GitHub-Mirror/rundeck-api-java-client
2
0
Fork 0
mirror of https://github.com/Fishwaldo/rundeck-api-java-client.git synced 2025-07-07 13:38:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #18 from Sylvain-Bugat/pom-update

Browse source 
Http client upgrade to fix CVE-2014-3577
This commit is contained in:
Greg Schueler 2014-11-24 14:02:44 -08:00
commit eeaf4a3944
3 changed files with 57 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

13
dependencies-check-rules.xml Normal file
View file

@ -0,0 +1,13 @@
<ruleset comparisonMethod="maven"
xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
<!--Ignore alpha, beta, release-candidate and draft versions-->
<ignoreVersions>
<ignoreVersion type="regex">.*[\.-](?i)alpha[0-9]*$</ignoreVersion>
<ignoreVersion type="regex">.*[\.-](?i)b(eta)?-?[0-9]*$</ignoreVersion>
<ignoreVersion type="regex">.*[\.-](?i)rc?[0-9]*$</ignoreVersion>
<ignoreVersion type="regex">.*[\.-](?i)draft.*$</ignoreVersion>
</ignoreVersions>
</ruleset>

36
pom.xml
View file

@ -17,6 +17,10 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<prerequisites>
<maven>2.2.1</maven>
</prerequisites>
<!-- For deploying to Sonatype OSS Nexus --> <!-- For deploying to Sonatype OSS Nexus -->
<parent> <parent>
<groupId>org.sonatype.oss</groupId> <groupId>org.sonatype.oss</groupId>
@ -88,6 +92,16 @@
<project.build.targetJdk>1.6</project.build.targetJdk> <project.build.targetJdk>1.6</project.build.targetJdk>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- Dependencies version -->
<apache.httpcomponents.version>4.3.6</apache.httpcomponents.version>
<commons-lang.version>2.6</commons-lang.version>
<commons-io.version>2.1</commons-io.version>
<dom4j.version>1.6.1</dom4j.version>
<jaxen.version>1.1.1</jaxen.version>
<junit.version>4.10</junit.version>
<betamax.version>1.0</betamax.version>
<groovy.version>1.8.4</groovy.version>
<!-- Plugins version --> <!-- Plugins version -->
<plugin.antrun.version>1.7</plugin.antrun.version> <plugin.antrun.version>1.7</plugin.antrun.version>
<plugin.assembly.version>2.2.2</plugin.assembly.version> <plugin.assembly.version>2.2.2</plugin.assembly.version>
@ -114,7 +128,7 @@
<plugin.source.version>2.1.2</plugin.source.version> <plugin.source.version>2.1.2</plugin.source.version>
<plugin.surefire.version>2.10</plugin.surefire.version> <plugin.surefire.version>2.10</plugin.surefire.version>
<plugin.taglist.version>2.4</plugin.taglist.version> <plugin.taglist.version>2.4</plugin.taglist.version>
<plugin.versions.version>1.2</plugin.versions.version> <plugin.versions.version>2.1</plugin.versions.version>
</properties> </properties>
<build> <build>
@ -392,7 +406,7 @@
</reportSet> </reportSet>
</reportSets> </reportSets>
<configuration> <configuration>
<comparisonMethod>mercury</comparisonMethod> <rulesUri>file:./dependencies-check-rules.xml</rulesUri>
</configuration> </configuration>
</plugin> </plugin>
<plugin> <plugin>
@ -423,52 +437,52 @@
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId> <artifactId>httpclient</artifactId>
<version>4.1.2</version> <version>${apache.httpcomponents.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId> <artifactId>httpmime</artifactId>
<version>4.1.2</version> <version>${apache.httpcomponents.version}</version>
</dependency> </dependency>
<!-- Commons --> <!-- Commons -->
<dependency> <dependency>
<groupId>commons-lang</groupId> <groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId> <artifactId>commons-lang</artifactId>
<version>2.6</version> <version>${commons-lang.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>commons-io</groupId>
<artifactId>commons-io</artifactId> <artifactId>commons-io</artifactId>
<version>2.1</version> <version>${commons-io.version}</version>
</dependency> </dependency>
<!-- XML Parsing --> <!-- XML Parsing -->
<dependency> <dependency>
<groupId>dom4j</groupId> <groupId>dom4j</groupId>
<artifactId>dom4j</artifactId> <artifactId>dom4j</artifactId>
<version>1.6.1</version> <version>${dom4j.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>jaxen</groupId> <groupId>jaxen</groupId>
<artifactId>jaxen</artifactId> <artifactId>jaxen</artifactId>
<version>1.1.1</version> <version>${jaxen.version}</version>
</dependency> </dependency>
<!-- Test --> <!-- Test -->
<dependency> <dependency>
<groupId>junit</groupId> <groupId>junit</groupId>
<artifactId>junit</artifactId> <artifactId>junit</artifactId>
<version>4.10</version> <version>${junit.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.github.robfletcher</groupId> <groupId>com.github.robfletcher</groupId>
<artifactId>betamax</artifactId> <artifactId>betamax</artifactId>
<version>1.0</version> <version>${betamax.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.codehaus.groovy</groupId> <groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId> <artifactId>groovy-all</artifactId>
<version>1.8.4</version> <version>${groovy.version}</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>

39
src/main/java/org/rundeck/api/ApiCall.java
View file

@ -37,7 +37,6 @@ import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP; import org.apache.http.protocol.HTTP;
import org.apache.http.protocol.HttpContext; import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
import org.dom4j.Document;
import org.rundeck.api.RundeckApiException.RundeckApiLoginException; import org.rundeck.api.RundeckApiException.RundeckApiLoginException;
import org.rundeck.api.RundeckApiException.RundeckApiTokenException; import org.rundeck.api.RundeckApiException.RundeckApiTokenException;
import org.rundeck.api.parser.ParserHelper; import org.rundeck.api.parser.ParserHelper;
@ -59,7 +58,7 @@ import java.util.Map.Entry;
/** /**
* Class responsible for making the HTTP API calls * Class responsible for making the HTTP API calls
* *
* @author Vincent Behar * @author Vincent Behar
*/ */
class ApiCall { class ApiCall {
@ -72,10 +71,10 @@ class ApiCall {
/** {@link RundeckClient} instance holding the RunDeck url and the credentials */ /** {@link RundeckClient} instance holding the RunDeck url and the credentials */
private final RundeckClient client; private final RundeckClient client;
/** /**
* Build a new instance, linked to the given RunDeck client * Build a new instance, linked to the given RunDeck client
* *
* @param client holding the RunDeck url and the credentials * @param client holding the RunDeck url and the credentials
* @throws IllegalArgumentException if client is null * @throws IllegalArgumentException if client is null
*/ */
@ -87,7 +86,7 @@ class ApiCall {
/** /**
* Try to "ping" the RunDeck instance to see if it is alive * Try to "ping" the RunDeck instance to see if it is alive
* *
* @throws RundeckApiException if the ping fails * @throws RundeckApiException if the ping fails
*/ */
public void ping() throws RundeckApiException { public void ping() throws RundeckApiException {
@ -127,7 +126,7 @@ class ApiCall {
/** /**
* Test the login-based authentication on the RunDeck instance * Test the login-based authentication on the RunDeck instance
* *
* @throws RundeckApiLoginException if the login fails * @throws RundeckApiLoginException if the login fails
* @see #testAuth() * @see #testAuth()
*/ */
@ -144,7 +143,7 @@ class ApiCall {
/** /**
* Test the token-based authentication on the RunDeck instance * Test the token-based authentication on the RunDeck instance
* *
* @throws RundeckApiTokenException if the token is invalid * @throws RundeckApiTokenException if the token is invalid
* @see #testAuth() * @see #testAuth()
*/ */
@ -161,7 +160,7 @@ class ApiCall {
/** /**
* Execute an HTTP GET request to the RunDeck instance, on the given path. We will login first, and then execute the * Execute an HTTP GET request to the RunDeck instance, on the given path. We will login first, and then execute the
* API call. At the end, the given parser will be used to convert the response to a more useful result object. * API call. At the end, the given parser will be used to convert the response to a more useful result object.
* *
* @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder} * @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder}
* @param parser used to parse the response * @param parser used to parse the response
* @return the result of the call, as formatted by the parser * @return the result of the call, as formatted by the parser
@ -181,7 +180,7 @@ class ApiCall {
/** /**
* Execute an HTTP GET request to the RunDeck instance, on the given path. We will login first, and then execute the * Execute an HTTP GET request to the RunDeck instance, on the given path. We will login first, and then execute the
* API call. * API call.
* *
* @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder} * @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder}
* @return a new {@link InputStream} instance, not linked with network resources * @return a new {@link InputStream} instance, not linked with network resources
* @throws RundeckApiException in case of error when calling the API * @throws RundeckApiException in case of error when calling the API
@ -206,7 +205,7 @@ class ApiCall {
/** /**
* Execute an HTTP GET request to the RunDeck instance, on the given path. We will login first, and then execute the * Execute an HTTP GET request to the RunDeck instance, on the given path. We will login first, and then execute the
* API call without appending the API_ENDPOINT to the URL. * API call without appending the API_ENDPOINT to the URL.
* *
* @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder} * @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder}
* @return a new {@link InputStream} instance, not linked with network resources * @return a new {@link InputStream} instance, not linked with network resources
* @throws RundeckApiException in case of error when calling the API * @throws RundeckApiException in case of error when calling the API
@ -248,11 +247,11 @@ class ApiCall {
return get(apiPath, parser); return get(apiPath, parser);
} }
} }
/** /**
* Execute an HTTP POST request to the RunDeck instance, on the given path. We will login first, and then execute * Execute an HTTP POST request to the RunDeck instance, on the given path. We will login first, and then execute
* the API call. At the end, the given parser will be used to convert the response to a more useful result object. * the API call. At the end, the given parser will be used to convert the response to a more useful result object.
* *
* @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder} * @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder}
* @param parser used to parse the response * @param parser used to parse the response
* @return the result of the call, as formatted by the parser * @return the result of the call, as formatted by the parser
@ -322,7 +321,7 @@ class ApiCall {
/** /**
* Execute an HTTP DELETE request to the RunDeck instance, on the given path. We will login first, and then execute * Execute an HTTP DELETE request to the RunDeck instance, on the given path. We will login first, and then execute
* the API call. At the end, the given parser will be used to convert the response to a more useful result object. * the API call. At the end, the given parser will be used to convert the response to a more useful result object.
* *
* @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder} * @param apiPath on which we will make the HTTP request - see {@link ApiPathBuilder}
* @param parser used to parse the response * @param parser used to parse the response
* @return the result of the call, as formatted by the parser * @return the result of the call, as formatted by the parser
@ -354,7 +353,7 @@ class ApiCall {
/** /**
* Execute an HTTP request to the RunDeck instance. We will login first, and then execute the API call. At the end, * Execute an HTTP request to the RunDeck instance. We will login first, and then execute the API call. At the end,
* the given parser will be used to convert the response to a more useful result object. * the given parser will be used to convert the response to a more useful result object.
* *
* @param request to execute. see {@link HttpGet}, {@link HttpDelete}, and so on... * @param request to execute. see {@link HttpGet}, {@link HttpDelete}, and so on...
* @param parser used to parse the response * @param parser used to parse the response
* @return the result of the call, as formatted by the parser * @return the result of the call, as formatted by the parser
@ -400,7 +399,7 @@ class ApiCall {
} }
/** /**
* Execute an HTTP request to the RunDeck instance. We will login first, and then execute the API call. * Execute an HTTP request to the RunDeck instance. We will login first, and then execute the API call.
* *
* @param request to execute. see {@link HttpGet}, {@link HttpDelete}, and so on... * @param request to execute. see {@link HttpGet}, {@link HttpDelete}, and so on...
* @return a new {@link InputStream} instance, not linked with network resources * @return a new {@link InputStream} instance, not linked with network resources
* @throws RundeckApiException in case of error when calling the API * @throws RundeckApiException in case of error when calling the API
@ -594,7 +593,7 @@ class ApiCall {
/** /**
* Do the actual work of login, using the given {@link HttpClient} instance. You'll need to re-use this instance * Do the actual work of login, using the given {@link HttpClient} instance. You'll need to re-use this instance
* when making API calls (such as running a job). Only use this in case of login-based authentication. * when making API calls (such as running a job). Only use this in case of login-based authentication.
* *
* @param httpClient pre-instantiated * @param httpClient pre-instantiated
* @throws RundeckApiLoginException if the login failed * @throws RundeckApiLoginException if the login failed
*/ */
@ -639,11 +638,11 @@ class ApiCall {
while (true) { while (true) {
try { try {
HttpPost postLogin = new HttpPost(location); HttpPost postLogin = new HttpPost(location);
List params = new ArrayList(); List<BasicNameValuePair> params = new ArrayList<BasicNameValuePair>();
params.add(new BasicNameValuePair("j_username", client.getLogin())); params.add(new BasicNameValuePair("j_username", client.getLogin()));
params.add(new BasicNameValuePair("j_password", client.getPassword())); params.add(new BasicNameValuePair("j_password", client.getPassword()));
params.add(new BasicNameValuePair("action", "login")); params.add(new BasicNameValuePair("action", "login"));
postLogin.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8)); postLogin.setEntity(new UrlEncodedFormEntity(params, Consts.UTF_8));
HttpResponse response = httpClient.execute(postLogin); HttpResponse response = httpClient.execute(postLogin);
if (response.getStatusLine().getStatusCode() / 100 == 3) { if (response.getStatusLine().getStatusCode() / 100 == 3) {
@ -663,7 +662,7 @@ class ApiCall {
} }
try { try {
String content = EntityUtils.toString(response.getEntity(), HTTP.UTF_8); String content = EntityUtils.toString(response.getEntity(), Consts.UTF_8);
if (StringUtils.contains(content, "j_security_check")) { if (StringUtils.contains(content, "j_security_check")) {
throw new RundeckApiLoginException("Login failed for user " + client.getLogin()); throw new RundeckApiLoginException("Login failed for user " + client.getLogin());
} }
@ -689,7 +688,7 @@ class ApiCall {
/** /**
* Instantiate a new {@link HttpClient} instance, configured to accept all SSL certificates * Instantiate a new {@link HttpClient} instance, configured to accept all SSL certificates
* *
* @return an {@link HttpClient} instance - won't be null * @return an {@link HttpClient} instance - won't be null
*/ */
private HttpClient instantiateHttpClient() { private HttpClient instantiateHttpClient() {