You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by ol...@apache.org on 2013/06/24 04:50:06 UTC

svn commit: r1495908 - /maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java

Author: olamy
Date: Mon Jun 24 02:50:05 2013
New Revision: 1495908

URL: http://svn.apache.org/r1495908
Log:
format sources

Modified:
    maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java

Modified: maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java
URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java?rev=1495908&r1=1495907&r2=1495908&view=diff
==============================================================================
--- maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java (original)
+++ maven/plugins/trunk/maven-javadoc-plugin/src/main/java/org/apache/maven/plugin/javadoc/AbstractJavadocMojo.java Mon Jun 24 02:50:05 2013
@@ -2018,13 +2018,16 @@ public abstract class AbstractJavadocMoj
                 scriptFile.delete();
             }
         }
-        
+
         // finally, patch the Javadoc vulnerability in older Javadoc tools (CVE-2013-1571):
         try
         {
-            final int patched = fixFrameInjectionBug(javadocOutputDirectory, getDocencoding());
-            if (patched > 0) {
-                getLog().info(String.format("Fixed Javadoc frame injection vulnerability (CVE-2013-1571) in %d files.", patched));
+            final int patched = fixFrameInjectionBug( javadocOutputDirectory, getDocencoding() );
+            if ( patched > 0 )
+            {
+                getLog().info(
+                    String.format( "Fixed Javadoc frame injection vulnerability (CVE-2013-1571) in %d files.",
+                                   patched ) );
             }
         }
         catch ( IOException e )
@@ -5089,41 +5092,52 @@ public abstract class AbstractJavadocMoj
     /**
      * Patches the given Javadoc output directory to work around CVE-2013-1571
      * (see http://www.kb.cert.org/vuls/id/225657).
+     *
      * @param javadocOutputDirectory directory to scan for vulnerabilities
-     * @param outputEncoding encoding used by the javadoc tool (-docencoding parameter).
-     *     If {@code null}, the platform's default encoding is used (like javadoc does).
+     * @param outputEncoding         encoding used by the javadoc tool (-docencoding parameter).
+     *                               If {@code null}, the platform's default encoding is used (like javadoc does).
      * @return the number of patched files
      */
-    private int fixFrameInjectionBug(File javadocOutputDirectory, String outputEncoding) throws IOException {
+    private int fixFrameInjectionBug( File javadocOutputDirectory, String outputEncoding )
+        throws IOException
+    {
         final String fixData;
-        final InputStream in = this.getClass().getResourceAsStream("frame-injection-fix.txt");
-        if (in == null) {
-            throw new FileNotFoundException("Missing resource 'frame-injection-fix.txt' in classpath.");
-        }
-        try {
-            fixData = StringUtils.unifyLineSeparators(IOUtil.toString(in, "US-ASCII")).trim();
-        } finally {
-            IOUtil.close(in);
+        final InputStream in = this.getClass().getResourceAsStream( "frame-injection-fix.txt" );
+        if ( in == null )
+        {
+            throw new FileNotFoundException( "Missing resource 'frame-injection-fix.txt' in classpath." );
+        }
+        try
+        {
+            fixData = StringUtils.unifyLineSeparators( IOUtil.toString( in, "US-ASCII" ) ).trim();
+        }
+        finally
+        {
+            IOUtil.close( in );
         }
 
         final DirectoryScanner ds = new DirectoryScanner();
-        ds.setBasedir(javadocOutputDirectory);
-        ds.setCaseSensitive(false);
-        ds.setIncludes(new String[] { "**/index.html", "**/index.htm", "**/toc.html", "**/toc.htm" });
+        ds.setBasedir( javadocOutputDirectory );
+        ds.setCaseSensitive( false );
+        ds.setIncludes( new String[]{ "**/index.html", "**/index.htm", "**/toc.html", "**/toc.htm" } );
         ds.addDefaultExcludes();
         ds.scan();
         int patched = 0;
-        for (String f : ds.getIncludedFiles()) {
-            final File file = new File(javadocOutputDirectory, f);
+        for ( String f : ds.getIncludedFiles() )
+        {
+            final File file = new File( javadocOutputDirectory, f );
             // we load the whole file as one String (toc/index files are
             // generally small, because they only contain frameset declaration):
-            final String fileContents = FileUtils.fileRead(file, outputEncoding);
+            final String fileContents = FileUtils.fileRead( file, outputEncoding );
             // check if file may be vulnerable because it was not patched with "validURL(url)":
-            if (!StringUtils.contains(fileContents, "function validURL(url) {")) {
+            if ( !StringUtils.contains( fileContents, "function validURL(url) {" ) )
+            {
                 // we need to patch the file!
-                final String patchedFileContents = StringUtils.replaceOnce(fileContents, "function loadFrames() {", fixData);
-                if (!patchedFileContents.equals(fileContents)) {
-                    FileUtils.fileWrite(file, outputEncoding, patchedFileContents);
+                final String patchedFileContents =
+                    StringUtils.replaceOnce( fileContents, "function loadFrames() {", fixData );
+                if ( !patchedFileContents.equals( fileContents ) )
+                {
+                    FileUtils.fileWrite( file, outputEncoding, patchedFileContents );
                     patched++;
                 }
             }