Repository: servicemix-bundles Updated Branches: refs/heads/master 687e15512 -> 142f3b51d
[SM-3526] Create OSGi bundle for antisamy 1.5.7 Project: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/repo Commit: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/commit/142f3b51 Tree: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/tree/142f3b51 Diff: http://git-wip-us.apache.org/repos/asf/servicemix-bundles/diff/142f3b51 Branch: refs/heads/master Commit: 142f3b51d425040371daddf8f88c40e64ed01336 Parents: 687e155 Author: Jean-Baptiste Onofré <[email protected]> Authored: Mon Oct 16 20:56:13 2017 +0200 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Mon Oct 16 20:56:13 2017 +0200 ---------------------------------------------------------------------- antisamy-1.5.6/pom.xml | 115 ------------------- .../src/main/resources/OSGI-INF/bundle.info | 30 ----- antisamy-1.5.7/pom.xml | 114 ++++++++++++++++++ .../src/main/resources/OSGI-INF/bundle.info | 30 +++++ pom.xml | 1 + 5 files changed, 145 insertions(+), 145 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/142f3b51/antisamy-1.5.6/pom.xml ---------------------------------------------------------------------- diff --git a/antisamy-1.5.6/pom.xml b/antisamy-1.5.6/pom.xml deleted file mode 100644 index 4b53a9e..0000000 --- a/antisamy-1.5.6/pom.xml +++ /dev/null @@ -1,115 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - - <!-- - - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - --> - - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.apache.servicemix.bundles</groupId> - <artifactId>bundles-pom</artifactId> - <version>13</version> - <relativePath>../bundles-pom/pom.xml</relativePath> - </parent> - - <groupId>org.apache.servicemix.bundles</groupId> - <artifactId>org.apache.servicemix.bundles.antisamy</artifactId> - <version>1.5.6_2-SNAPSHOT</version> - <packaging>bundle</packaging> - <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name> - <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description> - - <scm> - <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection> - <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection> - <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url> - <tag>HEAD</tag> - </scm> - - <properties> - <pkgGroupId>org.owasp.antisamy</pkgGroupId> - <pkgArtifactId>antisamy</pkgArtifactId> - <pkgVersion>1.5.6</pkgVersion> - <servicemix.osgi.export.pkg> - org.owasp.validator - </servicemix.osgi.export.pkg> - <servicemix.osgi.import.pkg> - javax.xml*, - org.apache.batik.css.parser;resolution:=optional, - org.apache.commons.httpclient*;resolution:=optional, - org.apache.xerces*, - org.apache.xml.serialize, - org.cyberneko.html*;resolution:=optional, - org.w3c.css.sac;resolution:=optional, - org.w3c.dom, - org.xml.sax - </servicemix.osgi.import.pkg> - </properties> - - <dependencies> - <dependency> - <groupId>${pkgGroupId}</groupId> - <artifactId>${pkgArtifactId}</artifactId> - <version>${pkgVersion}</version> - </dependency> - - <!-- sources --> - <dependency> - <groupId>${pkgGroupId}</groupId> - <artifactId>${pkgArtifactId}</artifactId> - <version>${pkgVersion}</version> - <classifier>sources</classifier> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-shade-plugin</artifactId> - <executions> - <execution> - <phase>package</phase> - <goals> - <goal>shade</goal> - </goals> - <configuration> - <artifactSet> - <includes> - <include>${pkgGroupId}:${pkgArtifactId}</include> - </includes> - </artifactSet> - <filters> - <filter> - <artifact>${pkgGroupId}:${pkgArtifactId}</artifact> - <includes> - <include>*.xsd</include> - <include>*.properties</include> - </includes> - </filter> - </filters> - <promoteTransitiveDependencies>true</promoteTransitiveDependencies> - <createDependencyReducedPom>true</createDependencyReducedPom> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> -</project> http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/142f3b51/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info ---------------------------------------------------------------------- diff --git a/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info deleted file mode 100644 index c98a7c0..0000000 --- a/antisamy-1.5.6/src/main/resources/OSGI-INF/bundle.info +++ /dev/null @@ -1,30 +0,0 @@ -\u001B[1mSYNOPSIS\u001B[0m - ${project.description} - - Original Maven URL: - \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m - -\u001B[1mDESCRIPTION\u001B[0m - The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in - compliance within an application's rules. Another way of saying that could be: It's an API that helps you make - sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc., - that get persisted on the server. The term "malicious code" in regards to web applications usually mean - "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However, - there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that - too. - - Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism - and user have a communication that is virtually one way, for good reason. Letting the potential attacker know - details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism - for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that - tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a - dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an - attacker could launch a brute force attack or massive account lock denial-of-service. We get that. - - Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it - comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web. - Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to - do their social networking. - -\u001B[1mSEE ALSO\u001B[0m - \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/142f3b51/antisamy-1.5.7/pom.xml ---------------------------------------------------------------------- diff --git a/antisamy-1.5.7/pom.xml b/antisamy-1.5.7/pom.xml new file mode 100644 index 0000000..61ab099 --- /dev/null +++ b/antisamy-1.5.7/pom.xml @@ -0,0 +1,114 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + + <!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>bundles-pom</artifactId> + <version>13</version> + <relativePath>../bundles-pom/pom.xml</relativePath> + </parent> + + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>org.apache.servicemix.bundles.antisamy</artifactId> + <version>1.5.7_1-SNAPSHOT</version> + <packaging>bundle</packaging> + <name>Apache ServiceMix :: Bundles :: ${pkgArtifactId}</name> + <description>This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file.</description> + + <scm> + <connection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</connection> + <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/servicemix-bundles.git</developerConnection> + <url>https://git-wip-us.apache.org/repos/asf?p=servicemix-bundles.git</url> + </scm> + + <properties> + <pkgGroupId>org.owasp.antisamy</pkgGroupId> + <pkgArtifactId>antisamy</pkgArtifactId> + <pkgVersion>1.5.7</pkgVersion> + <servicemix.osgi.export.pkg> + org.owasp.validator + </servicemix.osgi.export.pkg> + <servicemix.osgi.import.pkg> + javax.xml*, + org.apache.batik.css.parser;resolution:=optional, + org.apache.commons.httpclient*;resolution:=optional, + org.apache.xerces*, + org.apache.xml.serialize, + org.cyberneko.html*;resolution:=optional, + org.w3c.css.sac;resolution:=optional, + org.w3c.dom, + org.xml.sax + </servicemix.osgi.import.pkg> + </properties> + + <dependencies> + <dependency> + <groupId>${pkgGroupId}</groupId> + <artifactId>${pkgArtifactId}</artifactId> + <version>${pkgVersion}</version> + </dependency> + + <!-- sources --> + <dependency> + <groupId>${pkgGroupId}</groupId> + <artifactId>${pkgArtifactId}</artifactId> + <version>${pkgVersion}</version> + <classifier>sources</classifier> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-shade-plugin</artifactId> + <executions> + <execution> + <phase>package</phase> + <goals> + <goal>shade</goal> + </goals> + <configuration> + <artifactSet> + <includes> + <include>${pkgGroupId}:${pkgArtifactId}</include> + </includes> + </artifactSet> + <filters> + <filter> + <artifact>${pkgGroupId}:${pkgArtifactId}</artifact> + <includes> + <include>*.xsd</include> + <include>*.properties</include> + </includes> + </filter> + </filters> + <promoteTransitiveDependencies>true</promoteTransitiveDependencies> + <createDependencyReducedPom>true</createDependencyReducedPom> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> +</project> http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/142f3b51/antisamy-1.5.7/src/main/resources/OSGI-INF/bundle.info ---------------------------------------------------------------------- diff --git a/antisamy-1.5.7/src/main/resources/OSGI-INF/bundle.info b/antisamy-1.5.7/src/main/resources/OSGI-INF/bundle.info new file mode 100644 index 0000000..c98a7c0 --- /dev/null +++ b/antisamy-1.5.7/src/main/resources/OSGI-INF/bundle.info @@ -0,0 +1,30 @@ +\u001B[1mSYNOPSIS\u001B[0m + ${project.description} + + Original Maven URL: + \u001B[33mmvn:${pkgGroupId}/${pkgArtifactId}/${pkgVersion}\u001B[0m + +\u001B[1mDESCRIPTION\u001B[0m + The OWASP AntiSamy project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in + compliance within an application's rules. Another way of saying that could be: It's an API that helps you make + sure that clients don't supply malicious cargo code in the HTML they supply for their profile, comments, etc., + that get persisted on the server. The term "malicious code" in regards to web applications usually mean + "JavaScript." Cascading Stylesheets are only considered malicious when they invoke the JavaScript engine. However, + there are many situations where "normal" HTML and CSS can be used in a malicious manner. So we take care of that + too. + + Philosophically, AntiSamy is a departure from contemporary security mechanisms. Generally, the security mechanism + and user have a communication that is virtually one way, for good reason. Letting the potential attacker know + details about the validation is considered unwise as it allows the attacker to "learn" and "recon" the mechanism + for weaknesses. These types of information leaks can also hurt in ways you don't expect. A login mechanism that + tells the user, "Username invalid" leaks the fact that a user by that name does not exist. A user could use a + dictionary or phone book or both to remotely come up with a list of valid usernames. Using this information, an + attacker could launch a brute force attack or massive account lock denial-of-service. We get that. + + Unfortunately, that's just not very usable in this situation. Typical Internet users are largely pretty bad when it + comes to writing HTML/CSS, so where do they get their HTML from? Usually they copy it from somewhere out on the web. + Simply rejecting their input without any clue as to why is jolting and annoying. Annoyed users go somewhere else to + do their social networking. + +\u001B[1mSEE ALSO\u001B[0m + \u001B[36mhttps://www.owasp.org/index.php/Antisamy\u001B[0m http://git-wip-us.apache.org/repos/asf/servicemix-bundles/blob/142f3b51/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index e4b6fbb..86401a3 100644 --- a/pom.xml +++ b/pom.xml @@ -63,6 +63,7 @@ <module>fastjson-1.2.39</module> <module>jest-5.3.3</module> <module>aspectj-1.8.11</module> + <module>antisamy-1.5.7</module> </modules> </project>
