Merge pull request #18 from Sylvain-Bugat/pom-update

Http client upgrade to fix CVE-2014-3577
This commit is contained in:
Greg Schueler 2014-11-24 14:02:44 -08:00
commit eeaf4a3944
3 changed files with 57 additions and 31 deletions

View file

@ -0,0 +1,13 @@
<ruleset comparisonMethod="maven"
xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
<!--Ignore alpha, beta, release-candidate and draft versions-->
<ignoreVersions>
<ignoreVersion type="regex">.*[\.-](?i)alpha[0-9]*$</ignoreVersion>
<ignoreVersion type="regex">.*[\.-](?i)b(eta)?-?[0-9]*$</ignoreVersion>
<ignoreVersion type="regex">.*[\.-](?i)rc?[0-9]*$</ignoreVersion>
<ignoreVersion type="regex">.*[\.-](?i)draft.*$</ignoreVersion>
</ignoreVersions>
</ruleset>

36
pom.xml
View file

@ -17,6 +17,10 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<prerequisites>
<maven>2.2.1</maven>
</prerequisites>
<!-- For deploying to Sonatype OSS Nexus --> <!-- For deploying to Sonatype OSS Nexus -->
<parent> <parent>
<groupId>org.sonatype.oss</groupId> <groupId>org.sonatype.oss</groupId>
@ -88,6 +92,16 @@
<project.build.targetJdk>1.6</project.build.targetJdk> <project.build.targetJdk>1.6</project.build.targetJdk>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Dependencies version -->
<apache.httpcomponents.version>4.3.6</apache.httpcomponents.version>
<commons-lang.version>2.6</commons-lang.version>
<commons-io.version>2.1</commons-io.version>
<dom4j.version>1.6.1</dom4j.version>
<jaxen.version>1.1.1</jaxen.version>
<junit.version>4.10</junit.version>
<betamax.version>1.0</betamax.version>
<groovy.version>1.8.4</groovy.version>
<!-- Plugins version --> <!-- Plugins version -->
<plugin.antrun.version>1.7</plugin.antrun.version> <plugin.antrun.version>1.7</plugin.antrun.version>
<plugin.assembly.version>2.2.2</plugin.assembly.version> <plugin.assembly.version>2.2.2</plugin.assembly.version>
@ -114,7 +128,7 @@
<plugin.source.version>2.1.2</plugin.source.version> <plugin.source.version>2.1.2</plugin.source.version>
<plugin.surefire.version>2.10</plugin.surefire.version> <plugin.surefire.version>2.10</plugin.surefire.version>
<plugin.taglist.version>2.4</plugin.taglist.version> <plugin.taglist.version>2.4</plugin.taglist.version>
<plugin.versions.version>1.2</plugin.versions.version> <plugin.versions.version>2.1</plugin.versions.version>
</properties> </properties>
<build> <build>
@ -392,7 +406,7 @@
</reportSet> </reportSet>
</reportSets> </reportSets>
<configuration> <configuration>
<comparisonMethod>mercury</comparisonMethod> <rulesUri>file:./dependencies-check-rules.xml</rulesUri>
</configuration> </configuration>
</plugin> </plugin>
<plugin> <plugin>
@ -423,52 +437,52 @@
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId> <artifactId>httpclient</artifactId>
<version>4.1.2</version> <version>${apache.httpcomponents.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId> <artifactId>httpmime</artifactId>
<version>4.1.2</version> <version>${apache.httpcomponents.version}</version>
</dependency> </dependency>
<!-- Commons --> <!-- Commons -->
<dependency> <dependency>
<groupId>commons-lang</groupId> <groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId> <artifactId>commons-lang</artifactId>
<version>2.6</version> <version>${commons-lang.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>commons-io</groupId>
<artifactId>commons-io</artifactId> <artifactId>commons-io</artifactId>
<version>2.1</version> <version>${commons-io.version}</version>
</dependency> </dependency>
<!-- XML Parsing --> <!-- XML Parsing -->
<dependency> <dependency>
<groupId>dom4j</groupId> <groupId>dom4j</groupId>
<artifactId>dom4j</artifactId> <artifactId>dom4j</artifactId>
<version>1.6.1</version> <version>${dom4j.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>jaxen</groupId> <groupId>jaxen</groupId>
<artifactId>jaxen</artifactId> <artifactId>jaxen</artifactId>
<version>1.1.1</version> <version>${jaxen.version}</version>
</dependency> </dependency>
<!-- Test --> <!-- Test -->
<dependency> <dependency>
<groupId>junit</groupId> <groupId>junit</groupId>
<artifactId>junit</artifactId> <artifactId>junit</artifactId>
<version>4.10</version> <version>${junit.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.github.robfletcher</groupId> <groupId>com.github.robfletcher</groupId>
<artifactId>betamax</artifactId> <artifactId>betamax</artifactId>
<version>1.0</version> <version>${betamax.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.codehaus.groovy</groupId> <groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId> <artifactId>groovy-all</artifactId>
<version>1.8.4</version> <version>${groovy.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>

View file

@ -37,7 +37,6 @@ import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP; import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext; import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
import org.dom4j.Document;
import org.rundeck.api.RundeckApiException.RundeckApiLoginException; import org.rundeck.api.RundeckApiException.RundeckApiLoginException;
import org.rundeck.api.RundeckApiException.RundeckApiTokenException; import org.rundeck.api.RundeckApiException.RundeckApiTokenException;
import org.rundeck.api.parser.ParserHelper; import org.rundeck.api.parser.ParserHelper;
@ -639,11 +638,11 @@ class ApiCall {
while (true) { while (true) {
try { try {
HttpPost postLogin = new HttpPost(location); HttpPost postLogin = new HttpPost(location);
List params = new ArrayList(); List<BasicNameValuePair> params = new ArrayList<BasicNameValuePair>();
params.add(new BasicNameValuePair("j_username", client.getLogin())); params.add(new BasicNameValuePair("j_username", client.getLogin()));
params.add(new BasicNameValuePair("j_password", client.getPassword())); params.add(new BasicNameValuePair("j_password", client.getPassword()));
params.add(new BasicNameValuePair("action", "login")); params.add(new BasicNameValuePair("action", "login"));
postLogin.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8)); postLogin.setEntity(new UrlEncodedFormEntity(params, Consts.UTF_8));
HttpResponse response = httpClient.execute(postLogin); HttpResponse response = httpClient.execute(postLogin);
if (response.getStatusLine().getStatusCode() / 100 == 3) { if (response.getStatusLine().getStatusCode() / 100 == 3) {
@ -663,7 +662,7 @@ class ApiCall {
} }
try { try {
String content = EntityUtils.toString(response.getEntity(), HTTP.UTF_8); String content = EntityUtils.toString(response.getEntity(), Consts.UTF_8);
if (StringUtils.contains(content, "j_security_check")) { if (StringUtils.contains(content, "j_security_check")) {
throw new RundeckApiLoginException("Login failed for user " + client.getLogin()); throw new RundeckApiLoginException("Login failed for user " + client.getLogin());
} }