Skip to content

Commit 48b7d6a

Browse files
AB-xdevAB-xdev
authored
Merge pull request #440 from xdev-software/update-from-template-merged
Update from template (auto-merged)
2 parents e3fd9e4 + 99c7db4 commit 48b7d6a

File tree

3 files changed

+26
-4
lines changed

3 files changed

+26
-4
lines changed

.config/pmd/java/ruleset.xml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -316,6 +316,28 @@
316316
</properties>
317317
</rule>
318318

319+
<rule name="EnsureZipEntryNameIsSanitized"
320+
language="java"
321+
message="ZipEntry name should be sanitized"
322+
class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
323+
<description>
324+
ZipEntry name should be sanitized.
325+
Unsanitized names may contain '..' which can result in path traversal ("ZipSlip").
326+
327+
You can suppress this warning when you properly sanitized the name.
328+
</description>
329+
<priority>4</priority>
330+
<properties>
331+
<property name="xpath">
332+
<value>
333+
<![CDATA[
334+
//MethodCall[pmd-java:matchesSig('java.util.zip.ZipEntry#getName()') or pmd-java:matchesSig('org.apache.commons.compress.archivers.ArchiveEntry#getName()')]
335+
]]>
336+
</value>
337+
</property>
338+
</properties>
339+
</rule>
340+
319341
<rule name="JavaObjectSerializationIsUnsafe"
320342
language="java"
321343
message="Using Java Object (De-)Serialization is unsafe and has led to too many security vulnerabilities"

jul-to-slf4j/pom.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -242,7 +242,7 @@
242242
<dependency>
243243
<groupId>com.puppycrawl.tools</groupId>
244244
<artifactId>checkstyle</artifactId>
245-
<version>12.0.0</version>
245+
<version>12.0.1</version>
246246
</dependency>
247247
</dependencies>
248248
<configuration>
@@ -267,7 +267,7 @@
267267
<plugin>
268268
<groupId>org.apache.maven.plugins</groupId>
269269
<artifactId>maven-pmd-plugin</artifactId>
270-
<version>3.27.0</version>
270+
<version>3.28.0</version>
271271
<configuration>
272272
<analysisCache>true</analysisCache>
273273
<includeTests>true</includeTests>

pom.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@
7474
<dependency>
7575
<groupId>com.puppycrawl.tools</groupId>
7676
<artifactId>checkstyle</artifactId>
77-
<version>12.0.0</version>
77+
<version>12.0.1</version>
7878
</dependency>
7979
</dependencies>
8080
<configuration>
@@ -99,7 +99,7 @@
9999
<plugin>
100100
<groupId>org.apache.maven.plugins</groupId>
101101
<artifactId>maven-pmd-plugin</artifactId>
102-
<version>3.27.0</version>
102+
<version>3.28.0</version>
103103
<configuration>
104104
<analysisCache>true</analysisCache>
105105
<includeTests>true</includeTests>

0 commit comments

Comments
 (0)