parj / addonjavaanttasks Goto Github PK
View Code? Open in Web Editor NEWAdditional Java Ant Tasks
License: Other
Additional Java Ant Tasks
License: Other
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
Apache Log4j 1.2
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/log4j-1.2.17.jar
Dependency Hierarchy:
Found in HEAD commit: e0626db424b40bfbf3e3f464e87d6c282f79ac11
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Publish Date: 2019-12-20
URL: CVE-2019-17571
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571
Release Date: 2019-12-20
Fix Resolution: org.apache.logging.log4j:log4j-core:2.0-alpha1
Step up your Open Source Security Game with WhiteSource here
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/commons-httpclient/commons-httpclient/3.0/commons-httpclient-3.0.jar
Dependency Hierarchy:
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Publish Date: 2012-11-04
URL: CVE-2012-5783
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-5783
Release Date: 2019-04-08
Fix Resolution: 3.2
Step up your Open Source Security Game with WhiteSource here
Apache Ant
Library home page: http://ant.apache.org/
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: canner/.m2/repository/org/apache/ant/ant/1.8.1/ant-1.8.1.jar
Dependency Hierarchy:
Found in HEAD commit: 6392c1a5aea2fa1373251703bfc757a6e099eb7f
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Publish Date: 2020-05-14
URL: CVE-2020-1945
Base Score Metrics:
Type: Upgrade version
Origin: https://ant.apache.org/security.html
Release Date: 2020-05-14
Fix Resolution: org.apache.ant:ant-junitlauncher:1.10.8;org.apache.ant
Step up your Open Source Security Game with WhiteSource here
For org.pm.AntDav uploading of files greater than 10MB fails
Apache Ant
Library home page: http://ant.apache.org/ant/
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/org/apache/ant/ant/1.8.1/ant-1.8.1.jar
Dependency Hierarchy:
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-2098
Release Date: 2012-06-29
Fix Resolution: 1.4.1
Step up your Open Source Security Game with WhiteSource here
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
Currently the code uploads and then checks the status of the upload, ie. has it successfully upload. It should first check via URL and then upload if the overwrite attribute is set to true
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/codec/
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
Dependency Hierarchy:
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
Step up your Open Source Security Game with WhiteSource here
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/codec/
Path to dependency file: /AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
Dependency Hierarchy:
Base64 encode() method is no longer thread-safe in Apache Commons Codec before version 1.7, which might disclose the wrong data or allow an attacker to change non-private fields.
Publish Date: 2010-02-26
URL: WS-2010-0001
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/CODEC-96
Release Date: 2017-01-31
Fix Resolution: 1.7
Step up your Open Source Security Game with WhiteSource here
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/commons-httpclient-3.0.jar
Dependency Hierarchy:
Found in HEAD commit: e0626db424b40bfbf3e3f464e87d6c282f79ac11
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Publish Date: 2014-09-04
URL: CVE-2012-6153
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6153
Release Date: 2014-09-04
Fix Resolution: 4.2.3
Step up your Open Source Security Game with WhiteSource here
hi!
I have try this config to upload files from $buildDir/books
pushArgs {
user = project.docsUser
password = project.docsPassword
url = project.docsRepoUrl
overwrite = true
tree = fileTree(dir: "$buildDir/books", include: '**/*.*')
createDirectoryStructure = true
}
the file in /books
/books
/mybook1
- index.html
- otherfiles...
/mybook2
-index.html
but I can't config the relatvie path of the webdav url like "192.168.1.12:9000/webdav/mybook"
and all the files been upload to 192.168.1.12:9000/webdav/mybook
after search you code, I config the upload task like this
task publishDocs() {
doLast {
def antPush = new uk.co.firstzero.webdav.Push()
antPush.setUser((String)project.pushArgs.user)
antPush.setPassword((String)project.pushArgs.password)
antPush.setUrl((String)project.pushArgs.url)
antPush.setOverwrite((boolean)project.pushArgs.overwrite)
antPush.setUp()
project.pushArgs.tree.each {File file ->
String uploadPath = file.getPath().replace("$buildDir/books", "/books");
antPush.createDirectory(uploadPath, file.getName());
boolean result = antPush.uploadFile(file,uploadPath)
println("Upload status of " + file.getName() + " - " + result);
}
}
}
Apache Log4j 1.2
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: canner/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
Dependency Hierarchy:
Found in HEAD commit: 6392c1a5aea2fa1373251703bfc757a6e099eb7f
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
Publish Date: 2020-04-27
URL: CVE-2020-9488
Base Score Metrics:
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/LOG4J2-2819
Release Date: 2020-04-27
Fix Resolution: org.apache.logging.log4j:log4j-core:2.13.2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of commons-httpclient:commons-httpclient:3.0 results in the following vulnerability(s):
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
When trying to invoke ant plugin for a custom Ant Task
Running ant compile fails as the custom task is attempted for invoking.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (pull) on project antdav: An Ant BuildException has occured: java.lang.NoClassDefFoundError: org/slf4j/impl/StaticLoggerBinder
[ERROR] around Ant part ...... @ 5:68 in /home/parj/Programming/repositories_git/AddOnJavaAntTasks/org.pm.AntDav/target/antrun/build-main.xml: org.slf4j.impl.StaticLoggerBinder
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.