LPS-150272 Do not apply to ant format-source-all

GergoMathe · Apr 12, 2023 · 89b346d · 89b346d
1 parent 8b2f816
commit 89b346d
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 16 deletions.
diff --git a/build-test-batch.xml b/build-test-batch.xml
@@ -7679,7 +7679,6 @@ information. Make sure to commit in all build services results.
 							<property name="source.fail.on.has.warning" value="true" />
 							<property name="source.print.errors" value="false" />
 							<property name="source.use.properties" value="false" />
-							<property name="use.ci.github.access.token" value="true" />
 							<property name="validate.commit.messages" value="true" />
 						</ant>
 					</then>

diff --git a/...formatter/src/main/java/com/liferay/gradle/plugins/source/formatter/FormatSourceTask.java b/...formatter/src/main/java/com/liferay/gradle/plugins/source/formatter/FormatSourceTask.java
@@ -101,6 +101,10 @@ public boolean isAutoFix() {
 		return _sourceFormatterArgs.isAutoFix();
 	}
 
+	public boolean isCheckVulnerabilities() {
+		return _sourceFormatterArgs.isCheckVulnerabilities();
+	}
+
 	public boolean isFailOnAutoFix() {
 		return _sourceFormatterArgs.isFailOnAutoFix();
 	}
@@ -167,6 +171,10 @@ public void setCheckNames(String... checkNames) {
 		_sourceFormatterArgs.setCheckNames(CollectionUtils.toList(checkNames));
 	}
 
+	public void setCheckVulnerabilities(boolean checkVulnerabilities) {
+		_sourceFormatterArgs.setCheckVulnerabilities(checkVulnerabilities);
+	}
+
 	public void setFailOnAutoFix(boolean failOnAutoFix) {
 		_sourceFormatterArgs.setFailOnAutoFix(failOnAutoFix);
 	}
@@ -241,6 +249,7 @@ public void setValidateCommitMessages(boolean validateCommitMessages) {
 	private List<String> _getCompleteArgs() {
 		List<String> args = new ArrayList<>(getArgs());
 
+		args.add("check.vulnerabilities=" + isCheckVulnerabilities());
 		args.add("format.current.branch=" + isFormatCurrentBranch());
 		args.add("format.latest.author=" + isFormatLatestAuthor());
 		args.add("format.local.changes=" + isFormatLocalChanges());

diff --git a/...radle-plugins/src/main/java/com/liferay/gradle/plugins/SourceFormatterDefaultsPlugin.java b/...radle-plugins/src/main/java/com/liferay/gradle/plugins/SourceFormatterDefaultsPlugin.java
@@ -215,6 +215,14 @@ private void _configureTaskFormatSource(FormatSourceTask formatSourceTask) {
 			formatSourceTask.setAutoFix(Boolean.parseBoolean(autoFix));
 		}
 
+		String checkVulnerabilities = GradleUtil.getProperty(
+			project, "check.vulnerabilities", (String)null);
+
+		if (Validator.isNotNull(checkVulnerabilities)) {
+			formatSourceTask.setCheckVulnerabilities(
+				Boolean.parseBoolean(checkVulnerabilities));
+		}
+
 		String baseDirName = GradleUtil.getProperty(
 			project, "source.base.dir", (String)null);
 

diff --git a/...les/util/source-formatter/src/main/java/com/liferay/source/formatter/SourceFormatter.java b/...les/util/source-formatter/src/main/java/com/liferay/source/formatter/SourceFormatter.java
@@ -137,6 +137,10 @@ public static void main(String[] args) throws Exception {
 					ArgumentsUtil.getString(
 						arguments, "source.check.names", null),
 					StringPool.COMMA));
+			sourceFormatterArgs.setCheckVulnerabilities(
+				ArgumentsUtil.getBoolean(
+					arguments, "check.vulnerabilities",
+					SourceFormatterArgs.CHECK_VULNERABILITIES));
 			sourceFormatterArgs.setFailOnAutoFix(
 				ArgumentsUtil.getBoolean(
 					arguments, "source.fail.on.auto.fix",

diff --git a/...util/source-formatter/src/main/java/com/liferay/source/formatter/SourceFormatterArgs.java b/...util/source-formatter/src/main/java/com/liferay/source/formatter/SourceFormatterArgs.java
@@ -31,6 +31,8 @@ public class SourceFormatterArgs {
 
 	public static final String BASE_DIR_NAME = "./";
 
+	public static final boolean CHECK_VULNERABILITIES = true;
+
 	public static final int COMMIT_COUNT = 0;
 
 	public static final boolean FAIL_ON_AUTO_FIX = false;
@@ -143,6 +145,10 @@ public boolean isAutoFix() {
 		return _autoFix;
 	}
 
+	public boolean isCheckVulnerabilities() {
+		return _checkVulnerabilities;
+	}
+
 	public boolean isFailOnAutoFix() {
 		return _failOnAutoFix;
 	}
@@ -215,6 +221,10 @@ public void setCheckNames(List<String> checkNames) {
 		_checkNames = checkNames;
 	}
 
+	public void setCheckVulnerabilities(boolean checkVulnerabilities) {
+		_checkVulnerabilities = checkVulnerabilities;
+	}
+
 	public void setCommitCount(int commitCount) {
 		_commitCount = commitCount;
 	}
@@ -318,6 +328,7 @@ public void setValidateCommitMessages(boolean validateCommitMessages) {
 	private String _baseDirName = BASE_DIR_NAME;
 	private List<String> _checkCategoryNames = new ArrayList<>();
 	private List<String> _checkNames = new ArrayList<>();
+	private boolean _checkVulnerabilities = CHECK_VULNERABILITIES;
 	private int _commitCount = COMMIT_COUNT;
 	private boolean _failOnAutoFix = FAIL_ON_AUTO_FIX;
 	private boolean _failOnHasWarning = FAIL_ON_HAS_WARNING;

diff --git a/...rmatter/src/main/java/com/liferay/source/formatter/check/LibraryVulnerabilitiesCheck.java b/...rmatter/src/main/java/com/liferay/source/formatter/check/LibraryVulnerabilitiesCheck.java
@@ -80,6 +80,15 @@ protected String doProcess(
 			String fileName, String absolutePath, String content)
 		throws Exception {
 
+		SourceProcessor sourceProcessor = getSourceProcessor();
+
+		SourceFormatterArgs sourceFormatterArgs =
+			sourceProcessor.getSourceFormatterArgs();
+
+		if (!sourceFormatterArgs.isCheckVulnerabilities()) {
+			return content;
+		}
+
 		if (fileName.endsWith(".gradle")) {
 			_checkGradleLibraryVulnerabilities(fileName, absolutePath, content);
 		}
@@ -422,9 +431,7 @@ private void _generateVulnerableVersionMap(
 			SourceFormatterArgs sourceFormatterArgs =
 				sourceProcessor.getSourceFormatterArgs();
 
-			if (sourceFormatterArgs.isFormatCurrentBranch() &&
-				sourceFormatterArgs.isUseCiGithubAccessToken()) {
-
+			if (sourceFormatterArgs.isUseCiGithubAccessToken()) {
 				_githubAccessToken = _getCiGithubAccessToken();
 			}
 			else {

diff --git a/...tter/src/test/java/com/liferay/source/formatter/processor/LibrarySourceProcessorTest.java b/...tter/src/test/java/com/liferay/source/formatter/processor/LibrarySourceProcessorTest.java
@@ -15,6 +15,7 @@
 package com.liferay.source.formatter.processor;
 
 import com.liferay.petra.string.StringBundler;
+import com.liferay.source.formatter.SourceFormatterArgs;
 
 import org.junit.Test;
 
@@ -36,18 +37,20 @@ public void testLibraryVulnerabilities() throws Exception {
 		test(
 			"ivy.testxml",
 			StringBundler.concat(
-				"Library 'org.springframework.security:spring-security-core:",
-				"5.6.1' contains known vulnerabilities(Authorization bypass ",
-				"in Spring Security, https://github.com/advisories/GHSA-hh32-",
-				"7344-cg2f)"));
+				"Library 'org.springframework.security:spring-security-",
+				"core:5.6.1' contains known vulnerabilities(Spring Security ",
+				"authorization rules can be bypassed via forward or include ",
+				"dispatcher types, https://github.com/advisories",
+				"/GHSA-mmmh-wcxm-2wr4)"));
 
 		test(
 			"pom.testxml",
 			StringBundler.concat(
-				"Library 'org.springframework.security:spring-security-core:",
-				"5.6.1' contains known vulnerabilities(Authorization bypass ",
-				"in Spring Security, https://github.com/advisories/GHSA-hh32-",
-				"7344-cg2f)"));
+				"Library 'org.springframework.security:spring-security-",
+				"core:5.6.1' contains known vulnerabilities(Spring Security ",
+				"authorization rules can be bypassed via forward or include ",
+				"dispatcher types, https://github.com/advisories",
+				"/GHSA-mmmh-wcxm-2wr4)"));
 
 		test(
 			"build.testgradle",
@@ -69,9 +72,10 @@ public void testLibraryVulnerabilities() throws Exception {
 					"/advisories/GHSA-gchv-364h-r896)"),
 				StringBundler.concat(
 					"Library 'org.springframework.security:spring-security-",
-					"core:5.6.2' contains known vulnerabilities(Authorization ",
-					"bypass in Spring Security, https://github.com/advisories",
-					"/GHSA-hh32-7344-cg2f)")
+					"core:5.6.2' contains known vulnerabilities(Spring ",
+					"Security authorization rules can be bypassed via forward ",
+					"or include dispatcher types, https://github.com",
+					"/advisories/GHSA-mmmh-wcxm-2wr4)")
 			});
 
 		test(
@@ -89,4 +93,14 @@ public void testLibraryVulnerabilities() throws Exception {
 			});
 	}
 
+	@Override
+	protected SourceFormatterArgs getSourceFormatterArgs() {
+		SourceFormatterArgs sourceFormatterArgs =
+			super.getSourceFormatterArgs();
+
+		sourceFormatterArgs.setCheckVulnerabilities(true);
+
+		return sourceFormatterArgs;
+	}
+
 }
diff --git a/portal-impl/build.xml b/portal-impl/build.xml
@@ -440,7 +440,9 @@ svn://svn.liferay.com/repos/public/alloy/trunk/sandbox/taglibs.
 	</target>
 
 	<target name="format-source-all">
-		<antcall target="format-source-files" />
+		<antcall target="format-source-files">
+			<param name="check.vulnerabilities" value="false" />
+		</antcall>
 	</target>
 
 	<target name="format-source-bnd">
@@ -600,6 +602,7 @@ svn://svn.liferay.com/repos/public/alloy/trunk/sandbox/taglibs.
 					<jvmarg value="-Dfile.encoding=UTF-8" />
 					<jvmarg value="-Dsource.formatter.check.registry.in.test.classes=${source.formatter.check.registry.in.test.classes}" />
 					<jvmarg value="-Dsource.formatter.excludes=${source.formatter.excludes}" />
+					<arg value="check.vulnerabilities=${check.vulnerabilities}" />
 					<arg value="commit.count=${source.formatter.commit.count}" />
 					<arg value="format.current.branch=${format.current.branch}" />
 					<arg value="format.latest.author=${format.latest.author}" />