Return-Path: X-Original-To: apmail-commons-commits-archive@minotaur.apache.org Delivered-To: apmail-commons-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D8EC71071D for ; Wed, 19 Jun 2013 16:33:34 +0000 (UTC) Received: (qmail 1686 invoked by uid 500); 19 Jun 2013 16:33:34 -0000 Delivered-To: apmail-commons-commits-archive@commons.apache.org Received: (qmail 1471 invoked by uid 500); 19 Jun 2013 16:33:28 -0000 Mailing-List: contact commits-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@commons.apache.org Delivered-To: mailing list commits@commons.apache.org Received: (qmail 1464 invoked by uid 99); 19 Jun 2013 16:33:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jun 2013 16:33:28 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,WEIRD_QUOTING X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Jun 2013 16:33:24 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 6CF6F23889ED; Wed, 19 Jun 2013 16:33:05 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: svn commit: r1494684 - in /commons/sandbox/commons-javadocfix-plugin/trunk: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/commons/ src/main/java/org/apache/commons/plugins/ src/main/java/org/apac... Date: Wed, 19 Jun 2013 16:33:04 -0000 To: commits@commons.apache.org From: sebb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130619163305.6CF6F23889ED@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sebb Date: Wed Jun 19 16:33:04 2013 New Revision: 1494684 URL: http://svn.apache.org/r1494684 Log: Initial checkin. Oracle files as per the download; only some file names changed to clarify the origin Added: commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE-JavadocFixTool commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE.txt (with props) commons/sandbox/commons-javadocfix-plugin/trunk/NOTICE.txt (with props) commons/sandbox/commons-javadocfix-plugin/trunk/README-JavadocFixTool (with props) commons/sandbox/commons-javadocfix-plugin/trunk/pom.xml (with props) commons/sandbox/commons-javadocfix-plugin/trunk/src/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java (with props) commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java (with props) commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java (with props) commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java (with props) Modified: commons/sandbox/commons-javadocfix-plugin/trunk/ (props changed) Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/ ------------------------------------------------------------------------------ --- svn:ignore (added) +++ svn:ignore Wed Jun 19 16:33:04 2013 @@ -0,0 +1 @@ +target Added: commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE-JavadocFixTool URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE-JavadocFixTool?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE-JavadocFixTool (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE-JavadocFixTool Wed Jun 19 16:33:04 2013 @@ -0,0 +1,80 @@ + License Agreement + + PLEASE READ THE FOLLOWING LICENSE TERMS CAREFULLY BEFORE USING THE + ACCOMPANYING PROGRAM. THESE TERMS CONSTITUTE A LEGAL AGREEMENT BETWEEN + YOU AND US. + + "Oracle" refers to Oracle America, Inc., for and on behalf of itself and its + subsidiaries and affiliates under common control. "We," "us," and "our" + refers to Oracle and any Program contributors. "You" and "your" refers to + the individual or entity that wishes to use the Program. "Program" refers to + the Java API Documentation Updater Tool, Copyright (c) 2013, Oracle America, + Inc., and updates or error corrections provided by Oracle or contributors. + + WARNING: + The Program will analyze directory information on your computer + system and may modify software components on such computer system. You + should only use the Program on computer systems that you maintain sufficient + rights to update software components. + + If your computer system is owned by a person or entity other than you, + you should check with such person or entity before using the Program. + + It is possible that you may lose some software functionality, and make + Java API Documentation pages unusable on your computer system after you use + the Program to update software components. + + License Rights and Obligations + We grant you a perpetual, nonexclusive, limited license to use, modify and + distribute the Program in binary and/or source code form, only for the + purpose of analyzing the directory structure of your computer system and + updating Java API Documentation files. If you distribute the Program, in + either or both binary or source form, including as modified by you, you + shall include this License Agreement ("Agreement") with your distribution. + + All rights not expressly granted above are hereby reserved. If you want to + use the Program for any purpose other than as permitted under this + Agreement, you must obtain a valid license permitting such use from Oracle. + Neither the name of Oracle nor the names of any Program contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + + Ownership and Restrictions + We retain all ownership and intellectual property rights in the Program as + provided by us. You retain all ownership and intellectual property rights + in your modifications. + + Export + You agree to comply fully with export laws and regulations of the United + States and any other applicable export laws ("Export Laws") to assure that + neither the Program nor any direct products thereof are: (1) exported, + directly or indirectly, in violation of this Agreement or Export Laws; or + (2) used for any purposes prohibited by the Export Laws, including, without + limitation, nuclear, chemical, or biological weapons proliferation, or + development of missile technology. + + Disclaimer of Warranty and Limitation of Liability + THE PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. USE AT YOUR + OWN RISK. WE FURTHER DISCLAIM ALL WARRANTIES, EXPRESS AND IMPLIED, + INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. + + IN NO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, DIRECT, INCIDENTAL, + SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, + REVENUE, DATA OR DATA USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN + ACTION IN CONTRACT OR TORT, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY + OF SUCH DAMAGES. ORACLE SHALL HAVE NO LIABILITY FOR MODIFICATIONS MADE BY + YOU OR ANY THIRD PARTY. + + Entire Agreement + You agree that this Agreement is the complete agreement for the Program, and + this Agreement supersedes all prior or contemporaneous agreements or + representations. If any term of this Agreement is found to be invalid or + unenforceable, the remaining provisions will remain effective. This + Agreement is governed by the substantive and procedural laws of California. + You and Oracle agree to submit to the exclusive jurisdiction of, and venue + in, the courts of San Francisco or Santa Clara counties in California in + any dispute between you and Oracle arising out of or relating to this + Agreement. + + Last updated: 14 June 2013 Added: commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE.txt URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE.txt?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE.txt (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE.txt Wed Jun 19 16:33:04 2013 @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/LICENSE.txt ------------------------------------------------------------------------------ svn:eol-style = native Added: commons/sandbox/commons-javadocfix-plugin/trunk/NOTICE.txt URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/NOTICE.txt?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/NOTICE.txt (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/NOTICE.txt Wed Jun 19 16:33:04 2013 @@ -0,0 +1,8 @@ +Apache Commons JavadocFix Plugin +Copyright 2013 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (http://www.apache.org/). + +This product contains software (JavadocFixTool) originally developed by Oracle America, Inc. +The license is found in the file LICENSE-JavadocFixTool \ No newline at end of file Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/NOTICE.txt ------------------------------------------------------------------------------ svn:eol-style = native Added: commons/sandbox/commons-javadocfix-plugin/trunk/README-JavadocFixTool URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/README-JavadocFixTool?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/README-JavadocFixTool (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/README-JavadocFixTool Wed Jun 19 16:33:04 2013 @@ -0,0 +1,43 @@ +Description: +------------ + +To address the security alert CVE-2013-1571, this tool is intended to repair-in-place, +the HTML files generated by the javadoc tool versions 5u45, 6u45, 7u21 and earlier. + +System requirements: +-------------------- + +This tool can be run on Windows, Solaris, Linux and Mac OS X operating systems +for which an official Oracle JRE version is available. Oracle JRE v. 1.7 or greater +is required. + +To scan the javadoc tree for applicable files, the user must have read access to the +directory it resides in and to all its sub directories. + +To fix the applicable files, the user running the tool must have read and write +permissions to the files as well as to the directories that contain these files. + +Usage: +------ + +To run the tool, the user must know the location of the java executable +and the location of the directory where the javadoc tree resides. + +To scan for potential vulnerabilities, run the following command from the +directory in which the JavadocPatchTool.jar file is located: + +java -jar JavadocPatchTool.jar -R -C + +where is the path to the directory where the potentially +vulnerable javadoc tree resides. If the tool finds any applicable HTML files, +it will print out a list of such files. + +To fix a single applicable file, run the following command: + +java -jar JavadocPatchTool.jar + +where is the path to the directory which contains the applicable file. + +To fix all the applicable files in the tree, run the following command: + +java -jar JavadocPatchTool.jar -R Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/README-JavadocFixTool ------------------------------------------------------------------------------ svn:eol-style = native Added: commons/sandbox/commons-javadocfix-plugin/trunk/pom.xml URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/pom.xml?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/pom.xml (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/pom.xml Wed Jun 19 16:33:04 2013 @@ -0,0 +1,156 @@ + + 4.0.0 + + + org.apache.commons + commons-parent + 30 + + + org.apache.commons + commons-javadocfix-plugin + maven-plugin + 1.0-SNAPSHOT + Apache commons-javadocfix-plugin Maven Mojo + 2013 + http://commons.apache.org/proper/commons-javadocfix-plugin/ + + +Apache Maven GPG plugin which allows arbitrary files to be signed. +This is intended as a temporary measure until MGPG-43 is implemented. + + + + jira + http://issues.apache.org/jira/browse/COMMONSSITE + + + + scm:svn:http://svn.apache.org/repos/asf/commons/proper/commons-javadocfix-plugin/trunk/ + scm:svn:https://svn.apache.org/repos/asf/commons/proper/commons-javadocfix-plugin/trunk/ + http://svn.apache.org/viewvc/commons/proper/commons-javadocfix-plugin/trunk/ + + + + ${mavenVersion} + + + + 2.2.1 + 3.2 + 1.5 + 1.5 + + + + ${maven.compiler.source} + ${maven.compiler.target} + + + + + + org.apache.maven + maven-plugin-api + ${mavenVersion} + + + org.apache.maven + maven-project + ${mavenVersion} + + + org.codehaus.plexus + plexus-container-default + + + + + org.apache.maven + maven-artifact + ${mavenVersion} + + + org.apache.maven + maven-model + ${mavenVersion} + + + org.apache.maven.plugin-tools + maven-plugin-annotations + ${mavenPluginPluginVersion} + provided + + + org.codehaus.plexus + plexus-utils + 3.0.7 + + + + + + + + + ${project.groupId} + ${project.artifactId} + ${project.version} + + + + maven-plugin-plugin + ${mavenPluginPluginVersion} + + true + + + + + + + + ${project.groupId} + ${project.artifactId} + + + org.apache.maven.plugins + maven-plugin-plugin + + true + + + + generate-descriptor + + descriptor + + + + generated-helpmojo + + helpmojo + + + + + + + Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/pom.xml ------------------------------------------------------------------------------ svn:eol-style = native Added: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java Wed Jun 19 16:33:04 2013 @@ -0,0 +1,350 @@ +/* + * Copyright (c) 2013 Oracle and/or its affiliates. + * All rights reserved. Use is subject to license terms. + * + * License Agreement + * + * PLEASE READ THE FOLLOWING LICENSE TERMS CAREFULLY BEFORE USING THE + * ACCOMPANYING PROGRAM. THESE TERMS CONSTITUTE A LEGAL AGREEMENT BETWEEN + * YOU AND US. + * + * "Oracle" refers to Oracle America, Inc., for and on behalf of itself and its + * subsidiaries and affiliates under common control. "We," "us," and "our" + * refers to Oracle and any Program contributors. "You" and "your" refers to + * the individual or entity that wishes to use the Program. "Program" refers to + * the Java API Documentation Updater Tool, Copyright (c) 2013, Oracle America, + * Inc., and updates or error corrections provided by Oracle or contributors. + * + * WARNING: + * The Program will analyze directory information on your computer + * system and may modify software components on such computer system. You + * should only use the Program on computer systems that you maintain sufficient + * rights to update software components. + * + * If your computer system is owned by a person or entity other than you, + * you should check with such person or entity before using the Program. + * + * It is possible that you may lose some software functionality, and make + * Java API Documentation pages unusable on your computer system after you use + * the Program to update software components. + * + * License Rights and Obligations + * We grant you a perpetual, nonexclusive, limited license to use, modify and + * distribute the Program in binary and/or source code form, only for the + * purpose of analyzing the directory structure of your computer system and + * updating Java API Documentation files. If you distribute the Program, in + * either or both binary or source form, including as modified by you, you + * shall include this License Agreement ("Agreement") with your distribution. + * + * All rights not expressly granted above are hereby reserved. If you want to + * use the Program for any purpose other than as permitted under this + * Agreement, you must obtain a valid license permitting such use from Oracle. + * Neither the name of Oracle nor the names of any Program contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * Ownership and Restrictions + * We retain all ownership and intellectual property rights in the Program as + * provided by us. You retain all ownership and intellectual property rights + * in your modifications. + * + * Export + * You agree to comply fully with export laws and regulations of the United + * States and any other applicable export laws ("Export Laws") to assure that + * neither the Program nor any direct products thereof are: (1) exported, + * directly or indirectly, in violation of this Agreement or Export Laws; or + * (2) used for any purposes prohibited by the Export Laws, including, without + * limitation, nuclear, chemical, or biological weapons proliferation, or + * development of missile technology. + * + * Disclaimer of Warranty and Limitation of Liability + * THE PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. USE AT YOUR + * OWN RISK. WE FURTHER DISCLAIM ALL WARRANTIES, EXPRESS AND IMPLIED, + * INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. + * + * IN NO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, DIRECT, INCIDENTAL, + * SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, + * REVENUE, DATA OR DATA USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN + * ACTION IN CONTRACT OR TORT, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGES. ORACLE SHALL HAVE NO LIABILITY FOR MODIFICATIONS MADE BY + * YOU OR ANY THIRD PARTY. + * + * Entire Agreement + * You agree that this Agreement is the complete agreement for the Program, and + * this Agreement supersedes all prior or contemporaneous agreements or + * representations. If any term of this Agreement is found to be invalid or + * unenforceable, the remaining provisions will remain effective. This + * Agreement is governed by the substantive and procedural laws of California. + * You and Oracle agree to submit to the exclusive jurisdiction of, and venue + * in, the courts of San Francisco or Santa Clara counties in California in + * any dispute between you and Oracle arising out of or relating to this + * Agreement. + * + * Last updated: 14 June 2013 + */ +import java.io.*; + +/* + * Tool for finding and addressing files related to CVE-2013-1571. + * See README file for details. + */ +public class JavadocFixTool { + // Usual suspects + private final static String[] fileNames = {"index.html", + "index.htm", + "toc.html", + "toc.htm"}; + + // If we locate this function but not validURL - we are in trouble + private final String patchString = "function loadFrames() {"; + // Main fix - should be inserted before the loadFrames() function alongside + // the code that calls this function + private final static String[] patchData = + {" if (targetPage != \"\" && !validURL(targetPage))", + " targetPage = \"undefined\";", + " function validURL(url) {", + " var pos = url.indexOf(\".html\");", + " if (pos == -1 || pos != url.length - 5)", + " return false;", + " var allowNumber = false;", + " var allowSep = false;", + " var seenDot = false;", + " for (var i = 0; i < url.length - 5; i++) {", + " var ch = url.charAt(i);", + " if ('a' <= ch && ch <= 'z' ||", + " 'A' <= ch && ch <= 'Z' ||", + " ch == '$' ||", + " ch == '_') {", + " allowNumber = true;", + " allowSep = true;", + " } else if ('0' <= ch && ch <= '9'", + " || ch == '-') {", + " if (!allowNumber)", + " return false;", + " } else if (ch == '/' || ch == '.') {", + " if (!allowSep)", + " return false;", + " allowNumber = false;", + " allowSep = false;", + " if (ch == '.')", + " seenDot = true;", + " if (ch == '/' && seenDot)", + " return false;", + " } else {", + " return false;", + " }", + " }", + " return true;", + " }", + " function loadFrames() {"}; + + private final String quickFixString = "if (!(url.indexOf(\".html\") == url.length - 5))"; + private final String[] quickFix = {" var pos = url.indexOf(\".html\");", + " if (pos == -1 || pos != url.length - 5)"}; + private static String readme = null; + private static String version = "Java Documentation Updater Tool version 1.2 06/14/2013\n"; + + private static boolean doPatch = true; // By default patch file + private static boolean recursive = false; // By default only look in the folder in parameter + + public static void main(String[] args) { + System.out.println(version); + + if (args.length < 1) { + // No arguments - lazily initialize readme, print readme and usage + initReadme(); + if (readme != null) { + System.out.println(readme); + } + printUsage(System.out); + return; + } + + // Last argument should be a path to the document root + String name = args[args.length-1]; + + // Analyze the rest of parameters + for (int i = 0 ; i < args.length -1; i++) { + if ("-R".equalsIgnoreCase(args[i])) { + recursive = true; + } else if ("-C".equalsIgnoreCase(args[i])) { + doPatch = false; + } else { + System.err.println("Unknown option passed: "+args[i]); + printUsage(System.err); + return; + } + } + new JavadocFixTool().proceed(name); + } + + /* + * Print usage information into the provided PrintStream + * @param out PrintStream to write usage information + */ + public static void printUsage(PrintStream out) { + out.println("Usage: java -jar JavadocPatchTool.jar [-R] [-C] "); + out.println(" -R : Proceed recursively starting from given folder"); + out.println(" -C : Check only - program will find vulnerable files and print their full paths"); + } + + /* + * Lazily initialize the readme document, reading it from README file inside the jar + */ + public static void initReadme() { + try { + InputStream readmeStream = JavadocFixTool.class.getResourceAsStream("/README"); + if (readmeStream != null) { + BufferedReader readmeReader = new BufferedReader(new InputStreamReader(readmeStream)); + StringBuilder readmeBuilder = new StringBuilder(); + String s; + while ((s = readmeReader.readLine()) != null) { + readmeBuilder.append(s); + readmeBuilder.append("\n"); + } + readme = readmeBuilder.toString(); + } + } catch (IOException ignore) {} // Ignore exception - readme not initialized + } + + /* + * Main procedure - proceed with the searching and/or fixing depending on + * the command line parameters + * @param name Path to the document root + */ + public void proceed(String name) { + try { + File folder = new File(name); + if (folder.exists() && folder.isDirectory() && folder.canRead()) { + searchAndPatch(folder); + } else { + System.err.println("Invalid folder in parameter \""+name+"\""); + printUsage(System.err); + } + } catch (Exception ignored) {} // Die silently + } + + /* + * Find all the files that match the list given in the fileNames array. + * If file found attempt to patch it. + * If global parameter recursive is set to true attempt to go into the enclosed subfolders + * otherwise only patch said files in the folder directly pointed in parameter. + */ + public void searchAndPatch(File folder) { + if (folder == null || !folder.isDirectory() || folder.list() == null) { + // Silently return + return; + } + + for (File file : folder.listFiles()) { + if (file.isDirectory()) { + if(recursive) { + searchAndPatch(file); + } + continue; + } + String name = file.getName(); + for (String s : fileNames) { + if (s.equalsIgnoreCase(name)) { + try { + applyPatch(file, folder); + } catch (Exception ex) { + String filePath; + try { + filePath = file.getCanonicalPath(); + } catch (IOException ioe) { + System.err.println("Can not resolve path to "+file.getName()+" in folder "+folder.getName()); + continue; + } + System.err.println("Patch failed on: "+filePath+" due to the "+ex); + } + } + } + } + } + + /* + * Try to apply patch to the single file in the specific folder + * If global parameter doPatch is false we should only print the location of the vulnerable html file + * and return + */ + public void applyPatch(File file, File currentFolder) throws Exception { + FileInputStream fis = new FileInputStream(file); + BufferedReader br = new BufferedReader(new InputStreamReader(fis)); + String line; + String failedString = patchString; + String[] patch = patchData; + // Attempt to look if file is vulnerable + for (int i = 0 ; i < 80 ; i++) { // Check first 80 lines - if there is no signature it is not our file + line = br.readLine(); + if (line == null) { + // File less than 80 lines long, no signature encountered + return; + } + if (line.trim().equals("function validURL(url) {")) { // Already patched + failedString = null; + patch = null; + continue; + } + if (line.trim().equals(quickFixString)) { // The patch had famous 2-letter bug, update it + failedString = quickFixString; + patch = quickFix; + continue; + } + if (line.trim().equals("function loadFrames() {")) { + fis.close(); // It should not interfere with the file renaming process + if (failedString != null) { + // Vulnerable file + if (!doPatch) { // Report and return + System.out.println("Vulnerable file found: "+file.getCanonicalPath()); + } else { + replaceStringInFile(currentFolder, file, failedString, patch); + } + } + return; + } + } + } + + /* + * Replace one line in the given file in the given folder with the lines given + * @param folder Folder in which file should be created + * @param file Original file to patch + * @param template Trimmed String with the pattern we are have to find + * @param replacement Array of String that has to be written in the place of first line matching the template + */ + public void replaceStringInFile(File folder, File file, String template, String[] replacement) + throws IOException { + System.out.println("Patching file: "+file.getCanonicalPath()); + String name = file.getName(); + File origFile = new File(folder, name+".orig"); + file.renameTo(origFile); + File temporaryFile = new File(folder, name+".tmp"); + if (temporaryFile.exists()) { + temporaryFile.delete(); + } + temporaryFile.createNewFile(); + String line; + FileInputStream fis = new FileInputStream(origFile); + PrintWriter pw = new PrintWriter(temporaryFile); + BufferedReader br = new BufferedReader(new InputStreamReader(fis)); + while ((line = br.readLine()) != null) { + if (line.trim().equals(template)) { + for (String s : replacement) { + pw.println(s); + } + } else { + pw.println(line); + } + } + pw.flush(); + pw.close(); + if (!temporaryFile.renameTo(new File(folder, name))) { + throw new IOException("Unable to rename file in folder "+folder.getName()+ + " from \""+temporaryFile.getName()+"\" into \""+name + + "\n Original file saved as "+origFile.getName()); + } + origFile.delete(); + } +} Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/JavadocFixTool.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Added: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java Wed Jun 19 16:33:04 2013 @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.commons.plugins.javadocfix; + +import java.io.File; +import java.util.Set; + +import org.apache.maven.plugin.AbstractMojo; +import org.apache.maven.plugin.MojoExecutionException; +import org.apache.maven.plugin.MojoFailureException; +import org.apache.maven.plugin.logging.Log; +import org.apache.maven.plugins.annotations.Component; +import org.apache.maven.plugins.annotations.Parameter; +import org.apache.maven.project.MavenProject; + +/** + * Runs the JavadocFixTool on the specified directories + */ +public abstract class AbstractJavadocFixToolMojo extends AbstractMojo { + + /** + * The default list of directories to scan. + */ + private static final String DEFAULT_API_DIRS [] = {"target/site/apidocs", "target/site/testapidocs"}; + + /** + * List of directories to include, default none. + * These are relative to the project base directory. + * If not specified, the default is + * {"target/site/apidocs", "target/site/testapidocs"} + */ + @Parameter + private Set includes; + + /** + * List of directories to include, comma-separated (intended for command-line usage). + * Overrides includes and excludes; uses same syntax as for {@code } + */ + @Parameter (property="javadocfixfiles.directories") + private String directories; + + /* + * The maven project. + */ + @Component + private MavenProject project; + + /** + * @throws MojoExecutionException + * @throws MojoFailureException + */ + public void execute(boolean fix) throws MojoExecutionException, MojoFailureException { + final Log log = getLog(); + String dirs[]; + if (directories != null) { + log.info("Will process Javadoc files in: " + directories); + dirs = directories.split(","); + } else { + if ( includes == null || includes.isEmpty() ) { + dirs = DEFAULT_API_DIRS; + } else { + dirs = includes.toArray( new String[includes.size()] ); + } + } + for(String dir : dirs ){ + File d = new File(project.getBasedir(), dir); + if (d.isDirectory()) { + if (fix) { + log.info("Fixing " + d); +// JavadocFixTool.main(new String[]{"-R", d.toString()}); + } else { + log.info("Scanning " + d); +// JavadocFixTool.main(new String[]{"-R", "-C", d.toString()}); + } + } else { + log.warn(d+" is not a directory"); + } + } + } +} Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/AbstractJavadocFixToolMojo.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Added: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java Wed Jun 19 16:33:04 2013 @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.commons.plugins.javadocfix; + +import org.apache.maven.plugin.MojoExecutionException; +import org.apache.maven.plugin.MojoFailureException; +import org.apache.maven.plugins.annotations.Mojo; + +/** + * Runs the JavadocFixTool on the specified directories in check mode (-C) + */ +@Mojo (name = "check") +public class CheckMojo extends AbstractJavadocFixToolMojo { + + public void execute() throws MojoExecutionException, MojoFailureException { + execute(false); + } + +} Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/CheckMojo.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Added: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java URL: http://svn.apache.org/viewvc/commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java?rev=1494684&view=auto ============================================================================== --- commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java (added) +++ commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java Wed Jun 19 16:33:04 2013 @@ -0,0 +1,35 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.commons.plugins.javadocfix; + +import org.apache.maven.plugin.MojoExecutionException; +import org.apache.maven.plugin.MojoFailureException; +import org.apache.maven.plugins.annotations.Mojo; + +/** + * Runs the JavadocFixTool on the specified directories in fix mode + */ +@Mojo (name = "fix") +public class FixMojo extends AbstractJavadocFixToolMojo { + + public void execute() throws MojoExecutionException, MojoFailureException { + execute(true); + } + +} Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: commons/sandbox/commons-javadocfix-plugin/trunk/src/main/java/org/apache/commons/plugins/javadocfix/FixMojo.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision