[GitHub] [sling-org-apache-sling-starter-content] sonarcloud[bot] commented on pull request #7: SLING-11674 update the acl/ace pages for new SLING-11243 features
sonarcloud[bot] commented on PR #7: URL: https://github.com/apache/sling-org-apache-sling-starter-content/pull/7#issuecomment-1312288756 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-starter-content=7) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-starter-content=7=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-starter-content=7=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-starter-content=7=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=CODE_SMELL) [5 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_coverage=list) [0.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-caconfig-integration-tests] sonarcloud[bot] commented on pull request #1: SLING-11114 update SLING API to 2.21.0
sonarcloud[bot] commented on PR #1: URL: https://github.com/apache/sling-org-apache-sling-caconfig-integration-tests/pull/1#issuecomment-1312287222 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-caconfig-integration-tests=1) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-caconfig-integration-tests=1=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-starter-content] sonarcloud[bot] commented on pull request #7: SLING-11674 update the acl/ace pages for new SLING-11243 features
sonarcloud[bot] commented on PR #7: URL: https://github.com/apache/sling-org-apache-sling-starter-content/pull/7#issuecomment-1312282095 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-starter-content=7) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-starter-content=7=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-starter-content=7=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-starter-content=7=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=CODE_SMELL) [5 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter-content=7=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_coverage=list) [0.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_duplicated_lines_density=list) [2.7% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter-content=7=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-starter-content] enapps-enorman opened a new pull request, #7: SLING-11674 update the acl/ace pages for new SLING-11243 features
enapps-enorman opened a new pull request, #7: URL: https://github.com/apache/sling-org-apache-sling-starter-content/pull/7 [SLING-11243](https://issues.apache.org/jira/browse/SLING-11243) added features to allow modifying an ace with more specific restriction details The existing acl/ace sample pages in the starter content should be updated to demonstrate these enhancements. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-11674) update the acl/ace pages for new SLING-11243 features
Eric Norman created SLING-11674: --- Summary: update the acl/ace pages for new SLING-11243 features Key: SLING-11674 URL: https://issues.apache.org/jira/browse/SLING-11674 Project: Sling Issue Type: Improvement Reporter: Eric Norman Assignee: Eric Norman SLING-11243 added features to allow modifying an ace with more specific restriction details The existing acl/ace sample pages in the starter content should be updated to demonstrate these enhancements. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (SLING-11243) Allow modifying an ace with more specific restriction details
[
https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman resolved SLING-11243.
-
Resolution: Fixed
Merged PR #16 at:
[{{838c062}}|https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/838c06260a02c1ca3846486d4392167d739a6b51]
> Allow modifying an ace with more specific restriction details
> -
>
> Key: SLING-11243
> URL: https://issues.apache.org/jira/browse/SLING-11243
> Project: Sling
> Issue Type: New Feature
>Reporter: Eric Norman
>Assignee: Eric Norman
>Priority: Major
> Fix For: JCR Jackrabbit Access Manager 3.1.0
>
> Time Spent: 3h 50m
> Remaining Estimate: 0h
>
> Support for modifying an ace with more specific details to support advanced
> usage of privileges with restrictions.
> These are a few of the use cases:
> # Setting a restriction for a specific privilege instead of for all
> privileges
> # Removing a restriction from a specific privilege
> # Privilege can set for the 'allow' and 'deny' state at the same time if
> those have different restrictions
> # Privilege can be unset for 'allow' or 'deny' state while leaving the other
> state alone
>
> The proposal is to supporting these additional request parameters:
>
> {code:java}
> One param for each privilege to delete. The parameter value must be either
> 'allow', 'deny' or 'all' to specify which state to delete from.
> privilege@[privilege_name]@Delete
> One param for each restriction value. The same parameter name may be used
> again for multi-value restrictions. The @Allow or @Deny suffix specifies
> whether to apply the restriction to the 'allow' or 'deny' privilege. The
> value is the target value of the restriction to be set.
> restriction@[privilege_name]@[restriction_name]@Allow
> restriction@[privilege_name]@[restriction_name]@Deny
> One param for each restriction to delete. The parameter value must be either
> 'allow', 'deny' or 'all' to specify which state to delete from.
> restriction@[privilege_name]@[restriction_name]@Delete {code}
>
> For consistency, also extend the values allowed for the
> "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases
> for 'granted' or 'denied'.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] sonarcloud[bot] commented on pull request #17: Bump org.apache.sling.servlets.post from 2.3.16 to 2.3.22
sonarcloud[bot] commented on PR #17: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/17#issuecomment-1312275945 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-jcr-jackrabbit-accessmanager=17=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] dependabot[bot] opened a new pull request, #17: Bump org.apache.sling.servlets.post from 2.3.16 to 2.3.22
dependabot[bot] opened a new pull request, #17: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/17 Bumps org.apache.sling.servlets.post from 2.3.16 to 2.3.22. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/network/alerts). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-jcr-jackrabbit-accessmanager] enapps-enorman merged pull request #16: SLING-11243 avoid an ambiguous ACE definition
enapps-enorman merged PR #16: URL: https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/pull/16 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-models-impl] sonarcloud[bot] commented on pull request #38: Add missing test case for AnnotationConflictsTest
sonarcloud[bot] commented on PR #38: URL: https://github.com/apache/sling-org-apache-sling-models-impl/pull/38#issuecomment-1312267628 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-models-impl=38) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-models-impl=38=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-models-impl=38=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-models-impl=38=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-models-impl=38=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-impl=38=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-impl=38=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-models-impl=38=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-tooling-support-install] github-code-scanning[bot] commented on a diff in pull request #4: SLING-11672 Migrate from Felix HTTP Whiteboard to OSGi Whiteboard
github-code-scanning[bot] commented on code in PR #4:
URL:
https://github.com/apache/sling-org-apache-sling-tooling-support-install/pull/4#discussion_r1020503172
##
src/main/java/org/apache/sling/tooling/support/install/impl/InstallServlet.java:
##
@@ -262,49 +235,45 @@
return found;
}
-private static void createJar(final File sourceDir, final File jarFile,
final Manifest mf)
-throws IOException {
-final JarOutputStream zos = new JarOutputStream(new
FileOutputStream(jarFile));
-try {
+private static void createJar(final Path sourceDir, final Path jarFile,
final Manifest mf) throws IOException {
+try (JarOutputStream zos = new
JarOutputStream(Files.newOutputStream(jarFile))) {
zos.setLevel(Deflater.NO_COMPRESSION);
// manifest first
final ZipEntry anEntry = new ZipEntry(JarFile.MANIFEST_NAME);
zos.putNextEntry(anEntry);
mf.write(zos);
zos.closeEntry();
zipDir(sourceDir, zos, "");
-} finally {
-try {
-zos.close();
-} catch ( final IOException ignore ) {
-// ignore
-}
}
}
-public static void zipDir(final File sourceDir, final ZipOutputStream zos,
final String path)
-throws IOException {
-final byte[] readBuffer = new byte[8192];
-int bytesIn = 0;
+public static void zipDir(final Path sourceDir, final ZipOutputStream zos,
final String prefix) throws IOException {
+try (Stream stream = Files.list(sourceDir)) {
Review Comment:
## I/O function calls should not be vulnerable to path injection attacks
Change this code to not construct
the path from user-controlled data. See more on https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=AYRoJJXWSHsDn9lThPYU=AYRoJJXWSHsDn9lThPYU=4;>SonarCloud
[Show more
details](https://github.com/apache/sling-org-apache-sling-tooling-support-install/security/code-scanning/10)
##
src/main/java/org/apache/sling/tooling/support/install/impl/InstallServlet.java:
##
@@ -96,77 +93,57 @@
result.render(resp.getWriter());
return;
}
-
if (isMultipart) {
-installBasedOnUploadedJar(req, resp);
+installBasedOnUploadedJar(req, resp, refreshPackages);
} else {
-installBasedOnDirectory(resp, new File(dirPath));
+installBasedOnDirectory(resp, Paths.get(dirPath), refreshPackages);
Review Comment:
## Exceptions should not be thrown from servlet methods
Handle the following exception
that could be thrown by "installBasedOnDirectory": IOException. See more on
https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=AYRoJJXWSHsDn9lThPYR=AYRoJJXWSHsDn9lThPYR=4;>SonarCloud
[Show more
details](https://github.com/apache/sling-org-apache-sling-tooling-support-install/security/code-scanning/12)
##
src/main/java/org/apache/sling/tooling/support/install/impl/InstallServlet.java:
##
@@ -96,77 +93,57 @@
result.render(resp.getWriter());
return;
}
-
if (isMultipart) {
-installBasedOnUploadedJar(req, resp);
+installBasedOnUploadedJar(req, resp, refreshPackages);
Review Comment:
## Exceptions should not be thrown from servlet methods
Handle the following exceptions
that could be thrown by "installBasedOnUploadedJar": IOException,
ServletException. See more on https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=AYRoJJXWSHsDn9lThPYQ=AYRoJJXWSHsDn9lThPYQ=4;>SonarCloud
[Show more
details](https://github.com/apache/sling-org-apache-sling-tooling-support-install/security/code-scanning/13)
##
src/main/java/org/apache/sling/tooling/support/install/impl/InstallServlet.java:
##
@@ -182,49 +159,39 @@
new InstallationResult(false, message + " : " +
e.getMessage()).render(resp.getWriter());
}
-private void installBasedOnDirectory(HttpServletResponse resp, final File
dir) throws FileNotFoundException,
-IOException {
-
+private void installBasedOnDirectory(HttpServletResponse resp, final Path
dir, boolean refreshPackages) throws IOException {
InstallationResult result = null;
-if ( dir.exists() && dir.isDirectory() ) {
+if (Files.isDirectory(dir)) {
logger.info("Checking dir {} for bundle install", dir);
-final File manifestFile = new File(dir, JarFile.MANIFEST_NAME);
-if ( manifestFile.exists() ) {
-FileInputStream fis = null;
-try {
-fis = new FileInputStream(manifestFile);
+final Path manifestFile = dir.resolve(JarFile.MANIFEST_NAME);
+if (Files.exists(dir)) {
+
[GitHub] [sling-org-apache-sling-tooling-support-install] sonarcloud[bot] commented on pull request #4: SLING-11672 Migrate from Felix HTTP Whiteboard to OSGi Whiteboard
sonarcloud[bot] commented on PR #4: URL: https://github.com/apache/sling-org-apache-sling-tooling-support-install/pull/4#issuecomment-1312094617 SonarCloud Quality Gate failed. [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-tooling-support-install=4) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=VULNERABILITY) [4 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-tooling-support-install=4=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-tooling-support-install=4=false=SECURITY_HOTSPOT) [1 Security Hotspot](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-tooling-support-install=4=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-tooling-support-install=4=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-tooling-support-install=4=new_coverage=list) [0.0% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-tooling-support-install=4=new_coverage=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-tooling-support-install=4=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-tooling-support-install=4=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-tooling-support-install] kwin opened a new pull request, #4: SLING-11672 Migrate from Felix HTTP Whiteboard to OSGi Whiteboard
kwin opened a new pull request, #4: URL: https://github.com/apache/sling-org-apache-sling-tooling-support-install/pull/4 Update dependencies Make refresh packages optional -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (SLING-11673) Jenkins sanity check stage executed even when no parallel builds are triggered
[ https://issues.apache.org/jira/browse/SLING-11673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Munteanu updated SLING-11673: Description: [https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/87] shows a 'Sanity Check' step, but the build only runs once, with Java 8. !image-2022-11-11-17-37-54-747.png! was: [https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/87] shows a 'Sanity Check' step, but the build only runs once, withJava 8. !image-2022-11-11-17-37-54-747.png! > Jenkins sanity check stage executed even when no parallel builds are triggered > -- > > Key: SLING-11673 > URL: https://issues.apache.org/jira/browse/SLING-11673 > Project: Sling > Issue Type: Bug > Components: Build and Source Control >Reporter: Robert Munteanu >Assignee: Robert Munteanu >Priority: Minor > Attachments: image-2022-11-11-17-37-54-747.png > > Time Spent: 10m > Remaining Estimate: 0h > > [https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/87] > shows a 'Sanity Check' step, but the build only runs once, with Java 8. > !image-2022-11-11-17-37-54-747.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-tooling-jenkins] rombert opened a new pull request, #15: SLING-11673 - Jenkins sanity check stage executed even when no parallel builds are triggered
rombert opened a new pull request, #15: URL: https://github.com/apache/sling-tooling-jenkins/pull/15 Correct the stepsMap size check -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-11673) Jenkins sanity check stage executed even when no parallel builds are triggered
Robert Munteanu created SLING-11673: --- Summary: Jenkins sanity check stage executed even when no parallel builds are triggered Key: SLING-11673 URL: https://issues.apache.org/jira/browse/SLING-11673 Project: Sling Issue Type: Bug Components: Build and Source Control Reporter: Robert Munteanu Assignee: Robert Munteanu Attachments: image-2022-11-11-17-37-54-747.png [https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/87] shows a 'Sanity Check' step, but the build only runs once, withJava 8. !image-2022-11-11-17-37-54-747.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (SLING-11672) Tooling Support Install should migrate from Felix HTTP Whiteboad to OSGi HTTP Whiteboard
Konrad Windszus created SLING-11672: --- Summary: Tooling Support Install should migrate from Felix HTTP Whiteboad to OSGi HTTP Whiteboard Key: SLING-11672 URL: https://issues.apache.org/jira/browse/SLING-11672 Project: Sling Issue Type: Improvement Affects Versions: Tooling Support Install 1.0.6 Reporter: Konrad Windszus Assignee: Konrad Windszus Fix For: Tooling Support Install 1.0.8 https://docs.osgi.org/specification/osgi.cmpn/7.0.0/service.http.whiteboard.html -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [sling-org-apache-sling-resourceresolver] sonarcloud[bot] commented on pull request #88: SLING-11671 - Jenkins: allow running Sling Starter ITs with a given module based on the Sling module d
sonarcloud[bot] commented on PR #88: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/88#issuecomment-1311780038 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-resourceresolver=88) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=88=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=88=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=88=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=88=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=88=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-resourceresolver] sonarcloud[bot] commented on pull request #88: SLING-11671 - Jenkins: allow running Sling Starter ITs with a given module based on the Sling module d
sonarcloud[bot] commented on PR #88: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/88#issuecomment-1311771106 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-resourceresolver=88) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=88=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=88=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=88=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=88=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=88=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=88=duplicated_lines_density=list) No Duplication information -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [VOTE] Release Apache Sling Engine 2.12.2
+1 Carsten Am 11.11.2022 um 07:35 schrieb Carsten Ziegeler: Hi, We solved 3 issues https://issues.apache.org/jira/projects/SLING/versions/12352394 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2691/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2691 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards Carsten -- Carsten Ziegeler Adobe cziege...@apache.org
[GitHub] [sling-org-apache-sling-resourceresolver] rombert opened a new pull request, #88: SLING-11671 - Jenkins: allow running Sling Starter ITs with a given module based on the Sling module descript
rombert opened a new pull request, #88: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/88 Run Sling Starter ITs with the build and pick up the Jenkinsfile from a branch -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-resourceresolver] rombert merged pull request #87: Update to parent pom 49
rombert merged PR #87: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/87 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-resourceresolver] sonarcloud[bot] commented on pull request #87: Update to parent pom 49
sonarcloud[bot] commented on PR #87: URL: https://github.com/apache/sling-org-apache-sling-resourceresolver/pull/87#issuecomment-1311747199 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/dashboard?id=apache_sling-org-apache-sling-resourceresolver=87) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=VULNERABILITY) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=87=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=87=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_sling-org-apache-sling-resourceresolver=87=false=SECURITY_HOTSPOT) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-resourceresolver=87=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=87=coverage=list) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=87=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-resourceresolver=87=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@sling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-11671) Jenkins: allow running Sling Starter ITs with a given module based on the Sling module descriptor
Robert Munteanu created SLING-11671:
---
Summary: Jenkins: allow running Sling Starter ITs with a given
module based on the Sling module descriptor
Key: SLING-11671
URL: https://issues.apache.org/jira/browse/SLING-11671
Project: Sling
Issue Type: Improvement
Components: Build and Source Control
Reporter: Robert Munteanu
Assignee: Robert Munteanu
With SLING-11395 we can automatically run the Starter ITs for a given module if
the parent version is >= 49.
We should take this one step further and allow this to be configured in the
Sling module descriptor. Proposed syntax:
{code:javascript}
{
"starterITExecutions": {
"12": {
"jdks": [11]
}
}
}
{code}
It would be very useful to only run the Starter ITs and reuse the artifacts
that were previously generated instead of rebuilding/retesting, since that was
already done in previous stages. The reused artifacts should be those of the
"main" JDK.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [VOTE] Release Apache Sling Engine 2.12.2
+1 regards, Karl On Fri, Nov 11, 2022 at 1:05 PM Robert Munteanu wrote: > On Fri, 2022-11-11 at 07:35 +0100, Carsten Ziegeler wrote: > > Please vote to approve this release: > > +1 > Robert > -- Karl Pauls karlpa...@gmail.com
Re: [VOTE] Release Apache Sling Engine 2.12.2
On Fri, 2022-11-11 at 07:35 +0100, Carsten Ziegeler wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
[Jenkins] Sling » Modules » sling-org-apache-sling-starter » master #512 is FIXED
Please see https://ci-builds.apache.org/job/Sling/job/modules/job/sling-org-apache-sling-starter/job/master/512/ for details. No further emails will be sent until the status of the build is changed.
