!1 package init

Merge pull request !1 from 汤静/master
2020-03-10 18:20:36 +08:00 · 2020-03-10 18:20:36 +08:00 · 75be43452a
commit 75be43452a
parent 300eea01b1 f4daef5e0b
6 changed files with 184 additions and 73 deletions
--- a/0001-Do-not-load-external-DTDs-by-default.patch
+++ b/0001-Do-not-load-external-DTDs-by-default.patch
@ -0,0 +1,71 @@
+From a9160d06bf5b8c9c11666ab408ea8a09afa108a9 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Tue, 2 Apr 2019 15:10:53 +0200
+Subject: [PATCH] Do not load external DTDs by default
+
+---
+ .../tools/checkstyle/api/AbstractLoader.java  | 43 ++++++++++++++++++-
+ 1 file changed, 41 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/java/com/puppycrawl/tools/checkstyle/api/AbstractLoader.java b/src/main/java/com/puppycrawl/tools/checkstyle/api/AbstractLoader.java
+index a414492f3..76c72b767 100644
+--- a/src/main/java/com/puppycrawl/tools/checkstyle/api/AbstractLoader.java
+++ b/src/main/java/com/puppycrawl/tools/checkstyle/api/AbstractLoader.java
+@@ -83,8 +83,7 @@ public abstract class AbstractLoader
+             throws SAXException, ParserConfigurationException {
+         this.publicIdToResourceNameMap = new HashMap<>(publicIdToResourceNameMap);
+         final SAXParserFactory factory = SAXParserFactory.newInstance();
+-        factory.setFeature(LOAD_EXTERNAL_DTD, true);
+-        factory.setFeature(EXTERNAL_GENERAL_ENTITIES, true);
+        LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory);
+         factory.setValidating(true);
+         factory.setNamespaceAware(true);
+         parser = factory.newSAXParser().getXMLReader();
+@@ -133,4 +132,44 @@ public abstract class AbstractLoader
+     public void fatalError(SAXParseException exception) throws SAXException {
+         throw exception;
+     }
+
+    /**
+     * Used for setting specific for secure java installations features to SAXParserFactory.
+     * Pulled out as a separate class in order to suppress Pitest mutations.
+     */
+    public static final class LoadExternalDtdFeatureProvider {
+
+        /** System property name to enable external DTD load. */
+        public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad";
+
+        /** Feature that enables loading external DTD when loading XML files. */
+        private static final String LOAD_EXTERNAL_DTD =
+                "http://apache.org/xml/features/nonvalidating/load-external-dtd";
+        /** Feature that enables including external general entities in XML files. */
+        private static final String EXTERNAL_GENERAL_ENTITIES =
+                "http://xml.org/sax/features/external-general-entities";
+
+        /** Stop instances being created. **/
+        private LoadExternalDtdFeatureProvider() {
+        }
+
+        /**
+         * Configures SAXParserFactory with features required
+         * to use external DTD file loading, this is not activated by default to no allow
+         * usage of schema files that checkstyle do not know
+         * it is even security problem to allow files from outside.
+         * @param factory factory to be configured with special features
+         * @throws SAXException if an error occurs
+         * @throws ParserConfigurationException if an error occurs
+         */
+        public static void setFeaturesBySystemProperty(SAXParserFactory factory)
+                throws SAXException, ParserConfigurationException {
+
+            final boolean enableExternalDtdLoad = Boolean.valueOf(
+                System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false"));
+
+            factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad);
+            factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad);
+        }
+    }
+ }
+-- 
+2.20.1
+
--- a/README.en.md
+++ b/README.en.md
@ -1,36 +0,0 @@
-# checkstyle
-
-#### Description
-A tool for checking Java source for adherence to a set of rules.
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Instructions
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Contribution
-
-1.  Fork the repository
-2.  Create Feat_xxx branch
-3.  Commit your code
-4.  Create Pull Request
-
-
-#### Gitee Feature
-
-1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4.  The most valuable open source project [GVP](https://gitee.com/gvp)
-5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
--- a/README.md
+++ b/README.md
@ -1,37 +0,0 @@
-# checkstyle
-
-#### 介绍
-A tool for checking Java source for adherence to a set of rules.
-
-#### 软件架构
-软件架构说明
-
-
-#### 安装教程
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 使用说明
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 参与贡献
-
-1.  Fork 本仓库
-2.  新建 Feat_xxx 分支
-3.  提交代码
-4.  新建 Pull Request
-
-
-#### 码云特技
-
-1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
-2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
-5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
--- a/checkstyle-8.0-src.tar.gz
+++ b/checkstyle-8.0-src.tar.gz
--- a/checkstyle.catalog
+++ b/checkstyle.catalog
@ -0,0 +1,17 @@
+-- Checkstyle DTD catalog --
+-- JPackage Project <http://www.jpackage.org/> --
+
+PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.2//EN"
+       configuration_1_2.dtd
+
+PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.1//EN"
+       configuration_1_1.dtd
+
+PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.0//EN
+       configuration_1_0.dtd
+
+PUBLIC "-//Puppy Crawl//DTD Package Names 1.0//EN"
+       packages_1_0.dtd
+
+PUBLIC "-//Puppy Crawl//DTD Suppressions 1.0//EN"
+       suppressions_1_0.dtd
--- a/checkstyle.spec
+++ b/checkstyle.spec
@ -0,0 +1,96 @@
+Name:           checkstyle
+Version:        8.0
+Release:        4.2
+Summary:        Java source code inspection tool
+URL:            http://checkstyle.sourceforge.net/
+License:        LGPLv2+ and GPLv2+ and BSD
+BuildArch:      noarch
+
+Source0:        http://download.sf.net/checkstyle/checkstyle-%{version}-src.tar.gz
+Source1:        %{name}.catalog
+
+#This patch fixed CVE-2019-9658: Checkstyle loads external DTDs by default
+Patch0000:      0001-Do-not-load-external-DTDs-by-default.patch
+
+BuildRequires:  maven-local mvn(antlr:antlr) mvn(com.google.guava:guava) mvn(commons-beanutils:commons-beanutils)
+BuildRequires:  mvn(commons-cli:commons-cli) mvn(com.sun:tools) mvn(org.antlr:antlr4-maven-plugin)
+BuildRequires:  mvn(org.antlr:antlr4-runtime) mvn(org.apache.ant:ant) mvn(org.apache.ant:ant-nodeps)
+BuildRequires:  mvn(org.apache.maven.plugins:maven-antrun-plugin) mvn(org.apache.maven.plugins:maven-failsafe-plugin)
+BuildRequires:  mvn(org.codehaus.mojo:antlr-maven-plugin) mvn(org.codehaus.mojo:build-helper-maven-plugin)
+
+Obsoletes:      %{name}-optional < %{version}-%{release} %{name}-demo < %{version}-%{release}
+Obsoletes:      %{name}-manual < %{version}-%{release}
+
+%description
+A tool to help Java developers comply with certain coding standards
+
+%package        help
+Summary:        Help documents for checkstyle
+Provides:       %{name}-javadoc = %{version}-%{release}
+Obsoletes:      %{name}-javadoc < %{version}-%{release}
+
+%description    help
+Help documents for checkstyle
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+%pom_remove_parent
+
+sed -i s/guava-jdk5/guava/ pom.xml
+
+for file in maven-eclipse-plugin maven-site-plugin nexus-staging-maven-plugin maven-enforcer-plugin cobertura-maven-plugin maven-linkcheck-plugin maven-pmd-plugin findbugs-maven-plugin xml-maven-plugin forbiddenapis spotbugs-maven-plugin;do
+%pom_remove_plugin :$file
+done
+
+%pom_remove_dep com.sun:tools
+%pom_add_dep com.sun:tools
+
+sed -i '/testLoadFromURL/s/ *.*/    @org.junit.Ignore&/' src/test/java/com/puppycrawl/tools/checkstyle/filters/SuppressionsLoaderTest.java
+
+sed -i '/testUnexpectedChar/s/./@org.junit.Ignore/' src/test/java/com/puppycrawl/tools/checkstyle/grammars/GeneratedJava14LexerTest.java
+
+%build
+%mvn_file : %{name}
+%mvn_build -f
+
+%install
+%mvn_install
+
+%jpackage_script com.puppycrawl.tools.checkstyle.Main "" "" checkstyle:antlr:apache-commons-beanutils:apache-commons-cli:apache-commons-logging:apache-commons-collections:guava checkstyle true
+
+install -Dm 644 %{SOURCE1} %{buildroot}%{_datadir}/xml/%{name}/catalog
+cp -pa src/main/resources/com/puppycrawl/tools/checkstyle/*.dtd \
+  %{buildroot}%{_datadir}/xml/%{name}
+
+install -dm 755  %{buildroot}%{_sysconfdir}/ant.d
+cat > %{buildroot}%{_sysconfdir}/ant.d/%{name} << EOF
+checkstyle antlr apache-commons-beanutils apache-commons-cli apache-commons-logging guava
+EOF
+
+%post
+if [ -x %{_bindir}/install-catalog -a -d %{_sysconfdir}/sgml ]; then
+  %{_bindir}/install-catalog --add \
+    %{_sysconfdir}/sgml/%{name}-%{version}-%{release}.cat \
+    %{_datadir}/xml/%{name}/catalog > /dev/null || :
+fi
+
+%postun
+if [ -x %{_bindir}/install-catalog -a -d %{_sysconfdir}/sgml ]; then
+  %{_bindir}/install-catalog --remove \
+    %{_sysconfdir}/sgml/%{name}-%{version}-%{release}.cat \
+    %{_datadir}/xml/%{name}/catalog > /dev/null || :
+fi
+
+%files -f .mfiles
+%license LICENSE
+%doc README.md
+%{_datadir}/xml/%{name}
+%{_bindir}/%{name}
+%config(noreplace) %{_sysconfdir}/ant.d/%{name}
+
+%files help -f .mfiles-javadoc
+
+%changelog
+* Wed Mar 4 2020 tangjing <tangjing30@huawei.com> - 8.0-4.2
+- Package init