Repository: servicemix-bundles Updated Branches: refs/heads/master 6ac49ee1d -> 1098ddda2
[SM-3202] Create OSGi bundle for antisamy 1.5.5 Project: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/repo Commit: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/commit/1098ddda Tree: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/tree/1098ddda Diff: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/diff/1098ddda Branch: refs/heads/master Commit: 1098ddda299f8106a77477042bf81cd1d1ab63bf Parents: 6ac49ee Author: Jean-Baptiste Onofré <[email protected]> Authored: Sun Jan 1 07:21:39 2017 +0100 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Sun Jan 1 07:21:39 2017 +0100 ---------------------------------------------------------------------- antisamy-1.5.5/pom.xml | 115 +++++++++++++++++++ .../src/main/resources/OSGI-INF/bundle.info | 30 +++++ pom.xml | 1 + 3 files changed, 146 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/1098ddda/antisamy-1.5.5/pom.xml ---------------------------------------------------------------------- diff --git a/antisamy-1.5.5/pom.xml b/antisamy-1.5.5/pom.xml new file mode 100644 index 0000000..e3808bc --- /dev/null +++ b/antisamy-1.5.5/pom.xml @@ -0,0 +1,115 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + + <!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>bundles-pom</artifactId> + <version>12</version> + <relativePath>../bundles-pom/pom.xml</relativePath> + </parent> + + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>org.apache.servicemix.bundles.antisamy</artifactId> + <version>1.5.5_1-SNAPSHOT</version> + <packaging>bundle</packaging> + <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name> + <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description> + + <scm> + <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection> + <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection> + <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url> + <tag>HEAD</tag> + </scm> + + <properties> + <pkgGroupId>org.owasp.antisamy</pkgGroupId> + <pkgArtifactId>antisamy</pkgArtifactId> + <pkgVersion>1.5.5</pkgVersion> + <servicemix.osgi.export.pkg> + org.owasp.validator + </servicemix.osgi.export.pkg> + <servicemix.osgi.import.pkg> + javax.xml*, + org.apache.batik.css.parser;resolution:=optional, + org.apache.commons.httpclient*;resolution:=optional, + org.apache.xerces*, + org.apache.xml.serialize, + org.cyberneko.html*;resolution:=optional, + org.w3c.css.sac;resolution:=optional, + org.w3c.dom, + org.xml.sax + </servicemix.osgi.import.pkg> + </properties> + + <dependencies> + <dependency> + <groupId>${pkgGroupId}</groupId> + <artifactId>${pkgArtifactId}</artifactId> + <version>${pkgVersion}</version> + </dependency> + + <!-- sources --> + <dependency> + <groupId>${pkgGroupId}</groupId> + <artifactId>${pkgArtifactId}</artifactId> + <version>${pkgVersion}</version> + <classifier>sources</classifier> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-shade-plugin</artifactId> + <executions> + <execution> + <phase>package</phase> + <goals> + <goal>shade</goal> + </goals> + <configuration> + <artifactSet> + <includes> + <include>${pkgGroupId}:${pkgArtifactId}</include> + </includes> + </artifactSet> + <filters> + <filter> + <artifact>${pkgGroupId}:${pkgArtifactId}</artifact> + <includes> + <include>*.xsd</include> + <include>*.properties</include> + </includes> + </filter> + </filters> + <promoteTransitiveDependencies>true</promoteTransitiveDependencies> + <createDependencyReducedPom>true</createDependencyReducedPom> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> +</project> http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/1098ddda/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info ---------------------------------------------------------------------- diff --git a/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info new file mode 100644 index 0000000..c98a7c0 --- /dev/null +++ b/antisamy-1.5.5/src/main/resources/OSGI-INF/bundle.info @@ -0,0 +1,30 @@ +\u001B[1mSYNOPSIS\u001B[0m + ${project.description} + + Original Maven URL: + \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m + +\u001B[1mDESCRIPTION\u001B[0m + The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in + compliance within an application's rules. Another way of saying that could be: It's an API that helps you make + sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc., + that get persisted on the server. The term "malicious code" in regards to web applications usually mean + "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However, + there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that + too. + + Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism + and user have a communication that is virtually one way, for good reason. Letting the potential attacker know + details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism + for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that + tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a + dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an + attacker could launch a brute force attack or massive account lock denial-of-service. We get that. + + Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it + comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web. + Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to + do their social networking. + +\u001B[1mSEE ALSO\u001B[0m + \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/1098ddda/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 8fb13a5..feaa585 100644 --- a/pom.xml +++ b/pom.xml @@ -126,6 +126,7 @@ <module>hbase-1.2.4</module> <module>orbitz-consul-client-0.13.8</module> <module>quickfix-1.6.3</module> + <module>antisamy-1.5.5</module> </modules> </project>
