From 4d019929122a47313d504a9403a3cc3b47ce5c0d Mon Sep 17 00:00:00 2001 From: Xiwen Cheng Date: Fri, 12 Apr 2024 23:22:13 +0200 Subject: [PATCH 1/5] Add policies/004_pages/004_0001_inline_style_property_used.rego --- .gitignore | 1 - lint/lint_test.go | 22 +- .../DomainModels$DomainModel.yaml | 28 +- .../DomainModels$DomainModel.yaml | 68 ++- .../MyFirstModule/Folder/Page.Forms$Page.yaml | 390 ++++++++++++++++ modelsource/Security$ProjectSecurity.yaml | 4 +- .../001_0002_demo_users_disabled.rego | 4 +- .../001_0003_security_checks.rego | 1 - .../001_0004_strong_password.rego | 1 - ..._0005_avoid_system_entity_association.rego | 1 - .../004_0001_inline_style_property_used.rego | 36 ++ ..._0001_inline_style_property_used_test.rego | 112 +++++ resources/app/App.mpr | Bin 10665984 -> 10682368 bytes resources/app/vendorlib/vendorlib-sbom.json | 432 +++++++++--------- 14 files changed, 862 insertions(+), 238 deletions(-) create mode 100644 modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml create mode 100644 policies/004_pages/004_0001_inline_style_property_used.rego create mode 100644 policies/004_pages/004_0001_inline_style_property_used_test.rego diff --git a/.gitignore b/.gitignore index 8fc6f3e..892c8bd 100644 --- a/.gitignore +++ b/.gitignore @@ -15,7 +15,6 @@ bin/ # Project-specific output dist/ -modelsource tmp/ !tmp/.gitkeep diff --git a/lint/lint_test.go b/lint/lint_test.go index 03a2767..d567622 100644 --- a/lint/lint_test.go +++ b/lint/lint_test.go @@ -6,17 +6,17 @@ import ( // TestAdd tests the Add function to ensure it returns correct results. func TestLintSingle(t *testing.T) { - t.Run("single policy skipped", func(t *testing.T) { - result, err := evalTestsuite("./../policies/001_project_settings/001_0004_strong_password.rego", "./../modelsource") + // t.Run("single policy skipped", func(t *testing.T) { + // result, err := evalTestsuite("./../policies/001_project_settings/001_0004_strong_password.rego", "./../modelsource") - if err != nil { - t.Errorf("Failed to evaluate") - } + // if err != nil { + // t.Errorf("Failed to evaluate") + // } - if result.Skipped != 1 { - t.Errorf("Policy not skipped") - } - }) + // if result.Skipped != 1 { + // t.Errorf("Policy not skipped") + // } + // }) t.Run("single policy passes", func(t *testing.T) { result, err := evalTestsuite("./../policies/001_project_settings/001_0003_security_checks.rego", "./../modelsource") @@ -34,8 +34,8 @@ func TestLintBundle(t *testing.T) { t.Run("all-policy", func(t *testing.T) { err := EvalAll("./../policies", "./../modelsource", "") - if err != nil { - t.Errorf("Failed to evaluate: %v", err) + if err == nil { + t.Errorf("We expect failures in the reference model") } }) } diff --git a/modelsource/Atlas_Web_Content/DomainModels$DomainModel.yaml b/modelsource/Atlas_Web_Content/DomainModels$DomainModel.yaml index d2c29b3..a57d3b7 100644 --- a/modelsource/Atlas_Web_Content/DomainModels$DomainModel.yaml +++ b/modelsource/Atlas_Web_Content/DomainModels$DomainModel.yaml @@ -5,7 +5,33 @@ CrossAssociations: null Documentation: "" Entities: - $Type: DomainModels$EntityImpl - AccessRules: null + AccessRules: + - $Type: DomainModels$AccessRule + AllowCreate: false + AllowDelete: false + AllowedModuleRoles: + - Atlas_Web_Content.UserRole + DefaultMemberAccessRights: None + Documentation: "" + MemberAccesses: + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: Atlas_Web_Content.LoginContext.Username + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: Atlas_Web_Content.LoginContext.Password + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: Atlas_Web_Content.LoginContext.RememberMe + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: Atlas_Web_Content.LoginContext.ValidationMessage + XPathConstraint: "" + XPathConstraintCaption: "" Attributes: - $Type: DomainModels$Attribute Documentation: "" diff --git a/modelsource/MyFirstModule/DomainModels$DomainModel.yaml b/modelsource/MyFirstModule/DomainModels$DomainModel.yaml index fe430b5..6c64df6 100644 --- a/modelsource/MyFirstModule/DomainModels$DomainModel.yaml +++ b/modelsource/MyFirstModule/DomainModels$DomainModel.yaml @@ -30,7 +30,49 @@ CrossAssociations: Documentation: "" Entities: - $Type: DomainModels$EntityImpl - AccessRules: null + AccessRules: + - $Type: DomainModels$AccessRule + AllowCreate: false + AllowDelete: false + AllowedModuleRoles: + - MyFirstModule.User + DefaultMemberAccessRights: ReadOnly + Documentation: "" + MemberAccesses: + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.Image.PublicThumbnailPath + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.Image.EnableCaching + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.FileDocument.FileID + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.FileDocument.Name + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.FileDocument.DeleteAfterDownload + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.FileDocument.Contents + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.FileDocument.HasContents + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: System.FileDocument.Size + XPathConstraint: "" + XPathConstraintCaption: "" Attributes: null Documentation: "" Events: null @@ -43,7 +85,29 @@ Entities: Source: null ValidationRules: null - $Type: DomainModels$EntityImpl - AccessRules: null + AccessRules: + - $Type: DomainModels$AccessRule + AllowCreate: false + AllowDelete: false + AllowedModuleRoles: + - MyFirstModule.User + DefaultMemberAccessRights: ReadOnly + Documentation: "" + MemberAccesses: + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: MyFirstModule.Bike.Name + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: "" + Attribute: MyFirstModule.Bike.PurchaseDate + - $Type: DomainModels$MemberAccess + AccessRights: ReadOnly + Association: MyFirstModule.Bike_User + Attribute: "" + XPathConstraint: "" + XPathConstraintCaption: "" Attributes: - $Type: DomainModels$Attribute Documentation: "" diff --git a/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml b/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml new file mode 100644 index 0000000..4548cd6 --- /dev/null +++ b/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml @@ -0,0 +1,390 @@ +$Type: Forms$Page +AllowedModuleRoles: null +Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" +CanvasHeight: 600 +CanvasWidth: 1198 +Documentation: "" +Excluded: false +ExportLevel: Hidden +FormCall: + $Type: Forms$LayoutCall + Arguments: + - $Type: Forms$FormCallArgument + Parameter: Atlas_Core.Atlas_Default.Main + Widgets: + - $Type: Forms$LayoutGrid + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Name: layoutGrid2 + Rows: + - $Type: Forms$LayoutGridRow + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + Columns: + - $Type: Forms$LayoutGridColumn + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + PhoneWeight: -1 + PreviewWidth: -1 + TabletWeight: -1 + VerticalAlignment: None + Weight: -1 + Widgets: + - $Type: Forms$DivContainer + Appearance: + $Type: Forms$Appearance + Class: pageheader + DesignProperties: + - $Type: Forms$DesignPropertyValue + Key: Spacing + Value: + $Type: Forms$CompoundDesignPropertyValue + Properties: + - $Type: Forms$DesignPropertyValue + Key: margin-bottom + Value: + $Type: Forms$OptionDesignPropertyValue + Option: L + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Name: container1 + NativeAccessibilitySettings: null + OnClickAction: + $Type: Forms$NoAction + DisabledDuringExecution: true + RenderMode: Div + ScreenReaderHidden: false + TabIndex: 0 + Widgets: + - $Type: Forms$DynamicText + Appearance: + $Type: Forms$Appearance + Class: pageheader-title + DesignProperties: + - $Type: Forms$DesignPropertyValue + Key: Spacing + Value: + $Type: Forms$CompoundDesignPropertyValue + Properties: + - $Type: Forms$DesignPropertyValue + Key: margin-bottom + Value: + $Type: Forms$OptionDesignPropertyValue + Option: S + - $Type: Forms$DesignPropertyValue + Key: Color + Value: + $Type: Forms$OptionDesignPropertyValue + Option: Brand Primary + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Content: + $Type: Forms$ClientTemplate + Fallback: + $Type: Texts$Text + Items: null + Parameters: null + Template: + $Type: Texts$Text + Items: + - $Type: Texts$Translation + LanguageCode: en_US + Text: Page header title + Name: text40 + NativeAccessibilitySettings: null + NativeTextStyle: Text + RenderMode: H1 + TabIndex: 0 + - $Type: Forms$DynamicText + Appearance: + $Type: Forms$Appearance + Class: pageheader-subtitle + DesignProperties: + - $Type: Forms$DesignPropertyValue + Key: Color + Value: + $Type: Forms$OptionDesignPropertyValue + Option: Detail color + - $Type: Forms$DesignPropertyValue + Key: Spacing + Value: + $Type: Forms$CompoundDesignPropertyValue + Properties: + - $Type: Forms$DesignPropertyValue + Key: margin-bottom + Value: + $Type: Forms$OptionDesignPropertyValue + Option: None + DynamicClasses: "" + Style: 'color: orange;' + ConditionalVisibilitySettings: null + Content: + $Type: Forms$ClientTemplate + Fallback: + $Type: Texts$Text + Items: null + Parameters: null + Template: + $Type: Texts$Text + Items: + - $Type: Texts$Translation + LanguageCode: en_US + Text: Supporting text + Name: text39 + NativeAccessibilitySettings: null + NativeTextStyle: Text + RenderMode: Paragraph + TabIndex: 0 + ConditionalVisibilitySettings: null + HorizontalAlignment: None + SpacingBetweenColumns: true + VerticalAlignment: None + - $Type: Forms$LayoutGridRow + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + Columns: + - $Type: Forms$LayoutGridColumn + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + PhoneWeight: -1 + PreviewWidth: -1 + TabletWeight: -1 + VerticalAlignment: None + Weight: -1 + Widgets: + - $Type: Forms$DivContainer + Appearance: + $Type: Forms$Appearance + Class: background-white + DesignProperties: null + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Name: container2 + NativeAccessibilitySettings: null + OnClickAction: + $Type: Forms$NoAction + DisabledDuringExecution: true + RenderMode: Div + ScreenReaderHidden: false + TabIndex: 0 + Widgets: + - $Type: Forms$ListView + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: + - $Type: Forms$DesignPropertyValue + Key: Style + Value: + $Type: Forms$OptionDesignPropertyValue + Option: Lined + - $Type: Forms$DesignPropertyValue + Key: Hover style + Value: + $Type: Forms$ToggleDesignPropertyValue + DynamicClasses: "" + Style: "" + ClickAction: + $Type: Forms$NoAction + DisabledDuringExecution: false + ConditionalVisibilitySettings: null + DataSource: + $Type: Forms$ListViewXPathSource + EntityRef: + $Type: DomainModels$DirectEntityRef + Entity: MyFirstModule.Bike + ForceFullObjects: false + Search: + $Type: Forms$ListViewSearch + SearchRefs: + - $Type: DomainModels$AttributeRef + Attribute: MyFirstModule.Bike.Name + EntityRef: null + SortBar: + $Type: Forms$GridSortBar + SortItems: null + SourceVariable: null + XPathConstraint: "" + Editable: false + Name: listView3 + NumberOfColumns: 1 + PageSize: 5 + PullDownAction: + $Type: Forms$NoAction + DisabledDuringExecution: false + ScrollDirection: Vertical + TabIndex: 0 + Templates: null + Widgets: + - $Type: Forms$DynamicText + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Content: + $Type: Forms$ClientTemplate + Fallback: + $Type: Texts$Text + Items: null + Parameters: + - $Type: Forms$ClientTemplateParameter + AttributeRef: + $Type: DomainModels$AttributeRef + Attribute: MyFirstModule.Bike.Name + EntityRef: null + Expression: "" + FormattingInfo: + $Type: Forms$FormattingInfo + CustomDateFormat: "" + DateFormat: Date + DecimalPrecision: 2 + EnumFormat: Text + GroupDigits: false + SourceVariable: null + Template: + $Type: Texts$Text + Items: + - $Type: Texts$Translation + LanguageCode: en_US + Text: '{1}' + Name: text1 + NativeAccessibilitySettings: null + NativeTextStyle: Text + RenderMode: Text + TabIndex: 0 + - $Type: Forms$DynamicText + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Content: + $Type: Forms$ClientTemplate + Fallback: + $Type: Texts$Text + Items: null + Parameters: + - $Type: Forms$ClientTemplateParameter + AttributeRef: + $Type: DomainModels$AttributeRef + Attribute: MyFirstModule.Bike.PurchaseDate + EntityRef: null + Expression: "" + FormattingInfo: + $Type: Forms$FormattingInfo + CustomDateFormat: "" + DateFormat: Date + DecimalPrecision: 2 + EnumFormat: Text + GroupDigits: false + SourceVariable: null + Template: + $Type: Texts$Text + Items: + - $Type: Texts$Translation + LanguageCode: en_US + Text: '{1}' + Name: text2 + NativeAccessibilitySettings: null + NativeTextStyle: Text + RenderMode: Text + TabIndex: 0 + - $Type: Forms$DynamicText + Appearance: + $Type: Forms$Appearance + Class: "" + DesignProperties: null + DynamicClasses: "" + Style: "" + ConditionalVisibilitySettings: null + Content: + $Type: Forms$ClientTemplate + Fallback: + $Type: Texts$Text + Items: null + Parameters: + - $Type: Forms$ClientTemplateParameter + AttributeRef: + $Type: DomainModels$AttributeRef + Attribute: System.User.Name + EntityRef: + $Type: DomainModels$IndirectEntityRef + Steps: + - $Type: DomainModels$EntityRefStep + Association: MyFirstModule.Bike_User + DestinationEntity: System.User + Expression: "" + FormattingInfo: + $Type: Forms$FormattingInfo + CustomDateFormat: "" + DateFormat: Date + DecimalPrecision: 2 + EnumFormat: Text + GroupDigits: false + SourceVariable: null + Template: + $Type: Texts$Text + Items: + - $Type: Texts$Translation + LanguageCode: en_US + Text: '{1}' + Name: text3 + NativeAccessibilitySettings: null + NativeTextStyle: Text + RenderMode: Text + TabIndex: 0 + ConditionalVisibilitySettings: null + HorizontalAlignment: None + SpacingBetweenColumns: true + VerticalAlignment: None + TabIndex: 0 + Width: FullWidth + Form: Atlas_Core.Atlas_Default +MarkAsUsed: false +Name: Page +Parameters: null +PopupCloseAction: "" +PopupHeight: 0 +PopupResizable: true +PopupWidth: 0 +Title: + $Type: Texts$Text + Items: + - $Type: Texts$Translation + LanguageCode: en_US + Text: Page +Url: "" diff --git a/modelsource/Security$ProjectSecurity.yaml b/modelsource/Security$ProjectSecurity.yaml index cb26bad..a9666de 100644 --- a/modelsource/Security$ProjectSecurity.yaml +++ b/modelsource/Security$ProjectSecurity.yaml @@ -1,5 +1,5 @@ $Type: Security$ProjectSecurity -AdminPassword: "" +AdminPassword: Hello00!!!! AdminUserName: MxAdmin AdminUserRole: Administrator CheckSecurity: true @@ -31,7 +31,7 @@ PasswordPolicySettings: RequireDigit: true RequireMixedCase: true RequireSymbol: false -SecurityLevel: CheckNothing +SecurityLevel: CheckEverything StrictMode: false StrictPageUrlCheck: true UserRoles: diff --git a/policies/001_project_settings/001_0002_demo_users_disabled.rego b/policies/001_project_settings/001_0002_demo_users_disabled.rego index bc5d177..a9836c4 100644 --- a/policies/001_project_settings/001_0002_demo_users_disabled.rego +++ b/policies/001_project_settings/001_0002_demo_users_disabled.rego @@ -8,7 +8,6 @@ # category: Security # rulename: DemoUsersDisabled # severity: HIGH -# skip: FIXME # rulenumber: 001_0002 # remediation: Disable demo users in Project Security # input: Security$ProjectSecurity.yaml @@ -21,10 +20,11 @@ allow if count(errors) == 0 errors contains error if { input.EnableDemoUsers == true - error := sprintf("[%v, %v] %v", + error := sprintf("[%v, %v, %v] %v", [ annotation.custom.severity, annotation.custom.category, + annotation.custom.rulenumber, annotation.title, ] ) diff --git a/policies/001_project_settings/001_0003_security_checks.rego b/policies/001_project_settings/001_0003_security_checks.rego index f7e2ecc..74ad3b2 100644 --- a/policies/001_project_settings/001_0003_security_checks.rego +++ b/policies/001_project_settings/001_0003_security_checks.rego @@ -11,7 +11,6 @@ # rulenumber: 001_0003 # remediation: Set Security check to production in Project Security # input: Security$ProjectSecurity.yaml -# skip: FIXME package app.mendix.project_settings.security_checks import rego.v1 annotation := rego.metadata.chain()[1].annotations diff --git a/policies/001_project_settings/001_0004_strong_password.rego b/policies/001_project_settings/001_0004_strong_password.rego index 82f55a1..5c23d7c 100644 --- a/policies/001_project_settings/001_0004_strong_password.rego +++ b/policies/001_project_settings/001_0004_strong_password.rego @@ -9,7 +9,6 @@ # severity: HIGH # rulename: StrongPasswordPolicy # priority: 5 -# skip: FIXME # rulenumber: 001_0004 # remediation: Ensure minimum password length of at least 8 characters and must use all character classes. # input: Security$ProjectSecurity.yaml diff --git a/policies/002_domain_model/002_0005_avoid_system_entity_association.rego b/policies/002_domain_model/002_0005_avoid_system_entity_association.rego index 0bec1bb..99c0c6b 100644 --- a/policies/002_domain_model/002_0005_avoid_system_entity_association.rego +++ b/policies/002_domain_model/002_0005_avoid_system_entity_association.rego @@ -8,7 +8,6 @@ # category: Security # rulename: AvoidSystemEntityAssociation # severity: HIGH -# skip: FIXME # rulenumber: 002_0005 # remediation: Remove direct associations with the System Domain Model. Use inheritance instead (i.e. Generalization in the entity properties). # input: "*/DomainModels$DomainModel.yaml" diff --git a/policies/004_pages/004_0001_inline_style_property_used.rego b/policies/004_pages/004_0001_inline_style_property_used.rego new file mode 100644 index 0000000..5f4235a --- /dev/null +++ b/policies/004_pages/004_0001_inline_style_property_used.rego @@ -0,0 +1,36 @@ +# METADATA +# scope: package +# title: Inline style property used +# description: Avoid using the style property, because this will make the life of your UI designer a lot more complicated. It will be harder to overrule styles from CSS file level. +# authors: +# - Xiwen Cheng +# custom: +# category: Maintainability +# rulename: InlineStylePropertyUsed +# severity: MEDIUM +# rulenumber: 004_0001 +# remediation: Use generic classes instead, defined by the theme. +# input: "*/**/*$Page.yaml" +package app.mendix.pages.inline_style_property_used +import rego.v1 +annotation := rego.metadata.chain()[1].annotations + +default allow := false +allow if count(errors) == 0 + +errors contains error if { + [p, v] := walk(input) + # Check if the path ends with "Style" and value is not an empty string + last := array.slice(p, count(p) - 1, count(p))[0] + last == "Style" + v != "" + error := sprintf("[%v, %v, %v] Form with name '%v' has inlined style property with value '%v'", + [ + annotation.custom.severity, + annotation.custom.category, + annotation.custom.rulenumber, + input.Name, + v, + ] + ) +} diff --git a/policies/004_pages/004_0001_inline_style_property_used_test.rego b/policies/004_pages/004_0001_inline_style_property_used_test.rego new file mode 100644 index 0000000..f6cdecb --- /dev/null +++ b/policies/004_pages/004_0001_inline_style_property_used_test.rego @@ -0,0 +1,112 @@ +package app.mendix.pages.inline_style_property_used +import rego.v1 + + +# Test data +form_simple = { + "$Type": "Forms$Page", + "Name": "Page1", + "Appearance": { + "$Type": "Forms$Appearance", + "Class": "", + "DesignProperties": null, + "DynamicClasses": "", + "Style": "", + }, +} +form_simple_negative = { + "$Type": "Forms$Page", + "Name": "Page1", + "Appearance": { + "$Type": "Forms$Appearance", + "Class": "", + "DesignProperties": null, + "DynamicClasses": "", + "Style": "color: red;", + }, +} + +form_nested = { + "Name": "Page1", + "FormCall": { + "Arguments": [ + { + "Widgets": [ + { + "$Type": "Forms$LayoutGrid", + "Name": "layoutGrid2", + "Rows": [ + { + "$Type": "Forms$LayoutGridRow", + "Columns": [ + { + "$Type": "Forms$LayoutGridColumn", + "Appearance": { + "$Type": "Forms$Appearance", + "Class": "", + "DesignProperties": null, + "DynamicClasses": "", + "Style": "", + } + }, + ], + }, + ], + }, + ], + }, + ], + }, +} + +form_nested_negative = { + "Name": "Page1", + "FormCall": { + "Arguments": [ + { + "Widgets": [ + { + "$Type": "Forms$LayoutGrid", + "Name": "layoutGrid2", + "Rows": [ + { + "$Type": "Forms$LayoutGridRow", + "Columns": [ + { + "$Type": "Forms$LayoutGridColumn", + "Appearance": { + "$Type": "Forms$Appearance", + "Class": "", + "DesignProperties": null, + "DynamicClasses": "", + "Style": "color: orange;", + } + }, + ], + }, + ], + }, + ], + }, + ], + }, +} + + + +# Test cases +test_simple if { + allow with input as form_simple +} + +test_simple_negative if { + not allow with input as form_simple_negative +} + +test_nested if { + allow with input as form_nested +} + +test_nested_negative if { + not allow with input as form_nested_negative +} \ No newline at end of file diff --git a/resources/app/App.mpr b/resources/app/App.mpr index 056e72eac916a0534418ad16add582d8d018418b..67eae6bd168d08fa5bfbabbdcddcd9b94486b59d 100644 GIT binary patch delta 6360 zcmb7|d0bN2`^PUJZYW&TF>^~TDTNTyR8s4rhysF|T55|SqLPXmmeypNg_YT6dTi0m z%*tUU6})CRw#3LzjVG!0ueBrN@T7Sf>ML9fVL!n! zUDpUf@EQ4ikJAe{`}62Df}tTJp9-%k@{J1iF*W;`xCorC?k7a|6InyWoFj=EyH~jN zIHQ%bi3SYDSbe$iCUdac6USnP#k+;XhkD57M5Vffa3mqT=s=-B%y(sl`le)O@>3FG zxvmOT#B60yf)7y-kT|$t3Y;GalqV;rvRL-;qnXLUT_%v>dJw-vxh%;8Z%d8!_=6C8XK<0EY+Bm8naeoHfqdPjg3%ac52LCjX9{Xk!oy|8gp#K zXgZjQ4kAMcD!e<6jL7hJ@N7K0gc>5&@D|gk1mpGk`3BGtBcUVqO$V`sG&<8IOfE@q zOUvO$3sc>vdL+ipIUEmMy$wgiQ34*)=O3hYR#oVOF)rL+jBHD9jsJQbU=yXKp9=FAy4qa|Nrqsg_`K6b=Ql zWs}UoD-pxUfEke~&rnKJ4iPAcGkq&CHyenh^)B zaz*O3rnk?%ALBz$6D%G<7M9!XUouqXtvIZIdM0zSJVl-oE6)(ip^h8Uprv!M;|S|^ z`d;zoZATwsVOAzXb=jX~z&i{WO@*02}R zO!0-qCZi!^AWjfx2pz(JjD;{EE)W)k4H*YSApQ_OBmfc!5kQ0x5hMsAhDad6kPt{HWHKZS5)O%gOo2>=L_(q<(U577 z>5v(anUEOBEQk~m3z0$MAaY1NBmt5LQ9x!xk|4>D6o?X%3Q2>cLoy(l5EUc~G6ymj zk`2j$%!AB_{0vzD$%QP0KgCB7P)=@p)=^)56lRE!ECOtgg;dttZ)lSh|CU6o$BY29v1EwI>#-Y zql}Ffa;FBeqWywcKC{d;i%TkFb#!22Wfp2GD>a(R&0;A*sasd7R~3cVZ7H2q#l-8@ z9b8#uuFLp|z`*yCraz~rH1IU%&y4tNqPUDZ+;_FR^~;~x4!Qj1>#lyE-5ZzS4i#S3 zt%7XPT-L2-tv4d*wIc?}`YC$t#Lm9Few?@v_u7!b7yQFsisw^u-u2g0E z$~;sF(LC1VkdO>1CnRi+)H5O3Kh1rLB2d7cDv+_GU8auD7DXm`vV4kRsToKkL#F`T zzp2ik!oZ$}R@+zMUapLjY&%mUDS3Xf0)+BtMZm6$qz^{Vvh)CXpQ(nne~uljmSDZ= zkoT$@e$nO(Uw3mh54^_4ST2NaWaN)7;J_`h>NCt?s2!&ksLVBudwlDUInFri{9-RZ zH91b6k?9-kE)ENbi%WKyoX$%QkMkFaR30)#=oH_?cus^|tn>(sOo$T3^QBQfBCV{V zH30#79!O0_+Z*b^oBFjiNp;nwdSxMaB9Sr$p-h3!r|vcAD~=UJ@PInH-Wo<1g2Syr z;1@w?dI3E;#$Cay(vGDL)2{^S4@P-6{^6&GvmIuwW&f`)x5t_6_TSv5>-wc3?m4hO zWM#JSW=z3^e>b(sXsE}v)(V&U-%XA1&&d+9MJX(nZ#3Ui;W{NPC@e?C;e;oq#7BC{ zJmWda%&f_&i7w*>J_vL0GPI|_D=z1bZ|vKA@fVK*`)D(Fvm@b{Z^}3XAGMP=9=X@9C-Et^}76J%hirRz~-2 z0|ynZ%O#(>85ne|VaB87mzC$i8oWt5!;vyr#~h9ZbSB467tPN)9$ZKB`?#((A_?GJ zoV+Q&J((Ld(#ImGQ1D{r;goQYZ*4IOu+D@x(=WiF88EN~js~>el~wHg=afM}E#-w^ zYr(@F4dCW#`P^+km@|7K%o- zcKuDReHT=tjDI!f-mS}^^LjuB#W{NgN5ib;t~llrC9N(5xYA+nAmp?WkD)XiynYAb z;Po5sTqg~WJRqqvTTH-bRtZ4pdmks;t8n`VY&_6SDt$bzTTs06#h1`AK8r!ys~{m> zj0dlqX_n~Irb#cyA7~VAY+C8G_VMC({pK9+Rq36sPT;ki!7c6GP}uy<9QxP&G8Q=H z2U-i>Rq#jL1@_d$$&|LUtd__mVUv-&&Dkj?<3YMUf1*8M9MS?qa9|P69~Jw%ldp*y zR|n6#7*p{Tq;F+y_MT3)s%<_{F`u%K_m2pap>2e@_wtJE@S2z8|sa zLQM@>Qog5WOwb9^uYi5mibFZP#Jzx>A6Q#`BJym)Fke7DV-y5f7sAOXQ&Q=C=UjN; zPEFH?h>qs@CG4p-pq0(GMhjnDI$1a-UsUu)^q|!$KCq;r%L`!sf+DjC+Fpgp7(u`z zP{~2t`y=st6Zu9DxRh50F+6p@?aBA6PH;3}>ifl;Ubg(KA8@4TR>UEa&!s_4q@=Nu z2EY?)5Z;6co>Vr9I9)4-j3wnFX*q7 z#wN@Cq_RYXGT~cOsV#Nfj{b4g$G6zQhtqXS-xT@$ND6qBRT()m`HEyY?4|n}%Jo{y zDf#`;pVR}n+)dZ^tskirZ5^udv&xM0O=ApG0()YpFdotFtRvsxEKXQWrnfdy7JD+ zg9KmxK{W$zWmTpOreCU3)mO`*fCo~gC2+@cw0>&@DX0Y_Z}2*{i!(@|uh+-f0d`rH zIg=SE%^alSIm9#1!WTHYG%OJ2p&ygZ-ChT{z0{fDzwRJ1!xZ!6pz|3OR(9BGgGnvb zQ#DV@D~)jY7CrFSdKil&tpm*`t#?0hUPo`HqRw}B7a>RIN_@``W3dMZNY}Smq7LNJ z{RtJvuzJP3c7kYJ{1AgCT0rx~IebM%rb?U|mz6AM`YMv-|8Cg0A?~?Lx5%j3`9WBi zn)SHNM@C)k3l|WQo#DIZvwU3jK6UrtS+-U$yieP__E; z@?!eVS>S3nHC!`&L*+Cb5aP$z8TRji55)qUMG0iy&U;_8qit$Iewo}0q$$KxZ1uGc zhEbwo!Bel6;EkU$juaElwgT!oOAckG)mxKwJZwd{$ESH#AG-T;kUQf5Zg9HZ21f&_ zAtvQ$uBWrPaHR>t`3tMO212)*c-YR-vM{E(%fPxvm%onVC(C#n5Cz)inX`WSp>e=& zqP-cg>$GN~6R%pUoOP!89h}c@jAGUlgL}ynmILfYf-_~ov^~0Aa|x1`@&|dlcC-Wg z&B3-{AAN!~y4C+KGheb^cC!~-?SxDqnc>AZNEgGkzI(S4<_DJTS09o7c6sFo|w z^DnPqJ-W?5+_oBJgqYHEhXy29f!5(G}2UZSQ9LgXkR; zZ-Clq?L*0t9<;d8f%2B3X6Fi97J*QuS5dzsYgg)F_0kKxlGW#DPcXU#?t!51j{NP* z4jF7QCF}fTrm^w$8-CzOeQ@c|N&bLU=4@lpH?fN)j>mZN5*7E2(ou*S;;o9;hE&_k|R275tT_&EW5u>1hRyJL- zm}{iC%eJ`JADtEbe_nj=4_9g>i|y0zAL^WWUc93RJr@$-(ApoJFY7Vcc-lI(~hPJHO_ld9&(ON(Er8wq!G^;5`GqSYH!A z5La#Fhrefz*&)(AS@)sWx5XErwl=QjKMZ_17;a|51gA(2C}4G3+oC7DujM>4UE^DS z;=u9h2us{R_@n;fGLwz=(!e_3fG?%bANzl62l~RFa+;$w5k)r%nw}};FAZuygSF5b zup~AHU{j&YpfCFMft`be6tLfkhdFk}cD1 z_Gp|2j#^F(Xw#I!eEe=YR)Ke}i5 zGUkjl(0P+I3ar*7=z!K90S#Pw8fA?hII-yd-;#O$6^E*)w06G=25TO%1gK>>dS!}& z9rkhYEHgPwdLrA#{ZOxzNYo401k+xLLIi_W3^??YiT45fi+OZdT| zkb_>|NRs~cyOpS5JL5{V;g-++r;+qwgQGSUjs|q}-4O?aH+jMNxfhP_HEeF_KaFq> zpMGskH4R>xrrJ#OA%iV3{1|ZQa(EtNxcOi$LpU1Hnt3_f*q3mTckJ#>*Nb zvTx;!=p6v}hL*!{GaEdkBODFPIR0e0caPCyNqrJ;Pl;vydvM2&(;Z0ymQlb~A+Be!7-H_WY{QS-%pzhT!Nw`!P; zQa=fVjuLxK$TPMSX&3Ji2sFrJd3@=HlX>%Z%)sc zH!gwnv>-}-b6NN^R{OJJDHgd_5YLu(AGQB z0Qt|6S~m|L|As(!E~)f zS=YCUP5W`;>hG2e{go<(Drd4h9=w)utXk65^KafhA^dOWd0e`;&dieE6K4oScW>@0{;1 z6uJ`^3f+#INHHpcV95EOKqj-CL|Hq(oTh#s9};ky9Z5)M>(l9pL^JUQcITK>M_id@C|a7{w|vs$(>cQJGPNQI%0WqXtIf8BJi+$Y>&? zI~X-FYG%~J=uSpoVRRRxyBSSlG?~#?8QsHZ3Zt(vx|h*ZM$;HgXLKKOLSmJky3?3O-j`gCZZO}$af9rz0BI@ef;@UG+T2= zqBAo8x{Ab$8#-R{bL?ek9{n0?)s1S=sHR01YTKkPd2>ctY?-;RX!~+%akm^vZ?KPU z%8Rh1ZOSqGyeg`GLEokNw@158)%>5uBFgMW{H`g2QGj{Xo7U(Dt6Fj=r~hc{sQeYw^1#Y{%Udh*{-SL&bs$k#T_ z$7QF(Ug$W&$(A|8bS`3EyY|l?uGo0eUpdR)%<|%TGR!ybT2%vPLMXq~>+22j$MexN Mp0&5ig2Ge&17VS^>;M1& diff --git a/resources/app/vendorlib/vendorlib-sbom.json b/resources/app/vendorlib/vendorlib-sbom.json index 6c6c932..1e15831 100644 --- a/resources/app/vendorlib/vendorlib-sbom.json +++ b/resources/app/vendorlib/vendorlib-sbom.json @@ -20,63 +20,6 @@ } }, "components" : [ - { - "group" : "org.checkerframework", - "name" : "checker-qual", - "version" : "3.33.0", - "description" : "checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework.", - "hashes" : [ - { - "alg" : "MD5", - "content" : "fc9418b779d9d57dcd52197006cbdb9b" - }, - { - "alg" : "SHA-1", - "content" : "de2b60b62da487644fc11f734e73c8b0b431238f" - }, - { - "alg" : "SHA-256", - "content" : "e316255bbfcd9fe50d165314b85abb2b33cb2a66a93c491db648e498a82c2de1" - }, - { - "alg" : "SHA-512", - "content" : "049c446677b7b386f3fb501bf65e032bdf2b1b29a3f545848035fff2b683cd275380cf302e30eea641af7f0801f779bcda3d82a71d928e4176f564f796640a64" - }, - { - "alg" : "SHA-384", - "content" : "ddf7a0f70421d1ed75e93c0a30434a4862c3905e433223e19861323cf0994e843392b746003040f10a7db6fc960b8aa6" - }, - { - "alg" : "SHA3-384", - "content" : "edf079834fdd23317851318504b2fcc10b055cdb5cc4ada9c773d1b6c815ed6dd193c433d2b83103f070fd521021ff33" - }, - { - "alg" : "SHA3-256", - "content" : "56244f45b03fc2a472b35489324e392e6001fac088d19f33629a87adb74a0575" - }, - { - "alg" : "SHA3-512", - "content" : "e0516c11fe613f258bf9ad39358a8d9fb7c8df57ff9aaca5d6d16055c196fac4ed3b4185f2501a3bdf7aeb1fe142693b1d788bdaa73366be1af15762bb3591a4" - } - ], - "licenses" : [ - { - "license" : { - "id" : "MIT" - } - } - ], - "purl" : "pkg:maven/org.checkerframework/checker-qual@3.33.0?type=jar", - "modified" : false, - "externalReferences" : [ - { - "type" : "vcs", - "url" : "https://github.com/typetools/checker-framework.git" - } - ], - "type" : "library", - "bom-ref" : "pkg:maven/org.checkerframework/checker-qual@3.33.0?type=jar" - }, { "group" : "org.apache.commons", "name" : "commons-text", @@ -201,41 +144,41 @@ }, { "group" : "org.apache.pdfbox", - "name" : "fontbox", + "name" : "pdfbox", "version" : "2.0.30", - "description" : "The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.", + "description" : "The Apache PDFBox library is an open source Java tool for working with PDF documents.", "hashes" : [ { "alg" : "MD5", - "content" : "3a7b597c9dbd56e18455e6efca52cbb3" + "content" : "da9a5490ecf28832ee6d003f9bcd95bd" }, { "alg" : "SHA-1", - "content" : "555e5d59a4d83c95c4330f018a6c32861880b6df" + "content" : "730753a91f7f2c574eb09a8af7288065d1e551bd" }, { "alg" : "SHA-256", - "content" : "aae7518f9c17d347531e63b22a46de582cb78f7e45d079a78a79dc9bdb23f8ba" + "content" : "abb468d07abe76e34efb3337d1cfd48e365241623320e277e8341ce3cd670760" }, { "alg" : "SHA-512", - "content" : "61eb46fee25826a8b0750fbe3823504e043f7e809f6ac3d144a1ba773195de29ebcffe30faee1bc9d2db50c94c45ebf65b67eb19e3358dbabf7878d36f133396" + "content" : "3727ede4a890c7c5c23e048fa037e013e8a3c85fcbe014e239c8c4dc7044a45b1143c4d773973f4f78032fb98d427486dd38f79f22dd6fb62dd713fee82e754f" }, { "alg" : "SHA-384", - "content" : "ca4ccf8281e1b481f83b8e156a3c2cfab0590f3d0a0a19f9cf80997966170affb01da293bacb880ae70ff8e6f54deb0e" + "content" : "d191b697ea322c23fe8a142fae04b8d84eb67d9852af5f7d89caf85db4c6573eafc830093f51edaa1622e6330090e860" }, { "alg" : "SHA3-384", - "content" : "184a9a72f221f34fb98b9d5e132b74b18bab569b8f6e86a5e1e7b88e5d6f82095607809e2cd98620f43cdbd3efd0b277" + "content" : "ba9f6d207a618edf1f9d496731538f2e774ce1238fb8252665cb1efedd4d17c85e319663cf2b8c9bd415ee17ea926bda" }, { "alg" : "SHA3-256", - "content" : "1c1333b59673e8caf3db1fc6453ce9c799b133faaee9017c2860a03257107325" + "content" : "9b62e73a41d0f73b805918bbc2c9da4c60e86d454366bf9ae56917264fc8d085" }, { "alg" : "SHA3-512", - "content" : "4b018c517e51185debe39adc9237728b6a189cbfc8053bc8401fa2c115f2a40c1e242b5ce1ebf0339480bc332bd4681e9a3dcbb1c4c5bc8d7fca16f202e3ef5b" + "content" : "41f714619824293519067fd3ba3e7295595f447778e60b21209bd09a46222af0d8492d7cc6a72e1d16012d727402c9e3a1767959be788c5e3a49ad537f3bf3ad" } ], "licenses" : [ @@ -245,48 +188,48 @@ } } ], - "purl" : "pkg:maven/org.apache.pdfbox/fontbox@2.0.30?type=jar", + "purl" : "pkg:maven/org.apache.pdfbox/pdfbox@2.0.30?type=jar", "modified" : false, "type" : "library", - "bom-ref" : "pkg:maven/org.apache.pdfbox/fontbox@2.0.30?type=jar" + "bom-ref" : "pkg:maven/org.apache.pdfbox/pdfbox@2.0.30?type=jar" }, { - "group" : "com.google.guava", - "name" : "failureaccess", - "version" : "1.0.1", - "description" : "Contains com.google.common.util.concurrent.internal.InternalFutureFailureAccess and InternalFutures. Most users will never need to use this artifact. Its classes is conceptually a part of Guava, but they're in this separate artifact so that Android libraries can use them without pulling in all of Guava (just as they can use ListenableFuture by depending on the listenablefuture artifact).", + "group" : "com.google.code.findbugs", + "name" : "jsr305", + "version" : "3.0.2", + "description" : "JSR305 Annotations for Findbugs", "hashes" : [ { "alg" : "MD5", - "content" : "091883993ef5bfa91da01dcc8fc52236" + "content" : "dd83accb899363c32b07d7a1b2e4ce40" }, { "alg" : "SHA-1", - "content" : "1dcf1de382a0bf95a3d8b0849546c88bac1292c9" + "content" : "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" }, { "alg" : "SHA-256", - "content" : "a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26" + "content" : "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" }, { "alg" : "SHA-512", - "content" : "f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae" + "content" : "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" }, { "alg" : "SHA-384", - "content" : "67659dbd9647ec303d7f15128dc9dba19b98fd8d74758ee3b602451e32c855e236ccaafe08edf4bbfa245f981268440f" + "content" : "ca0b169d3eb2d0922dc031133a021f861a043bb3e405a88728215fd6ff00fa52fdc7347842dcc2031472e3726164bdc4" }, { "alg" : "SHA3-384", - "content" : "1460875f0331c5fa3791772a6a322a7db180261bc2adacf7271df1fbf3b088a587a755a604c039982cb593c5cfc1f101" + "content" : "9903fd7505218999f8262efedb3d935d64bcef84aae781064ab5e1b24755466b269517cada562fa140cd1d417ede57a1" }, { "alg" : "SHA3-256", - "content" : "ea86406e75fcd93eafe3cde1b3135ba485f1bb9b75fed98894a0bf1f0aee04f0" + "content" : "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" }, { "alg" : "SHA3-512", - "content" : "52ac0f487ab5dd27c9f2e54fd1d84c7a620cae9d49be4072aa2b11501787bf4391ddaa13d02eccdf19e8eea46aecbea5f6064b26777c1b836108a280652e04ac" + "content" : "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" } ], "licenses" : [ @@ -296,48 +239,54 @@ } } ], - "purl" : "pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar", + "purl" : "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", "modified" : false, + "externalReferences" : [ + { + "type" : "vcs", + "url" : "https://code.google.com/p/jsr-305/" + } + ], "type" : "library", - "bom-ref" : "pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar" + "bom-ref" : "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar" }, { - "group" : "com.google.j2objc", - "name" : "j2objc-annotations", - "version" : "2.8", - "description" : "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "group" : "com.googlecode.owasp-java-html-sanitizer", + "name" : "owasp-java-html-sanitizer", + "version" : "20211018.2", + "description" : "Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.", "hashes" : [ { "alg" : "MD5", - "content" : "c50af69b704dc91050efb98e0dff66d1" + "content" : "5b0008f2b94e1d3100de8d3cdcb670cb" }, { "alg" : "SHA-1", - "content" : "c85270e307e7b822f1086b93689124b89768e273" + "content" : "a3226c13cf72633122e94810a53e60529dae2b80" }, { "alg" : "SHA-256", - "content" : "f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed" + "content" : "48234cd74e35d91a31a683820a35b5b6d11b55527f32a5b162c6757408b95d7a" }, { "alg" : "SHA-512", - "content" : "f8263868a792b41707c9e7fe6fa5650a14cd93fbeafad20efe3772a3058fc933eb59782ec59e6eb9b9c569aa96da80134ae9fdf7547b69c44a97087efddceeff" + "content" : "2aa772e369e93ae10fff441e063f0439ab36d87803dfcd76b492dbe61848c2b976649a921b9518c6dff9e8751dc9bff0802e1ef793d8cdb232f8e0da77e34732" }, { "alg" : "SHA-384", - "content" : "e6087ec31fec8289158496ad2ed6ce8472d5d513808a312e0782cedac3b86c37a62a63c0b5ea3839491d109fe9e148a1" + "content" : "0caedafcf42e8a2e6a7a10665f48c9ae5cdbb586bbd5337bd63600a91362ec329c12558ce4d967f42ea7d7c83769e69f" }, { "alg" : "SHA3-384", - "content" : "10add34bfeb8612283eef89ac96747a3c9b755acd80ad526e1addaeb7efd6323c52b9bfa1a3d34adb40e1ccb963ee65d" + "content" : "aae645eb112a6d5bce213a766a6cf76df828545df07438340b007e9eb8db546e62b2a01d94385daea86bfb7b1952c34a" }, { "alg" : "SHA3-256", - "content" : "b3336f8abd6b1f73b9f06d306974557000a000073bfbae6b54fda26d17dbb072" + "content" : "c805dca696ff5b10f8c21fca1e99c0771d3778507888ab7da4aa939a6c770e61" }, { "alg" : "SHA3-512", - "content" : "d376c184a6df071c4e93b913d175b5c2e63deac37105dc20342c19bdda62e4e9598ca1e8bfb4f4fd5cdee6dd5ac3b8af49e2c5193e324d59a59ce1f7adeab627" + "content" : "851caf550ca3f5cf9ff38c0961d18c60e752df41b6a8a28a8c856ea8e421cc9de7090155f688cffc889b576aa4ff0558b1138b1810ed25b135c1f68509c8be7f" } ], "licenses" : [ @@ -347,47 +296,48 @@ } } ], - "purl" : "pkg:maven/com.google.j2objc/j2objc-annotations@2.8?type=jar", + "purl" : "pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer@20211018.2?type=jar", "modified" : false, "type" : "library", - "bom-ref" : "pkg:maven/com.google.j2objc/j2objc-annotations@2.8?type=jar" + "bom-ref" : "pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer@20211018.2?type=jar" }, { - "group" : "com.google.errorprone", - "name" : "error_prone_annotations", - "version" : "2.18.0", + "group" : "commons-logging", + "name" : "commons-logging", + "version" : "1.2", + "description" : "Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.", "hashes" : [ { "alg" : "MD5", - "content" : "64145d0e7fee5a69ed7b84cf402de998" + "content" : "040b4b4d8eac886f6b4a2a3bd2f31b00" }, { "alg" : "SHA-1", - "content" : "89b684257096f548fa39a7df9fdaa409d4d4df91" + "content" : "4bfc12adfe4842bf07b657f0369c4cb522955686" }, { "alg" : "SHA-256", - "content" : "9e6814cb71816988a4fd1b07a993a8f21bb7058d522c162b1de849e19bea54ae" + "content" : "daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636" }, { "alg" : "SHA-512", - "content" : "3cea86be94bb8ae40d21ad4bf7d7f6b2233e89593b7b741ad84c78840cd3837bb5136f52e62fe9ae0953d7b190c46ad3edc102dfa97b4c7ea472a80206bf5db7" + "content" : "ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557" }, { "alg" : "SHA-384", - "content" : "7622eb33f83f03ab32b710b36c2fe836e24c5318f65fb8c0631a99507ca3ae65c2df8e33b63a5ce853b9cab6d9cb32e5" + "content" : "ac20720d7156131478205f1b454395abf84cfc8da2f163301af32f63bd3c4764bd26cb54ed53800f33193ae591f3ce9c" }, { "alg" : "SHA3-384", - "content" : "1ea52a5ce2a9ee1a960dc2a1bbe4b009d4d6a4448498e4cd76401605fa877662911e8c93b2b8bfda57bedc56c83f10a0" + "content" : "628eb4407e95dca84da1a06b08a6d9b832a49de8472b1b217e8607f08efeeed18b996232d64dd07f03e78e0e3bb4b078" }, { "alg" : "SHA3-256", - "content" : "ed53f4295da75753267f241315352c4a39e60796f04e1c0c12d29c3a38be48ed" + "content" : "9aab62deccf156ee6e324c925dfc30ecb53e8465802863a551901a461424e807" }, { "alg" : "SHA3-512", - "content" : "8266b313bd4e1170daf60642e838841370d99bc24b2a1f91825ca22037a6a30ff15cc76069f8e8770f1dc12772c277ee1320de67e815041697d93d6d7ba884fb" + "content" : "3fd76857f6d20c03799537cc961c1c4ddf1c375c6c192fb982363e3b9397ba138b77f24ef38b4202f44e37586789c0320e4de18fdadd2772304fd14a9b26d552" } ], "licenses" : [ @@ -397,48 +347,58 @@ } } ], - "purl" : "pkg:maven/com.google.errorprone/error_prone_annotations@2.18.0?type=jar", + "purl" : "pkg:maven/commons-logging/commons-logging@1.2?type=jar", "modified" : false, + "externalReferences" : [ + { + "type" : "issue-tracker", + "url" : "http://issues.apache.org/jira/browse/LOGGING" + }, + { + "type" : "vcs", + "url" : "http://svn.apache.org/repos/asf/commons/proper/logging/trunk" + } + ], "type" : "library", - "bom-ref" : "pkg:maven/com.google.errorprone/error_prone_annotations@2.18.0?type=jar" + "bom-ref" : "pkg:maven/commons-logging/commons-logging@1.2?type=jar" }, { - "group" : "commons-logging", - "name" : "commons-logging", - "version" : "1.2", - "description" : "Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.", + "group" : "com.google.guava", + "name" : "listenablefuture", + "version" : "9999.0-empty-to-avoid-conflict-with-guava", + "description" : "An empty artifact that Guava depends on to signal that it is providing ListenableFuture -- but is also available in a second \"version\" that contains com.google.common.util.concurrent.ListenableFuture class, without any other Guava classes. The idea is: - If users want only ListenableFuture, they depend on listenablefuture-1.0. - If users want all of Guava, they depend on guava, which, as of Guava 27.0, depends on listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-... version number is enough for some build systems (notably, Gradle) to select that empty artifact over the \"real\" listenablefuture-1.0 -- avoiding a conflict with the copy of ListenableFuture in guava itself. If users are using an older version of Guava or a build system other than Gradle, they may see class conflicts. If so, they can solve them by manually excluding the listenablefuture artifact or manually forcing their build systems to use 9999.0-....", "hashes" : [ { "alg" : "MD5", - "content" : "040b4b4d8eac886f6b4a2a3bd2f31b00" + "content" : "d094c22570d65e132c19cea5d352e381" }, { "alg" : "SHA-1", - "content" : "4bfc12adfe4842bf07b657f0369c4cb522955686" + "content" : "b421526c5f297295adef1c886e5246c39d4ac629" }, { "alg" : "SHA-256", - "content" : "daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636" + "content" : "b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99" }, { "alg" : "SHA-512", - "content" : "ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557" + "content" : "c5987a979174cbacae2e78b319f080420cc71bcdbcf7893745731eeb93c23ed13bff8d4599441f373f3a246023d33df03e882de3015ee932a74a774afdd0782f" }, { "alg" : "SHA-384", - "content" : "ac20720d7156131478205f1b454395abf84cfc8da2f163301af32f63bd3c4764bd26cb54ed53800f33193ae591f3ce9c" + "content" : "caff9b74079f95832ca7f6029346b34b606051cc8c5a4389fac263511d277ada0c55f28b0d43011055b268c6eb7184d5" }, { "alg" : "SHA3-384", - "content" : "628eb4407e95dca84da1a06b08a6d9b832a49de8472b1b217e8607f08efeeed18b996232d64dd07f03e78e0e3bb4b078" + "content" : "e939f08df0545847ea0d3e4b04a114b08499ad069ba8ec9461d1779f87a56e0c37273630a0f4c14e78c348d3ac7eb97f" }, { "alg" : "SHA3-256", - "content" : "9aab62deccf156ee6e324c925dfc30ecb53e8465802863a551901a461424e807" + "content" : "1f0a8b1177773b3a8ace839df5eed63cbf56b24a38714898a6e4ed065c42559f" }, { "alg" : "SHA3-512", - "content" : "3fd76857f6d20c03799537cc961c1c4ddf1c375c6c192fb982363e3b9397ba138b77f24ef38b4202f44e37586789c0320e4de18fdadd2772304fd14a9b26d552" + "content" : "6b495ecc2a18b17365cb08d124a0da47f04bcdde81927b5245edf3edd8e498c3c3fb92ce6a4127f660bac851bb1d3e4510e5c20d03be47ce99dc296d360db285" } ], "licenses" : [ @@ -448,20 +408,61 @@ } } ], - "purl" : "pkg:maven/commons-logging/commons-logging@1.2?type=jar", + "purl" : "pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava?type=jar", "modified" : false, - "externalReferences" : [ + "type" : "library", + "bom-ref" : "pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava?type=jar" + }, + { + "group" : "com.google.guava", + "name" : "failureaccess", + "version" : "1.0.1", + "description" : "Contains com.google.common.util.concurrent.internal.InternalFutureFailureAccess and InternalFutures. Most users will never need to use this artifact. Its classes is conceptually a part of Guava, but they're in this separate artifact so that Android libraries can use them without pulling in all of Guava (just as they can use ListenableFuture by depending on the listenablefuture artifact).", + "hashes" : [ { - "type" : "issue-tracker", - "url" : "http://issues.apache.org/jira/browse/LOGGING" + "alg" : "MD5", + "content" : "091883993ef5bfa91da01dcc8fc52236" }, { - "type" : "vcs", - "url" : "http://svn.apache.org/repos/asf/commons/proper/logging/trunk" + "alg" : "SHA-1", + "content" : "1dcf1de382a0bf95a3d8b0849546c88bac1292c9" + }, + { + "alg" : "SHA-256", + "content" : "a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26" + }, + { + "alg" : "SHA-512", + "content" : "f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae" + }, + { + "alg" : "SHA-384", + "content" : "67659dbd9647ec303d7f15128dc9dba19b98fd8d74758ee3b602451e32c855e236ccaafe08edf4bbfa245f981268440f" + }, + { + "alg" : "SHA3-384", + "content" : "1460875f0331c5fa3791772a6a322a7db180261bc2adacf7271df1fbf3b088a587a755a604c039982cb593c5cfc1f101" + }, + { + "alg" : "SHA3-256", + "content" : "ea86406e75fcd93eafe3cde1b3135ba485f1bb9b75fed98894a0bf1f0aee04f0" + }, + { + "alg" : "SHA3-512", + "content" : "52ac0f487ab5dd27c9f2e54fd1d84c7a620cae9d49be4072aa2b11501787bf4391ddaa13d02eccdf19e8eea46aecbea5f6064b26777c1b836108a280652e04ac" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } } ], + "purl" : "pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar", + "modified" : false, "type" : "library", - "bom-ref" : "pkg:maven/commons-logging/commons-logging@1.2?type=jar" + "bom-ref" : "pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar" }, { "group" : "com.google.guava", @@ -515,42 +516,42 @@ "bom-ref" : "pkg:maven/com.google.guava/guava@32.0.1-jre?type=jar" }, { - "group" : "commons-io", - "name" : "commons-io", - "version" : "2.11.0", - "description" : "The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.", + "group" : "com.google.j2objc", + "name" : "j2objc-annotations", + "version" : "2.8", + "description" : "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", "hashes" : [ { "alg" : "MD5", - "content" : "3b4b7ccfaeceeac240b804839ee1a1ca" + "content" : "c50af69b704dc91050efb98e0dff66d1" }, { "alg" : "SHA-1", - "content" : "a2503f302b11ebde7ebc3df41daebe0e4eea3689" + "content" : "c85270e307e7b822f1086b93689124b89768e273" }, { "alg" : "SHA-256", - "content" : "961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908" + "content" : "f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed" }, { "alg" : "SHA-512", - "content" : "5bd78eed456ede30119319c5bed8e3e4c443b6fd7bdb3a7a5686647bd83094d0c3e2832a7575cfb60e4ef25f08106b93476939d3adcfecf5533cc030b3039e10" + "content" : "f8263868a792b41707c9e7fe6fa5650a14cd93fbeafad20efe3772a3058fc933eb59782ec59e6eb9b9c569aa96da80134ae9fdf7547b69c44a97087efddceeff" }, { "alg" : "SHA-384", - "content" : "114f1e324d90ad887c177876d410f5787a8e8da6c48d4b2862d365802c0efded3a88cb24046976bf6276cadad3712f0f" + "content" : "e6087ec31fec8289158496ad2ed6ce8472d5d513808a312e0782cedac3b86c37a62a63c0b5ea3839491d109fe9e148a1" }, { "alg" : "SHA3-384", - "content" : "80288c03ad4d80d69f91d056ffc5570d49a9c76bf54ad2dff0121ecde26a560df76d05156f281f5c6db2a38ff07a873d" + "content" : "10add34bfeb8612283eef89ac96747a3c9b755acd80ad526e1addaeb7efd6323c52b9bfa1a3d34adb40e1ccb963ee65d" }, { "alg" : "SHA3-256", - "content" : "5adfb5ccaf5f21a549422f426118a9542673926fcd18c68390cf813e791dcf6c" + "content" : "b3336f8abd6b1f73b9f06d306974557000a000073bfbae6b54fda26d17dbb072" }, { "alg" : "SHA3-512", - "content" : "7573f47f0babb53cefdc7c2309a0b982d800139064537b0797da442853d081010ad7c3c74a500598a0f800639a5d540eca21963ea652c68613907059bd4278c2" + "content" : "d376c184a6df071c4e93b913d175b5c2e63deac37105dc20342c19bdda62e4e9598ca1e8bfb4f4fd5cdee6dd5ac3b8af49e2c5193e324d59a59ce1f7adeab627" } ], "licenses" : [ @@ -560,58 +561,48 @@ } } ], - "purl" : "pkg:maven/commons-io/commons-io@2.11.0?type=jar", + "purl" : "pkg:maven/com.google.j2objc/j2objc-annotations@2.8?type=jar", "modified" : false, - "externalReferences" : [ - { - "type" : "issue-tracker", - "url" : "https://issues.apache.org/jira/browse/IO" - }, - { - "type" : "vcs", - "url" : "https://gitbox.apache.org/repos/asf?p=commons-io.git" - } - ], "type" : "library", - "bom-ref" : "pkg:maven/commons-io/commons-io@2.11.0?type=jar" + "bom-ref" : "pkg:maven/com.google.j2objc/j2objc-annotations@2.8?type=jar" }, { - "group" : "com.google.guava", - "name" : "listenablefuture", - "version" : "9999.0-empty-to-avoid-conflict-with-guava", - "description" : "An empty artifact that Guava depends on to signal that it is providing ListenableFuture -- but is also available in a second \"version\" that contains com.google.common.util.concurrent.ListenableFuture class, without any other Guava classes. The idea is: - If users want only ListenableFuture, they depend on listenablefuture-1.0. - If users want all of Guava, they depend on guava, which, as of Guava 27.0, depends on listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-... version number is enough for some build systems (notably, Gradle) to select that empty artifact over the \"real\" listenablefuture-1.0 -- avoiding a conflict with the copy of ListenableFuture in guava itself. If users are using an older version of Guava or a build system other than Gradle, they may see class conflicts. If so, they can solve them by manually excluding the listenablefuture artifact or manually forcing their build systems to use 9999.0-....", + "group" : "org.apache.pdfbox", + "name" : "fontbox", + "version" : "2.0.30", + "description" : "The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox.", "hashes" : [ { "alg" : "MD5", - "content" : "d094c22570d65e132c19cea5d352e381" + "content" : "3a7b597c9dbd56e18455e6efca52cbb3" }, { "alg" : "SHA-1", - "content" : "b421526c5f297295adef1c886e5246c39d4ac629" + "content" : "555e5d59a4d83c95c4330f018a6c32861880b6df" }, { "alg" : "SHA-256", - "content" : "b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99" + "content" : "aae7518f9c17d347531e63b22a46de582cb78f7e45d079a78a79dc9bdb23f8ba" }, { "alg" : "SHA-512", - "content" : "c5987a979174cbacae2e78b319f080420cc71bcdbcf7893745731eeb93c23ed13bff8d4599441f373f3a246023d33df03e882de3015ee932a74a774afdd0782f" + "content" : "61eb46fee25826a8b0750fbe3823504e043f7e809f6ac3d144a1ba773195de29ebcffe30faee1bc9d2db50c94c45ebf65b67eb19e3358dbabf7878d36f133396" }, { "alg" : "SHA-384", - "content" : "caff9b74079f95832ca7f6029346b34b606051cc8c5a4389fac263511d277ada0c55f28b0d43011055b268c6eb7184d5" + "content" : "ca4ccf8281e1b481f83b8e156a3c2cfab0590f3d0a0a19f9cf80997966170affb01da293bacb880ae70ff8e6f54deb0e" }, { "alg" : "SHA3-384", - "content" : "e939f08df0545847ea0d3e4b04a114b08499ad069ba8ec9461d1779f87a56e0c37273630a0f4c14e78c348d3ac7eb97f" + "content" : "184a9a72f221f34fb98b9d5e132b74b18bab569b8f6e86a5e1e7b88e5d6f82095607809e2cd98620f43cdbd3efd0b277" }, { "alg" : "SHA3-256", - "content" : "1f0a8b1177773b3a8ace839df5eed63cbf56b24a38714898a6e4ed065c42559f" + "content" : "1c1333b59673e8caf3db1fc6453ce9c799b133faaee9017c2860a03257107325" }, { "alg" : "SHA3-512", - "content" : "6b495ecc2a18b17365cb08d124a0da47f04bcdde81927b5245edf3edd8e498c3c3fb92ce6a4127f660bac851bb1d3e4510e5c20d03be47ce99dc296d360db285" + "content" : "4b018c517e51185debe39adc9237728b6a189cbfc8053bc8401fa2c115f2a40c1e242b5ce1ebf0339480bc332bd4681e9a3dcbb1c4c5bc8d7fca16f202e3ef5b" } ], "licenses" : [ @@ -621,48 +612,48 @@ } } ], - "purl" : "pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava?type=jar", + "purl" : "pkg:maven/org.apache.pdfbox/fontbox@2.0.30?type=jar", "modified" : false, "type" : "library", - "bom-ref" : "pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava?type=jar" + "bom-ref" : "pkg:maven/org.apache.pdfbox/fontbox@2.0.30?type=jar" }, { - "group" : "org.apache.pdfbox", - "name" : "pdfbox", - "version" : "2.0.30", - "description" : "The Apache PDFBox library is an open source Java tool for working with PDF documents.", + "group" : "commons-io", + "name" : "commons-io", + "version" : "2.11.0", + "description" : "The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.", "hashes" : [ { "alg" : "MD5", - "content" : "da9a5490ecf28832ee6d003f9bcd95bd" + "content" : "3b4b7ccfaeceeac240b804839ee1a1ca" }, { "alg" : "SHA-1", - "content" : "730753a91f7f2c574eb09a8af7288065d1e551bd" + "content" : "a2503f302b11ebde7ebc3df41daebe0e4eea3689" }, { "alg" : "SHA-256", - "content" : "abb468d07abe76e34efb3337d1cfd48e365241623320e277e8341ce3cd670760" + "content" : "961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908" }, { "alg" : "SHA-512", - "content" : "3727ede4a890c7c5c23e048fa037e013e8a3c85fcbe014e239c8c4dc7044a45b1143c4d773973f4f78032fb98d427486dd38f79f22dd6fb62dd713fee82e754f" + "content" : "5bd78eed456ede30119319c5bed8e3e4c443b6fd7bdb3a7a5686647bd83094d0c3e2832a7575cfb60e4ef25f08106b93476939d3adcfecf5533cc030b3039e10" }, { "alg" : "SHA-384", - "content" : "d191b697ea322c23fe8a142fae04b8d84eb67d9852af5f7d89caf85db4c6573eafc830093f51edaa1622e6330090e860" + "content" : "114f1e324d90ad887c177876d410f5787a8e8da6c48d4b2862d365802c0efded3a88cb24046976bf6276cadad3712f0f" }, { "alg" : "SHA3-384", - "content" : "ba9f6d207a618edf1f9d496731538f2e774ce1238fb8252665cb1efedd4d17c85e319663cf2b8c9bd415ee17ea926bda" + "content" : "80288c03ad4d80d69f91d056ffc5570d49a9c76bf54ad2dff0121ecde26a560df76d05156f281f5c6db2a38ff07a873d" }, { "alg" : "SHA3-256", - "content" : "9b62e73a41d0f73b805918bbc2c9da4c60e86d454366bf9ae56917264fc8d085" + "content" : "5adfb5ccaf5f21a549422f426118a9542673926fcd18c68390cf813e791dcf6c" }, { "alg" : "SHA3-512", - "content" : "41f714619824293519067fd3ba3e7295595f447778e60b21209bd09a46222af0d8492d7cc6a72e1d16012d727402c9e3a1767959be788c5e3a49ad537f3bf3ad" + "content" : "7573f47f0babb53cefdc7c2309a0b982d800139064537b0797da442853d081010ad7c3c74a500598a0f800639a5d540eca21963ea652c68613907059bd4278c2" } ], "licenses" : [ @@ -672,99 +663,114 @@ } } ], - "purl" : "pkg:maven/org.apache.pdfbox/pdfbox@2.0.30?type=jar", + "purl" : "pkg:maven/commons-io/commons-io@2.11.0?type=jar", "modified" : false, + "externalReferences" : [ + { + "type" : "issue-tracker", + "url" : "https://issues.apache.org/jira/browse/IO" + }, + { + "type" : "vcs", + "url" : "https://gitbox.apache.org/repos/asf?p=commons-io.git" + } + ], "type" : "library", - "bom-ref" : "pkg:maven/org.apache.pdfbox/pdfbox@2.0.30?type=jar" + "bom-ref" : "pkg:maven/commons-io/commons-io@2.11.0?type=jar" }, { - "group" : "com.googlecode.owasp-java-html-sanitizer", - "name" : "owasp-java-html-sanitizer", - "version" : "20211018.2", - "description" : "Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.", + "group" : "org.checkerframework", + "name" : "checker-qual", + "version" : "3.33.0", + "description" : "checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework.", "hashes" : [ { "alg" : "MD5", - "content" : "5b0008f2b94e1d3100de8d3cdcb670cb" + "content" : "fc9418b779d9d57dcd52197006cbdb9b" }, { "alg" : "SHA-1", - "content" : "a3226c13cf72633122e94810a53e60529dae2b80" + "content" : "de2b60b62da487644fc11f734e73c8b0b431238f" }, { "alg" : "SHA-256", - "content" : "48234cd74e35d91a31a683820a35b5b6d11b55527f32a5b162c6757408b95d7a" + "content" : "e316255bbfcd9fe50d165314b85abb2b33cb2a66a93c491db648e498a82c2de1" }, { "alg" : "SHA-512", - "content" : "2aa772e369e93ae10fff441e063f0439ab36d87803dfcd76b492dbe61848c2b976649a921b9518c6dff9e8751dc9bff0802e1ef793d8cdb232f8e0da77e34732" + "content" : "049c446677b7b386f3fb501bf65e032bdf2b1b29a3f545848035fff2b683cd275380cf302e30eea641af7f0801f779bcda3d82a71d928e4176f564f796640a64" }, { "alg" : "SHA-384", - "content" : "0caedafcf42e8a2e6a7a10665f48c9ae5cdbb586bbd5337bd63600a91362ec329c12558ce4d967f42ea7d7c83769e69f" + "content" : "ddf7a0f70421d1ed75e93c0a30434a4862c3905e433223e19861323cf0994e843392b746003040f10a7db6fc960b8aa6" }, { "alg" : "SHA3-384", - "content" : "aae645eb112a6d5bce213a766a6cf76df828545df07438340b007e9eb8db546e62b2a01d94385daea86bfb7b1952c34a" + "content" : "edf079834fdd23317851318504b2fcc10b055cdb5cc4ada9c773d1b6c815ed6dd193c433d2b83103f070fd521021ff33" }, { "alg" : "SHA3-256", - "content" : "c805dca696ff5b10f8c21fca1e99c0771d3778507888ab7da4aa939a6c770e61" + "content" : "56244f45b03fc2a472b35489324e392e6001fac088d19f33629a87adb74a0575" }, { "alg" : "SHA3-512", - "content" : "851caf550ca3f5cf9ff38c0961d18c60e752df41b6a8a28a8c856ea8e421cc9de7090155f688cffc889b576aa4ff0558b1138b1810ed25b135c1f68509c8be7f" + "content" : "e0516c11fe613f258bf9ad39358a8d9fb7c8df57ff9aaca5d6d16055c196fac4ed3b4185f2501a3bdf7aeb1fe142693b1d788bdaa73366be1af15762bb3591a4" } ], "licenses" : [ { "license" : { - "id" : "Apache-2.0" + "id" : "MIT" } } ], - "purl" : "pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer@20211018.2?type=jar", + "purl" : "pkg:maven/org.checkerframework/checker-qual@3.33.0?type=jar", "modified" : false, + "externalReferences" : [ + { + "type" : "vcs", + "url" : "https://github.com/typetools/checker-framework.git" + } + ], "type" : "library", - "bom-ref" : "pkg:maven/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer@20211018.2?type=jar" + "bom-ref" : "pkg:maven/org.checkerframework/checker-qual@3.33.0?type=jar" }, { - "group" : "com.google.code.findbugs", - "name" : "jsr305", - "version" : "3.0.2", - "description" : "JSR305 Annotations for Findbugs", + "group" : "com.google.errorprone", + "name" : "error_prone_annotations", + "version" : "2.18.0", "hashes" : [ { "alg" : "MD5", - "content" : "dd83accb899363c32b07d7a1b2e4ce40" + "content" : "64145d0e7fee5a69ed7b84cf402de998" }, { "alg" : "SHA-1", - "content" : "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + "content" : "89b684257096f548fa39a7df9fdaa409d4d4df91" }, { "alg" : "SHA-256", - "content" : "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + "content" : "9e6814cb71816988a4fd1b07a993a8f21bb7058d522c162b1de849e19bea54ae" }, { "alg" : "SHA-512", - "content" : "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + "content" : "3cea86be94bb8ae40d21ad4bf7d7f6b2233e89593b7b741ad84c78840cd3837bb5136f52e62fe9ae0953d7b190c46ad3edc102dfa97b4c7ea472a80206bf5db7" }, { "alg" : "SHA-384", - "content" : "ca0b169d3eb2d0922dc031133a021f861a043bb3e405a88728215fd6ff00fa52fdc7347842dcc2031472e3726164bdc4" + "content" : "7622eb33f83f03ab32b710b36c2fe836e24c5318f65fb8c0631a99507ca3ae65c2df8e33b63a5ce853b9cab6d9cb32e5" }, { "alg" : "SHA3-384", - "content" : "9903fd7505218999f8262efedb3d935d64bcef84aae781064ab5e1b24755466b269517cada562fa140cd1d417ede57a1" + "content" : "1ea52a5ce2a9ee1a960dc2a1bbe4b009d4d6a4448498e4cd76401605fa877662911e8c93b2b8bfda57bedc56c83f10a0" }, { "alg" : "SHA3-256", - "content" : "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + "content" : "ed53f4295da75753267f241315352c4a39e60796f04e1c0c12d29c3a38be48ed" }, { "alg" : "SHA3-512", - "content" : "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + "content" : "8266b313bd4e1170daf60642e838841370d99bc24b2a1f91825ca22037a6a30ff15cc76069f8e8770f1dc12772c277ee1320de67e815041697d93d6d7ba884fb" } ], "licenses" : [ @@ -774,16 +780,10 @@ } } ], - "purl" : "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "purl" : "pkg:maven/com.google.errorprone/error_prone_annotations@2.18.0?type=jar", "modified" : false, - "externalReferences" : [ - { - "type" : "vcs", - "url" : "https://code.google.com/p/jsr-305/" - } - ], "type" : "library", - "bom-ref" : "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar" + "bom-ref" : "pkg:maven/com.google.errorprone/error_prone_annotations@2.18.0?type=jar" } ], "dependencies" : [ From 4bdd3c40e547176445b471ec3e31339572effbe4 Mon Sep 17 00:00:00 2001 From: Xiwen Cheng Date: Fri, 12 Apr 2024 23:29:37 +0200 Subject: [PATCH 2/5] Improve CI --- .github/workflows/ci.yml | 12 ++++++++++-- run-policy-tests.sh | 18 +++++++++++++++--- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dc2d1b2..74a5d74 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,15 @@ on: jobs: - build: + Policies: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Test Policies + run: ./run-policy-tests.sh + + CLI: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -26,7 +34,7 @@ jobs: run: go test -v ./... - name: xunit-report - run: ./bin/mendix-cli lint --xunit-report report.xml + run: ./bin/mendix-cli lint --xunit-report report.xml || true - name: Process xunit-report uses: dorny/test-reporter@v1 diff --git a/run-policy-tests.sh b/run-policy-tests.sh index fc0f536..1de38dc 100755 --- a/run-policy-tests.sh +++ b/run-policy-tests.sh @@ -4,11 +4,23 @@ set -e OPA="./bin/opa" +UNAME="$(uname -s)" +echo "OS: $UNAME" + +if [ "$UNAME" = "Linux" ]; then + OPA_DL="opa_linux_amd64" +elif [ "$UNAME" = "Darwin" ]; then + OPA_DL="opa_darwin_amd64" +else + echo "Unsupported OS" + exit 1 +fi + if [ ! -f "$OPA" ]; then echo "Program not found, downloading..." - curl -L -o "$OPA" https://openpolicyagent.org/downloads/v0.63.0/opa_darwin_amd64 + mkdir -p bin + curl -L -o "$OPA" "https://openpolicyagent.org/downloads/v0.63.0/$OPA_DL" chmod +x "$OPA" fi -OPA test -v policies - +$OPA test -v policies From 033592b45714ed0e2aadd3f7caa94327c8d14bce Mon Sep 17 00:00:00 2001 From: Xiwen Cheng Date: Fri, 12 Apr 2024 23:39:11 +0200 Subject: [PATCH 3/5] Fix issues in reference model to get all to pass --- lint/lint_test.go | 4 +- .../DomainModels$DomainModel.yaml | 23 +-------- .../MyFirstModule/Folder/Page.Forms$Page.yaml | 46 +----------------- modelsource/Security$ProjectSecurity.yaml | 8 +-- resources/app/App.mpr | Bin 10682368 -> 10690560 bytes 5 files changed, 8 insertions(+), 73 deletions(-) diff --git a/lint/lint_test.go b/lint/lint_test.go index d567622..a672735 100644 --- a/lint/lint_test.go +++ b/lint/lint_test.go @@ -34,8 +34,8 @@ func TestLintBundle(t *testing.T) { t.Run("all-policy", func(t *testing.T) { err := EvalAll("./../policies", "./../modelsource", "") - if err == nil { - t.Errorf("We expect failures in the reference model") + if err != nil { + t.Errorf("No failures expected: %v", err) } }) } diff --git a/modelsource/MyFirstModule/DomainModels$DomainModel.yaml b/modelsource/MyFirstModule/DomainModels$DomainModel.yaml index 6c64df6..fd6caa2 100644 --- a/modelsource/MyFirstModule/DomainModels$DomainModel.yaml +++ b/modelsource/MyFirstModule/DomainModels$DomainModel.yaml @@ -9,24 +9,7 @@ Annotations: ExportLevel: Hidden Width: 440 Associations: null -CrossAssociations: -- $Type: DomainModels$CrossAssociation - Child: System.User - DeleteBehavior: - $Type: DomainModels$DeleteBehavior - ChildDeleteBehavior: DeleteMeButKeepReferences - ChildErrorMessage: null - ParentDeleteBehavior: DeleteMeButKeepReferences - ParentErrorMessage: null - Documentation: "" - ExportLevel: Hidden - Name: Bike_User - Owner: Default - ParentPointer: - Data: gHs+zUMPEkqt8W+kjKXWew== - Subtype: 0 - Source: null - Type: Reference +CrossAssociations: null Documentation: "" Entities: - $Type: DomainModels$EntityImpl @@ -102,10 +85,6 @@ Entities: AccessRights: ReadOnly Association: "" Attribute: MyFirstModule.Bike.PurchaseDate - - $Type: DomainModels$MemberAccess - AccessRights: ReadOnly - Association: MyFirstModule.Bike_User - Attribute: "" XPathConstraint: "" XPathConstraintCaption: "" Attributes: diff --git a/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml b/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml index 4548cd6..bd62697 100644 --- a/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml +++ b/modelsource/MyFirstModule/Folder/Page.Forms$Page.yaml @@ -136,7 +136,7 @@ FormCall: $Type: Forms$OptionDesignPropertyValue Option: None DynamicClasses: "" - Style: 'color: orange;' + Style: "" ConditionalVisibilitySettings: null Content: $Type: Forms$ClientTemplate @@ -323,50 +323,6 @@ FormCall: NativeTextStyle: Text RenderMode: Text TabIndex: 0 - - $Type: Forms$DynamicText - Appearance: - $Type: Forms$Appearance - Class: "" - DesignProperties: null - DynamicClasses: "" - Style: "" - ConditionalVisibilitySettings: null - Content: - $Type: Forms$ClientTemplate - Fallback: - $Type: Texts$Text - Items: null - Parameters: - - $Type: Forms$ClientTemplateParameter - AttributeRef: - $Type: DomainModels$AttributeRef - Attribute: System.User.Name - EntityRef: - $Type: DomainModels$IndirectEntityRef - Steps: - - $Type: DomainModels$EntityRefStep - Association: MyFirstModule.Bike_User - DestinationEntity: System.User - Expression: "" - FormattingInfo: - $Type: Forms$FormattingInfo - CustomDateFormat: "" - DateFormat: Date - DecimalPrecision: 2 - EnumFormat: Text - GroupDigits: false - SourceVariable: null - Template: - $Type: Texts$Text - Items: - - $Type: Texts$Translation - LanguageCode: en_US - Text: '{1}' - Name: text3 - NativeAccessibilitySettings: null - NativeTextStyle: Text - RenderMode: Text - TabIndex: 0 ConditionalVisibilitySettings: null HorizontalAlignment: None SpacingBetweenColumns: true diff --git a/modelsource/Security$ProjectSecurity.yaml b/modelsource/Security$ProjectSecurity.yaml index a9666de..2b67b81 100644 --- a/modelsource/Security$ProjectSecurity.yaml +++ b/modelsource/Security$ProjectSecurity.yaml @@ -6,17 +6,17 @@ CheckSecurity: true DemoUsers: - $Type: Security$DemoUserImpl Entity: Administration.Account - Password: I2trLMI0IOON + Password: '`R38^&uA/0[<' UserName: demo_administrator UserRoles: - Administrator - $Type: Security$DemoUserImpl Entity: Administration.Account - Password: 7IwRQRqV4lpq + Password: .>|nR1YXr,'L UserName: demo_user UserRoles: - User -EnableDemoUsers: true +EnableDemoUsers: false EnableGuestAccess: false FileDocumentAccess: $Type: Security$FileDocumentAccessRuleContainer @@ -30,7 +30,7 @@ PasswordPolicySettings: MinimumLength: 12 RequireDigit: true RequireMixedCase: true - RequireSymbol: false + RequireSymbol: true SecurityLevel: CheckEverything StrictMode: false StrictPageUrlCheck: true diff --git a/resources/app/App.mpr b/resources/app/App.mpr index 67eae6bd168d08fa5bfbabbdcddcd9b94486b59d..cc655851421114127a2bc8559684d4207f50123d 100644 GIT binary patch delta 1561 zcmcK4T}+!*7zgn8w7gv@rF{oOL=>3F$JScBt zlea0P&pJqlY^0h9{ECgN5kjV>3%1BW4pAV20(O8BqCo{QpoUn`fEFa!32_h)yC4A` zfJAr@lHegohKJ!1NP$#HgWd2bq{Cy70hy2m*{}!pf)4cXI2a%Yj9>yYSilNTKrZA# zKG|D1|b363U?h98d{PaKS-vLlsm*4b*}M>YyGP;3;T?Ch&p} z4#8n~8k(U6{1AX3w8Asc2JO%R&q613K{q@HJ8E!2`|D+Fa^`_GQ0vaFbl83DR>R$;53|p*WoP8!y7>194x>hoQF4I ziBA_qj@Iu`j|&>E9_Q-0$erjYL5TX2-(85z$YS3%9k)j7_36sC*sBJ5_e?}*@C3tS zZKeuS$XV&@9PM%T=ZA*_#@y18Zbw+>baw@8gAGjs&h}QLwdm$fUb`4sCrGI>P4P$s zF2FLp#d(BP?G_cAf?|`aF0-kvWtu)dzsefKWFb0HrPrsT@FY8YbL_;vzuykfI~Um= zLzN@P=4l)WT5EzfSJ-YYX>8Nwce-6&)=Eck$TwVG9jvS_?GBE1dW#mbdF~3UAu@R; zb*!;cX)!|(B%>h18JC-cnGAYpHc`7hsN_kX zu?nL7ICgvVecpGKWyvM{eGV#ZJ!I>4;qP8!9+4~Vu@zC)8czeO%t)7`<1(oHKAV)1 z;{VDKalv(n{1s(w>8_t*ERI|@9fsrz>SnF__O&(*O*zPH@>%M zC<@wWT1>fyyYI2jWmGz6F61r0F}Li0>p~FdL#COa==wQr+5`OU(Yl->~4VcMaIMOCR delta 1560 zcmY+@3rtg27zglsOD|F=a4A@x?RbcwGH8KO3QVEnRiLFsDnl6MF=0NaAPjXAhv0loY3b#(0J`a->VhVfJ}{||ethUK?apQvW9rYu=rpKPi(YwFs{*C&{?MpO36`~tlp zH%VpIHEwFjZEUE`N?P4&Sz{||pmiEn!%Fputs9CAdX>Jo*hs!kWzR}A`i&*#lI9i3 z>zbNLtClThSvsy|&#^4i-ILCO2;4vn9Js?g@Bj&Tf)_}^8+^bQc<=)m_(K592RQ^n z5ClUAghCi7KnbrwI7C1sM8N`xhJ_FVv9Jgh!xD&t*C8GfKm}?@gd|9YHy{NxkP2Ez zgLKG%H(@C(gG|T*9lQnEkOR4p2l=3f0w{zcFn|$?!31U~f#pyN7FYpg@HUjgN~nNJ zcn7M$3e`{pwNMA|!YZhT26zuv!x~r%>!1;AupXMA88$!*w8Hz)1{+}$Y=#fuL)ZfC zuoXUn4%h~r&;{G!W7q-R&;y^qPS^#zVGs1er_cv>_ze1CFATsS5ZDJp@Hy;<129Z` z(jD!k^Cb5eA1b*=rG1VY67iwT&Sd&v$gxXAj}ADrA~8B5zMDE6@CA&(my|jLV+6Pd*Yf?!Yj^AkbNSuHKAHjpdV{7UIpUQVl+Rz4O6 zJzk`+aC1|rxB6=D+-@rTcF45$;h6pgu|G9wc*U0Je%Jg{MZ{LI=*ZJFCviPm)~9@k z-+G#r}de=_AojuEp{rcqkixo0|@-BOoJq2Dhr4m?oGO%V0Ps2pPS zmw72?Ua83OD`E9Rqba$g7v!f~XBvlzsxL$xH-a;>*V|u-aQXcCTTASrLV9=alRLUI zI>IXzNiSB(c)y=p4?YhI`-=7mKAuNe#57|jFry3UXIfg;m z{)n3VgSx!u1AqUO)2}X5kYh{I!hC5gdri5*L zbKu-3)dtf0Q$jAw2g~O!d&;Tqci~r-PY#&7934QSZwOOlW*{+`SZx`hG<8Op5Q_?Y Jh}&bK{9jv Date: Fri, 12 Apr 2024 23:41:18 +0200 Subject: [PATCH 4/5] Linting must pass --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74a5d74..ad5bd3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,7 +34,7 @@ jobs: run: go test -v ./... - name: xunit-report - run: ./bin/mendix-cli lint --xunit-report report.xml || true + run: ./bin/mendix-cli lint --xunit-report report.xml - name: Process xunit-report uses: dorny/test-reporter@v1 From b5bf5821b316aa31c42348a7542053ef71d18e8b Mon Sep 17 00:00:00 2001 From: Xiwen Cheng Date: Fri, 12 Apr 2024 23:43:03 +0200 Subject: [PATCH 5/5] clean up docs --- .../Forms/13-Style-property-used.markdown | 17 ----------------- .../35-More-than-20-module-in-project.markdown | 17 ----------------- 2 files changed, 34 deletions(-) delete mode 100644 docs/mendix-best-practices/Forms/13-Style-property-used.markdown delete mode 100644 docs/mendix-best-practices/Modules/35-More-than-20-module-in-project.markdown diff --git a/docs/mendix-best-practices/Forms/13-Style-property-used.markdown b/docs/mendix-best-practices/Forms/13-Style-property-used.markdown deleted file mode 100644 index b0ed7c4..0000000 --- a/docs/mendix-best-practices/Forms/13-Style-property-used.markdown +++ /dev/null @@ -1,17 +0,0 @@ ---- - -layout: post -title: "Style property used" -categories: Forms -prio: 5 -rulenumber: 13 -rulename: StylePropertyUsed -ruleset: Maintainability - ---- - -**Why** -Avoid using the style property, because this will make the life of your UI designer a lot more complicated. It will be harder to overrule styles from CSS file level. - -**How to fix** -Use generic classes instead, defined by the theme. \ No newline at end of file diff --git a/docs/mendix-best-practices/Modules/35-More-than-20-module-in-project.markdown b/docs/mendix-best-practices/Modules/35-More-than-20-module-in-project.markdown deleted file mode 100644 index e61314a..0000000 --- a/docs/mendix-best-practices/Modules/35-More-than-20-module-in-project.markdown +++ /dev/null @@ -1,17 +0,0 @@ ---- - -layout: post -title: "More than 20 modules in project" -categories: Modules -prio: 3 -rulenumber: 35 -rulename: NumberOfModules -ruleset: Maintainability - ---- - -**Why** -The bigger the application, the harder to maintain. - -**How to fix** -Consider a multi-app stategy to avoid creating one big (unmaintainable) monstrous application. \ No newline at end of file