sonatype-lift[bot] commented on code in PR #1307:
URL: https://github.com/apache/solr/pull/1307#discussion_r1083883602
##########
solr/core/src/java/org/apache/solr/core/ConfigSet.java:
##########
@@ -53,17 +56,17 @@ public String getName() {
}
public SolrConfig getSolrConfig() {
- return solrconfig;
+ return solrConfig;
}
/**
- *
* @param forceFetch get a fresh value and not cached value
Review Comment:
<picture><img alt="45% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/45/display.svg";></picture>
đŦ 6 similar findings have been found in this PR
---
*[MissingSummary](https://google.github.io/styleguide/javaguide.html#s7.2-summary-fragment):*
A summary line is required on public/protected Javadocs.
---
<details><summary><b>đ Expand here to view all instances of this
finding</b></summary><br/>
<div align=\"center\">
| **File Path** | **Line Number** |
| ------------- | ------------- |
| solr/solrj/src/java/org/apache/solr/client/solrj/ResponseParser.java |
[60](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/solrj/src/java/org/apache/solr/client/solrj/ResponseParser.java#L60)
|
| solr/core/src/java/org/apache/solr/request/LocalSolrQueryRequest.java |
[34](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/request/LocalSolrQueryRequest.java#L34)
|
|
solr/solrj-zookeeper/src/java/org/apache/solr/client/solrj/cloud/AlreadyExistsException.java
|
[20](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/solrj-zookeeper/src/java/org/apache/solr/client/solrj/cloud/AlreadyExistsException.java#L20)
|
| solr/solrj/src/java/org/apache/solr/common/AlreadyClosedException.java |
[20](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/solrj/src/java/org/apache/solr/common/AlreadyClosedException.java#L20)
|
| solr/solrj/src/java/org/apache/solr/client/solrj/ResponseParser.java |
[26](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/solrj/src/java/org/apache/solr/client/solrj/ResponseParser.java#L26)
|
|
solr/modules/clustering/src/java/org/apache/solr/handler/clustering/ClusteringComponent.java
|
[499](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/modules/clustering/src/java/org/apache/solr/handler/clustering/ClusteringComponent.java#L499)
|
<p><a
href="https://lift.sonatype.com/results/github.com/apache/solr/01GQEZBSKB0V8KWDB2MGK5EH8N?t=ErrorProne|MissingSummary"
target="_blank">Visit the Lift Web Console</a> to find more details in your
report.</p></div></details>
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371755703&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371755703&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755703&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755703&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371755703&lift_comment_rating=5)
]
##########
solr/core/src/java/org/apache/solr/rest/RestManager.java:
##########
@@ -289,33 +291,35 @@ public void doInit(SolrQueryRequest solrRequest,
SolrQueryResponse solrResponse)
// see if we have a registered endpoint one-level up ...
int lastSlashAt = resourceId.lastIndexOf('/');
if (lastSlashAt != -1) {
- String parentResourceId = resourceId.substring(0,lastSlashAt);
- log.info("Resource not found for {}, looking for parent: {}",
- resourceId, parentResourceId);
+ String parentResourceId = resourceId.substring(0, lastSlashAt);
+ log.info(
+ "Resource not found for {}, looking for parent: {}", resourceId,
parentResourceId);
managedResource =
restManager.getManagedResourceOrNull(parentResourceId);
if (managedResource != null) {
// verify this resource supports child resources
if (!(managedResource instanceof
ManagedResource.ChildResourceSupport)) {
- String errMsg = String.format(Locale.ROOT,
- "%s does not support child resources!",
managedResource.getResourceId());
+ String errMsg =
+ String.format(
+ Locale.ROOT,
+ "%s does not support child resources!",
+ managedResource.getResourceId());
throw new SolrException(ErrorCode.BAD_REQUEST, errMsg);
}
-
- childId = resourceId.substring(lastSlashAt+1);
- log.info("Found parent resource {} for child: {}",
- parentResourceId, childId);
+
+ childId = resourceId.substring(lastSlashAt + 1);
+ log.info("Found parent resource {} for child: {}",
parentResourceId, childId);
}
}
- }
+ }
if (managedResource == null) {
final String method = getSolrRequest().getHttpMethod();
if ("PUT".equals(method) || "POST".equals(method)) {
Review Comment:
đŦ 9 similar findings have been found in this PR
---
*[UNSAFE_HASH_EQUALS](https://find-sec-bugs.github.io/bugs.htm#UNSAFE_HASH_EQUALS):*
Unsafe comparison of hash that are susceptible to timing attack
---
<details><summary><b>đ Expand here to view all instances of this
finding</b></summary><br/>
<div align=\"center\">
| **File Path** | **Line Number** |
| ------------- | ------------- |
| solr/core/src/java/org/apache/solr/search/facet/FacetModule.java |
[216](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/search/facet/FacetModule.java#L216)
|
|
solr/core/src/java/org/apache/solr/update/processor/DistributedZkUpdateProcessor.java
|
[1398](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/update/processor/DistributedZkUpdateProcessor.java#L1398)
|
| solr/core/src/java/org/apache/solr/core/BlobRepository.java |
[187](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/core/BlobRepository.java#L187)
|
|
solr/test-framework/src/java/org/apache/solr/cloud/AbstractMoveReplicaTestBase.java
|
[129](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/test-framework/src/java/org/apache/solr/cloud/AbstractMoveReplicaTestBase.java#L129)
|
| solr/core/src/java/org/apache/solr/handler/component/SearchHandler.java |
[300](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/handler/component/SearchHandler.java#L300)
|
| solr/solrj/src/java/org/apache/solr/common/params/ShardParams.java |
[118](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/solrj/src/java/org/apache/solr/common/params/ShardParams.java#L118)
|
| solr/core/src/java/org/apache/solr/filestore/DistribPackageStore.java |
[204](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/filestore/DistribPackageStore.java#L204)
|
| solr/core/src/java/org/apache/solr/packagemanager/PackageUtils.java |
[170](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/packagemanager/PackageUtils.java#L170)
|
| solr/test-framework/src/java/org/apache/solr/cloud/ChaosMonkey.java |
[260](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/test-framework/src/java/org/apache/solr/cloud/ChaosMonkey.java#L260)
|
<p><a
href="https://lift.sonatype.com/results/github.com/apache/solr/01GQEZBSKB0V8KWDB2MGK5EH8N?t=FindSecBugs|UNSAFE_HASH_EQUALS"
target="_blank">Visit the Lift Web Console</a> to find more details in your
report.</p></div></details>
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371756017&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371756017&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371756017&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371756017&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371756017&lift_comment_rating=5)
]
##########
solr/core/src/java/org/apache/solr/update/processor/RegexpBoostProcessor.java:
##########
@@ -143,7 +145,10 @@ private List<BoostEntry> initBoostEntries(InputStream is)
throws IOException {
newBoostEntries.add(new BoostEntry(Pattern.compile(regexp),
Double.parseDouble(boost)));
log.debug("Read regexp {} with boost {}", regexp, boost);
} else {
- log.warn("Malformed config input line: {} (expected 2 fields, got {}
fields). Skipping entry.", line, fields.length);
+ log.warn(
Review Comment:
<picture><img alt="15% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/15/display.svg";></picture>
đŦ 9 similar findings have been found in this PR
---
*[CRLF_INJECTION_LOGS](https://find-sec-bugs.github.io/bugs.htm#CRLF_INJECTION_LOGS):*
This use of
org/slf4j/Logger.warn(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V
might be used to include CRLF characters into log messages
---
<details><summary><b>đ Expand here to view all instances of this
finding</b></summary><br/>
<div align=\"center\">
| **File Path** | **Line Number** |
| ------------- | ------------- |
|
solr/core/src/java/org/apache/solr/update/processor/RegexpBoostProcessor.java |
[146](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/update/processor/RegexpBoostProcessor.java#L146)
|
| solr/core/src/java/org/apache/solr/security/AuthorizationUtils.java |
[102](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/security/AuthorizationUtils.java#L102)
|
| solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java |
[335](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/servlet/SolrDispatchFilter.java#L335)
|
|
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/KerberosFilter.java
|
[98](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/KerberosFilter.java#L98)
|
|
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/HadoopAuthPlugin.java
|
[227](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/HadoopAuthPlugin.java#L227)
|
|
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/HadoopAuthPlugin.java
|
[237](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/HadoopAuthPlugin.java#L237)
|
|
solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/HadoopAuthPlugin.java
|
[228](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/modules/hadoop-auth/src/java/org/apache/solr/security/hadoop/HadoopAuthPlugin.java#L228)
|
| solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java |
[221](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java#L221)
|
| solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java |
[249](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/security/PKIAuthenticationPlugin.java#L249)
|
<p><a
href="https://lift.sonatype.com/results/github.com/apache/solr/01GQEZBSKB0V8KWDB2MGK5EH8N?t=FindSecBugs|CRLF_INJECTION_LOGS"
target="_blank">Visit the Lift Web Console</a> to find more details in your
report.</p></div></details>
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371756018&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371756018&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371756018&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371756018&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371756018&lift_comment_rating=5)
]
##########
solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java:
##########
@@ -39,57 +38,95 @@
import org.xml.sax.SAXException;
/**
- * Some utility methods for parsing XML in a safe way. This class can be used
to parse XML
- * coming from network (completely untrusted) or it can load a config file
from a
- * {@link ResourceLoader}. In this case it allows external entities and
xincludes, but only
- * referring to files reachable by the loader.
+ * Some utility methods for parsing XML in a safe way. This class can be used
to parse XML coming
+ * from network (completely untrusted) or it can load a config file from a
{@link ResourceLoader}.
+ * In this case it allows external entities and xincludes, but only referring
to files reachable by
+ * the loader.
*/
-@SuppressForbidden(reason = "This class uses XML APIs directly that should not
be used anywhere else in Solr code")
-public final class SafeXMLParsing {
-
+@SuppressForbidden(
+ reason = "This class uses XML APIs directly that should not be used
anywhere else in Solr code")
+public final class SafeXMLParsing {
+
public static final String SYSTEMID_UNTRUSTED = "untrusted://stream";
private SafeXMLParsing() {}
-
- /** Parses a config file from ResourceLoader. Xinclude and external entities
are enabled, but cannot escape the resource loader. */
- public static Document parseConfigXML(Logger log, ResourceLoader loader,
String file) throws SAXException, IOException {
+
+ /**
+ * Parses a config file from a Solr config based on ResourceLoader. Xinclude
and external entities
+ * are enabled, but cannot escape the resource loader.
+ */
+ public static Document parseConfigXML(Logger log, ResourceLoader loader,
String file)
+ throws SAXException, IOException {
try (InputStream in = loader.openResource(file)) {
+ DocumentBuilder db = configDocumentBuilder(loader, log);
+ return db.parse(in,
SystemIdResolver.createSystemIdFromResourceName(file));
+ }
+ }
+
+ /**
+ * Parses a config file from a Solr config based on InputSource. Xinclude
and external entities
+ * are enabled, but cannot escape the resource loader.
+ */
+ public static Document parseConfigXML(Logger log, ResourceLoader loader,
InputSource is)
+ throws SAXException, IOException {
+ return configDocumentBuilder(loader, log).parse(is);
Review Comment:
đŦ 9 similar findings have been found in this PR
---
*[XXE_DOCUMENT](https://find-sec-bugs.github.io/bugs.htm#XXE_DOCUMENT):*
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML
External Entity attacks
---
<details><summary><b>đ Expand here to view all instances of this
finding</b></summary><br/>
<div align=\"center\">
| **File Path** | **Line Number** |
| ------------- | ------------- |
| solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java |
[109](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java#L109)
|
| solr/test-framework/src/java/org/apache/solr/util/BaseTestHarness.java |
[82](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/test-framework/src/java/org/apache/solr/util/BaseTestHarness.java#L82)
|
| solr/test-framework/src/java/org/apache/solr/util/DOMUtilTestBase.java |
[51](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/test-framework/src/java/org/apache/solr/util/DOMUtilTestBase.java#L51)
|
| solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java |
[62](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java#L62)
|
|
solr/prometheus-exporter/src/java/org/apache/solr/prometheus/exporter/MetricsConfiguration.java
|
[98](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/prometheus-exporter/src/java/org/apache/solr/prometheus/exporter/MetricsConfiguration.java#L98)
|
| solr/core/src/java/org/apache/solr/util/SimplePostTool.java |
[1175](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/util/SimplePostTool.java#L1175)
|
| solr/test-framework/src/java/org/apache/solr/util/BaseTestHarness.java |
[108](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/test-framework/src/java/org/apache/solr/util/BaseTestHarness.java#L108)
|
| solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java |
[125](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/core/src/java/org/apache/solr/util/SafeXMLParsing.java#L125)
|
|
solr/prometheus-exporter/src/java/org/apache/solr/prometheus/exporter/MetricsConfiguration.java
|
[105](https://github.com/apache/solr/blob/a33ba6bb6cf2e46fb136f879a6bc5696b8f779d8/solr/prometheus-exporter/src/java/org/apache/solr/prometheus/exporter/MetricsConfiguration.java#L105)
|
<p><a
href="https://lift.sonatype.com/results/github.com/apache/solr/01GQEZBSKB0V8KWDB2MGK5EH8N?t=FindSecBugs|XXE_DOCUMENT"
target="_blank">Visit the Lift Web Console</a> to find more details in your
report.</p></div></details>
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371756021&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371756021&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371756021&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371756021&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371756021&lift_comment_rating=5)
]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![https://lift.sonatype.com/api/commentimage/fixrate/45/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/45/display.svg"){kind=link}
![https://lift.sonatype.com/api/commentimage/fixrate/15/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/15/display.svg"){kind=link}