Skip to content

Commit

Permalink
Resolve threats identified by Sonatype Lift (#159)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbabcoc
sbabcoc authored May 31, 2021
1 parent 978f88f commit 7ffa57d
Show file tree
Hide file tree
Showing 7 changed files with 85 additions and 25 deletions.
4 changes: 2 additions & 2 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,8 +281,7 @@ nexusStaging {
repositories {
mavenLocal()
mavenCentral()
maven { url 'http://public-snapshots' }
maven { url 'http://repo.maven.apache.org/maven2' }
maven { url 'https://repo.maven.apache.org/maven2' }
maven { url "${projectDir}/repo" }
}

Expand All @@ -295,6 +294,7 @@ dependencies {
}
compile 'org.jsoup:jsoup:1.12.1'
compile('org.hamcrest:hamcrest-core:2.2') { force = true }
compile('org.yaml:snakeyaml:1.28') { force = true }

apply from: "${profile}Deps.gradle"

Expand Down
4 changes: 2 additions & 2 deletions docs/DevelopmentEnvironment.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ To build the **Selenium Foundation** project with **Maven**, you'll also need to
<toolchain>
<type>jdk</type>
<provides>
<version>1.7</version>
<version>7</version>
<vendor>oracle</vendor>
</provides>
<configuration>
Expand All @@ -62,7 +62,7 @@ To build the **Selenium Foundation** project with **Maven**, you'll also need to
<toolchain>
<type>jdk</type>
<provides>
<version>1.8</version>
<version>8</version>
<vendor>oracle</vendor>
</provides>
<configuration>
Expand Down
90 changes: 71 additions & 19 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@
<dependency-plugin.version>3.1.1</dependency-plugin.version>
<clean-plugin.version>3.1.0</clean-plugin.version>
<hamcrest.version>2.2</hamcrest.version>
<!-- managed to resolve identified threat -->
<snakeyaml.version>1.28</snakeyaml.version>
</properties>

<scm>
Expand Down Expand Up @@ -94,6 +96,11 @@
<artifactId>hamcrest-core</artifactId>
<version>${hamcrest.version}</version>
</dependency>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${snakeyaml.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
Expand Down Expand Up @@ -135,13 +142,20 @@
</property>
</activation>
<properties>
<compile-jdk.version>1.7</compile-jdk.version>
<release.version>7</release.version>
<testng-foundation.version>1.13.6</testng-foundation.version>
<selenium.version>2.53.1</selenium.version>
<guava-agent.version>30.1</guava-agent.version>
<guava.version>30.1-android</guava.version>
<commons-io.version>2.4</commons-io.version>
<htmlunit.version>2.21</htmlunit.version>
<mockito.version>2.25.0</mockito.version>
<!-- managed to resolve identified threat -->
<bouncycastle.version>1.68</bouncycastle.version>
<!-- managed to resolve identified threat -->
<httpcomponents.version>4.5.13</httpcomponents.version>
<!-- managed to resolve identified threat -->
<jetty.version>9.4.41.v20210516</jetty.version>
</properties>
<dependencyManagement>
<dependencies>
Expand All @@ -155,6 +169,11 @@
<artifactId>guava-agent</artifactId>
<version>${guava-agent.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
Expand Down Expand Up @@ -185,6 +204,31 @@
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpmime</artifactId>
<version>${httpcomponents.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpcomponents.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.websocket</groupId>
<artifactId>websocket-client</artifactId>
<version>${jetty.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
Expand Down Expand Up @@ -261,14 +305,19 @@
</property>
</activation>
<properties>
<compile-jdk.version>1.8</compile-jdk.version>
<release.version>8</release.version>
<testng-foundation.version>2.0.3</testng-foundation.version>
<selenium.version>3.141.59</selenium.version>
<guava.version>30.1-jre</guava.version>
<htmlunit.version>2.50.0</htmlunit.version>
<jcommander.version>1.78</jcommander.version>
<commons-io.version>2.6</commons-io.version>
<mockito.version>3.1.0</mockito.version>
<!-- managed to resolve identified threat -->
<okhttp.version>4.9.1</okhttp.version>
<!-- override of default conflict resolution -->
<okio.version>2.8.0</okio.version>
<!-- override of default conflict resolution -->
<kotlin.version>1.4.10</kotlin.version>
</properties>
<dependencyManagement>
<dependencies>
Expand All @@ -282,11 +331,6 @@
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${commons-io.version}</version>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-server</artifactId>
Expand All @@ -307,17 +351,30 @@
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp-bom</artifactId>
<version>${okhttp.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>com.squareup.okio</groupId>
<artifactId>okio</artifactId>
<version>${okio.version}</version>
</dependency>
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-common</artifactId>
<version>${kotlin.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>com.nordstrom.tools</groupId>
<artifactId>testng-foundation</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-server</artifactId>
Expand Down Expand Up @@ -527,20 +584,15 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${compile-jdk.version}</source>
<target>${compile-jdk.version}</target>
<jdkToolchain>
<version>${compile-jdk.version}</version>
<vendor>oracle</vendor>
</jdkToolchain>
<release>${release.version}</release>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<jdkToolchain>
<version>${compile-jdk.version}</version>
<version>${release.version}</version>
<vendor>oracle</vendor>
</jdkToolchain>
<properties>
Expand Down
6 changes: 6 additions & 0 deletions selenium2Deps.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,18 @@ dependencies {
selenium2Compile configurations.compile
selenium2Compile 'com.nordstrom.tools:testng-foundation:1.13.6'
selenium2Compile 'com.nordstrom.tools:guava-agent:30.1'
selenium2Compile('com.google.guava:guava:30.1-android') { force = true }
selenium2Compile 'commons-io:commons-io:2.4'
selenium2Compile('org.seleniumhq.selenium:selenium-server:2.53.1') {
exclude group: 'org.seleniumhq.selenium', module: 'selenium-java'
}
selenium2Compile 'org.seleniumhq.selenium:selenium-support:2.53.1'
selenium2Compile 'net.sourceforge.htmlunit:htmlunit:2.21'
selenium2Compile('org.bouncycastle:bcpkix-jdk15on:1.68') { force = true }
selenium2Compile('org.bouncycastle:bcprov-jdk15on:1.68') { force = true }
selenium2Compile('org.apache.httpcomponents:httpmime:4.5.13') { force = true }
selenium2Compile('org.apache.httpcomponents:httpclient:4.5.13') { force = true }
selenium2Compile('org.eclipse.jetty.websocket:websocket-client:9.4.41.v20210516') { force = true }
testCompile 'org.seleniumhq.selenium:htmlunit-driver:2.21'
testCompile 'org.mockito:mockito-core:2.25.0'
}
1 change: 1 addition & 0 deletions selenium3Deps.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,6 @@ dependencies {
exclude group: 'net.sourceforge.htmlunit', module: 'htmlunit'
}
selenium3Compile 'org.seleniumhq.selenium:htmlunit-driver:2.50.0'
selenium3Compile(platform('com.squareup.okhttp3:okhttp-bom:4.9.1'))
testCompile 'org.mockito:mockito-core:3.1.0'
}
3 changes: 2 additions & 1 deletion src/main/java-s3/com/nordstrom/automation/selenium/SeleniumConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,8 @@ public class SeleniumConfig extends AbstractSeleniumConfig {
"javax.servlet.Servlet",
"okhttp3.ConnectionPool",
"okio.BufferedSource",
"ch.qos.logback.classic.spi.ThrowableProxy"
"ch.qos.logback.classic.spi.ThrowableProxy",
"kotlin.jvm.internal.Intrinsics"
};

static {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/nordstrom/automation/selenium/listeners/PlatformInterceptor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ public List<IMethodInstance> intercept(List<IMethodInstance> methods, ITestConte

// iterate over method list
for (IMethodInstance thisMethod : methods) {
PlatformEnum platformConstant = resolveTargetPlatform(thisMethod);
PlatformEnum platformConstant = (PlatformEnum) resolveTargetPlatform(thisMethod);

// if this method supports the current target platform
if (TargetPlatformHandler.shouldRun(contextPlatform, platformConstant)) {
Expand Down

0 comments on commit 7ffa57d

Please sign in to comment.