This is an automated email from the ASF dual-hosted git repository.
jochen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-lang.git
The following commit(s) were added to refs/heads/master by this push:
new 9980cf11e Undoing 3322d974876b8d4f934d3544967103ebbcaef726
9980cf11e is described below
commit 9980cf11e36ee58bf8556188bf252946f290b6c8
Author: Jochen Wiedmann <jochen.wiedm...@gmail.com>
AuthorDate: Wed May 22 20:00:10 2024 +0200
Undoing 3322d974876b8d4f934d3544967103ebbcaef726
---
src/changes/changes.xml | 1 -
.../apache/commons/lang3/annotations/Insecure.java | 48 -----------------
.../org/apache/commons/lang3/annotations/Safe.java | 61 ----------------------
.../commons/lang3/annotations/package-info.java | 37 -------------
4 files changed, 147 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index b69e1f8a2..34841687a 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -140,7 +140,6 @@ The <action> type attribute can be add,update,fix,remove.
<action type="update" dev="ggregory"
due-to="Dependabot">Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
#1200.</action>
<!-- REMOVE -->
<action type="remove" dev="ggregory" due-to="Paranoïd
User">Drop obsolete JDK 13 Maven profile #1142.</action>
- <action type="add" dev="jochen">Added the annotations
package, including the Insecure, and Safe annotations.</action>
</release>
<release version="3.14.0" date="2023-11-18" description="New features and
bug fixes (Java 8 or above).">
<!-- FIX -->
diff --git a/src/main/java/org/apache/commons/lang3/annotations/Insecure.java
b/src/main/java/org/apache/commons/lang3/annotations/Insecure.java
deleted file mode 100644
index 2802f1189..000000000
--- a/src/main/java/org/apache/commons/lang3/annotations/Insecure.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.commons.lang3.annotations;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * This annotation is used to indicate, that a constructor, or method
- * is insecure to use, unless the input parameters contain safe ("trusted")
- * values.
- *
- * For example, consider a method like <pre>
- * {@literal @Insecure}
- * public void runCommand(String pCmdLine) {
- * }
- * </pre>
- *
- * The example method would invoke {@code /bin/sh} (Linux, Unix, or MacOS), or
- * {@code cmd} (Windows) to run an external command, as given by the parameter
- * {@code pCmdLine}. Obviously, depending on the value of the parameter,
- * this can be dangerous, unless the API user (downstream developer)
- * <em>knows</em>, that the parameter value is safe (for example, because it
- * is hard coded, or because it has been compared to a white list of
- * permissible values).
- */
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.CONSTRUCTOR, ElementType.METHOD})
-@Documented
-public @interface Insecure {
-}
diff --git a/src/main/java/org/apache/commons/lang3/annotations/Safe.java
b/src/main/java/org/apache/commons/lang3/annotations/Safe.java
deleted file mode 100644
index c3a710cf2..000000000
--- a/src/main/java/org/apache/commons/lang3/annotations/Safe.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.commons.lang3.annotations;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * This annotation is used to indicate, that a variable, field, or parameter
- * contains a safe value. If so, the annotated element may be used in an
- * invocation of a constructor, or method, which is annotated with
- * {@code @Insecure}.
- *
- * For example, suggest the following method declaration:
- * <pre>
- * {@literal @Insecure}
- * public void runCommand(String pCmdLine) {
- * }
- * </pre>
- *
- * Based on the example, this piece of source code would be invalid:
- * <pre>{@code
- * String cmdLine = "echo" + " " + "okay";
- * // It is unknown, whether the {@code cmdLine} variable contains a safe
value.
- * // Thus, the following should be considered dangerous:
- * runCommand(cmdLine);
- * }</pre>
- *
- * In the following example, however, the value of {@code cmdLine} is
- * supposed to be safe, so it may be used when invoking the {@code runCommand}
- * method.
- * <pre>
- * {@literal @Safe} String cmdLine = "echo" + " " + "okay";
- * // It is unknown, whether the {@code cmdLine} variable contains a safe
value.
- * // Thus, the following should be considered dangerous:
- * runCommand(cmdLine);
- * </pre>
- */
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ElementType.LOCAL_VARIABLE, ElementType.FIELD, ElementType.PARAMETER})
-@Documented
-public @interface Safe {
-
-}
diff --git
a/src/main/java/org/apache/commons/lang3/annotations/package-info.java
b/src/main/java/org/apache/commons/lang3/annotations/package-info.java
deleted file mode 100644
index 720d61069..000000000
--- a/src/main/java/org/apache/commons/lang3/annotations/package-info.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Provides annotations, that are designed to aim in static code analysis,
- * and other areas of self-describing code. As of this writing, the following
- * annotations are available:
- * <dl>
- * <dt>{@link Insecure}</dt>
- * <dd>Indicates, that a constructor, method, or parameter should only
- * take input, that can be considered as <em>safe</em>.
- * The API user (the downstream developer) is supposed to ensure, by
- * whatever means, that the input is safe, and doesn't trigger any
- * security related issues.</dd>
- * <dt>{@link Safe}</dt>
- * <dd>By annotating a variable with {@code @Safe}, the API user
- * declares, that the variable contains trusted input, that can be
- * used as a parameter in an invocation of a constructor, or method,
- * that is annotated with {@code @Insecure}.</dd>
- * </dl>
- * @since 3.15
- */
-package org.apache.commons.lang3.annotations;
