parj / addonjavaanttasks Goto Github PK
View Code? Open in Web Editor NEWAdditional Java Ant Tasks
License: Other
addonjavaanttasks's People
Contributors
Stargazers
Watchers
Forkers
fossabotaddonjavaanttasks's Issues
DepShield encountered errors while building your project
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
CVE-2019-17571 (High) detected in log4j-1.2.17.jar
CVE-2019-17571 - High Severity Vulnerability
Vulnerable Library - log4j-1.2.17.jar
Apache Log4j 1.2
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/log4j-1.2.17.jar
Dependency Hierarchy:
❌ log4j-1.2.17.jar (Vulnerable Library)
Found in HEAD commit: e0626db424b40bfbf3e3f464e87d6c282f79ac11
Vulnerability Details
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Publish Date: 2019-12-20
URL: CVE-2019-17571
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571
Release Date: 2019-12-20
Fix Resolution: org.apache.logging.log4j:log4j-core:2.0-alpha1
Step up your Open Source Security Game with WhiteSource here
CVE-2012-5783 (Medium) detected in commons-httpclient-3.0.jar
CVE-2012-5783 - Medium Severity Vulnerability
Vulnerable Library - commons-httpclient-3.0.jar
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/commons-httpclient/commons-httpclient/3.0/commons-httpclient-3.0.jar
Dependency Hierarchy:
❌ commons-httpclient-3.0.jar (Vulnerable Library)
Vulnerability Details
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Publish Date: 2012-11-04
URL: CVE-2012-5783
CVSS 2 Score Details (5.8)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-5783
Release Date: 2019-04-08
Fix Resolution: 3.2
Step up your Open Source Security Game with WhiteSource here
CVE-2020-1945 (Medium) detected in ant-1.8.1.jar
CVE-2020-1945 - Medium Severity Vulnerability
Vulnerable Library - ant-1.8.1.jar
Apache Ant
Library home page: http://ant.apache.org/
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: canner/.m2/repository/org/apache/ant/ant/1.8.1/ant-1.8.1.jar
Dependency Hierarchy:
❌ ant-1.8.1.jar (Vulnerable Library)
Found in HEAD commit: 6392c1a5aea2fa1373251703bfc757a6e099eb7f
Vulnerability Details
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Publish Date: 2020-05-14
URL: CVE-2020-1945
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://ant.apache.org/security.html
Release Date: 2020-05-14
Fix Resolution: org.apache.ant:ant-junitlauncher:1.10.8;org.apache.ant
Step up your Open Source Security Game with WhiteSource here
Upload of files > 10MB results in an OutOfMemory? error
For org.pm.AntDav uploading of files greater than 10MB fails
CVE-2012-2098 (Medium) detected in ant-1.8.1.jar
CVE-2012-2098 - Medium Severity Vulnerability
Vulnerable Library - ant-1.8.1.jar
Apache Ant
Library home page: http://ant.apache.org/ant/
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/org/apache/ant/ant/1.8.1/ant-1.8.1.jar
Dependency Hierarchy:
❌ ant-1.8.1.jar (Vulnerable Library)
Vulnerability Details
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-2098
Release Date: 2012-06-29
Fix Resolution: 1.4.1
Step up your Open Source Security Game with WhiteSource here
DepShield encountered errors while building your project
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
Check file exists before uploading in AntDav
Currently the code uploads and then checks the status of the upload, ie. has it successfully upload. It should first check via URL and then upload if the overwrite attribute is set to true
WS-2009-0001 (Low) detected in commons-codec-1.6.jar
WS-2009-0001 - Low Severity Vulnerability
Vulnerable Library - commons-codec-1.6.jar
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/codec/
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
Dependency Hierarchy:
❌ commons-codec-1.6.jar (Vulnerable Library)
Vulnerability Details
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
CVSS 2 Score Details (0.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
Retrieve last modified timestamp from server for a file uploaded - AntDav
WS-2010-0001 (Medium) detected in commons-codec-1.6.jar
WS-2010-0001 - Medium Severity Vulnerability
Vulnerable Library - commons-codec-1.6.jar
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/codec/
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
Dependency Hierarchy:
❌ commons-codec-1.6.jar (Vulnerable Library)
Vulnerability Details
Base64 encode() method is no longer thread-safe in Apache Commons Codec before version 1.7, which might disclose the wrong data or allow an attacker to change non-private fields.
Publish Date: 2010-02-26
URL: WS-2010-0001
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/CODEC-96
Release Date: 2017-01-31
Fix Resolution: 1.7
Step up your Open Source Security Game with WhiteSource here
CVE-2012-6153 (Medium) detected in commons-httpclient-3.0.jar
CVE-2012-6153 - Medium Severity Vulnerability
Vulnerable Library - commons-httpclient-3.0.jar
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/commons-httpclient-3.0.jar
Dependency Hierarchy:
❌ commons-httpclient-3.0.jar (Vulnerable Library)
Found in HEAD commit: e0626db424b40bfbf3e3f464e87d6c282f79ac11
Vulnerability Details
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Publish Date: 2014-09-04
URL: CVE-2012-6153
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6153
Release Date: 2014-09-04
Fix Resolution: 4.2.3
Step up your Open Source Security Game with WhiteSource here
WebDav Upload File
hi!
I have try this config to upload files from $buildDir/books
pushArgs {
user = project.docsUser
password = project.docsPassword
url = project.docsRepoUrl
overwrite = true
tree = fileTree(dir: "$buildDir/books", include: '**/*.*')
createDirectoryStructure = true
}
the file in /books
/books
/mybook1
- index.html
- otherfiles...
/mybook2
-index.html
but I can't config the relatvie path of the webdav url like "192.168.1.12:9000/webdav/mybook"
and all the files been upload to 192.168.1.12:9000/webdav/mybook
after search you code, I config the upload task like this
task publishDocs() {
doLast {
def antPush = new uk.co.firstzero.webdav.Push()
antPush.setUser((String)project.pushArgs.user)
antPush.setPassword((String)project.pushArgs.password)
antPush.setUrl((String)project.pushArgs.url)
antPush.setOverwrite((boolean)project.pushArgs.overwrite)
antPush.setUp()
project.pushArgs.tree.each {File file ->
String uploadPath = file.getPath().replace("$buildDir/books", "/books");
antPush.createDirectory(uploadPath, file.getName());
boolean result = antPush.uploadFile(file,uploadPath)
println("Upload status of " + file.getName() + " - " + result);
}
}
}
Set outFile to default to the file name
CVE-2020-9488 (Low) detected in log4j-1.2.17.jar
CVE-2020-9488 - Low Severity Vulnerability
Vulnerable Library - log4j-1.2.17.jar
Apache Log4j 1.2
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: canner/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
Dependency Hierarchy:
❌ log4j-1.2.17.jar (Vulnerable Library)
Found in HEAD commit: 6392c1a5aea2fa1373251703bfc757a6e099eb7f
Vulnerability Details
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
Publish Date: 2020-04-27
URL: CVE-2020-9488
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/LOG4J2-2819
Release Date: 2020-04-27
Fix Resolution: org.apache.logging.log4j:log4j-core:2.13.2
Step up your Open Source Security Game with WhiteSource here
[DepShield] (CVSS 5.8) Vulnerability due to usage of commons-httpclient:commons-httpclient:3.0
Vulnerabilities
DepShield reports that this application's usage of commons-httpclient:commons-httpclient:3.0 results in the following vulnerability(s):
- (CVSS 5.8) [CVE-2012-5783] Improper Input Validation
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Mvn compile failes with org.slf4j.impl.StaticLoggerBinder
When trying to invoke ant plugin for a custom Ant Task
Running ant compile fails as the custom task is attempted for invoking.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (pull) on project antdav: An Ant BuildException has occured: java.lang.NoClassDefFoundError: org/slf4j/impl/StaticLoggerBinder
[ERROR] around Ant part ...... @ 5:68 in /home/parj/Programming/repositories_git/AddOnJavaAntTasks/org.pm.AntDav/target/antrun/build-main.xml: org.slf4j.impl.StaticLoggerBinder
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.