dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ban log4j all together and update OWASP dep check

Browse Source 
Remove
This commit is contained in:
Nanne Baars 2021-12-20 17:29:25 +01:00 committed by Nanne Baars
parent cb6b1d73d1
commit 7ded0968c1
1 changed files with 38 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
pom.xml
View File

@ -133,6 +133,8 @@
<maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version> <maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
<java.version>17</java.version> <java.version>17</java.version>
<thymeleaf.version>3.0.14.RELEASE</thymeleaf.version> <thymeleaf.version>3.0.14.RELEASE</thymeleaf.version>
<pmd.version>3.15.0</pmd.version>
<checkstyle.version>3.1.2</checkstyle.version>
</properties> </properties>
<modules> <modules>
@ -141,14 +143,15 @@
<module>webgoat-server</module> <module>webgoat-server</module>
<module>webwolf</module> <module>webwolf</module>
<module>webgoat-integration-tests</module> <module>webgoat-integration-tests</module>
<module>docker</module><!-- copy required jars in preparation of docker all-in-one build --> <module>docker</module><!-- copy required jars in preparation of docker all-in-one build -->
</modules> </modules>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId> <artifactId>spring-boot-starter-validation</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.projectlombok</groupId> <groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId> <artifactId>lombok</artifactId>
@ -187,7 +190,7 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId> <artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.2</version> <version>${checkstyle.version}</version>
<configuration> <configuration>
<encoding>UTF-8</encoding> <encoding>UTF-8</encoding>
<consoleOutput>true</consoleOutput> <consoleOutput>true</consoleOutput>
@ -200,10 +203,11 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId> <artifactId>maven-pmd-plugin</artifactId>
<version>3.14.0</version> <version>${pmd.version}</version>
<configuration> <configuration>
<targetJdk>15</targetJdk> <targetJdk>${maven.compiler.target}</targetJdk>
<failurePriority>1</failurePriority><!-- 5 means fail even on the lowest priority, 0 means never fail --> <failurePriority>1
</failurePriority><!-- 5 means fail even on the lowest priority, 0 means never fail -->
<rulesets> <rulesets>
<!--suppress UnresolvedMavenProperty --> <!--suppress UnresolvedMavenProperty -->
<ruleset>${maven.multiModuleProjectDirectory}/config/pmd/pmd-ruleset.xml</ruleset> <ruleset>${maven.multiModuleProjectDirectory}/config/pmd/pmd-ruleset.xml</ruleset>
@ -219,6 +223,30 @@
</execution> </execution>
</executions> </executions>
</plugin> </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>Restrict-bad-log4j-versions</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>org.apache.logging.log4j:log4j-core:(,2.15.0)</exclude>
</excludes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins> </plugins>
</build> </build>
@ -233,7 +261,7 @@
<plugin> <plugin>
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>6.1.3</version> <version>6.5.1</version>
<configuration> <configuration>
<failBuildOnCVSS>7</failBuildOnCVSS> <failBuildOnCVSS>7</failBuildOnCVSS>
<skipProvidedScope>true</skipProvidedScope> <skipProvidedScope>true</skipProvidedScope>