit.contrib.java.lang.system.RestoreSystemProperties;
import org.junit.rules.ExternalResource;
import org.junit.rules.TestRule;
import net.sourceforge.pmd.util.IOUtil;
public class PMDTaskTest extends AbstractAntTestHelper {
public PMDTaskTest() {
@ -132,7 +134,7 @@ public class PMDTaskTest extends AbstractAntTestHelper {
setDefaultCharset("cp1252");
executeTarget("testFormatterEncodingWithXML");
String report = FileUtils.readFileToString(currentTempFile(), "UTF-8");
String report = IOUtil.readFileToString(currentTempFile(), StandardCharsets.UTF_8);
assertTrue(report.contains("someVariableWithÜmlaut"));
}

4
pmd-java/src/test/java/net/sourceforge/pmd/coverage/PMDCoverageTest.java
View File

@ -14,7 +14,6 @@ import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.junit.Rule;
@ -27,6 +26,7 @@ import net.sourceforge.pmd.PMD;
import net.sourceforge.pmd.lang.LanguageRegistry;
import net.sourceforge.pmd.lang.LanguageVersion;
import net.sourceforge.pmd.lang.java.JavaLanguageModule;
import net.sourceforge.pmd.util.IOUtil;
public class PMDCoverageTest {
@ -80,7 +80,7 @@ public class PMDCoverageTest {
System.err.println("Running PMD with: " + Arrays.toString(args));
PMD.runPmd(args);
report = FileUtils.readFileToString(f, StandardCharsets.UTF_8);
report = IOUtil.readFileToString(f, StandardCharsets.UTF_8);
assertEquals("Nothing should be output to stdout", 0, output.getLog().length());

9
pom.xml
View File

@ -893,6 +893,15 @@
<artifactId>kotest-runner-junit5-jvm</artifactId>
<version>${kotest.version}</version>
<scope>test</scope>
<exclusions>
<!-- exclude transitive dependency to fix CVE-2021-29425
kotest 4.4.3 depends on commons-io 2.6
-->
<exclusion>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.kotest</groupId>