Merge branch 'master' into sq-10

spotbugs · Feb 28, 2024 · 5368042 · 5368042
2 parents f4df736 + dc0ac9a
commit 5368042
Show file tree

Hide file tree

Showing 13 changed files with 350 additions and 86 deletions.
diff --git a/.github/actions/sonar-update-center/.github/workflows/build.yml b/.github/actions/sonar-update-center/.github/workflows/build.yml
@@ -11,13 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Read .nvmrc
-        run: echo ::set-output name=NVMRC::$(cat .nvmrc)
-        id: nvm
       - name: Setup node
         uses: actions/setup-node@v4
         with:
-          node-version: '${{ steps.nvm.outputs.NVMRC }}'
+          node-version-file: '.nvmrc'
           cache: npm
       - run: |
           npm ci

diff --git a/.github/actions/sonar-update-center/.github/workflows/integrationTest.yml b/.github/actions/sonar-update-center/.github/workflows/integrationTest.yml
@@ -13,13 +13,10 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.workflow_run.head_sha }}
-      - name: Read .nvmrc
-        run: echo ::set-output name=NVMRC::$(cat .nvmrc)
-        id: nvm
       - name: Setup node
         uses: actions/setup-node@v4
         with:
-          node-version: '${{ steps.nvm.outputs.NVMRC }}'
+          node-version-file: '.nvmrc'
           cache: npm
       - run: |
           npm ci

diff --git a/.github/actions/sonar-update-center/package-lock.json b/.github/actions/sonar-update-center/package-lock.json
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -126,7 +126,7 @@ jobs:
         uses: ./.github/actions/sonar-update-center
         with:
           prop-file: findbugs.properties
-          description: Use SpotBugs 4.8.3, sb-contrib 7.6.4, and findsecbugs 1.12.0
+          description: Use SpotBugs 4.8.3, sb-contrib 7.6.4, and findsecbugs 1.13.0
           minimal-supported-sq-version: 9.9
           latest-supported-sq-version: LATEST
           changelog-url: https://github.com/spotbugs/sonar-findbugs/releases/tag/${{ github.event.release.tag_name }}

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # SonarQube Spotbugs Plugin
 [![.github/workflows/build.yml](https://github.com/spotbugs/sonar-findbugs/actions/workflows/build.yml/badge.svg)](https://github.com/spotbugs/sonar-findbugs/actions/workflows/build.yml)
-![FindBugs Rules](https://img.shields.io/badge/SpotBugs_rules-929-brightgreen.svg?maxAge=2592000)
+![FindBugs Rules](https://img.shields.io/badge/SpotBugs_rules-933-brightgreen.svg?maxAge=2592000)
 [![Coverage Status](https://sonarcloud.io/api/project_badges/measure?project=com.github.spotbugs%3Asonar-findbugs-plugin&metric=coverage)](https://sonarcloud.io/component_measures?id=com.github.spotbugs:sonar-findbugs-plugin&metric=coverage)
 
 ## Description / Features
@@ -72,4 +72,5 @@ Findbugs Plugin version|Embedded SpotBugs/Findbugs version|Embedded Findsecbugs
 4.2.5                  | 4.8.1 (SpotBugs)                 | 1.12.0                     | 7.6.0 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
 4.2.6                  | 4.8.2 (SpotBugs)                 | 1.12.0                     | 7.6.2 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
 4.2.7                  | 4.8.3 (SpotBugs)                 | 1.12.0                     | 7.6.4 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
-4.2.8-SNAPSHOT         | 4.8.3 (SpotBugs)                 | 1.12.0                     | 7.6.4 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
+4.2.8                  | 4.8.3 (SpotBugs)                 | 1.13.0                     | 7.6.4 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
+4.2.9-SNAPSHOT         | 4.8.3 (SpotBugs)                 | 1.13.0                     | 7.6.4 (sb-contrib)        | 1.8|7.9~|5.10.1.16922
diff --git a/generate_profiles/BuildXmlFiles.groovy b/generate_profiles/BuildXmlFiles.groovy
@@ -10,13 +10,13 @@ import groovy.json.JsonSlurper;
 
     @Grab(group='com.github.spotbugs', module='spotbugs', version='4.8.3'),
     @Grab(group='com.mebigfatguy.sb-contrib', module='sb-contrib', version='7.6.4'),
-    @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.12.0')]
+    @Grab(group='com.h3xstream.findsecbugs' , module='findsecbugs-plugin', version='1.13.0')]
 )
 
 
 FB = new Plugin(groupId: 'com.github.spotbugs', artifactId: 'spotbugs', version: '4.8.3')
 CONTRIB = new Plugin(groupId: 'com.mebigfatguy.sb-contrib', artifactId: 'sb-contrib', version: '7.6.4')
-FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.12.0')
+FSB = new Plugin(groupId: 'com.h3xstream.findsecbugs', artifactId: 'findsecbugs-plugin', version: '1.13.0')
 
 def destDir() {
     Paths.get("..", "src/main/resources/org/sonar/plugins/findbugs").toAbsolutePath().normalize().toFile()

diff --git a/generate_profiles/FsbClassifier.groovy b/generate_profiles/FsbClassifier.groovy
@@ -127,6 +127,8 @@ class FsbClassifier {
           "XXE_XPATH",
           "XXE_XSLT_TRANSFORM_FACTORY",
           "XXE_DTD_TRANSFORM_FACTORY",
+          "XXE_SCHEMA_FACTORY",
+          "XXE_VALIDATOR",
           "SQL_INJECTION_HIBERNATE",
           "SQL_INJECTION_JDO",
           "SQL_INJECTION_JPA",
@@ -167,6 +169,7 @@ class FsbClassifier {
           "IMPROPER_UNICODE",
           "SAML_IGNORE_COMMENTS",
           "DANGEROUS_PERMISSION_COMBINATION",
+          "POTENTIAL_XML_INJECTION",
   ]
 
   static majorJspBugs = ["XSS_REQUEST_PARAMETER_TO_JSP_WRITER",