You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by jb...@apache.org on 2017/09/02 06:36:45 UTC
servicemix-bundles git commit: [SM-3476] Create OSGi bundle for
antisamy 1.5.6
Repository: servicemix-bundles
Updated Branches:
refs/heads/master c1f4e537c -> 8fcd0d0af
[SM-3476] Create OSGi bundle for antisamy 1.5.6
Project: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/repo
Commit: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/commit/8fcd0d0a
Tree: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/tree/8fcd0d0a
Diff: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/diff/8fcd0d0a
Branch: refs/heads/master
Commit: 8fcd0d0af4f79c9af1558f6ebc90b0eda80f60f7
Parents: c1f4e53
Author: Jean-Baptiste Onofré <jb...@apache.org>
Authored: Sat Sep 2 08:36:21 2017 +0200
Committer: Jean-Baptiste Onofré <jb...@apache.org>
Committed: Sat Sep 2 08:36:21 2017 +0200
----------------------------------------------------------------------
antisamy-1.5.5/pom.xml | 115 -------------------
.../src/main/resources/OSGI-INF/bundle.info | 30 -----
antisamy-1.5.6/pom.xml | 114 ++++++++++++++++++
.../src/main/resources/OSGI-INF/bundle.info | 30 +++++
pom.xml | 1 +
5 files changed, 145 insertions(+), 145 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.5/pom.xml
----------------------------------------------------------------------
diff --git a/antisamy-1.5.5/pom.xml b/antisamy-1.5.5/pom.xml
deleted file mode 100644
index 22913b2..0000000
--- a/antisamy-1.5.5/pom.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-
- <!--
-
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
-
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <groupId>org.apache.servicemix.bundles</groupId>
- <artifactId>bundles-pom</artifactId>
- <version>12</version>
- <relativePath>../bundles-pom/pom.xml</relativePath>
- </parent>
-
- <groupId>org.apache.servicemix.bundles</groupId>
- <artifactId>org.apache.servicemix.bundles.antisamy</artifactId>
- <version>1.5.5_2-SNAPSHOT</version>
- <packaging>bundle</packaging>
- <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name>
- <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description>
-
- <scm>
- <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection>
- <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection>
- <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url>
- <tag>HEAD</tag>
- </scm>
-
- <properties>
- <pkgGroupId>org.owasp.antisamy</pkgGroupId>
- <pkgArtifactId>antisamy</pkgArtifactId>
- <pkgVersion>1.5.5</pkgVersion>
- <servicemix.osgi.export.pkg>
- org.owasp.validator
- </servicemix.osgi.export.pkg>
- <servicemix.osgi.import.pkg>
- javax.xml*,
- org.apache.batik.css.parser;resolution:=optional,
- org.apache.commons.httpclient*;resolution:=optional,
- org.apache.xerces*,
- org.apache.xml.serialize,
- org.cyberneko.html*;resolution:=optional,
- org.w3c.css.sac;resolution:=optional,
- org.w3c.dom,
- org.xml.sax
- </servicemix.osgi.import.pkg>
- </properties>
-
- <dependencies>
- <dependency>
- <groupId>${pkgGroupId}</groupId>
- <artifactId>${pkgArtifactId}</artifactId>
- <version>${pkgVersion}</version>
- </dependency>
-
- <!-- sources -->
- <dependency>
- <groupId>${pkgGroupId}</groupId>
- <artifactId>${pkgArtifactId}</artifactId>
- <version>${pkgVersion}</version>
- <classifier>sources</classifier>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-shade-plugin</artifactId>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>shade</goal>
- </goals>
- <configuration>
- <artifactSet>
- <includes>
- <include>${pkgGroupId}:${pkgArtifactId}</include>
- </includes>
- </artifactSet>
- <filters>
- <filter>
- <artifact>${pkgGroupId}:${pkgArtifactId}</artifact>
- <includes>
- <include>*.xsd</include>
- <include>*.properties</include>
- </includes>
- </filter>
- </filters>
- <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
- <createDependencyReducedPom>true</createDependencyReducedPom>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
----------------------------------------------------------------------
diff --git a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
deleted file mode 100644
index c98a7c0..0000000
--- a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info
+++ /dev/null
@@ -1,30 +0,0 @@
-\u001B[1mSYNOPSIS\u001B[0m
- ${project.description}
-
- Original Maven URL:
- \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m
-
-\u001B[1mDESCRIPTION\u001B[0m
- The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in
- compliance within an application's rules. Another way of saying that could be: It's an API that helps you make
- sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc.,
- that get persisted on the server. The term "malicious code" in regards to web applications usually mean
- "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However,
- there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that
- too.
-
- Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism
- and user have a communication that is virtually one way, for good reason. Letting the potential attacker know
- details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism
- for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that
- tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a
- dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an
- attacker could launch a brute force attack or massive account lock denial-of-service. We get that.
-
- Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it
- comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web.
- Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to
- do their social networking.
-
-\u001B[1mSEE ALSO\u001B[0m
- \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m
http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.6/pom.xml
----------------------------------------------------------------------
diff --git a/antisamy-1.5.6/pom.xml b/antisamy-1.5.6/pom.xml
new file mode 100644
index 0000000..1616214
--- /dev/null
+++ b/antisamy-1.5.6/pom.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.servicemix.bundles</groupId>
+ <artifactId>bundles-pom</artifactId>
+ <version>13</version>
+ <relativePath>../bundles-pom/pom.xml</relativePath>
+ </parent>
+
+ <groupId>org.apache.servicemix.bundles</groupId>
+ <artifactId>org.apache.servicemix.bundles.antisamy</artifactId>
+ <version>1.5.6_1-SNAPSHOT</version>
+ <packaging>bundle</packaging>
+ <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name>
+ <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description>
+
+ <scm>
+ <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection>
+ <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection>
+ <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url>
+ </scm>
+
+ <properties>
+ <pkgGroupId>org.owasp.antisamy</pkgGroupId>
+ <pkgArtifactId>antisamy</pkgArtifactId>
+ <pkgVersion>1.5.6</pkgVersion>
+ <servicemix.osgi.export.pkg>
+ org.owasp.validator
+ </servicemix.osgi.export.pkg>
+ <servicemix.osgi.import.pkg>
+ javax.xml*,
+ org.apache.batik.css.parser;resolution:=optional,
+ org.apache.commons.httpclient*;resolution:=optional,
+ org.apache.xerces*,
+ org.apache.xml.serialize,
+ org.cyberneko.html*;resolution:=optional,
+ org.w3c.css.sac;resolution:=optional,
+ org.w3c.dom,
+ org.xml.sax
+ </servicemix.osgi.import.pkg>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>${pkgGroupId}</groupId>
+ <artifactId>${pkgArtifactId}</artifactId>
+ <version>${pkgVersion}</version>
+ </dependency>
+
+ <!-- sources -->
+ <dependency>
+ <groupId>${pkgGroupId}</groupId>
+ <artifactId>${pkgArtifactId}</artifactId>
+ <version>${pkgVersion}</version>
+ <classifier>sources</classifier>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ <configuration>
+ <artifactSet>
+ <includes>
+ <include>${pkgGroupId}:${pkgArtifactId}</include>
+ </includes>
+ </artifactSet>
+ <filters>
+ <filter>
+ <artifact>${pkgGroupId}:${pkgArtifactId}</artifact>
+ <includes>
+ <include>*.xsd</include>
+ <include>*.properties</include>
+ </includes>
+ </filter>
+ </filters>
+ <promoteTransitiveDependencies>true</promoteTransitiveDependencies>
+ <createDependencyReducedPom>true</createDependencyReducedPom>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info
----------------------------------------------------------------------
diff --git a/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info
new file mode 100644
index 0000000..c98a7c0
--- /dev/null
+++ b/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info
@@ -0,0 +1,30 @@
+\u001B[1mSYNOPSIS\u001B[0m
+ ${project.description}
+
+ Original Maven URL:
+ \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m
+
+\u001B[1mDESCRIPTION\u001B[0m
+ The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in
+ compliance within an application's rules. Another way of saying that could be: It's an API that helps you make
+ sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc.,
+ that get persisted on the server. The term "malicious code" in regards to web applications usually mean
+ "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However,
+ there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that
+ too.
+
+ Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism
+ and user have a communication that is virtually one way, for good reason. Letting the potential attacker know
+ details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism
+ for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that
+ tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a
+ dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an
+ attacker could launch a brute force attack or massive account lock denial-of-service. We get that.
+
+ Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it
+ comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web.
+ Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to
+ do their social networking.
+
+\u001B[1mSEE ALSO\u001B[0m
+ \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m
http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/8fcd0d0a/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 992595f..40a242a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,6 +65,7 @@
<module>java_nats-0.7.1</module>
<module>rhino-1.7.7.2</module>
<module>json4s-3.5.3</module>
+ <module>antisamy-1.5.6</module>
</modules>
</project>