This is an automated email from the ASF dual-hosted git repository. claude pushed a commit to branch revert-553-fix/doxia-upgrade in repository https://gitbox.apache.org/repos/asf/creadur-rat.git
commit 6bf1ecc9145ec7f6b2e4bc1c74d709e2aea8fffb Author: Claude Warren <[email protected]> AuthorDate: Tue Nov 18 18:09:22 2025 +0100 Revert "RAT-440: Upgrade Doxia to 2.0.0 to fix CVEs: CVE-2025-48924, CVE-2020…" This reverts commit 9aa438a22fc1a74f01387873316fce1fab36dd46. --- apache-rat-plugin/pom.xml | 59 ++------ .../main/java/org/apache/rat/mp/RatReportMojo.java | 159 +++++++-------------- .../java/org/apache/rat/mp/RatTestHelpers.java | 11 +- apache-rat-tools/src/main/resources/Maven.tpl | 2 +- src/site/markdown/development/ui/generator.md | 2 +- 5 files changed, 71 insertions(+), 162 deletions(-) diff --git a/apache-rat-plugin/pom.xml b/apache-rat-plugin/pom.xml index d047c435..310ca7e7 100644 --- a/apache-rat-plugin/pom.xml +++ b/apache-rat-plugin/pom.xml @@ -26,14 +26,15 @@ <packaging>maven-plugin</packaging> <name>Apache Creadur RAT::Plugin4Maven</name> <description>A plugin for Apache Maven that runs Apache RAT - to audit the source to be distributed.</description> + to audit the source to be distributed.</description> <inceptionYear>2007</inceptionYear> <prerequisites> <maven>${mavenMinVersion}</maven> </prerequisites> <properties> <currentVersion>${project.version}</currentVersion> - <doxiaVersion>2.0.0</doxiaVersion> + <doxiaVersion>1.12.0</doxiaVersion> + <doxiaSitetoolsVersion>1.11.1</doxiaSitetoolsVersion> </properties> <build> <resources> @@ -375,12 +376,12 @@ </dependency> <dependency> <groupId>org.apache.maven.doxia</groupId> - <artifactId>doxia-site-model</artifactId> - <version>${doxiaVersion}</version> + <artifactId>doxia-decoration-model</artifactId> + <version>${doxiaSitetoolsVersion}</version> </dependency> <dependency> <groupId>org.apache.maven.doxia</groupId> - <artifactId>doxia-module-xhtml5</artifactId> + <artifactId>doxia-module-xhtml</artifactId> <version>${doxiaVersion}</version> </dependency> <dependency> @@ -391,7 +392,7 @@ <dependency> <groupId>org.apache.maven.doxia</groupId> <artifactId>doxia-integration-tools</artifactId> - <version>${doxiaVersion}</version> + <version>${doxiaSitetoolsVersion}</version> <exclusions> <exclusion> <groupId>org.codehaus.plexus</groupId> @@ -402,7 +403,7 @@ <dependency> <groupId>org.apache.maven.doxia</groupId> <artifactId>doxia-site-renderer</artifactId> - <version>${doxiaVersion}</version> + <version>${doxiaSitetoolsVersion}</version> <exclusions> <exclusion> <groupId>org.codehaus.plexus</groupId> @@ -413,7 +414,7 @@ <dependency> <groupId>org.apache.maven.reporting</groupId> <artifactId>maven-reporting-api</artifactId> - <version>4.0.0</version> + <version>3.1.1</version> </dependency> <dependency> <groupId>org.apache.maven.shared</groupId> @@ -470,46 +471,4 @@ </plugin> </plugins> </reporting> - <developers> - <developer> - <id>jochen</id> - <name>Jochen Wiedmann</name> - <email>[email protected]</email> - </developer> - </developers> - <contributors> - <contributor> - <name>Bernd Bohmann</name> - <email>[email protected]</email> - </contributor> - <contributor> - <name>Lars Trieloff</name> - <email>[email protected]</email> - </contributor> - <contributor> - <name>Jukka Zitting</name> - <email>[email protected]</email> - </contributor> - </contributors> - <!-- - <profiles> - <profile> - <id>apache-release</id> - <build> - <plugins> - <plugin> - <artifactId>maven-docck-plugin</artifactId> - <executions> - <execution> - <goals> - <goal>check</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> ---> </project> diff --git a/apache-rat-plugin/src/main/java/org/apache/rat/mp/RatReportMojo.java b/apache-rat-plugin/src/main/java/org/apache/rat/mp/RatReportMojo.java index 900d78f2..2f883d6e 100644 --- a/apache-rat-plugin/src/main/java/org/apache/rat/mp/RatReportMojo.java +++ b/apache-rat-plugin/src/main/java/org/apache/rat/mp/RatReportMojo.java @@ -32,13 +32,14 @@ import java.util.Map; import java.util.ResourceBundle; import org.apache.maven.artifact.Artifact; +import org.apache.maven.artifact.repository.ArtifactRepository; import org.apache.maven.doxia.sink.Sink; import org.apache.maven.doxia.sink.SinkFactory; import org.apache.maven.doxia.sink.impl.SinkEventAttributeSet; -import org.apache.maven.doxia.site.SiteModel; -import org.apache.maven.doxia.siterenderer.DocumentRenderingContext; +import org.apache.maven.doxia.site.decoration.DecorationModel; import org.apache.maven.doxia.siterenderer.Renderer; import org.apache.maven.doxia.siterenderer.RendererException; +import org.apache.maven.doxia.siterenderer.RenderingContext; import org.apache.maven.doxia.siterenderer.SiteRenderingContext; import org.apache.maven.doxia.siterenderer.sink.SiteRendererSink; import org.apache.maven.doxia.tools.SiteTool; @@ -56,8 +57,6 @@ import org.apache.rat.Reporter; import org.apache.rat.VersionInfo; import org.apache.rat.license.LicenseSetFactory.LicenseFilter; import org.codehaus.plexus.util.ReaderFactory; -import org.eclipse.aether.repository.ArtifactRepository; -import org.eclipse.aether.repository.RemoteRepository; import static org.apache.maven.shared.utils.logging.MessageUtils.buffer; @@ -96,18 +95,9 @@ public class RatReportMojo extends AbstractRatMojo implements MavenMultiPageRepo /** * Remote repositories used for the project. - * - * @deprecated replaced by {@link #remoteRepositories} */ @Parameter(defaultValue = "${project.remoteArtifactRepositories}", readonly = true, required = true) - @Deprecated - protected List<ArtifactRepository> remoteArtifactRepositories; - - /** - * Remote repositories used for the project. - */ - @Parameter(defaultValue = "${project.remoteProjectRepositories}", readonly = true, required = true) - protected List<RemoteRepository> remoteRepositories; + protected List<ArtifactRepository> remoteRepositories; /** * SiteTool. @@ -162,9 +152,9 @@ public class RatReportMojo extends AbstractRatMojo implements MavenMultiPageRepo getSiteRenderer().copyResources(siteContext, outputDirectory); // TODO Replace null with real value - DocumentRenderingContext docContext = - new DocumentRenderingContext(outputDirectory, filename, "xhtml5"); - SiteRendererSink sink = new SiteRendererSink(docContext); + RenderingContext docRenderingContext = new RenderingContext(outputDirectory, filename, null); + + SiteRendererSink sink = new SiteRendererSink(docRenderingContext); generate(sink, null, locale); @@ -173,13 +163,12 @@ public class RatReportMojo extends AbstractRatMojo implements MavenMultiPageRepo if (!outputDirectory.exists() && !outputDirectory.mkdirs()) { getLog().error("Unable to create output directory: " + outputDirectory); } + try (Writer writer = new OutputStreamWriter( - Files.newOutputStream(new File(outputDirectory, filename).toPath()), - getOutputEncoding())) { + Files.newOutputStream(new File(outputDirectory, filename).toPath()), getOutputEncoding())) { // render report getSiteRenderer().mergeDocumentIntoSite(writer, sink, siteContext); } - } // copy generated resources also @@ -190,117 +179,53 @@ public class RatReportMojo extends AbstractRatMojo implements MavenMultiPageRepo } } - private SiteRenderingContext createSiteRenderingContext(final Locale locale) - throws MavenReportException, IOException { - SiteModel siteModel = new SiteModel(); + private SiteRenderingContext createSiteRenderingContext(final Locale locale) throws MavenReportException, IOException { + DecorationModel decorationModel = new DecorationModel(); Map<String, Object> templateProperties = new HashMap<>(); + // We tell the skin that we are rendering in standalone mode templateProperties.put("standalone", Boolean.TRUE); templateProperties.put("project", getProject()); templateProperties.put("inputEncoding", getInputEncoding()); templateProperties.put("outputEncoding", getOutputEncoding()); + // Put any of the properties in directly into the Velocity context for (Map.Entry<Object, Object> entry : getProject().getProperties().entrySet()) { templateProperties.put((String) entry.getKey(), entry.getValue()); } - org.apache.maven.doxia.site.Skin siteSkin = siteModel.getSkin(); - - if (siteSkin == null || siteSkin.getGroupId() == null - || siteSkin.getArtifactId() == null || siteSkin.getVersion() == null) { - getLog().debug("No skin configuration found in site.xml. Using default Maven skin configuration."); - - // Create a minimal default skin configuration - siteSkin = new org.apache.maven.doxia.site.Skin(); - siteSkin.setGroupId("org.apache.maven.skins"); - siteSkin.setArtifactId("maven-fluido-skin"); - } - + SiteRenderingContext context; try { - Artifact skinArtifact = siteTool.getSkinArtifactFromRepository( - session.getRepositorySession(), - remoteRepositories, - siteSkin - ); + Artifact skinArtifact = siteTool.getSkinArtifactFromRepository(session.getLocalRepository(), + remoteRepositories, decorationModel); getLog().debug(buffer().a("Rendering content with ").strong(skinArtifact.getId() + " skin").a('.').build()); - SiteRenderingContext context = siteRenderer.createContextForSkin( - skinArtifact, - templateProperties, - siteModel, - project.getName(), - locale - ); - context.setRootDirectory(project.getBasedir()); - return context; - + context = siteRenderer.createContextForSkin(skinArtifact, templateProperties, decorationModel, + project.getName(), locale); } catch (SiteToolException e) { throw new MavenReportException("Failed to retrieve skin artifact", e); } catch (RendererException e) { throw new MavenReportException("Failed to create context for skin", e); } + + // Generate static site + context.setRootDirectory(project.getBasedir()); + + return context; } /** - * This method is called when the report generation is invoked by - * maven-site-plugin. + * Generate a report. * * @param sink the sink to use for the generation. - * @param sinkFactory the sink factory to use for the generation. * @param locale the wanted locale to generate the report, could be null. * @throws MavenReportException if any + * @deprecated use {@link #generate(Sink, SinkFactory, Locale)} instead. */ + @Deprecated @Override - public void generate(final Sink sink, final SinkFactory sinkFactory, final Locale locale) throws MavenReportException { - if (!canGenerateReport()) { - // This report cannot be generated as part of the current build. - getLog().info("This report cannot be generated as part of the current build. " - + "The report name should be referenced in this line of output."); - } else { - this.sink = sink; - this.sinkFactory = sinkFactory; - - if (!(sink instanceof SiteRendererSink)) { - - generateReportManually(locale); - } else { - executeReport(locale); - } - - closeReport(); - } - } - - private void generateReportManually(final Locale locale) throws MavenReportException { - try { - File outputDir = new File(getOutputDirectory()); - String filename = getOutputName() + ".html"; - - SiteRenderingContext siteContext = createSiteRenderingContext(locale); - - if (!outputDir.exists() && !outputDir.mkdirs()) { - getLog().error("Unable to create output directory: " + outputDir); - } - - DocumentRenderingContext docContext = - new DocumentRenderingContext(outputDir, filename, "xhtml5"); - - SiteRendererSink sink = new SiteRendererSink(docContext); - - this.sink = sink; - this.sinkFactory = null; - - executeReport(locale); - - try (Writer writer = new OutputStreamWriter( - Files.newOutputStream(new File(outputDir, filename).toPath()), - getOutputEncoding())) { - getSiteRenderer().mergeDocumentIntoSite(writer, sink, siteContext); - } - - } catch (IOException | RendererException e) { - throw new MavenReportException("Failed to render RAT report manually", e); - } + public void generate(final org.codehaus.doxia.sink.Sink sink, final Locale locale) throws MavenReportException { + generate(sink, null, locale); } /** @@ -316,6 +241,32 @@ public class RatReportMojo extends AbstractRatMojo implements MavenMultiPageRepo generate(sink, null, locale); } + /** + * This method is called when the report generation is invoked by + * maven-site-plugin. + * + * @param sink the sink to use for the generation. + * @param sinkFactory the sink factory to use for the generation. + * @param locale the wanted locale to generate the report, could be null. + * @throws MavenReportException if any + */ + @Override + public void generate(final Sink sink, final SinkFactory sinkFactory, final Locale locale) throws MavenReportException { + if (!canGenerateReport()) { + getLog().info("This report cannot be generated as part of the current build. " + + "The report name should be referenced in this line of output."); + return; + } + + this.sink = sink; + + this.sinkFactory = sinkFactory; + + executeReport(locale); + + closeReport(); + } + /** * @return CATEGORY_PROJECT_REPORTS */ @@ -436,7 +387,7 @@ public class RatReportMojo extends AbstractRatMojo implements MavenMultiPageRepo sink.paragraph_(); sink.paragraph(); - sink.verbatim(new SinkEventAttributeSet()); + sink.verbatim(SinkEventAttributeSet.BOXED); try { ReportConfiguration config = getConfiguration(); config.setFrom(getDefaultsBuilder().build()); diff --git a/apache-rat-plugin/src/test/java/org/apache/rat/mp/RatTestHelpers.java b/apache-rat-plugin/src/test/java/org/apache/rat/mp/RatTestHelpers.java index cc8ba9d3..bb42d11e 100644 --- a/apache-rat-plugin/src/test/java/org/apache/rat/mp/RatTestHelpers.java +++ b/apache-rat-plugin/src/test/java/org/apache/rat/mp/RatTestHelpers.java @@ -17,8 +17,8 @@ import org.apache.commons.io.FileUtils; * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * @@ -97,7 +97,7 @@ public final class RatTestHelpers { } } else if (pSource.isFile()) { try (final FileInputStream fis = new FileInputStream(pSource); - final FileOutputStream fos = new FileOutputStream(pTarget)) { + final FileOutputStream fos = new FileOutputStream(pTarget)) { final byte[] buffer = new byte[8192]; for (;;) { int res = fis.read(buffer); @@ -122,8 +122,7 @@ public final class RatTestHelpers { * @throws Exception Creating the object failed. */ public static Renderer newSiteRenderer(PlexusContainer container) throws Exception { - // Replaced deprecated ROLE-based lookup with type+hint lookup. - return container.lookup(Renderer.class, "default"); + return (Renderer) container.lookup(Renderer.ROLE, "default"); } /** @@ -206,4 +205,4 @@ public final class RatTestHelpers { } } -} \ No newline at end of file +} diff --git a/apache-rat-tools/src/main/resources/Maven.tpl b/apache-rat-tools/src/main/resources/Maven.tpl index 13d9453e..0d5d420e 100644 --- a/apache-rat-tools/src/main/resources/Maven.tpl +++ b/apache-rat-tools/src/main/resources/Maven.tpl @@ -20,7 +20,7 @@ ${package} import org.apache.commons.cli.Option; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang.StringUtils; import org.apache.maven.plugin.AbstractMojo; import org.apache.maven.plugins.annotations.Parameter; import org.apache.rat.commandline.Arg; diff --git a/src/site/markdown/development/ui/generator.md b/src/site/markdown/development/ui/generator.md index b08559b7..195aa231 100644 --- a/src/site/markdown/development/ui/generator.md +++ b/src/site/markdown/development/ui/generator.md @@ -83,7 +83,7 @@ The `MavenGenerator` uses a template called "Maven.tpl" that looks like: ${package} import org.apache.commons.cli.Option; -import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang.StringUtils; import org.apache.maven.plugin.AbstractMojo; import org.apache.maven.plugins.annotations.Parameter; import org.apache.rat.commandline.Arg;
