Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport: Fix BOM validation failing when URL contains encoded [ and ] characters #3866

Merged
merged 2 commits into from
Jun 22, 2024
Merged

Backport: Fix BOM validation failing when URL contains encoded [ and ] characters #3866

merged 2 commits into from
Jun 22, 2024

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Jun 22, 2024

Description

Fixes BOM validation failing when URL contains encoded [ and ] characters.

Addressed Issue

Fixes #3831
Backports #3865

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro
Fix BOM validation failing when URL contains encoded [ and ] char…
d546749 
…acters

Fixes DependencyTrack#3831

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro added the defect Something isn't working label Jun 22, 2024
@nscuro nscuro added this to the 4.11.4 milestone Jun 22, 2024
@nscuro
Drop dependency on outdated xerces
5567233 
`xerces` does not support the `http://javax.xml.XMLConstants/property/accessExternalDTD` property that `cyclonedx-core-java` is using:

```
java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
	at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
	at org.cyclonedx.parsers.XmlParser.createSecureDocument(XmlParser.java:339)
	at org.cyclonedx.parsers.XmlParser.extractAllNamespaceDeclarations(XmlParser.java:310)
	at org.cyclonedx.parsers.XmlParser.identifySchemaVersion(XmlParser.java:296)
	at org.cyclonedx.parsers.XmlParser.parse(XmlParser.java:97)
```

The remaining code relying on `xerces` turned out to be unused, and was consequently removed as well.

Signed-off-by: nscuro <nscuro@protonmail.com>
@codacy-production Codacy Production
Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.08% (target: -1.00%) (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (93a32e1) 22079 16809 76.13%
Head commit (5567233) 22060 (-19) 16812 (+3) 76.21% (+0.08%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#3866) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

🚀 Don’t miss a bit, follow what’s new on Codacy.

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@nscuro nscuro merged commit 0ac7c65 into DependencyTrack:4.11.x Jun 22, 2024
7 of 8 checks passed
@nscuro nscuro deleted the backport-pr-3865 branch June 22, 2024 17:17
@nscuro nscuro mentioned this pull request Jun 24, 2024
Closed
2 tasks
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this pull request Jun 24, 2024
@nscuro
Fix BOM validation failing when URL contains encoded [ and ] char…
9b262c6 
…acters

Also drop dependency on outdated `xercesImpl`. `xercesImpl` does not support the `http://javax.xml.XMLConstants/property/accessExternalDTD` property that `cyclonedx-core-java` is using:

```
java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
	at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
	at org.cyclonedx.parsers.XmlParser.createSecureDocument(XmlParser.java:339)
	at org.cyclonedx.parsers.XmlParser.extractAllNamespaceDeclarations(XmlParser.java:310)
	at org.cyclonedx.parsers.XmlParser.identifySchemaVersion(XmlParser.java:296)
	at org.cyclonedx.parsers.XmlParser.parse(XmlParser.java:97)
```

~The remaining code relying on `xerces` turned out to be unused, and was consequently removed as well.~ Code depending on `xercesImpl` was removed already.

Ports DependencyTrack/dependency-track#3866 from Dependency-Track v4.11.4.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro mentioned this pull request Jun 24, 2024
Merged
2 tasks
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this pull request Jun 24, 2024
@nscuro
Fix BOM validation failing when URL contains encoded [ and ] char…
52173ce 
…acters

Also drop dependency on outdated `xercesImpl`. `xercesImpl` does not support the `http://javax.xml.XMLConstants/property/accessExternalDTD` property that `cyclonedx-core-java` is using:

```
java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
	at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
	at org.cyclonedx.parsers.XmlParser.createSecureDocument(XmlParser.java:339)
	at org.cyclonedx.parsers.XmlParser.extractAllNamespaceDeclarations(XmlParser.java:310)
	at org.cyclonedx.parsers.XmlParser.identifySchemaVersion(XmlParser.java:296)
	at org.cyclonedx.parsers.XmlParser.parse(XmlParser.java:97)
```

~The remaining code relying on `xerces` turned out to be unused, and was consequently removed as well.~ Code depending on `xercesImpl` was removed already.

Ports DependencyTrack/dependency-track#3866 from Dependency-Track v4.11.4.

Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro added a commit to DependencyTrack/hyades-apiserver that referenced this pull request Jun 24, 2024
@nscuro
Fix BOM validation failing when URL contains encoded [ and ] char…
3e4ebeb 
…acters

Also drop dependency on outdated `xercesImpl`. `xercesImpl` does not support the `http://javax.xml.XMLConstants/property/accessExternalDTD` property that `cyclonedx-core-java` is using:

```
java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
	at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
	at org.cyclonedx.parsers.XmlParser.createSecureDocument(XmlParser.java:339)
	at org.cyclonedx.parsers.XmlParser.extractAllNamespaceDeclarations(XmlParser.java:310)
	at org.cyclonedx.parsers.XmlParser.identifySchemaVersion(XmlParser.java:296)
	at org.cyclonedx.parsers.XmlParser.parse(XmlParser.java:97)
```

~The remaining code relying on `xerces` turned out to be unused, and was consequently removed as well.~ Code depending on `xercesImpl` was removed already.

Ports DependencyTrack/dependency-track#3866 from Dependency-Track v4.11.4.

Signed-off-by: nscuro <nscuro@protonmail.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
defect Something isn't working
Projects
None yet
Milestone
4.11.4
Development

Successfully merging this pull request may close these issues.
1 participant
@nscuro