[GitHub] [sling-org-apache-sling-jms] sonarcloud[bot] commented on pull request #3: SLING-11382: Sling update to 47

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #3:
URL: 
https://github.com/apache/sling-org-apache-sling-jms/pull/3#issuecomment-1213618845

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jms=3)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jms=3=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jms=3=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jms=3=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jms=3=false=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jms=3=coverage=list)
 No Coverage information  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jms=3=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jms=3=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-caconfig-integration-tests] sonarcloud[bot] commented on pull request #1: SLING-11114 update SLING API to 2.21.0

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #1:
URL: 
https://github.com/apache/sling-org-apache-sling-caconfig-integration-tests/pull/1#issuecomment-1213613444

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-caconfig-integration-tests=1)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1)
 No Coverage information  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-api] sonarcloud[bot] commented on pull request #45: SLING-11531 add RequestParameter factory to Builders

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #45:
URL: 
https://github.com/apache/sling-org-apache-sling-api/pull/45#issuecomment-1213462047

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-api=45)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-api=45=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-api=45=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-api=45=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=CODE_SMELL)
   
   
[![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png
 
'100.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_coverage=list)
 [100.0% 
Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_coverage=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (SLING-11531) add RequestParameter factory to Builders

2022-08-12 Thread Eric Norman (Jira) 


[ 
https://issues.apache.org/jira/browse/SLING-11531?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17579121#comment-17579121
 ] 

Eric Norman commented on SLING-11531:
-

Pull Request #45 contains the proposed changes to sling.api

> add RequestParameter factory to Builders
> 
>
> Key: SLING-11531
> URL: https://issues.apache.org/jira/browse/SLING-11531
> Project: Sling
>  Issue Type: Improvement
>Reporter: Eric Norman
>Assignee: Eric Norman
>Priority: Major
> Fix For: API 2.26.2, JCR Jackrabbit User Manager 2.2.26
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> As discussed at SLING-11525
> Expected:
> Add a newRequestParameter factory method to the 
> [Builders|https://github.com/apache/sling-org-apache-sling-api/blob/master/src/main/java/org/apache/sling/api/request/builder/Builders.java]
>  class from sling.api so the duplicated RequestParameterImpl class can be 
> removed from the org.apache.sling.jcr.jackrabbit.usermanager bundle and use 
> the new factory instead.
> The motivation for this is to remove the tight coupling of the 
> org.apache.sling.api.request package between the sling.api and usemanager 
> bundles that is caused by implementing The RequestParameter interface that 
> has been annotated as a ProviderType. 
> Without this change, every time that the exported version number of the 
> o.a.sling.api.request package changes, the usermanager must bump the version 
> of the dependency and release a new usermanger version to satisfy the narrow 
> version range that was being imported for that package.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-org-apache-sling-api] sonarcloud[bot] commented on pull request #45: SLING-11531 add RequestParameter factory to Builders

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #45:
URL: 
https://github.com/apache/sling-org-apache-sling-api/pull/45#issuecomment-1213452162

   SonarCloud Quality Gate failed.  [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-api=45)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-api=45=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-api=45=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-api=45=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-api=45=false=CODE_SMELL)
   
   
[![71.4%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png
 
'71.4%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_coverage=list)
 [71.4% 
Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_coverage=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-api=45=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-api] enapps-enorman opened a new pull request, #45: SLING-11531 add RequestParameter factory to Builders

2022-08-12 Thread GitBox 


enapps-enorman opened a new pull request, #45:
URL: https://github.com/apache/sling-org-apache-sling-api/pull/45

   As discussed at 
[SLING-11525](https://issues.apache.org/jira/browse/SLING-11525)
   
   Expected:
   
   Add a newRequestParameter factory method to the 
[Builders](https://github.com/apache/sling-org-apache-sling-api/blob/master/src/main/java/org/apache/sling/api/request/builder/Builders.java)
 class from sling.api so the duplicated RequestParameterImpl class can be 
removed from the org.apache.sling.jcr.jackrabbit.usermanager bundle and use the 
new factory instead.
   
   The motivation for this is to remove the tight coupling of the 
org.apache.sling.api.request package between the sling.api and usemanager 
bundles that is caused by implementing The RequestParameter interface that has 
been annotated as a ProviderType. 
   
   Without this change, every time that the exported version number of the 
o.a.sling.api.request package changes, the usermanager must bump the version of 
the dependency and release a new usermanger version to satisfy the narrow 
version range that was being imported for that package.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-bundleresource-impl] michalcukierman commented on a diff in pull request #1: SLING-11504 BundleResource/JcrNodeResource getResourceType fallback consistency

2022-08-12 Thread GitBox 


michalcukierman commented on code in PR #1:
URL: 
https://github.com/apache/sling-org-apache-sling-bundleresource-impl/pull/1#discussion_r944634616


##
src/main/java/org/apache/sling/bundleresource/impl/PathMapping.java:
##
@@ -44,18 +46,20 @@ public static PathMapping[] getRoots(final String rootList) 
{
 final String resourceRoot = entry.getValue();
 final String pathDirective = entry.getDirectiveValue(DIR_PATH);
 final String expandDirective = entry.getDirectiveValue(DIR_JSON);
+final boolean skipSettingResourceTypeProperty = 
Boolean.parseBoolean(entry.getDirectiveValue(SKIP_SETTING_RESOURCE_TYPE_FLAG));

Review Comment:
   It was proposed by @cziegeler in the [jira 
comment](https://issues.apache.org/jira/browse/SLING-11504?focusedCommentId=17574690=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17574690)
   
   I think that skipSettingResourceTypeProperty describes the actual flag 
behavior. Hiding a property may be understood in different ways. 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944621258


##
src/test/java/org/apache/sling/xss/impl/XSSFilterImplTest.java:
##
@@ -122,4 +122,11 @@ public void testFallbackFiltering() {
 assertNotNull(xssFilter);
 assertEquals(longURLContext, xssFilter.filter(longURLContext));
 }
+
+@Test
+public void testUpdatePolicy() {
+XSSFilterImpl xssFilter = new XSSFilterImpl();
+context.registerInjectActivateService(xssFilter);
+// xssFilter.updatePolicy();

Review Comment:
   Resolved: 44d294dcd72e54f2c387e0685ad2597b07965ace



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944620818


##
src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java:
##
@@ -90,15 +81,15 @@ public boolean supportsPolicy() {
 return true;
 }
 
-private CleanResults getCleanResults(PolicyHandler handler, String input) 
throws ScanException, PolicyException {
-CleanResults results;
+private String getCleanResults(PolicyHandler handler, String input) {
+String results;
 ClassLoader tccl = Thread.currentThread().getContextClassLoader();

Review Comment:
   Resolved: 44d294dcd72e54f2c387e0685ad2597b07965ace



##
src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java:
##
@@ -48,7 +44,7 @@ public boolean check(final PolicyHandler policyHandler, final 
String str) {
 ClassLoader tccl = Thread.currentThread().getContextClassLoader();

Review Comment:
   Resolved: 44d294dcd72e54f2c387e0685ad2597b07965ace



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944620600


##
src/main/java/org/apache/sling/xss/impl/PolicyHandler.java:
##
@@ -21,28 +21,22 @@
 import java.io.InputStream;
 
 import org.apache.commons.io.IOUtils;
-import org.owasp.validator.html.AntiSamy;
-import org.owasp.validator.html.Policy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.sling.xss.impl.xml.AntiSamyPolicy;
 
 /**
  * Class that provides the capability of securing input provided as plain text 
for HTML output.
  */
 public class PolicyHandler {
 
-
-private final Logger logger = LoggerFactory.getLogger(getClass());
-
-private final Policy policy;
-private Policy fallbackPolicy;
-private AntiSamy antiSamy;
-private AntiSamy fallbackAntiSamy;
+private final AntiSamyPolicy policy;
+private AntiSamyPolicy fallbackPolicy;
+private HtmlSanitizer htmlSanitizer;
+private HtmlSanitizer fallbackHtmlSanitizer;
 
 /**
  * Creates a {@code PolicyHandler} from an {@link InputStream}.
  *
- * @param policyStream the InputStream from which to read this handler's 
{@link Policy}
+ * @param policyStream the InputStream from which to read this handler's 
{@link AntiSamyPolicy}
  */
 public PolicyHandler(InputStream policyStream) throws Exception {
 // fix for classloader issue with IBM JVM: see bug #31946

Review Comment:
   Resolved: 44d294dcd72e54f2c387e0685ad2597b07965ace



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [VOTE] Release Apache Sling JCR Jackrabbit User Manager version 2.2.24

2022-08-12 Thread Radu Cotescu 
+1

> On 11 Aug 2022, at 22:53, Eric Norman  wrote:
> 
> Please vote to approve this release:
> 
>  [ ] +1 Approve the release
>  [ ]  0 Don't care
>  [ ] -1 Don't release, because ...

[jira] [Created] (SLING-11539) update-local-site fails on arm64v8 with Java 17

2022-08-12 Thread Radu Cotescu (Jira) 
Radu Cotescu created SLING-11539:


 Summary: update-local-site fails on arm64v8 with Java 17
 Key: SLING-11539
 URL: https://issues.apache.org/jira/browse/SLING-11539
 Project: Sling
  Issue Type: Bug
  Components: Tooling
Reporter: Radu Cotescu
Assignee: Radu Cotescu
 Fix For: Committer CLI 1.0.0


The following error was encountered when running the Docker image on an M1 Pro 
MacBook Pro:
{noformat}
docker run --rm -it --env-file=./docker-env apache/sling-cli release 
update-local-site -r 2662
org.eclipse.jgit.api.errors.JGitInternalException: Exception caught during 
execution of fetch command
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:260)
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:302)
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:200)
at 
org.apache.sling.cli.impl.release.UpdateLocalSiteCommand.ensureRepo(UpdateLocalSiteCommand.java:102)
at 
org.apache.sling.cli.impl.release.UpdateLocalSiteCommand.call(UpdateLocalSiteCommand.java:67)
at 
org.apache.sling.cli.impl.release.UpdateLocalSiteCommand.call(UpdateLocalSiteCommand.java:41)
at picocli.CommandLine.executeUserObject(CommandLine.java:1701)
at picocli.CommandLine.access$900(CommandLine.java:146)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2059)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2026)
at 
picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1893)
at picocli.CommandLine.execute(CommandLine.java:1822)
at 
org.apache.sling.cli.impl.CommandProcessor.runCommand(CommandProcessor.java:110)
at 
org.apache.sling.cli.impl.ExecutionTrigger.lambda$activate$0(ExecutionTrigger.java:33)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.eclipse.jgit.errors.NotSupportedException: Invalid URL 
https://github.com/apache/sling-site.git
at 
org.eclipse.jgit.transport.TransportHttp.setURI(TransportHttp.java:308)
at 
org.eclipse.jgit.transport.TransportHttp.(TransportHttp.java:280)
at 
org.eclipse.jgit.transport.TransportHttp$1.open(TransportHttp.java:208)
at org.eclipse.jgit.transport.Transport.open(Transport.java:553)
at org.eclipse.jgit.transport.Transport.open(Transport.java:429)
at org.eclipse.jgit.transport.Transport.open(Transport.java:308)
at org.eclipse.jgit.transport.Transport.open(Transport.java:277)
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:235)
... 14 more
Caused by: java.net.MalformedURLException: Unknown protocol: https
at java.base/java.net.URL.(Unknown Source)
at java.base/java.net.URL.(Unknown Source)
at java.base/java.net.URL.(Unknown Source)
at 
org.eclipse.jgit.transport.TransportHttp.toURL(TransportHttp.java:291)
at 
org.eclipse.jgit.transport.TransportHttp.setURI(TransportHttp.java:305)
... 21 more
Caused by: java.lang.IllegalStateException: Unknown protocol: https
at 
org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:373)
... 26 more
{noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-site] michalcukierman opened a new pull request, #97: [SLING-11504] Updated ResourceBundle documentation

2022-08-12 Thread GitBox 


michalcukierman opened a new pull request, #97:
URL: https://github.com/apache/sling-site/pull/97

   Documented the change:
   https://issues.apache.org/jira/browse/SLING-11504
   
   Should be merged together with:
   
https://github.com/apache/sling-org-apache-sling-bundleresource-impl/pull/1/files


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-maven-plugin] sonarcloud[bot] commented on pull request #13: SLING-11537 never mount bundle files from the local Maven repository

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #13:
URL: 
https://github.com/apache/sling-maven-plugin/pull/13#issuecomment-1213170420

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_sling-maven-plugin=13)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=13=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=13=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=13=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=13=false=CODE_SMELL)
   
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/0-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=13=new_coverage=list)
 [0.0% 
Coverage](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=13=new_coverage=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=13=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=13=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-maven-plugin] kwin merged pull request #13: SLING-11537 never mount bundle files from the local Maven repository

2022-08-12 Thread GitBox 


kwin merged PR #13:
URL: https://github.com/apache/sling-maven-plugin/pull/13


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Resolved] (SLING-11537) Restrict "mountByFS" parameter to files outside the Maven repository

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus resolved SLING-11537.
-
Resolution: Fixed

Fixed in 
https://github.com/apache/sling-maven-plugin/commit/e7f86a2d18d2e1669db7ec2a15c35e2d5a1a9281.

> Restrict "mountByFS" parameter to files outside the Maven repository
> 
>
> Key: SLING-11537
> URL: https://issues.apache.org/jira/browse/SLING-11537
> Project: Sling
>  Issue Type: Bug
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently the {{mountByFS}} parameter is supported by both goals {{install}} 
> and {{install-file}}. The latter also allows to install bundles from a Maven 
> repository (after resolving it) but configuring a Filesystem Resource 
> Provider for that location is never useful, as the local Maven repository 
> path should not be abused for maintaining Sling Initial Content directly on 
> the file system.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (SLING-11537) Restrict "mountByFS" parameter to files outside the Maven repository

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus reassigned SLING-11537:
---

Assignee: Konrad Windszus

> Restrict "mountByFS" parameter to files outside the Maven repository
> 
>
> Key: SLING-11537
> URL: https://issues.apache.org/jira/browse/SLING-11537
> Project: Sling
>  Issue Type: Bug
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>
> Currently the {{mountByFS}} parameter is supported by both goals {{install}} 
> and {{install-file}}. The latter also allows to install bundles from a Maven 
> repository (after resolving it) but configuring a Filesystem Resource 
> Provider for that location is never useful, as the local Maven repository 
> path should not be abused for maintaining Sling Initial Content directly on 
> the file system.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-maven-plugin] sonarcloud[bot] commented on pull request #12: SLING-11535 Deprecate OBR related goals

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #12:
URL: 
https://github.com/apache/sling-maven-plugin/pull/12#issuecomment-1213153945

   SonarCloud Quality Gate failed.  [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_sling-maven-plugin=12)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=BUG)
 
[![E](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/E-16px.png
 
'E')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=BUG)
 [1 
Bug](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=12=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=12=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=12=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=CODE_SMELL)
 
[![E](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/E-16px.png
 
'E')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=CODE_SMELL)
 [7 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=12=false=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=12=coverage=list)
 No Coverage information  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=12=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=12=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Resolved] (SLING-11536) Remove wrong LifecycleMapping metadata

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus resolved SLING-11536.
-
Resolution: Fixed

Fixed in 
https://github.com/apache/sling-maven-plugin/commit/eeca5fb6fc5f280a7043638b97f9ab6c8692e275.

> Remove wrong LifecycleMapping metadata
> --
>
> Key: SLING-11536
> URL: https://issues.apache.org/jira/browse/SLING-11536
> Project: Sling
>  Issue Type: Bug
>  Components: Maven Plugins and Archetypes
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> The sling-maven-plugin contains Plexus component metadata for a 
> {{org.apache.maven.lifecycle.mapping.DefaultLifecycleMapping}} with role 
> {{assembly}} 
> (https://github.com/apache/sling-maven-plugin/blob/e5da7210376d1951c2fa4ce76f69cb7632cee36f/sling-maven-plugin/src/main/resources/META-INF/plexus/components.xml#L20).
> Although this only is active if {{sling-maven-plugin}} is used with 
> {{true}} it is wrong in any case, as it defines a 
> mapping for packaging "assembly" and also only binds Maven default plugin 
> goals.
> As the {{sling-maven-plugin}} doesn't do any packaging nor defines a custom 
> packaging, providing a custom {{DefaultLifecycleMapping}} is not necessary 
> and in the worst case might have negative side-effects.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-maven-plugin] kwin merged pull request #11: SLING-11536 Remove wrong LifecycleMapping metadata

2022-08-12 Thread GitBox 


kwin merged PR #11:
URL: https://github.com/apache/sling-maven-plugin/pull/11


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Resolved] (SLING-11534) uninstall goal: Allow to parameterize Bundle Symbolic Name/Resource Name directly

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus resolved SLING-11534.
-
Resolution: Fixed

Fixed in 
https://github.com/apache/sling-maven-plugin/commit/6c1c2f75c44c4efcec1759cdf3a6e592cc276185.

> uninstall goal: Allow to parameterize Bundle Symbolic Name/Resource Name 
> directly
> -
>
> Key: SLING-11534
> URL: https://issues.apache.org/jira/browse/SLING-11534
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Currently the uninstall goal requires the parameter {{bundleFileName}} which 
> is set to a default path which often reflects the artifact file name bound by 
> the current project.
> In order to ease uninstalling arbitrary packages, it should be allowed to 
> uninstall bundles by just giving their Bundle Symbolic Name (BSN) / file name.
> The file name is used for all deployment methods except for Web Console (to 
> remove the same named resource from the repository), otherwise the BSN is 
> used.
> The old way of determining the BSN from a given file should be used as 
> fallback.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (SLING-11535) Deprecate "deploy" and "deploy-file" goals

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus resolved SLING-11535.
-
Resolution: Fixed

Fixed in 
https://github.com/apache/sling-maven-plugin/commit/4a5a9619572c437d8208447a0f713d55fae59136.

> Deprecate "deploy" and "deploy-file" goals
> --
>
> Key: SLING-11535
> URL: https://issues.apache.org/jira/browse/SLING-11535
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> The goals related to OSGi Bundle Repositories (OBRs) should be deprecated as 
> there is the better maintained alternative nowadays with
> https://felix.apache.org/documentation/_attachments/components/bundle-plugin/deploy-file-mojo.html
>  and 
> https://felix.apache.org/documentation/_attachments/components/bundle-plugin/deploy-mojo.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-maven-plugin] kwin merged pull request #12: SLING-11535 Deprecate OBR related goals

2022-08-12 Thread GitBox 


kwin merged PR #12:
URL: https://github.com/apache/sling-maven-plugin/pull/12


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-maven-plugin] kwin merged pull request #10: SLING-11534 allow to parameterize "uninstall" with BSN or file/resource

2022-08-12 Thread GitBox 


kwin merged PR #10:
URL: https://github.com/apache/sling-maven-plugin/pull/10


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-maven-plugin] sonarcloud[bot] commented on pull request #11: SLING-11536 Remove wrong LifecycleMapping metadata

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #11:
URL: 
https://github.com/apache/sling-maven-plugin/pull/11#issuecomment-1213150070

   Kudos, SonarCloud Quality Gate passed!  [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_sling-maven-plugin=11)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=11=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=11=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=11=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=11=false=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=11=coverage=list)
 No Coverage information  
   [![No Duplication 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/NoDuplicationInfo-16px.png
 'No Duplication 
information')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=11=duplicated_lines_density=list)
 No Duplication information
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-maven-plugin] sonarcloud[bot] commented on pull request #10: SLING-11534 allow to parameterize "uninstall" with BSN or file/resource

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #10:
URL: 
https://github.com/apache/sling-maven-plugin/pull/10#issuecomment-1213147577

   SonarCloud Quality Gate failed.  [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_sling-maven-plugin=10)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=10=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=10=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=10=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=CODE_SMELL)
 
[![C](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/C-16px.png
 
'C')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=CODE_SMELL)
 [17 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=10=false=CODE_SMELL)
   
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/0-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=10=new_coverage=list)
 [0.0% 
Coverage](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=10=new_coverage=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=10=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=10=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Assigned] (SLING-11535) Deprecate "deploy" and "deploy-file" goals

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus reassigned SLING-11535:
---

Assignee: Konrad Windszus

> Deprecate "deploy" and "deploy-file" goals
> --
>
> Key: SLING-11535
> URL: https://issues.apache.org/jira/browse/SLING-11535
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>
> The goals related to OSGi Bundle Repositories (OBRs) should be deprecated as 
> there is the better maintained alternative nowadays with
> https://felix.apache.org/documentation/_attachments/components/bundle-plugin/deploy-file-mojo.html
>  and 
> https://felix.apache.org/documentation/_attachments/components/bundle-plugin/deploy-mojo.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (SLING-11536) Remove wrong LifecycleMapping metadata

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus reassigned SLING-11536:
---

Assignee: Konrad Windszus

> Remove wrong LifecycleMapping metadata
> --
>
> Key: SLING-11536
> URL: https://issues.apache.org/jira/browse/SLING-11536
> Project: Sling
>  Issue Type: Bug
>  Components: Maven Plugins and Archetypes
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>
> The sling-maven-plugin contains Plexus component metadata for a 
> {{org.apache.maven.lifecycle.mapping.DefaultLifecycleMapping}} with role 
> {{assembly}} 
> (https://github.com/apache/sling-maven-plugin/blob/e5da7210376d1951c2fa4ce76f69cb7632cee36f/sling-maven-plugin/src/main/resources/META-INF/plexus/components.xml#L20).
> Although this only is active if {{sling-maven-plugin}} is used with 
> {{true}} it is wrong in any case, as it defines a 
> mapping for packaging "assembly" and also only binds Maven default plugin 
> goals.
> As the {{sling-maven-plugin}} doesn't do any packaging nor defines a custom 
> packaging, providing a custom {{DefaultLifecycleMapping}} is not necessary 
> and in the worst case might have negative side-effects.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (SLING-11534) uninstall goal: Allow to parameterize Bundle Symbolic Name/Resource Name directly

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus reassigned SLING-11534:
---

Assignee: Konrad Windszus

> uninstall goal: Allow to parameterize Bundle Symbolic Name/Resource Name 
> directly
> -
>
> Key: SLING-11534
> URL: https://issues.apache.org/jira/browse/SLING-11534
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>
> Currently the uninstall goal requires the parameter {{bundleFileName}} which 
> is set to a default path which often reflects the artifact file name bound by 
> the current project.
> In order to ease uninstalling arbitrary packages, it should be allowed to 
> uninstall bundles by just giving their Bundle Symbolic Name (BSN) / file name.
> The file name is used for all deployment methods except for Web Console (to 
> remove the same named resource from the repository), otherwise the BSN is 
> used.
> The old way of determining the BSN from a given file should be used as 
> fallback.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-maven-plugin] kwin opened a new pull request, #10: SLING-11534 allow to parameterize "uninstall" with BSN or file/resource

2022-08-12 Thread GitBox 


kwin opened a new pull request, #10:
URL: https://github.com/apache/sling-maven-plugin/pull/10

   name directly
   
   add ITs for "install-file" and "uninstall"
   fix uninstall with WebDAV


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Assigned] (SLING-11532) Remove old relocation artifact maven-sling-plugin

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus reassigned SLING-11532:
---

Assignee: Konrad Windszus

> Remove old relocation artifact maven-sling-plugin
> -
>
> Key: SLING-11532
> URL: https://issues.apache.org/jira/browse/SLING-11532
> Project: Sling
>  Issue Type: Improvement
>  Components: Maven Plugins and Archetypes
>Affects Versions: Sling Maven Plugin 2.4.2
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 3.0.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> In SLING-8204 a new artifact has been introduced with artifactId 
> {{sling-maven-plugin}} and the old artifactId {{maven-sling-plugin}} just 
> contains the relocation information.
> According to 
> https://maven.apache.org/guides/mini/guide-relocation.html#releasing-the-next-version
>  it is not necessary to always release both the relocated and the old 
> artifactId together. Just one version with the relocation information with 
> the old id is sufficient.
> bq. For the release after that, you only need to publish a Maven POM with a 
> groupId of org.bar, since users of the previous version have been informed of 
> the changed groupId.
> We already have two versions with relocation info at 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.2/pom
>  and 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.0/pom.
>  
> I propose to flatten the multimodule repository at 
> https://github.com/apache/sling-maven-plugin again to a single module one and 
> no longer release anything with old artifactId {{maven-sling-plugin}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (SLING-11532) Remove old relocation artifact maven-sling-plugin

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus resolved SLING-11532.
-
Resolution: Fixed

Fixed in 
https://github.com/apache/sling-maven-plugin/commit/07b629c761a1d7dcc1ee68a8a9c3c013bad5f3da.

> Remove old relocation artifact maven-sling-plugin
> -
>
> Key: SLING-11532
> URL: https://issues.apache.org/jira/browse/SLING-11532
> Project: Sling
>  Issue Type: Improvement
>  Components: Maven Plugins and Archetypes
>Affects Versions: Sling Maven Plugin 2.4.2
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> In SLING-8204 a new artifact has been introduced with artifactId 
> {{sling-maven-plugin}} and the old artifactId {{maven-sling-plugin}} just 
> contains the relocation information.
> According to 
> https://maven.apache.org/guides/mini/guide-relocation.html#releasing-the-next-version
>  it is not necessary to always release both the relocated and the old 
> artifactId together. Just one version with the relocation information with 
> the old id is sufficient.
> bq. For the release after that, you only need to publish a Maven POM with a 
> groupId of org.bar, since users of the previous version have been informed of 
> the changed groupId.
> We already have two versions with relocation info at 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.2/pom
>  and 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.0/pom.
>  
> I propose to flatten the multimodule repository at 
> https://github.com/apache/sling-maven-plugin again to a single module one and 
> no longer release anything with old artifactId {{maven-sling-plugin}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-maven-plugin] kwin merged pull request #9: SLING-11532 remove old relocate module

2022-08-12 Thread GitBox 


kwin merged PR #9:
URL: https://github.com/apache/sling-maven-plugin/pull/9


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (SLING-11532) Remove old relocation artifact maven-sling-plugin

2022-08-12 Thread Konrad Windszus (Jira) 


[ 
https://issues.apache.org/jira/browse/SLING-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17578980#comment-17578980
 ] 

Konrad Windszus commented on SLING-11532:
-

For me removing the relocation artifact is not a breaking change, but anyhow 
the other changes included in the next release warrant a 3.0 release for me as 
well :)

> Remove old relocation artifact maven-sling-plugin
> -
>
> Key: SLING-11532
> URL: https://issues.apache.org/jira/browse/SLING-11532
> Project: Sling
>  Issue Type: Improvement
>  Components: Maven Plugins and Archetypes
>Affects Versions: Sling Maven Plugin 2.4.2
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> In SLING-8204 a new artifact has been introduced with artifactId 
> {{sling-maven-plugin}} and the old artifactId {{maven-sling-plugin}} just 
> contains the relocation information.
> According to 
> https://maven.apache.org/guides/mini/guide-relocation.html#releasing-the-next-version
>  it is not necessary to always release both the relocated and the old 
> artifactId together. Just one version with the relocation information with 
> the old id is sufficient.
> bq. For the release after that, you only need to publish a Maven POM with a 
> groupId of org.bar, since users of the previous version have been informed of 
> the changed groupId.
> We already have two versions with relocation info at 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.2/pom
>  and 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.0/pom.
>  
> I propose to flatten the multimodule repository at 
> https://github.com/apache/sling-maven-plugin again to a single module one and 
> no longer release anything with old artifactId {{maven-sling-plugin}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (SLING-11538) Add display context for JSON string

2022-08-12 Thread Konrad Windszus (Jira) 


[ 
https://issues.apache.org/jira/browse/SLING-11538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17578978#comment-17578978
 ] 

Konrad Windszus commented on SLING-11538:
-

As implementation one could either write such an escape method from scratch or 
use the JSON-P Standard 
([https://javaee.github.io/jsonp/).|https://javaee.github.io/jsonp/)]

> Add display context for JSON string
> ---
>
> Key: SLING-11538
> URL: https://issues.apache.org/jira/browse/SLING-11538
> Project: Sling
>  Issue Type: Improvement
>  Components: HTL
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Scripting HTL Runtime 1.2.8-1.4.0
>
>
> It would be useful to add an output context to HTL to be used inside JSON. As 
> JSON is very complex, the most essential one which currently cannot be 
> achieved with any other existing contexts is escaping for a JSON String value 
> (compare with https://github.com/adobe/htl-spec/issues/5).
> I propose to introduce a new context {{jsonString}} next to {{scriptString}} 
> in 
> https://github.com/apache/sling-org-apache-sling-scripting-sightly/blob/192d953514e6e579428cda157a7e83fc2a05cc01/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java#L93.
> As it is not part of the official HTL spec at 
> https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md#121-display-context
>  it needs to be listed as Sling-specific addition in 
> https://sling.apache.org/documentation/bundles/scripting/scripting-htl.html#extensions-of-the-htl-specification.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (SLING-11538) Add display context for JSON string

2022-08-12 Thread Konrad Windszus (Jira) 


[ 
https://issues.apache.org/jira/browse/SLING-11538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17578976#comment-17578976
 ] 

Konrad Windszus commented on SLING-11538:
-

The JSON spec 
([https://www.ecma-international.org/wp-content/uploads/ECMA-404_2nd_edition_december_2017.pdf])
 says the following for chapter 9 (String):
{quote}A string is a sequence of Unicode code points wrapped with quotation 
marks (U+0022). All code points may
be placed within the quotation marks except for the code points that must be 
escaped: quotation mark
(U+0022), reverse solidus (U+005C), and the control characters U+ to 
U+001F. There are two-character
escape sequence representations of some characters.
\" represents the quotation mark character (U+0022). 
represents the reverse solidus character (U+005C).
\/ represents the solidus character (U+002F).
\b represents the backspace character (U+0008).
\f represents the form feed character (U+000C).
\n represents the line feed character (U+000A).
\r represents the carriage return character (U+000D).
\t represents the character tabulation character (U+0009).
So, for example, a string containing only a single reverse solidus character 
may be represented as "
".
Any code point may be represented as a hexadecimal escape sequence. The meaning 
of such a hexadecimal
number is determined by ISO/IEC 10646. If the code point is in the Basic 
Multilingual Plane (U+ through
U+), then it may be represented as a six-character sequence: a reverse 
solidus, followed by the
lowercase letter u, followed by four hexadecimal digits that encode the code 
point. Hexadecimal digits can be 
© Ecma International 2017 5
digits (U+0030 through U+0039) or the hexadecimal letters A through F in 
uppercase (U+0041 through
U+0046) or lowercase (U+0061 through U+0066). So, for example, a string 
containing only a single reverse
solidus character may be represented as "\u005C".
The following four cases all produce the same result:
"\u002F"
"\u002f"
"\/"
"/"
To escape a code point that is not in the Basic Multilingual Plane, the 
character may be represented as a
twelve-character sequence, encoding the UTF-16 surrogate pair corresponding to 
the code point. So for
example, a string containing only the G clef character (U+1D11E) may be 
represented as "\uD834\uDD1E".
However, whether a processor of JSON texts interprets such a surrogate pair as 
a single code point or as an
explicit surrogate pair is a semantic decision that is determined by the 
specific processor.
Note that the JSON grammar permits code points for which Unicode does not 
currently provide character
assignments.
{quote}

> Add display context for JSON string
> ---
>
> Key: SLING-11538
> URL: https://issues.apache.org/jira/browse/SLING-11538
> Project: Sling
>  Issue Type: Improvement
>  Components: HTL
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Scripting HTL Runtime 1.2.8-1.4.0
>
>
> It would be useful to add an output context to HTL to be used inside JSON. As 
> JSON is very complex, the most essential one which currently cannot be 
> achieved with any other existing contexts is escaping for a JSON String value 
> (compare with https://github.com/adobe/htl-spec/issues/5).
> I propose to introduce a new context {{jsonString}} next to {{scriptString}} 
> in 
> https://github.com/apache/sling-org-apache-sling-scripting-sightly/blob/192d953514e6e579428cda157a7e83fc2a05cc01/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java#L93.
> As it is not part of the official HTL spec at 
> https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md#121-display-context
>  it needs to be listed as Sling-specific addition in 
> https://sling.apache.org/documentation/bundles/scripting/scripting-htl.html#extensions-of-the-htl-specification.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SLING-11538) Add display context for JSON string

2022-08-12 Thread Konrad Windszus (Jira) 
Konrad Windszus created SLING-11538:
---

 Summary: Add display context for JSON string
 Key: SLING-11538
 URL: https://issues.apache.org/jira/browse/SLING-11538
 Project: Sling
  Issue Type: Improvement
  Components: HTL
Reporter: Konrad Windszus
 Fix For: Scripting HTL Runtime 1.2.8-1.4.0


It would be useful to add an output context to HTL to be used inside JSON. As 
JSON is very complex, the most essential one which currently cannot be achieved 
with any other existing contexts is escaping for a JSON String value (compare 
with https://github.com/adobe/htl-spec/issues/5).
I propose to introduce a new context {{jsonString}} next to {{scriptString}} in 
https://github.com/apache/sling-org-apache-sling-scripting-sightly/blob/192d953514e6e579428cda157a7e83fc2a05cc01/src/main/java/org/apache/sling/scripting/sightly/impl/engine/extension/XSSRuntimeExtension.java#L93.

As it is not part of the official HTL spec at 
https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md#121-display-context
 it needs to be listed as Sling-specific addition in 
https://sling.apache.org/documentation/bundles/scripting/scripting-htl.html#extensions-of-the-htl-specification.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (SLING-11532) Remove old relocation artifact maven-sling-plugin

2022-08-12 Thread Stefan Seifert (Jira) 


[ 
https://issues.apache.org/jira/browse/SLING-11532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17578948#comment-17578948
 ] 

Stefan Seifert commented on SLING-11532:


i think that's fine 3 years after the renaming.
i would propose to release the next version of sling-maven-plugin with version 
3.0.0 to signal this breaking change.

> Remove old relocation artifact maven-sling-plugin
> -
>
> Key: SLING-11532
> URL: https://issues.apache.org/jira/browse/SLING-11532
> Project: Sling
>  Issue Type: Improvement
>  Components: Maven Plugins and Archetypes
>Affects Versions: Sling Maven Plugin 2.4.2
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> In SLING-8204 a new artifact has been introduced with artifactId 
> {{sling-maven-plugin}} and the old artifactId {{maven-sling-plugin}} just 
> contains the relocation information.
> According to 
> https://maven.apache.org/guides/mini/guide-relocation.html#releasing-the-next-version
>  it is not necessary to always release both the relocated and the old 
> artifactId together. Just one version with the relocation information with 
> the old id is sufficient.
> bq. For the release after that, you only need to publish a Maven POM with a 
> groupId of org.bar, since users of the previous version have been informed of 
> the changed groupId.
> We already have two versions with relocation info at 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.2/pom
>  and 
> https://search.maven.org/artifact/org.apache.sling/maven-sling-plugin/2.4.0/pom.
>  
> I propose to flatten the multimodule repository at 
> https://github.com/apache/sling-maven-plugin again to a single module one and 
> no longer release anything with old artifactId {{maven-sling-plugin}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-org-apache-sling-xss] rombert commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


rombert commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944378167


##
src/main/java/org/apache/sling/xss/impl/PolicyHandler.java:
##
@@ -21,28 +21,22 @@
 import java.io.InputStream;
 
 import org.apache.commons.io.IOUtils;
-import org.owasp.validator.html.AntiSamy;
-import org.owasp.validator.html.Policy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.sling.xss.impl.xml.AntiSamyPolicy;
 
 /**
  * Class that provides the capability of securing input provided as plain text 
for HTML output.
  */
 public class PolicyHandler {
 
-
-private final Logger logger = LoggerFactory.getLogger(getClass());
-
-private final Policy policy;
-private Policy fallbackPolicy;
-private AntiSamy antiSamy;
-private AntiSamy fallbackAntiSamy;
+private final AntiSamyPolicy policy;
+private AntiSamyPolicy fallbackPolicy;
+private HtmlSanitizer htmlSanitizer;
+private HtmlSanitizer fallbackHtmlSanitizer;
 
 /**
  * Creates a {@code PolicyHandler} from an {@link InputStream}.
  *
- * @param policyStream the InputStream from which to read this handler's 
{@link Policy}
+ * @param policyStream the InputStream from which to read this handler's 
{@link AntiSamyPolicy}
  */
 public PolicyHandler(InputStream policyStream) throws Exception {
 // fix for classloader issue with IBM JVM: see bug #31946

Review Comment:
   Please remove the work around setting the context class laoder.



##
src/main/java/org/apache/sling/xss/impl/PolicyHandler.java:
##
@@ -21,28 +21,22 @@
 import java.io.InputStream;
 
 import org.apache.commons.io.IOUtils;
-import org.owasp.validator.html.AntiSamy;
-import org.owasp.validator.html.Policy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.sling.xss.impl.xml.AntiSamyPolicy;
 
 /**
  * Class that provides the capability of securing input provided as plain text 
for HTML output.
  */
 public class PolicyHandler {
 
-
-private final Logger logger = LoggerFactory.getLogger(getClass());
-
-private final Policy policy;
-private Policy fallbackPolicy;
-private AntiSamy antiSamy;
-private AntiSamy fallbackAntiSamy;
+private final AntiSamyPolicy policy;
+private AntiSamyPolicy fallbackPolicy;
+private HtmlSanitizer htmlSanitizer;
+private HtmlSanitizer fallbackHtmlSanitizer;
 
 /**
  * Creates a {@code PolicyHandler} from an {@link InputStream}.
  *
- * @param policyStream the InputStream from which to read this handler's 
{@link Policy}
+ * @param policyStream the InputStream from which to read this handler's 
{@link AntiSamyPolicy}
  */
 public PolicyHandler(InputStream policyStream) throws Exception {
 // fix for classloader issue with IBM JVM: see bug #31946

Review Comment:
   Please remove the work around setting the context class loader.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944374593


##
src/main/java/org/apache/sling/xss/impl/CustomPolicy.java:
##
@@ -0,0 +1,265 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nullable;
+
+import org.apache.sling.xss.impl.style.CssValidator;
+import org.apache.sling.xss.impl.xml.Attribute;
+import org.apache.sling.xss.impl.xml.Policy;
+import org.apache.sling.xss.impl.xml.Tag;
+import org.owasp.html.AttributePolicy;
+import org.owasp.html.HtmlPolicyBuilder;
+import org.owasp.html.PolicyFactory;
+
+import com.google.common.base.Predicate;
+import com.google.common.collect.ImmutableSet;
+
+public class CustomPolicy {

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [VOTE] Release Apache Sling JCR Jackrabbit User Manager version 2.2.24

2022-08-12 Thread Robert Munteanu 
On Thu, 2022-08-11 at 13:53 -0700, Eric Norman wrote:
> Please vote to approve this release:

+1
Robert


signature.asc
Description: This is a digitally signed message part

[jira] [Closed] (SLING-10684) add integration tests to verify

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-10684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-10684.


> add integration tests to verify
> ---
>
> Key: SLING-10684
> URL: https://issues.apache.org/jira/browse/SLING-10684
> Project: Sling
>  Issue Type: Sub-task
>Reporter: Eric Norman
>Assignee: Eric Norman
>Priority: Major
> Fix For: Scripting HTL Testing 1.0.32-1.4.0
>
>  Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> For testing 10677, provide the integration tests to verify the fix



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-10714) Update to Sling Bundle Parent 44

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-10714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-10714.


> Update to Sling Bundle Parent 44
> 
>
> Key: SLING-10714
> URL: https://issues.apache.org/jira/browse/SLING-10714
> Project: Sling
>  Issue Type: Improvement
>Reporter: Eric Norman
>Assignee: Eric Norman
>Priority: Major
> Fix For: Scripting HTL Testing 1.0.32-1.4.0
>
>
> Update to a latest parent for:
>  * SHA512 for the source-release artifacts
>  * reproducible build



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11518) Requests are not recorded until web console plugin is invoked

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11518.


> Requests are not recorded until web console plugin is invoked
> -
>
> Key: SLING-11518
> URL: https://issues.apache.org/jira/browse/SLING-11518
> Project: Sling
>  Issue Type: Bug
>  Components: Engine
>Affects Versions: Engine 2.9.2
>Reporter: Carsten Ziegeler
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Engine 2.10.2
>
>
> As request tracking is implemented using a lazy DS component, this component 
> is only initialialized once it gets accessed for the first time, for example 
> if the user accesses the web console plugin. Therefore the first time the 
> plugin is accessed it is empty.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11514) Provide dispatcher option to ignore header changes on include

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11514.


> Provide dispatcher option to ignore header changes on include
> -
>
> Key: SLING-11514
> URL: https://issues.apache.org/jira/browse/SLING-11514
> Project: Sling
>  Issue Type: New Feature
>  Components: API, Engine
>Reporter: Carsten Ziegeler
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: API 2.26.0, Engine 2.10.2
>
>
> The servlet specification states in section 9.3 that on dispatcher include 
> (not forward), all changes to headers from the include must be ignored.
> As Sling is following the servlet spec for includes and forwards, Sling 
> should do the same. However, after 15 years of allowing an include to change 
> headers, this has a large potential to break existing applications.
> Therefore we should rather provide a dispatcher option, that can be set to 
> force this new behaviour.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11515) Provide interface to get the recent requests

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11515.


> Provide interface to get the recent requests
> 
>
> Key: SLING-11515
> URL: https://issues.apache.org/jira/browse/SLING-11515
> Project: Sling
>  Issue Type: New Feature
>  Components: Engine
>Reporter: Carsten Ziegeler
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Engine 2.10.2
>
>
> The Sling engine can be configured to keep information about the N most 
> recent requests. However, the only place where this can be accessed is via UI 
> through a web console plugin. 
> There is currently no other way to access this data.
> We should define a service interface in the engine to allow other parties to 
> retrieve this data



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-10698) several io.sightly.tck dateformat tests are sensitive to the timezone of the server

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-10698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-10698.


> several io.sightly.tck dateformat tests are sensitive to the timezone of the 
> server
> ---
>
> Key: SLING-10698
> URL: https://issues.apache.org/jira/browse/SLING-10698
> Project: Sling
>  Issue Type: Improvement
>Reporter: Eric Norman
>Assignee: Eric Norman
>Priority: Minor
> Fix For: Scripting HTL Testing 1.0.32-1.4.0
>
>  Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> Need to use GMT timezone so dateformat related tests from io.sightly.tck are 
> not off by hours
> If the sling runtime is not using the GMT timezone, these 4 tests may fail:
> {noformat}
> junit.framework.AssertionFailedError: Expected value '01-12-1918' for 
> selector '#format-date-1'. Instead we got '30-11-1918'. Please check the 
> expected markup from /testfiles/output/exprlang/filters.html.
> at 
> io.sightly.tck.tests.TestBuilder$1.runTest(TestBuilder.java:146)Expression 
> Filters: @format - #format-date-3(io.sightly.tck.tests.TestBuilder$1)  Time 
> elapsed: 0 sec  <<< FAILURE!
> junit.framework.AssertionFailedError: Expected value 'December' for selector 
> '#format-date-3'. Instead we got 'November'. Please check the expected markup 
> from /testfiles/output/exprlang/filters.html.
> at 
> io.sightly.tck.tests.TestBuilder$1.runTest(TestBuilder.java:146)Expression 
> Filters: @format - #format-date-4(io.sightly.tck.tests.TestBuilder$1)  Time 
> elapsed: 0 sec  <<< FAILURE!
> junit.framework.AssertionFailedError: Expected value 'Dezember' for selector 
> '#format-date-4'. Instead we got 'November'. Please check the expected markup 
> from /testfiles/output/exprlang/filters.html.
> at 
> io.sightly.tck.tests.TestBuilder$1.runTest(TestBuilder.java:146)Expression 
> Filters: @format - #format-date-5(io.sightly.tck.tests.TestBuilder$1)  Time 
> elapsed: 0 sec  <<< FAILURE!
> junit.framework.AssertionFailedError: Expected value 'Wochentag: Sonntag' for 
> selector '#format-date-5'. Instead we got 'Wochentag: Samstag'. Please check 
> the expected markup from /testfiles/output/exprlang/filters.html.
> at 
> io.sightly.tck.tests.TestBuilder$1.runTest(TestBuilder.java:146){noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-10844) ResourceMapper.getMapping() returns null for empty path and unreadable root

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-10844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-10844.


> ResourceMapper.getMapping() returns null for empty path and unreadable root
> ---
>
> Key: SLING-10844
> URL: https://issues.apache.org/jira/browse/SLING-10844
> Project: Sling
>  Issue Type: Bug
>  Components: ResourceResolver
>Affects Versions: Resource Resolver 1.7.0
>Reporter: Mohit Arora
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Resource Resolver 1.10.0
>
>  Time Spent: 3.5h
>  Remaining Estimate: 0h
>
> After the bug fix for SLING-9620, the behavior for 
> ResourceMapper.getAllMappings() was changed such that the mappings list 
> remains empty if the resourcePath provided is an empty string. Prior to this 
> bug fix, the mappings list contained a single entry for empty path.
> Since mappings list is empty, [ResourceMapper.getMapping() returns 
> null|https://github.com/apache/sling-org-apache-sling-resourceresolver/blob/master/src/main/java/org/apache/sling/resourceresolver/impl/mapping/ResourceMapperImpl.java#L74-L75].
>  The [javadoc of 
> ResourceMapper.getMapping()|https://github.com/apache/sling-org-apache-sling-api/blob/master/src/main/java/org/apache/sling/api/resource/mapping/ResourceMapper.java#L67]
>  API mentions that it will return a non null value if the resourcepath is not 
> null.
> We need to decide on the expected behavior here. If mappings list should not 
> be updated in case of empty resourcePath then the API annotation will have to 
> be changed and it can potentially be a backwards incompatible issue in theory 
> as the consumers of the API may not have added a null check to the return 
> value.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11394) improve diagnostics when # of vanity paths is close or greater than configured cache size

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11394?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11394.


> improve diagnostics when # of vanity paths is close or greater than 
> configured cache size
> -
>
> Key: SLING-11394
> URL: https://issues.apache.org/jira/browse/SLING-11394
> Project: Sling
>  Issue Type: Improvement
>  Components: ResourceResolver
>Reporter: Julian Reschke
>Assignee: Carsten Ziegeler
>Priority: Minor
> Fix For: Resource Resolver 1.10.0
>
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11328) resource resolver: scales badly for duplicate vanity paths

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11328.


> resource resolver: scales badly for duplicate vanity paths
> --
>
> Key: SLING-11328
> URL: https://issues.apache.org/jira/browse/SLING-11328
> Project: Sling
>  Issue Type: Improvement
>  Components: ResourceResolver
>Affects Versions: Resource Resolver 1.8.6
>Reporter: Julian Reschke
>Assignee: Carsten Ziegeler
>Priority: Minor
> Fix For: Resource Resolver 1.10.0
>
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> See 
> :
> - upon add, new list is created, copied to, and then sorted
> Proposal:
> - avoid copying
> - avoid sorting over and over again during resolver startup



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11363) resource resolver: bloom filter incomplete when vanity path size limited

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11363.


> resource resolver: bloom filter incomplete when vanity path size limited
> 
>
> Key: SLING-11363
> URL: https://issues.apache.org/jira/browse/SLING-11363
> Project: Sling
>  Issue Type: Bug
>  Components: ResourceResolver
>Affects Versions: Resource Resolver 1.8.2
>Reporter: Julian Reschke
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Resource Resolver 1.10.0
>
>  Time Spent: 50m
>  Remaining Estimate: 0h
>
> This was a problem before, but has easier to reproduce after SLING-3:
> When reading the vanity paths, processing stops after the cache is full 
> (where the default is 'unlimited'). In that case, additional paths are not 
> added to the bloom filter, and thus the application of the bloom filter will 
> cause them never to get looked up.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11373) The MergingServletResourceProvider does not wrap resources correctly

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11373.


> The MergingServletResourceProvider does not wrap resources correctly
> 
>
> Key: SLING-11373
> URL: https://issues.apache.org/jira/browse/SLING-11373
> Project: Sling
>  Issue Type: Bug
>  Components: Servlets
>Affects Versions: Servlets Resolver 2.7.0
>Reporter: Radu Cotescu
>Assignee: Karl Pauls
>Priority: Major
> Fix For: Servlets Resolver 2.9.8
>
>  Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> The {{MergingServletResourceProvider}} does not wrap resources correctly, 
> forcing script engines that need to solve dependencies via this provider to 
> call {{ResourceResolver#resolve(String)}}. Unfortunately, there is a case 
> when the call to {{resolve}} fails:
> {noformat}
> /apps/components/a/
> a.html
> helper.something.html
> helper/ [backed by JCR]
>   partial.html
> /apps/components/b [sling:resourceSuperType=components/a]
> b.html -> tries to resolve helper.something.html
> {noformat}
> In the case above, {{b.html}} will get the {{helper}} folder when trying to 
> resolve {{helper.something.html}}.
> If the {{MergingServletResourceProvider}} would correctly wrap resources (and 
> decorate them accordingly), the script engines could switch to using 
> {{ResourceResolver#getResource(String)}}, which would not exhibit the same 
> behaviour.
> 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11372) resource resolver: cleanup code related to aliases

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11372.


> resource resolver: cleanup code related to aliases
> --
>
> Key: SLING-11372
> URL: https://issues.apache.org/jira/browse/SLING-11372
> Project: Sling
>  Issue Type: Improvement
>  Components: ResourceResolver
>Reporter: Julian Reschke
>Assignee: Carsten Ziegeler
>Priority: Minor
> Fix For: Resource Resolver 1.10.0
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11343) resource resolver: add metrics for vanity path lookups

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11343.


> resource resolver: add metrics for vanity path lookups
> --
>
> Key: SLING-11343
> URL: https://issues.apache.org/jira/browse/SLING-11343
> Project: Sling
>  Issue Type: Improvement
>  Components: ResourceResolver
>Reporter: Julian Reschke
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Resource Resolver 1.10.0
>
>  Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> It would be interestintg to have metrics wrt to vanity path lookup and how 
> well the bloom  filter performs, such as:
> - total number of lookups
> - "not founds" because of bloom filter filtering
> - "not founds" although bloom filter says "probably contains"
> - "hits"
> (these metrics would only become active after vanity path init is done)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11448) Provide a mode option for resource providers

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11448?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11448.


> Provide a mode option for resource providers
> 
>
> Key: SLING-11448
> URL: https://issues.apache.org/jira/browse/SLING-11448
> Project: Sling
>  Issue Type: Improvement
>  Components: API, ResourceResolver
>Reporter: Carsten Ziegeler
>Assignee: Carsten Ziegeler
>Priority: Major
> Fix For: Resource Resolver 1.10.0, API 2.26.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> With the current feature set, a resource provider mounted at a sub path is 
> overlaying a potential parent resource provider.
> For uses cases like for example adding additional information to some of the 
> resources, the overlay mechanism is very complicated to implement. It 
> requires to pass through all resources, but also to deal with obersation, 
> querying and modifications.
> A new mode named PASSTHROUGH could be implemented to make this easier and let 
> the resource resolver fall back to the overlayed resource provider taking 
> care of modifications, observation etc.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11388) Sort all resource providers by service references

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11388.


> Sort all resource providers by service references
> -
>
> Key: SLING-11388
> URL: https://issues.apache.org/jira/browse/SLING-11388
> Project: Sling
>  Issue Type: New Feature
>  Components: ResourceResolver
>Affects Versions: Resource Resolver 1.9.0
>Reporter: Carsten Ziegeler
>Assignee: Carsten Ziegeler
>Priority: Minor
> Fix For: Resource Resolver 1.10.0
>
>
> Currently, only resource providers for adaptTo are sorted. We should sort all 
> types of resource providers (auth, query, attributes) for consistency



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11443) resource resolver: switch to sql2 syntax

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11443.


> resource resolver: switch to sql2 syntax
> 
>
> Key: SLING-11443
> URL: https://issues.apache.org/jira/browse/SLING-11443
> Project: Sling
>  Issue Type: Improvement
>  Components: ResourceResolver
>Reporter: Julian Reschke
>Assignee: Carsten Ziegeler
>Priority: Minor
> Fix For: Resource Resolver 1.10.0
>
> Attachments: SLING-11443.diff, sql2.diff
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11508) Make dependency resolution use ResourceResolver#getResource instead of ResourceResolver#resolve

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11508.


> Make dependency resolution use ResourceResolver#getResource instead of 
> ResourceResolver#resolve
> ---
>
> Key: SLING-11508
> URL: https://issues.apache.org/jira/browse/SLING-11508
> Project: Sling
>  Issue Type: Bug
>  Components: Scripting
>Affects Versions: Scripting HTL Engine 1.4.2-1.4.0, Scripting HTL JS Use 
> Provider 1.2.2
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: Scripting HTL Testing 1.0.32-1.4.0, Scripting HTL Engine 
> 1.4.20-1.4.0, Scripting HTL JS Use Provider 1.2.8
>
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Given that SLING-11373 was fixed, the HTL modules should switch back to 
> {{ResourceResolver#getResource}} for their dependency resolution.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (SLING-11516) Generate adapter metadata json for adaptations natively supported by ResourceResolverImpl

2022-08-12 Thread Radu Cotescu (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Radu Cotescu closed SLING-11516.


> Generate adapter metadata json for adaptations natively supported by 
> ResourceResolverImpl
> -
>
> Key: SLING-11516
> URL: https://issues.apache.org/jira/browse/SLING-11516
> Project: Sling
>  Issue Type: Bug
>  Components: ResourceResolver
>Affects Versions: Resource Resolver 1.9.0
>Reporter: Konrad Windszus
>Assignee: Konrad Windszus
>Priority: Major
> Fix For: JCR Resource 3.2.2, Resource Resolver 1.10.0
>
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Currently the Felix Web Console plugin at {{/system/console/adapters}} 
> doesn't expose the adaptation from {{ResourceResolver}} to 
> {{javax.jcr.Session}} and {{ResourceMapper}} as the adapter JSON metadata is 
> not included in the bundle.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[RESULT] [VOTE] Release Apache Sling Engine 2.10.2, Apache Sling Scripting HTL Testing 1.0.32-1.4.0, Apache Sling Resource Resolver 1.10.0, Apache Sling Scripting HTL JS Use Provider 1.2.8, Apache Sli

2022-08-12 Thread Radu Cotescu 
Hi,

The vote has passed with the following result:

+1 (binding): Carsten Ziegeler, Stefan Seifert, Karl Pauls, Eric Norman
+1 (non-binding): none

I will copy this release to the Sling dist directory and
promote the artifacts to the central Maven repository.

Regards,
Radu Cotescu

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944306930


##
src/main/java/org/apache/sling/xss/impl/CustomPolicy.java:
##
@@ -0,0 +1,261 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nullable;
+
+import org.apache.sling.xss.impl.style.CssValidator;
+import org.apache.sling.xss.impl.xml.Attribute;
+import org.apache.sling.xss.impl.xml.PolicyProvider;
+import org.apache.sling.xss.impl.xml.Tag;
+
+import org.owasp.html.AttributePolicy;
+import org.owasp.html.HtmlPolicyBuilder;
+import org.owasp.html.PolicyFactory;
+
+import com.google.common.base.Predicate;
+
+public class CustomPolicy {
+private PolicyFactory policyFactory;

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944297560


##
src/main/java/org/apache/sling/xss/impl/xml/PolicyProvider.java:
##
@@ -0,0 +1,142 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+public class PolicyProvider {

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944295709


##
src/main/java/org/apache/sling/xss/impl/CustomPolicy.java:
##
@@ -0,0 +1,261 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nullable;
+
+import org.apache.sling.xss.impl.style.CssValidator;
+import org.apache.sling.xss.impl.xml.Attribute;
+import org.apache.sling.xss.impl.xml.PolicyProvider;
+import org.apache.sling.xss.impl.xml.Tag;
+
+import org.owasp.html.AttributePolicy;
+import org.owasp.html.HtmlPolicyBuilder;
+import org.owasp.html.PolicyFactory;
+
+import com.google.common.base.Predicate;
+
+public class CustomPolicy {
+private PolicyFactory policyFactory;
+private List onInvalidRemoveTagList = new ArrayList<>();
+private Map dynamicAttributesPolicyMap = new 
HashMap<>();
+private CssValidator cssValidator;
+static final String ALLOW_DYNAMIC_ATTRIBUTES = "allowDynamicAttributes";

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944295108


##
src/main/java/org/apache/sling/xss/impl/xml/PolicyProvider.java:
##
@@ -0,0 +1,142 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+public class PolicyProvider {
+
+protected final Map commonRegularExpressions = new 
HashMap<>();
+protected final Map commonAttributes = new HashMap<>();
+protected final Map tagRules = new HashMap<>();
+protected final Map cssRules = new HashMap<>();
+protected final Map directives = new HashMap<>();
+protected final Map globalAttributes = new HashMap<>();
+protected final Map dynamicAttributes = new HashMap<>();
+protected List allowedEmptyTags = new ArrayList<>();
+protected final List requireClosingTags = new ArrayList<>();
+
+public static class CssPolicy {
+
+private final Map cssRules;
+private final IncludeExcludeMatcher elementMatcher;
+private final IncludeExcludeMatcher classMatcher;
+private final IncludeExcludeMatcher idMatcher;
+private final IncludeExcludeMatcher pseudoElementMatcher;
+private final IncludeExcludeMatcher attributeMatcher;
+
+public CssPolicy(Map cssrules, Map 
commonRegExps, Map directives) {
+this.cssRules = Collections.unmodifiableMap(cssrules);
+this.elementMatcher = new 
IncludeExcludeMatcher(commonRegExps.get("cssElementSelector"),
+commonRegExps.get("cssElementExclusion"));
+this.classMatcher = new 
IncludeExcludeMatcher(commonRegExps.get("cssClassSelector"),
+commonRegExps.get("cssClassExclusion"));
+this.idMatcher = new 
IncludeExcludeMatcher(commonRegExps.get("cssIDSelector"),
+commonRegExps.get("cssIDExclusion"));
+this.pseudoElementMatcher = new 
IncludeExcludeMatcher(commonRegExps.get("cssPseudoElementSelector"),
+commonRegExps.get("cssPseudoElementExclusion"));
+this.attributeMatcher = new 
IncludeExcludeMatcher(commonRegExps.get("cssAttributeSelector"),
+commonRegExps.get("cssAttributeExclusion"));
+}
+
+public Map getCssRules() {
+return cssRules;
+}
+
+public boolean isValidElementName(String name) {
+return elementMatcher.matches(name);
+}
+
+public boolean isValidClassName(String name) {
+return classMatcher.matches(name);
+}
+
+public boolean isValidId(String name) {
+return idMatcher.matches(name);
+}
+
+public boolean isValidPseudoElementName(String name) {
+return pseudoElementMatcher.matches(name);
+}
+
+public boolean isValidAttributeSelector(String name) {
+return attributeMatcher.matches(name);
+}
+}
+
+public Map getDirectives() {
+return directives;
+}
+
+public List getRequireClosingTags() {
+return requireClosingTags;
+}
+
+public Map getCommonRegularExpressions() {
+return commonRegularExpressions;
+}
+
+public Map getGlobalAttributes() {
+return globalAttributes;
+}
+
+public Map getCommonAttributes() {
+return commonAttributes;
+}
+
+public Map getCssRules() {
+return cssRules;
+}
+
+public List getAllowedEmptyTags() {
+return allowedEmptyTags;
+}
+
+public Map getTagRules() {
+return tagRules;
+}
+
+public Map getDynamicAttributes() {
+return dynamicAttributes;
+}
+
+public CssPolicy

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944296826


##
src/main/java/org/apache/sling/xss/impl/CustomPolicy.java:
##
@@ -0,0 +1,261 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nullable;
+
+import org.apache.sling.xss.impl.style.CssValidator;
+import org.apache.sling.xss.impl.xml.Attribute;
+import org.apache.sling.xss.impl.xml.PolicyProvider;
+import org.apache.sling.xss.impl.xml.Tag;
+
+import org.owasp.html.AttributePolicy;
+import org.owasp.html.HtmlPolicyBuilder;
+import org.owasp.html.PolicyFactory;
+
+import com.google.common.base.Predicate;
+
+public class CustomPolicy {
+private PolicyFactory policyFactory;
+private List onInvalidRemoveTagList = new ArrayList<>();
+private Map dynamicAttributesPolicyMap = new 
HashMap<>();
+private CssValidator cssValidator;
+static final String ALLOW_DYNAMIC_ATTRIBUTES = "allowDynamicAttributes";
+static final String REMOVE_TAG_ONINVALID_ACTION = "removeTag";
+
+public CustomPolicy(PolicyProvider policy) {
+removeAttributeGuards();
+HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
+
+cssValidator = new CssValidator(policy.getCssPolicy());
+
+//  this is for the global attributes -
+Map globalAttributes = policy.getGlobalAttributes();
+
+for (Attribute attribute : globalAttributes.values()) {
+if (attribute.getOnInvalid().equals(REMOVE_TAG_ONINVALID_ACTION)) {
+onInvalidRemoveTagList.add(attribute.getName());
+}
+
+if (CssValidator.STYLE_ATTRIBUTE_NAME.equals(attribute.getName())) 
{
+// we match style tags separately
+
policyBuilder.allowAttributes(attribute.getName()).matching(cssValidator.newCssAttributePolicy())
+.globally();
+} else {
+List allowedValuesFromAttribute = 
attribute.getLiterals();
+for (String allowedValue : allowedValuesFromAttribute) {
+
policyBuilder.allowAttributes(attribute.getName()).matching(true, 
allowedValue).globally();
+}
+
+List regexsFromAttribute = attribute.getPatternList();
+if (!regexsFromAttribute.isEmpty()) {
+
policyBuilder.allowAttributes(attribute.getName()).matching(matchesToPatterns(regexsFromAttribute))
+.globally();
+} else {
+
policyBuilder.allowAttributes(attribute.getName()).globally();
+}
+}
+}
+
+//  this is for the allowed emty tags -
+List allowedEmptyTags = policy.getAllowedEmptyTags();
+for (String allowedEmptyTag : allowedEmptyTags) {
+policyBuilder.allowWithoutAttributes(allowedEmptyTag);
+}
+
+//  this is for the tag rules -
+Map tagMap = policy.getTagRules();
+for (Map.Entry tag : tagMap.entrySet()) {
+
+String tagAction = tag.getValue().getAction();
+switch (tagAction) {
+// Tag.action
+case AntiSamyConstants.TRUNCATE_ACTION:
+policyBuilder.allowElements(tag.getValue().getName());
+break;
+
+// filter: remove tags, but keep content,
+case AntiSamyConstants.FILTER_ACTION:
+break;
+
+// remove: remove tag and contents
+case AntiSamyConstants.REMOVE_ACTION:
+policyBuilder.disallowElements(tag.getValue().getName());
+break;
+
+

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944294951


##
src/main/java/org/apache/sling/xss/impl/xml/PolicyProvider.java:
##
@@ -0,0 +1,142 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+public class PolicyProvider {
+
+protected final Map commonRegularExpressions = new 
HashMap<>();
+protected final Map commonAttributes = new HashMap<>();
+protected final Map tagRules = new HashMap<>();
+protected final Map cssRules = new HashMap<>();
+protected final Map directives = new HashMap<>();
+protected final Map globalAttributes = new HashMap<>();
+protected final Map dynamicAttributes = new HashMap<>();
+protected List allowedEmptyTags = new ArrayList<>();
+protected final List requireClosingTags = new ArrayList<>();
+
+public static class CssPolicy {

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944294655


##
src/main/java/org/apache/sling/xss/impl/xml/MapBuilder.java:
##
@@ -0,0 +1,247 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+class MapBuilder {
+
+PolicyProvider policy;
+// Antisamy hardcodes the allowed-empty-tags default:
+// 
https://github.com/nahsra/antisamy/blob/main/src/main/java/org/owasp/validator/html/scan/Constants.java#L37
+public static final List ALLOWED_EMPTY_TAGS = Arrays.asList(
+"br",
+"hr",
+"a",
+"img",
+"link",
+"iframe",
+"script",
+"object",
+"applet",
+"frame",
+"base",
+"param",
+"meta",
+"input",
+"textarea",
+"embed",
+"basefont",
+"col");
+
+public void createRulesMap(PolicyProvider policy, AntiSamyRules 
topLevelElement) throws PolicyException {
+this.policy = policy;
+
+parseCommonRegExps(topLevelElement.getRegexpList());
+parseDirectives(topLevelElement.getDirectiveList());
+parseAllowedEmptyTags(topLevelElement.getAllowedEmptyTags());
+parseCommonAttributes(topLevelElement.getCommonAttributeList());
+
parseGlobalAttributes(topLevelElement.getGlobalTagAttributes().getGlobalTagAttributeList());
+
parseDynamicAttributes(topLevelElement.getDynamicTagAttribute().getDynamicTagAttributeList());
+parseTagRules(topLevelElement.getTagRulesList());
+
+parseCSSRules(topLevelElement.getPropertyList());
+}
+
+/**
+ * Go through the  section of the policy file.
+ *
+ * @param root  Top level of 
+ */
+private void parseCommonRegExps(List root) {
+for (Regexp regex : root) {
+String name = regex.getName();
+Pattern regexp = Pattern.compile(regex.getValue(),
+Pattern.DOTALL);
+policy.commonRegularExpressions.put(name, regexp);
+}
+}
+
+/**
+ * Go through  section of the policy file.
+ *
+ * @param root   Top level of 
+ */
+private void parseDirectives(List root) {
+for (Directive directive : root) {
+String name = directive.getName();
+String value = directive.getValue();
+policy.directives.put(name, value);
+}
+}
+
+private void parseCommonAttributes(List root) {
+for (Attribute attribute : root) {
+List allowedRegexps = 
getAllowedRegexps(attribute.getRegexpList());
+Attribute newAttribute = new Attribute(attribute.getName(), 
allowedRegexps, attribute.getLiteralList(),
+attribute.getOnInvalid(), attribute.getDescription());
+policy.commonAttributes.put(attribute.getName().toLowerCase(), 
newAttribute);
+}
+}
+
+// /**
+// * Go through  section of the policy file.
+// *
+// * @param allowedEmptyTagsListNode Top level of 
+// * @param allowedEmptyTags The tags that can be empty
+// */
+private void parseAllowedEmptyTags(AllowedEmptyTags allowedEmptyTagsList) 
throws PolicyException {
+if (allowedEmptyTagsList != null) {
+policy.allowedEmptyTags = allowedEmptyTagsList.getLiterals();
+} else
+policy.allowedEmptyTags.addAll(ALLOWED_EMPTY_TAGS);
+}
+
+// /**
+// * Go through  section of the policy file.
+// *
+// * @param root Top level of 
+// * @param globalAttributes1 A HashMap of global Attributes that need
+// validation
+// * for every tag.
+// * @param commonAttributes The common attributes
+// * @throws PolicyException

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944294489


##
src/main/java/org/apache/sling/xss/impl/xml/MapBuilder.java:
##
@@ -0,0 +1,247 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+class MapBuilder {
+
+PolicyProvider policy;
+// Antisamy hardcodes the allowed-empty-tags default:
+// 
https://github.com/nahsra/antisamy/blob/main/src/main/java/org/owasp/validator/html/scan/Constants.java#L37
+public static final List ALLOWED_EMPTY_TAGS = Arrays.asList(
+"br",
+"hr",
+"a",
+"img",
+"link",
+"iframe",
+"script",
+"object",
+"applet",
+"frame",
+"base",
+"param",
+"meta",
+"input",
+"textarea",
+"embed",
+"basefont",
+"col");
+
+public void createRulesMap(PolicyProvider policy, AntiSamyRules 
topLevelElement) throws PolicyException {
+this.policy = policy;
+
+parseCommonRegExps(topLevelElement.getRegexpList());
+parseDirectives(topLevelElement.getDirectiveList());
+parseAllowedEmptyTags(topLevelElement.getAllowedEmptyTags());
+parseCommonAttributes(topLevelElement.getCommonAttributeList());
+
parseGlobalAttributes(topLevelElement.getGlobalTagAttributes().getGlobalTagAttributeList());
+
parseDynamicAttributes(topLevelElement.getDynamicTagAttribute().getDynamicTagAttributeList());
+parseTagRules(topLevelElement.getTagRulesList());
+
+parseCSSRules(topLevelElement.getPropertyList());
+}
+
+/**
+ * Go through the  section of the policy file.
+ *
+ * @param root  Top level of 
+ */
+private void parseCommonRegExps(List root) {
+for (Regexp regex : root) {
+String name = regex.getName();
+Pattern regexp = Pattern.compile(regex.getValue(),
+Pattern.DOTALL);
+policy.commonRegularExpressions.put(name, regexp);
+}
+}
+
+/**
+ * Go through  section of the policy file.
+ *
+ * @param root   Top level of 
+ */
+private void parseDirectives(List root) {
+for (Directive directive : root) {
+String name = directive.getName();
+String value = directive.getValue();
+policy.directives.put(name, value);
+}
+}
+
+private void parseCommonAttributes(List root) {
+for (Attribute attribute : root) {
+List allowedRegexps = 
getAllowedRegexps(attribute.getRegexpList());
+Attribute newAttribute = new Attribute(attribute.getName(), 
allowedRegexps, attribute.getLiteralList(),
+attribute.getOnInvalid(), attribute.getDescription());
+policy.commonAttributes.put(attribute.getName().toLowerCase(), 
newAttribute);
+}
+}
+
+// /**

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



##
src/main/java/org/apache/sling/xss/impl/xml/MapBuilder.java:
##
@@ -0,0 +1,247 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944294257


##
src/main/java/org/apache/sling/xss/impl/xml/MapBuilder.java:
##
@@ -0,0 +1,247 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+class MapBuilder {
+
+PolicyProvider policy;
+// Antisamy hardcodes the allowed-empty-tags default:
+// 
https://github.com/nahsra/antisamy/blob/main/src/main/java/org/owasp/validator/html/scan/Constants.java#L37
+public static final List ALLOWED_EMPTY_TAGS = Arrays.asList(

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944293793


##
src/main/java/org/apache/sling/xss/impl/HtmlSanitizer.java:
##
@@ -0,0 +1,88 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+import java.lang.reflect.Field;
+
+import org.apache.sling.xss.impl.xml.PolicyProvider;
+import org.owasp.html.DynamicAttributesSanitizerPolicy;
+import org.owasp.html.Handler;
+import org.owasp.html.HtmlStreamEventReceiver;
+import org.owasp.html.HtmlStreamRenderer;
+import org.owasp.html.PolicyFactory;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+
+public class HtmlSanitizer {
+
+private CustomPolicy custumPolicy;

Review Comment:
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944293623


##
src/main/java/org/apache/sling/xss/impl/AntiSamyConstants.java:
##
@@ -0,0 +1,27 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+public class AntiSamyConstants {

Review Comment:
   Yes reads much better :)
   Resolved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



##
src/main/java/org/apache/sling/xss/impl/HtmlSanitizer.java:
##
@@ -0,0 +1,88 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl;
+
+import java.lang.reflect.Field;
+
+import org.apache.sling.xss.impl.xml.PolicyProvider;
+import org.owasp.html.DynamicAttributesSanitizerPolicy;
+import org.owasp.html.Handler;
+import org.owasp.html.HtmlStreamEventReceiver;
+import org.owasp.html.HtmlStreamRenderer;
+import org.owasp.html.PolicyFactory;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+
+public class HtmlSanitizer {
+
+private CustomPolicy custumPolicy;

Review Comment:
   Resollved: 99bb91ab6e2529fd6ef25858f874a26cb159e87e



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-bundleresource-impl] joerghoh commented on a diff in pull request #1: SLING-11504 BundleResource/JcrNodeResource getResourceType fallback consistency

2022-08-12 Thread GitBox 


joerghoh commented on code in PR #1:
URL: 
https://github.com/apache/sling-org-apache-sling-bundleresource-impl/pull/1#discussion_r934619468


##
src/main/java/org/apache/sling/bundleresource/impl/BundleResource.java:
##
@@ -229,7 +228,11 @@ public String getPath() {
 
 @Override
 public String getResourceType() {
-return this.valueMap.get(ResourceResolver.PROPERTY_RESOURCE_TYPE, 
String.class);
+String resourceType = 
this.valueMap.get(ResourceResolver.PROPERTY_RESOURCE_TYPE, String.class);
+if ( resourceType == null ) {
+resourceType = this.isFolder ? NT_FOLDER : NT_FILE;

Review Comment:
   I think specifically about this provider. It does not make sense to return 
JCR NodeTypes here; I want to be able to run Sling without any JCR (not sure if 
that's possible, but I think it's a good goal).  That means, we should not use 
these JCR constants here, but rather introduce new Sling-specific constants. 
   
   For the sake of implementation, I am also not against making it 
configurable; in that case you can adjust them to your own needs and still use 
"NT:FILE" and "NT:FOLDER" if you have code which needs to work the same on both 
JcrResourceProvider and the BundleResourceProvider.
   
   
   
   
   
   
   
   
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-bundleresource-impl] kwin commented on a diff in pull request #1: SLING-11504 BundleResource/JcrNodeResource getResourceType fallback consistency

2022-08-12 Thread GitBox 


kwin commented on code in PR #1:
URL: 
https://github.com/apache/sling-org-apache-sling-bundleresource-impl/pull/1#discussion_r944275677


##
src/main/java/org/apache/sling/bundleresource/impl/PathMapping.java:
##
@@ -44,18 +46,20 @@ public static PathMapping[] getRoots(final String rootList) 
{
 final String resourceRoot = entry.getValue();
 final String pathDirective = entry.getDirectiveValue(DIR_PATH);
 final String expandDirective = entry.getDirectiveValue(DIR_JSON);
+final boolean skipSettingResourceTypeProperty = 
Boolean.parseBoolean(entry.getDirectiveValue(SKIP_SETTING_RESOURCE_TYPE_FLAG));

Review Comment:
   Maybe "hideResourceTypeProperties" is the better name (and an according 
constant name value).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

RE: [VOTE] Release Apache Sling JCR Jackrabbit User Manager version 2.2.24

2022-08-12 Thread Stefan Seifert 
+1

stefan

[jira] [Closed] (SLING-11079) models-caconfig: Lower log level to debug for message "Injection only supported using @ContextAwareConfiguration annotation"

2022-08-12 Thread Stefan Seifert (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seifert closed SLING-11079.
--

> models-caconfig: Lower log level to debug for message "Injection only 
> supported using @ContextAwareConfiguration annotation"
> 
>
> Key: SLING-11079
> URL: https://issues.apache.org/jira/browse/SLING-11079
> Project: Sling
>  Issue Type: Improvement
>  Components: Sling Models
>Affects Versions: Models Context-Aware Configuration 1.0.0
>Reporter: Stefan Seifert
>Assignee: Stefan Seifert
>Priority: Minor
> Fix For: Models Context-Aware Configuration 1.0.2
>
>
> the injector is triggered also when no injector is specified with @Inject and 
> should not log a warning in this case.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[RESULT] [VOTE] Release Apache Sling Models Context-Aware Configuration 1.0.2

2022-08-12 Thread Stefan Seifert 
Hi,

The vote has passed with the following result :

+1 (binding): Stefan Seifert, Carsten Ziegeler, Jörg Hoh

I will copy this release to the Sling dist directory and
promote the artifacts to the central Maven repository.

stefan

[GitHub] [sling-org-apache-sling-bundleresource-impl] michalcukierman commented on a diff in pull request #1: SLING-11504 BundleResource/JcrNodeResource getResourceType fallback consistency

2022-08-12 Thread GitBox 


michalcukierman commented on code in PR #1:
URL: 
https://github.com/apache/sling-org-apache-sling-bundleresource-impl/pull/1#discussion_r944226745


##
src/main/java/org/apache/sling/bundleresource/impl/BundleResource.java:
##
@@ -229,7 +228,11 @@ public String getPath() {
 
 @Override
 public String getResourceType() {
-return this.valueMap.get(ResourceResolver.PROPERTY_RESOURCE_TYPE, 
String.class);
+String resourceType = 
this.valueMap.get(ResourceResolver.PROPERTY_RESOURCE_TYPE, String.class);
+if ( resourceType == null ) {
+resourceType = this.isFolder ? NT_FOLDER : NT_FILE;

Review Comment:
   Agree, out of the scope of this PR.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (SLING-11537) Restrict "mountByFS" parameter to files outside the Maven repository

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-11537:

Summary: Restrict "mountByFS" parameter to files outside the Maven 
repository  (was: Restrict {{mountByFS}} parameter to files outside the Maven 
repository)

> Restrict "mountByFS" parameter to files outside the Maven repository
> 
>
> Key: SLING-11537
> URL: https://issues.apache.org/jira/browse/SLING-11537
> Project: Sling
>  Issue Type: Bug
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>
> Currently the {{mountByFS}} parameter is supported by both goals {{install}} 
> and {{install-file}}. The latter also allows to install bundles from a Maven 
> repository (after resolving it) but configuring a Filesystem Resource 
> Provider for that location is never useful, as the local Maven repository 
> path should not be abused for maintaining Sling Initial Content directly on 
> the file system.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SLING-11537) Restrict {{mountByFS}} parameter to files outside the Maven repository

2022-08-12 Thread Konrad Windszus (Jira) 
Konrad Windszus created SLING-11537:
---

 Summary: Restrict {{mountByFS}} parameter to files outside the 
Maven repository
 Key: SLING-11537
 URL: https://issues.apache.org/jira/browse/SLING-11537
 Project: Sling
  Issue Type: Bug
Reporter: Konrad Windszus
 Fix For: Sling Maven Plugin 2.5.0


Currently the {{mountByFS}} parameter is supported by both goals {{install}} 
and {{install-file}}. The latter also allows to install bundles from a Maven 
repository (after resolving it) but configuring a Filesystem Resource Provider 
for that location is never useful, as the local Maven repository path should 
not be abused for maintaining Sling Initial Content directly on the file system.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SLING-11536) Remove wrong LifecycleMapping metadata

2022-08-12 Thread Konrad Windszus (Jira) 
Konrad Windszus created SLING-11536:
---

 Summary: Remove wrong LifecycleMapping metadata
 Key: SLING-11536
 URL: https://issues.apache.org/jira/browse/SLING-11536
 Project: Sling
  Issue Type: Bug
  Components: Maven Plugins and Archetypes
Reporter: Konrad Windszus
 Fix For: Sling Maven Plugin 2.5.0


The sling-maven-plugin contains Plexus component metadata for a 
{{org.apache.maven.lifecycle.mapping.DefaultLifecycleMapping}} with role 
{{assembly}} 
(https://github.com/apache/sling-maven-plugin/blob/e5da7210376d1951c2fa4ce76f69cb7632cee36f/sling-maven-plugin/src/main/resources/META-INF/plexus/components.xml#L20).

Although this only is active if {{sling-maven-plugin}} is used with 
{{true}} it is wrong in any case, as it defines a 
mapping for packaging "assembly" and also only binds Maven default plugin goals.

As the {{sling-maven-plugin}} doesn't do any packaging nor defines a custom 
packaging, providing a custom {{DefaultLifecycleMapping}} is not necessary and 
in the worst case might have negative side-effects.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SLING-11535) Deprecate "deploy" and "deploy-file" goals

2022-08-12 Thread Konrad Windszus (Jira) 
Konrad Windszus created SLING-11535:
---

 Summary: Deprecate "deploy" and "deploy-file" goals
 Key: SLING-11535
 URL: https://issues.apache.org/jira/browse/SLING-11535
 Project: Sling
  Issue Type: Improvement
Reporter: Konrad Windszus
 Fix For: Sling Maven Plugin 2.5.0


The goals related to OSGi Bundle Repositories (OBRs) should be deprecated as 
there is the better maintained alternative nowadays with
https://felix.apache.org/documentation/_attachments/components/bundle-plugin/deploy-file-mojo.html
 and 
https://felix.apache.org/documentation/_attachments/components/bundle-plugin/deploy-mojo.html




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-org-apache-sling-bundleresource-impl] michalcukierman commented on a diff in pull request #1: SLING-11504 BundleResource/JcrNodeResource getResourceType fallback consistency

2022-08-12 Thread GitBox 


michalcukierman commented on code in PR #1:
URL: 
https://github.com/apache/sling-org-apache-sling-bundleresource-impl/pull/1#discussion_r944198717


##
src/test/java/org/apache/sling/bundleresource/impl/BundleResourceTest.java:
##
@@ -111,7 +111,7 @@ void addContent(BundleResourceCache cache, String path, 
String content) throws I
 assertEquals(JcrConstants.NT_FILE, rsrc.getResourceType());
 assertNull(rsrc.getResourceSuperType());
 final ValueMap vm = rsrc.getValueMap();
-assertEquals(JcrConstants.NT_FILE, 
vm.get(ResourceResolver.PROPERTY_RESOURCE_TYPE, String.class));
+assertNull(vm.get(ResourceResolver.PROPERTY_RESOURCE_TYPE, 
String.class));
 assertEquals("foo", vm.get("test", String.class));

Review Comment:
   Tests added



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-org-apache-sling-xss] nonanalou commented on a diff in pull request #28: SLING-7231 Move to owasp sanitizer library

2022-08-12 Thread GitBox 


nonanalou commented on code in PR #28:
URL: 
https://github.com/apache/sling-org-apache-sling-xss/pull/28#discussion_r944196444


##
src/main/java/org/apache/sling/xss/impl/xml/PolicyProvider.java:
##
@@ -0,0 +1,142 @@
+/*~~
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements.  See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership.  The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License.  You may obtain a copy of the License at
+ ~
+ ~   http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ 
~*/
+package org.apache.sling.xss.impl.xml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.sling.xss.impl.PolicyException;
+
+public class PolicyProvider {
+
+protected final Map commonRegularExpressions = new 
HashMap<>();

Review Comment:
   @rombert i use this fields in the MapBuilder. Would it be nicer to have 
setters?
   
https://github.com/apache/sling-org-apache-sling-xss/pull/28/files#diff-c87b738161034b4659aedf4d75945c308aecdc9beb7cb4056c949f90c6493f23R77



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (SLING-11534) uninstall goal: Allow to parameterize Bundle Symbolic Name/Resource Name directly

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-11534:

Summary: uninstall goal: Allow to parameterize Bundle Symbolic 
Name/Resource Name directly  (was: uninstall goal: Allow to parameterize Bundle 
Symbolic Name directly)

> uninstall goal: Allow to parameterize Bundle Symbolic Name/Resource Name 
> directly
> -
>
> Key: SLING-11534
> URL: https://issues.apache.org/jira/browse/SLING-11534
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>
> Currently the uninstall goal requires the parameter {{bundleFileName}} which 
> is set to a default path which often reflects the artifact file name bound by 
> the current project.
> In order to ease uninstalling arbitrary packages, it should be allowed to 
> uninstall bundles by just giving their Bundle Symbolic Name (BSN) / file name.
> The file name is used for all deployment methods except for Web Console (to 
> remove the same named resource from the repository), otherwise the BSN is 
> used.
> The old way of determining the BSN from a given file should be used as 
> fallback.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (SLING-11534) uninstall goal: Allow to parameterize Bundle Symbolic Name directly

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-11534:

Description: 
Currently the uninstall goal requires the parameter {{bundleFileName}} which is 
set to a default path which often reflects the artifact file name bound by the 
current project.
In order to ease uninstalling arbitrary packages, it should be allowed to 
uninstall bundles by just giving their Bundle Symbolic Name (BSN) / file name.

The file name is used for all deployment methods except for Web Console (to 
remove the same named resource from the repository), otherwise the BSN is used.

The old way of determining the BSN from a given file should be used as fallback.

  was:
Currently the uninstall goal requires the parameter {{bundleFileName}} which is 
set to a default path which often reflects the artifact file name bound by the 
current project.
In order to ease uninstalling arbitrary packages, it should be allowed to 
uninstall bundles by just giving their Bundle Symbolic Name (BSN).

The old way of determining the BSN from a given file should be used as fallback.


> uninstall goal: Allow to parameterize Bundle Symbolic Name directly
> ---
>
> Key: SLING-11534
> URL: https://issues.apache.org/jira/browse/SLING-11534
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>
> Currently the uninstall goal requires the parameter {{bundleFileName}} which 
> is set to a default path which often reflects the artifact file name bound by 
> the current project.
> In order to ease uninstalling arbitrary packages, it should be allowed to 
> uninstall bundles by just giving their Bundle Symbolic Name (BSN) / file name.
> The file name is used for all deployment methods except for Web Console (to 
> remove the same named resource from the repository), otherwise the BSN is 
> used.
> The old way of determining the BSN from a given file should be used as 
> fallback.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (SLING-11534) uninstall goal: Allow to give Bundle Symbolic name directory

2022-08-12 Thread Konrad Windszus (Jira) 
Konrad Windszus created SLING-11534:
---

 Summary: uninstall goal: Allow to give Bundle Symbolic name 
directory
 Key: SLING-11534
 URL: https://issues.apache.org/jira/browse/SLING-11534
 Project: Sling
  Issue Type: Improvement
Reporter: Konrad Windszus
 Fix For: Sling Maven Plugin 2.5.0


Currently the uninstall goal requires the parameter {{bundleFileName}} which is 
set to a default path which often reflects the artifact file name bound by the 
current project.
In order to ease uninstalling arbitrary packages, it should be allowed to 
uninstall bundles by just giving their Bundle Symbolic Name (BSN).

The old way of determining the BSN from a given file should be used as fallback.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (SLING-11534) uninstall goal: Allow to parameterize Bundle Symbolic Name directly

2022-08-12 Thread Konrad Windszus (Jira) 


 [ 
https://issues.apache.org/jira/browse/SLING-11534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konrad Windszus updated SLING-11534:

Summary: uninstall goal: Allow to parameterize Bundle Symbolic Name 
directly  (was: uninstall goal: Allow to give Bundle Symbolic name directory)

> uninstall goal: Allow to parameterize Bundle Symbolic Name directly
> ---
>
> Key: SLING-11534
> URL: https://issues.apache.org/jira/browse/SLING-11534
> Project: Sling
>  Issue Type: Improvement
>Reporter: Konrad Windszus
>Priority: Major
> Fix For: Sling Maven Plugin 2.5.0
>
>
> Currently the uninstall goal requires the parameter {{bundleFileName}} which 
> is set to a default path which often reflects the artifact file name bound by 
> the current project.
> In order to ease uninstalling arbitrary packages, it should be allowed to 
> uninstall bundles by just giving their Bundle Symbolic Name (BSN).
> The old way of determining the BSN from a given file should be used as 
> fallback.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [sling-maven-plugin] sonarcloud[bot] commented on pull request #9: SLING-11532 remove old relocate module

2022-08-12 Thread GitBox 


sonarcloud[bot] commented on PR #9:
URL: https://github.com/apache/sling-maven-plugin/pull/9#issuecomment-1212760161

   SonarCloud Quality Gate failed.  [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_sling-maven-plugin=9)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=BUG)
 
[![E](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/E-16px.png
 
'E')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=BUG)
 [1 
Bug](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=9=false=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=9=false=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-maven-plugin=9=false=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=CODE_SMELL)
 [37 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_sling-maven-plugin=9=false=CODE_SMELL)
   
   
[![12.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/0-16px.png
 
'12.8%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=9=new_coverage=list)
 [12.8% 
Coverage](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=9=new_coverage=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=9=new_duplicated_lines_density=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_sling-maven-plugin=9=new_duplicated_lines_density=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [sling-maven-plugin] kwin opened a new pull request, #9: SLING-11532 remove old relocate module

2022-08-12 Thread GitBox 


kwin opened a new pull request, #9:
URL: https://github.com/apache/sling-maven-plugin/pull/9

   convert to single module project again


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org