diff --git a/.github/ISSUE_TEMPLATE/4feature_request.md b/.github/ISSUE_TEMPLATE/4feature_request.md index 40c96b55c..9ecf7264a 100644 --- a/.github/ISSUE_TEMPLATE/4feature_request.md +++ b/.github/ISSUE_TEMPLATE/4feature_request.md @@ -7,7 +7,7 @@ assignees: '' --- **Is your feature request related to an issue that you encountered with Salesforce Code Analyzer?** - **Describe the solution that you want:** diff --git a/build.gradle.kts b/build.gradle.kts index 0a5816208..81cf5cf13 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,6 +3,12 @@ plugins { id("com.github.hierynomus.license") version "0.15.0" } +allprojects { + task("allWrappers") { + gradleVersion = "7.2" + } +} + subprojects { version = "1.0" } diff --git a/cli-messaging/build.gradle.kts b/cli-messaging/build.gradle.kts index 54d198e8a..5062ba8ac 100644 --- a/cli-messaging/build.gradle.kts +++ b/cli-messaging/build.gradle.kts @@ -14,13 +14,18 @@ dependencies { implementation ("com.googlecode.json-simple:json-simple:1.1.1") { exclude("junit") } - implementation("com.google.code.gson:gson:2.3") - testImplementation("junit", "junit", "4.12") - implementation("com.google.guava:guava:28.0-jre") - testImplementation("org.junit.jupiter:junit-jupiter-api:5.6.0") - testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine") + implementation("com.google.code.gson:gson:2.10.1") + implementation("com.google.guava:guava:31.1-jre") + testImplementation("org.hamcrest:hamcrest:2.2") + testImplementation("org.junit.jupiter:junit-jupiter-api:5.9.2") + testImplementation("org.junit.jupiter:junit-jupiter-engine:5.9.2") + testImplementation("org.junit.jupiter:junit-jupiter-params:5.9.2") } tasks.getByName("test") { useJUnitPlatform() + + testLogging { + events("passed", "skipped", "failed") + } } diff --git a/cli-messaging/gradle/wrapper/gradle-wrapper.jar b/cli-messaging/gradle/wrapper/gradle-wrapper.jar index 87b738cbd..7454180f2 100644 Binary files a/cli-messaging/gradle/wrapper/gradle-wrapper.jar and b/cli-messaging/gradle/wrapper/gradle-wrapper.jar differ diff --git a/cli-messaging/gradle/wrapper/gradle-wrapper.properties b/cli-messaging/gradle/wrapper/gradle-wrapper.properties index 4a6ebceac..ffed3a254 100644 --- a/cli-messaging/gradle/wrapper/gradle-wrapper.properties +++ b/cli-messaging/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.2.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/cli-messaging/gradlew b/cli-messaging/gradlew new file mode 100755 index 000000000..1b6c78733 --- /dev/null +++ b/cli-messaging/gradlew @@ -0,0 +1,234 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/cli-messaging/gradlew.bat b/cli-messaging/gradlew.bat new file mode 100644 index 000000000..107acd32c --- /dev/null +++ b/cli-messaging/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/cli-messaging/settings.gradle.kts b/cli-messaging/settings.gradle.kts deleted file mode 100644 index 8b0aa7943..000000000 --- a/cli-messaging/settings.gradle.kts +++ /dev/null @@ -1 +0,0 @@ -rootProject.name = "cli-messaging" diff --git a/cli-messaging/src/main/java/com/salesforce/messaging/EventKey.java b/cli-messaging/src/main/java/com/salesforce/messaging/EventKey.java index d513125c6..17c045be4 100644 --- a/cli-messaging/src/main/java/com/salesforce/messaging/EventKey.java +++ b/cli-messaging/src/main/java/com/salesforce/messaging/EventKey.java @@ -39,7 +39,7 @@ public enum EventKey { WARNING_GENERAL("warning.sfgeWarnLog", 1, MessageType.WARNING, MessageHandler.UX, true), WARNING_MULTIPLE_METHOD_TARGET_MATCHES("warning.multipleMethodTargetMatches", 3, MessageType.WARNING, MessageHandler.UX, false), WARNING_NO_METHOD_TARGET_MATCHES("warning.noMethodTargetMatches", 2, MessageType.WARNING, MessageHandler.UX, false), - ERROR_GENERAL("error.internal.sfgeErrorLog", 1, MessageType.ERROR, MessageHandler.UX, false), + ERROR_GENERAL("error.external.sfgeErrorLog", 1, MessageType.ERROR, MessageHandler.UX, false), /** GENERAL PURPOSE */ INFO_TELEMETRY("info.telemetry", 1, MessageType.TELEMETRY, MessageHandler.INTERNAL, false); diff --git a/cli-messaging/src/test/java/com/salesforce/messaging/EventKeyTest.java b/cli-messaging/src/test/java/com/salesforce/messaging/EventKeyTest.java index 85acf00fa..dd3ffe8cf 100644 --- a/cli-messaging/src/test/java/com/salesforce/messaging/EventKeyTest.java +++ b/cli-messaging/src/test/java/com/salesforce/messaging/EventKeyTest.java @@ -4,123 +4,118 @@ import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; -import static org.junit.Assert.*; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.junit.runners.Parameterized.Parameters; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.is; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; import static com.salesforce.messaging.Message.*; +import static org.hamcrest.Matchers.notNullValue; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.ArrayList; -import java.util.Collection; +import java.util.Arrays; +import java.util.stream.Stream; /** * Parses messages/EventKeyTemplates.json and confirms that enums defined in EventKey * are valid */ -@RunWith(Parameterized.class) public class EventKeyTest { - private static final String INFO = "info"; - private static final String WARNING = "warning"; - private static final String ERROR_EXTERNAL = "error.external"; - private static final String ERROR_INTERNAL = "error.internal"; - - // Current path is sfdx-scanner/pmd-cataloger - private static final String MESSAGES_FILE = "../messages/EventKeyTemplates.js"; - - JSONObject jsonObject = null; - - @Before - public void extractMessagesJson() throws IOException, ParseException { - final Path path = Paths.get(MESSAGES_FILE); - assertTrue("Invalid test setup. File does not exist: " + MESSAGES_FILE, Files.exists(path)); - final String fileContent = new String(Files.readAllBytes(path)); - final String[] fileSplit = fileContent.split("="); - final int fileParts = fileSplit.length; - assertEquals("Invalid test setup. File has more than one '=', which caused confusion in picking JSON content. Please revisit messages in " + MESSAGES_FILE, 2, fileParts); - final String jsonContent = fileSplit[1]; - jsonObject = (JSONObject) new JSONParser().parse(jsonContent); - assertNotNull("Invalid test setup. Messages json has not been parsed correctly. Please check validity of " + MESSAGES_FILE, jsonObject); - } - - @Test - public void verifyKeyInJson() { - // Split messageKey into levels - final String messageKey = eventKey.getMessageKey(); - final String[] levels = messageKey.split("\\."); - - // Loop through JSON to verify presence of each level - int idx = 0; - JSONObject currentJsonContent = this.jsonObject; - while (idx < levels.length - 1) { - currentJsonContent = (JSONObject) currentJsonContent.get(levels[idx]); - assertNotNull("Level " + levels[idx] + " not found. Recheck value of messageKey " + messageKey + " in EventKey." + eventKey, currentJsonContent); - idx++; - } - final Object lastLevel = currentJsonContent.get(levels[levels.length - 1]); - assertNotNull("messageKey " + messageKey + " does not exist. Recheck EventKey." + eventKey, lastLevel); - assertTrue("Message value should be a String for messageKey " + messageKey + " in EventKey." + eventKey, lastLevel instanceof String); - } - - @Test - public void verifyInfo() { - if (!eventKey.getMessageKey().startsWith(INFO)) { - return; - } - assertEquals("Unexpected messageType on EventKey." + eventKey, MessageType.INFO, eventKey.getMessageType()); - assertTrue("Verbose value on INFO messages are expected to be True. Please recheck EventKey." + eventKey, eventKey.isVerbose()); - } - - @Test - public void verifyWarning() { - if (!eventKey.getMessageKey().startsWith(WARNING)) { - return; - } - assertEquals("Unexpected messageType on EventKey." + eventKey, MessageType.WARNING, eventKey.getMessageType()); - // No verbose check since we don't have a rule yet - } - - @Test - public void verifyErrorExternal() { - if (!eventKey.getMessageKey().startsWith(ERROR_EXTERNAL)) { - return; - } - assertEquals("Unexpected messageType on EventKey." + eventKey, MessageType.ERROR, eventKey.getMessageType()); - assertFalse("Verbose value on external error messages should be True. Please recheck EventKey." + eventKey, eventKey.isVerbose()); - assertEquals("MessageHandler on external error messages should be UX. Please recheck EventKey." + eventKey, MessageHandler.UX, eventKey.getMessageHandler()); - } - - @Test - public void verifyErrorInternal() { - if (!eventKey.getMessageKey().startsWith(ERROR_INTERNAL)) { - return; - } - assertEquals("Unexpected messageType on EventKey." + eventKey, MessageType.ERROR, eventKey.getMessageType()); - assertFalse("Verbose value on internal error messages should be True. Please recheck EventKey." + eventKey, eventKey.isVerbose()); - assertEquals("MessageHandler on internal error messages should be INTERNAL. Please recheck EventKey." + eventKey, MessageHandler.INTERNAL, eventKey.getMessageHandler()); - } - - // Needed to make this test run dynamically for each EntryKey value - - private EventKey eventKey; - - public EventKeyTest(EventKey eventKey) { - this.eventKey = eventKey; - } - - @Parameters - public static Collection fetchEventKeys() { - Collection data = new ArrayList<>(); - for (EventKey eventKey : EventKey.values()) { - data.add(new Object[]{eventKey}); - } - return data; - } + private static final String INFO_PREFIX = "info"; + private static final String WARNING_PREFIX = "warning"; + private static final String ERROR_EXTERNAL_PREFIX = "error.external"; + private static final String ERROR_INTERNAL_PREFIX = "error.internal"; + + // Current path is sfdx-scanner/pmd-cataloger + private static final String MESSAGES_FILE = "../messages/EventKeyTemplates.js"; + + JSONObject jsonObject = null; + + @BeforeEach + public void extractMessagesJson() throws IOException, ParseException { + final Path path = Paths.get(MESSAGES_FILE); + assertThat("Invalid test setup. File does not exist: " + MESSAGES_FILE, Files.exists(path), is(true)); + final String fileContent = new String(Files.readAllBytes(path)); + final String[] fileSplit = fileContent.split("="); + final int fileParts = fileSplit.length; + assertThat("Invalid test setup. File has more than one '=', which caused confusion in picking JSON content. Please revisit messages in " + MESSAGES_FILE, fileParts, is(2)); + final String jsonContent = fileSplit[1]; + jsonObject = (JSONObject) new JSONParser().parse(jsonContent); + assertThat("Invalid test setup. Messages json has not been parsed correctly. Please check validity of " + MESSAGES_FILE, jsonObject, is(notNullValue())); + } + + @ParameterizedTest(name = "eventKey={0}") + @MethodSource("getAllEventKeyValues") + public void verifyKeyInJson(EventKey eventKey) { + // Split messageKey into levels + final String messageKey = eventKey.getMessageKey(); + final String[] levels = messageKey.split("\\."); + + // Loop through JSON to verify presence of each level + int idx = 0; + JSONObject currentJsonContent = this.jsonObject; + while (idx < levels.length - 1) { + currentJsonContent = (JSONObject) currentJsonContent.get(levels[idx]); + assertThat("Level " + levels[idx] + " not found. Recheck value of messageKey " + messageKey + " in EventKey." + eventKey, currentJsonContent, is(notNullValue())); + idx++; + } + final Object lastLevel = currentJsonContent.get(levels[levels.length - 1]); + assertThat("messageKey " + messageKey + " does not exist. Recheck EventKey." + eventKey, lastLevel, is(notNullValue())); + assertThat("Message value should be a String for messageKey " + messageKey + " in EventKey." + eventKey, lastLevel instanceof String, is(true)); + } + + @ParameterizedTest(name = "eventKey={0}") + @MethodSource("getAllInfoEventKeyValues") + public void verifyInfo(EventKey eventKey) { + assertThat("Unexpected messageType on EventKey." + eventKey, eventKey.getMessageType(), is(MessageType.INFO)); + // No verbose check since we don't have a specific rule for verbosity on info + } + + @ParameterizedTest(name = "eventKey={0}") + @MethodSource("getAllWarningEventKeyValues") + public void verifyWarning(EventKey eventKey) { + assertThat("Unexpected messageType on EventKey." + eventKey, eventKey.getMessageType(), is(MessageType.WARNING)); + // No verbose check since we don't have a specific rule for verbosity on warning + } + + @ParameterizedTest(name = "eventKey={0}") + @MethodSource("getAllErrorExternalEventKeyValues") + public void verifyErrorExternal(EventKey eventKey) { + assertThat("Unexpected messageType on EventKey." + eventKey, eventKey.getMessageType(), is(MessageType.ERROR)); + assertThat("Verbose value on external error messages should be False. Please recheck EventKey." + eventKey, eventKey.isVerbose(), is(false)); + assertThat("MessageHandler on external error messages should be UX. Please recheck EventKey." + eventKey, eventKey.getMessageHandler(), is(MessageHandler.UX)); + } + + @ParameterizedTest(name = "eventKey={0}") + @MethodSource("getAllErrorInternalEventKeyValues") + public void verifyErrorInternal(EventKey eventKey) { + assertThat("Unexpected messageType on EventKey." + eventKey, eventKey.getMessageType(), is(MessageType.ERROR)); + assertThat("Verbose value on internal error messages should be False. Please recheck EventKey." + eventKey, eventKey.isVerbose(), is(false)); + assertThat("MessageHandler on internal error messages should be INTERNAL. Please recheck EventKey." + eventKey, eventKey.getMessageHandler(), is(MessageHandler.INTERNAL)); + } + + public static Stream getAllEventKeyValues() { + return Arrays.stream(EventKey.values()); + } + + public static Stream getAllInfoEventKeyValues() { + return getAllEventKeyValues().filter(eventKey -> eventKey.getMessageKey().startsWith(INFO_PREFIX) + && eventKey != EventKey.INFO_TELEMETRY); + } + + public static Stream getAllWarningEventKeyValues() { + return getAllEventKeyValues().filter(eventKey -> eventKey.getMessageKey().startsWith(WARNING_PREFIX)); + } + + public static Stream getAllErrorExternalEventKeyValues() { + return getAllEventKeyValues().filter(eventKey -> eventKey.getMessageKey().startsWith(ERROR_EXTERNAL_PREFIX)); + } + + public static Stream getAllErrorInternalEventKeyValues() { + return getAllEventKeyValues().filter(eventKey -> eventKey.getMessageKey().startsWith(ERROR_INTERNAL_PREFIX)); + } } diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index f3d88b1c2..7454180f2 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradlew b/gradlew index 2fe81a7d9..1b6c78733 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ -#!/usr/bin/env sh +#!/bin/sh # -# Copyright 2015 the original author or authors. +# Copyright © 2015-2021 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,78 +17,113 @@ # ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` +APP_BASE_NAME=${0##*/} # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -97,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" + JAVACMD=java which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the @@ -105,79 +140,95 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac fi -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. # For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) fi - i=`expr $i + 1` + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg done - case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=`save "$@"` +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat index 9618d8d96..107acd32c 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -29,6 +29,9 @@ if "%DIRNAME%" == "" set DIRNAME=. set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @@ -37,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto init +if "%ERRORLEVEL%" == "0" goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -51,7 +54,7 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=% set JAVA_EXE=%JAVA_HOME%/bin/java.exe -if exist "%JAVA_EXE%" goto init +if exist "%JAVA_EXE%" goto execute echo. echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% @@ -61,28 +64,14 @@ echo location of your Java installation. goto fail -:init -@rem Get command-line arguments, handling Windows variants - -if not "%OS%" == "Windows_NT" goto win9xME_args - -:win9xME_args -@rem Slurp the command line arguments. -set CMD_LINE_ARGS= -set _SKIP=2 - -:win9xME_args_slurp -if "x%~1" == "x" goto execute - -set CMD_LINE_ARGS=%* - :execute @rem Setup the command line set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* :end @rem End local scope for the variables with windows NT shell diff --git a/messages/EventKeyTemplates.js b/messages/EventKeyTemplates.js index e514e2fdb..3868b22dd 100644 --- a/messages/EventKeyTemplates.js +++ b/messages/EventKeyTemplates.js @@ -39,8 +39,7 @@ module.exports = { "mainInvalidArgument": "INTERNAL ERROR: Invalid arguments passed to Main. Details: %s. Please log an issue with us at github.com/forcedotcom/sfdx-scanner.", "jsonWriteFailed": "INTERNAL ERROR: Failed to write JSON to file: %s. Please log an issue with us at github.com/forcedotcom/sfdx-scanner.", "classpathDoesNotExist": "INTERNAL ERROR: Path does not exist: %s. Please log an issue with us at github.com/forcedotcom/sfdx-scanner.", - "xmlMissingInClasspath": "INTERNAL ERROR: XML resource [%s] found in jar, but not in Classpath. Please log an issue with us at github.com/forcedotcom/sfdx-scanner.", - "sfgeErrorLog": "%s" + "xmlMissingInClasspath": "INTERNAL ERROR: XML resource [%s] found in jar, but not in Classpath. Please log an issue with us at github.com/forcedotcom/sfdx-scanner." }, "external": { "errorMessageAbove": "Please see error details displayed above.", @@ -52,7 +51,8 @@ module.exports = { "xmlNotReadable": "ERROR: Error occurred while reading file [%s]: %s", "xmlNotParsable": "ERROR: Could not parse XML file [%s]: %s", "duplicateXmlPath": "ERROR: XML path [%s] defined in jar [%s] collides with previously defined path in jar [%s]. You will need to remove one of the jars by executing the following command 'sfdx scanner:rule:remove --force --path '", - "sfgeIncompleteAnalysis": "ERROR: Salesforce Graph Engine encountered an error and couldn't complete analysis: %s" + "sfgeIncompleteAnalysis": "ERROR: Salesforce Graph Engine encountered an error and couldn't complete analysis: %s", + "sfgeErrorLog": "%s" } } diff --git a/package.json b/package.json index 86fc1ac50..3c8832829 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@salesforce/sfdx-scanner", "description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.", - "version": "3.18.0", + "version": "3.19.0", "author": "ISV SWAT", "bugs": "https://github.com/forcedotcom/sfdx-scanner/issues", "dependencies": { diff --git a/pmd-cataloger/gradle/wrapper/gradle-wrapper.jar b/pmd-cataloger/gradle/wrapper/gradle-wrapper.jar index 87b738cbd..7454180f2 100644 Binary files a/pmd-cataloger/gradle/wrapper/gradle-wrapper.jar and b/pmd-cataloger/gradle/wrapper/gradle-wrapper.jar differ diff --git a/pmd-cataloger/gradle/wrapper/gradle-wrapper.properties b/pmd-cataloger/gradle/wrapper/gradle-wrapper.properties index 4a6ebceac..ffed3a254 100644 --- a/pmd-cataloger/gradle/wrapper/gradle-wrapper.properties +++ b/pmd-cataloger/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.2.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/pmd-cataloger/gradlew b/pmd-cataloger/gradlew index af6708ff2..1b6c78733 100755 --- a/pmd-cataloger/gradlew +++ b/pmd-cataloger/gradlew @@ -1,78 +1,129 @@ -#!/usr/bin/env sh +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` +APP_BASE_NAME=${0##*/} # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m"' +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -81,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" + JAVACMD=java which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the @@ -89,84 +140,95 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac fi -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) -# For Cygwin, switch paths to Windows format before running java -if $cygwin ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) fi - i=$((i+1)) + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg done - case $i in - (0) set -- ;; - (1) set -- "$args0" ;; - (2) set -- "$args0" "$args1" ;; - (3) set -- "$args0" "$args1" "$args2" ;; - (4) set -- "$args0" "$args1" "$args2" "$args3" ;; - (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=$(save "$@") - -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" - -# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong -if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then - cd "$(dirname "$0")" -fi +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" diff --git a/pmd-cataloger/gradlew.bat b/pmd-cataloger/gradlew.bat index 6d57edc70..107acd32c 100644 --- a/pmd-cataloger/gradlew.bat +++ b/pmd-cataloger/gradlew.bat @@ -1,3 +1,19 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + @if "%DEBUG%" == "" @echo off @rem ########################################################################## @rem @@ -13,15 +29,18 @@ if "%DIRNAME%" == "" set DIRNAME=. set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -set DEFAULT_JVM_OPTS="-Xmx64m" +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @rem Find java.exe if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto init +if "%ERRORLEVEL%" == "0" goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -35,7 +54,7 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=% set JAVA_EXE=%JAVA_HOME%/bin/java.exe -if exist "%JAVA_EXE%" goto init +if exist "%JAVA_EXE%" goto execute echo. echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% @@ -45,28 +64,14 @@ echo location of your Java installation. goto fail -:init -@rem Get command-line arguments, handling Windows variants - -if not "%OS%" == "Windows_NT" goto win9xME_args - -:win9xME_args -@rem Slurp the command line arguments. -set CMD_LINE_ARGS= -set _SKIP=2 - -:win9xME_args_slurp -if "x%~1" == "x" goto execute - -set CMD_LINE_ARGS=%* - :execute @rem Setup the command line set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* :end @rem End local scope for the variables with windows NT shell diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json index b8b1f771b..669d6720c 100644 --- a/retire-js/RetireJsVulns.json +++ b/retire-js/RetireJsVulns.json @@ -8,11 +8,11 @@ "CWE-477" ], "identifiers": { + "summary": "bug summary", "CVE": [ "CVE-XXXX-XXXX" ], - "bug": "1234", - "summary": "bug summary" + "bug": "1234" }, "info": [ "http://github.com/eoftedal/retire.js/" @@ -44,16 +44,16 @@ "CWE-79" ], "identifiers": { + "summary": "XSS with location.hash", "CVE": [ "CVE-2011-4969" ], - "summary": "XSS with location.hash", "githubID": "GHSA-579v-mp3v-rrw5" }, "info": [ - "https://nvd.nist.gov/vuln/detail/CVE-2011-4969", "http://research.insecurelabs.org/jquery/test/", - "https://bugs.jquery.com/ticket/9521" + "https://bugs.jquery.com/ticket/9521", + "https://nvd.nist.gov/vuln/detail/CVE-2011-4969" ] }, { @@ -62,19 +62,19 @@ "CWE-64", "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "Selector interpreted as HTML", "CVE": [ "CVE-2012-6708" ], "bug": "11290", - "summary": "Selector interpreted as HTML", "githubID": "GHSA-2pqj-h3vj-pqgw" }, - "severity": "medium", "info": [ "http://bugs.jquery.com/ticket/11290", - "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", - "http://research.insecurelabs.org/jquery/test/" + "http://research.insecurelabs.org/jquery/test/", + "https://nvd.nist.gov/vuln/detail/CVE-2012-6708" ] }, { @@ -82,14 +82,14 @@ "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.", "CVE": [ "CVE-2020-7656" ], - "summary": "Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove \"\", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.", "githubID": "GHSA-q4m3-2j7h-f7xw" }, - "severity": "medium", "info": [ "https://github.com/advisories/GHSA-q4m3-2j7h-f7xw", "https://nvd.nist.gov/vuln/detail/CVE-2020-7656" @@ -101,84 +101,108 @@ "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { - "issue": "2432", "summary": "3rd party CORS request may execute", + "issue": "2432", "CVE": [ "CVE-2015-9251" ], "githubID": "GHSA-rmxg-73gg-4p98" }, - "severity": "medium", "info": [ - "https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", - "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", - "http://research.insecurelabs.org/jquery/test/" + "http://research.insecurelabs.org/jquery/test/", + "https://bugs.jquery.com/ticket/11974", + "https://github.com/advisories/GHSA-rmxg-73gg-4p98", + "https://github.com/jquery/jquery/issues/2432", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9251" ] }, { - "atOrAbove": "1.12.3", - "below": "3.0.0-beta1", + "atOrAbove": "1.8.0", + "below": "1.12.0", "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { - "issue": "2432", "summary": "3rd party CORS request may execute", + "issue": "2432", "CVE": [ "CVE-2015-9251" ], "githubID": "GHSA-rmxg-73gg-4p98" }, - "severity": "medium", "info": [ - "https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", - "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", - "http://research.insecurelabs.org/jquery/test/" + "http://research.insecurelabs.org/jquery/test/", + "https://bugs.jquery.com/ticket/11974", + "https://github.com/advisories/GHSA-rmxg-73gg-4p98", + "https://github.com/jquery/jquery/issues/2432", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9251" ] }, { - "atOrAbove": "1.8.0", - "below": "1.12.0", + "atOrAbove": "1.12.2", + "below": "2.2.0", "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "3rd party CORS request may execute", + "issue": "2432", "CVE": [ "CVE-2015-9251" ], - "issue": "11974", - "summary": "parseHTML() executes scripts in event handlers", "githubID": "GHSA-rmxg-73gg-4p98" }, - "severity": "medium", "info": [ + "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", + "http://research.insecurelabs.org/jquery/test/", "https://bugs.jquery.com/ticket/11974", - "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", - "http://research.insecurelabs.org/jquery/test/" + "https://github.com/advisories/GHSA-rmxg-73gg-4p98", + "https://github.com/jquery/jquery/issues/2432", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9251" ] }, { - "atOrAbove": "1.12.2", - "below": "2.2.0", + "below": "2.999.999", + "cwe": [ + "CWE-1104" + ], + "severity": "low", + "identifiers": { + "summary": "jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates", + "retid": "73" + }, + "info": [ + "https://github.com/jquery/jquery.com/issues/162" + ] + }, + { + "atOrAbove": "1.12.3", + "below": "3.0.0-beta1", "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "3rd party CORS request may execute", + "issue": "2432", "CVE": [ "CVE-2015-9251" ], - "issue": "11974", - "summary": "parseHTML() executes scripts in event handlers", "githubID": "GHSA-rmxg-73gg-4p98" }, - "severity": "medium", "info": [ + "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", + "http://research.insecurelabs.org/jquery/test/", "https://bugs.jquery.com/ticket/11974", - "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", - "http://research.insecurelabs.org/jquery/test/" + "https://github.com/advisories/GHSA-rmxg-73gg-4p98", + "https://github.com/jquery/jquery/issues/2432", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9251" ] }, { @@ -187,19 +211,22 @@ "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "3rd party CORS request may execute", + "issue": "2432", "CVE": [ "CVE-2015-9251" ], - "issue": "11974", - "summary": "parseHTML() executes scripts in event handlers", "githubID": "GHSA-rmxg-73gg-4p98" }, - "severity": "medium", "info": [ + "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", + "http://research.insecurelabs.org/jquery/test/", "https://bugs.jquery.com/ticket/11974", - "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", - "http://research.insecurelabs.org/jquery/test/" + "https://github.com/advisories/GHSA-rmxg-73gg-4p98", + "https://github.com/jquery/jquery/issues/2432", + "https://nvd.nist.gov/vuln/detail/CVE-2015-9251" ] }, { @@ -208,14 +235,14 @@ "cwe": [ "CWE-400" ], + "severity": "high", "identifiers": { + "summary": "Denial of Service in jquery", "CVE": [ "CVE-2016-10707" ], - "summary": "Denial of Service in jquery", "githubID": "GHSA-mhpp-875w-9cpv" }, - "severity": "high", "info": [ "https://nvd.nist.gov/vuln/detail/CVE-2016-10707" ] @@ -227,73 +254,58 @@ "CWE-1321", "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution", "CVE": [ "CVE-2019-11358" ], "PR": "4333", - "summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution", "githubID": "GHSA-6c3j-c64m-qhgq" }, - "severity": "medium", "info": [ "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", - "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", - "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" + "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", + "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" ] }, { + "atOrAbove": "1.0.3", "below": "3.5.0", - "atOrAbove": "1.2.0", "cwe": [ "CWE-79" ], + "severity": "medium", "identifiers": { + "summary": "passing HTML containing