diff --git a/empiricism/pom.xml b/empiricism/pom.xml index fe43e2ff..bd8006e1 100644 --- a/empiricism/pom.xml +++ b/empiricism/pom.xml @@ -1,7 +1,7 @@ 4.0.0 com.googlecode.owasp-java-html-sanitizer - html-types + empiricism 20240325.2-SNAPSHOT jar diff --git a/html-types/pom.xml b/html-types/pom.xml deleted file mode 100644 index 5896e432..00000000 --- a/html-types/pom.xml +++ /dev/null @@ -1,87 +0,0 @@ - - 4.0.0 - com.googlecode.owasp-java-html-sanitizer - html-types - 20240325.2-SNAPSHOT - bundle - - .. - com.googlecode.owasp-java-html-sanitizer - parent - 20240325.2-SNAPSHOT - - - OWASP Java HTML Sanitizer Safe HTML Compatibility - - Wraps the sanitizer to produces safe HTML - (github.com/google/safe-html-types) in a way that is compatible - with Fences (github.com/mikesamuel/fences-maven-enforcer-rule). - - - - - - org.apache.felix - maven-bundle-plugin - - - org.apache.maven.plugins - maven-verifier-plugin - - src/test/resources/osgi-integration-verification.xml - - - - main - verify - - verify - - - - - - - - - - com.googlecode.owasp-java-html-sanitizer - owasp-java-html-sanitizer - ${project.version} - - - com.google.common.html.types - types - 1.0.4 - - - com.google.code.findbugs - jsr305 - provided - - - com.google.code.findbugs - annotations - provided - - - junit - junit - test - - - - - - - com.github.spotbugs - spotbugs-maven-plugin - 3.1.12.2 - - Max - Low - - - - - diff --git a/html-types/src/main/java/org/owasp/html/htmltypes/SafeHtmlMint.java b/html-types/src/main/java/org/owasp/html/htmltypes/SafeHtmlMint.java deleted file mode 100644 index cfba285c..00000000 --- a/html-types/src/main/java/org/owasp/html/htmltypes/SafeHtmlMint.java +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright (c) 2016, Mike Samuel -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// Neither the name of the OWASP nor the names of its contributors may -// be used to endorse or promote products derived from this software -// without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. - -package org.owasp.html.htmltypes; - -import javax.annotation.Nullable; - -import com.google.common.html.types.SafeHtml; -import com.google.common.html.types.UncheckedConversions; - -import org.owasp.html.HtmlChangeListener; -import org.owasp.html.PolicyFactory; - -/** - * Sanitizes a chunk of HTML producing a SafeHtml instance instead of - * appending chars to an output buffer. - * - *

Caveats

- *

- * This class is safe when the policy factories passed to it are safe. - * Fences - * can be used to control access to {@link SafeHtmlMint#fromPolicyFactory} - * as needed, and the plausible deniability - * standard can be extended to writing policies that white-list known-unsafe - * content. - */ -public final class SafeHtmlMint { - /** - * Sanitizes a chunk of HTML producing a SafeHtml instance instead of - * appending chars to an output buffer. - */ - public static SafeHtmlMint fromPolicyFactory(PolicyFactory f) { - return new SafeHtmlMint(f); - } - - private final PolicyFactory f; - - private SafeHtmlMint(PolicyFactory f) { - if (f == null) { throw new NullPointerException(); } - this.f = f; - } - - /** A convenience function that sanitizes a string of HTML. */ - public SafeHtml sanitize(@Nullable String html) { - return sanitize(html, null, null); - } - - /** - * A convenience function that sanitizes a string of HTML and reports - * the names of rejected element and attributes to listener. - * @param html the string of HTML to sanitize. - * @param listener if non-null, receives notifications of tags and attributes - * that were rejected by the policy. This may tie into intrusion - * detection systems. - * @param context if {@code (listener != null)} then the context value passed - * with notifications. This can be used to let the listener know from - * which connection or request the questionable HTML was received. - * @return a string of safe HTML assuming the input policy factory produces - * safe HTML. - */ - public SafeHtml sanitize( - @Nullable String html, - @Nullable HtmlChangeListener listener, @Nullable CTX context) { - if (html == null) { return SafeHtml.EMPTY; } - return UncheckedConversions.safeHtmlFromStringKnownToSatisfyTypeContract( - f.sanitize(html, listener, context)); - } -} diff --git a/html-types/src/main/java/org/owasp/html/htmltypes/package-info.java b/html-types/src/main/java/org/owasp/html/htmltypes/package-info.java deleted file mode 100644 index 452e79c4..00000000 --- a/html-types/src/main/java/org/owasp/html/htmltypes/package-info.java +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright (c) 2016, Mike Samuel -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// Neither the name of the OWASP nor the names of its contributors may -// be used to endorse or promote products derived from this software -// without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. - -/** - * Wraps HTML policy builders to produce - * Safe HTML. - *

- * @see usage - * @author Mike Samuel (mikesamuel@gmail.com) - */ -@javax.annotation.ParametersAreNonnullByDefault -package org.owasp.html.htmltypes; diff --git a/html-types/src/main/resources/META-INF/fences.xml b/html-types/src/main/resources/META-INF/fences.xml deleted file mode 100644 index 6f420193..00000000 --- a/html-types/src/main/resources/META-INF/fences.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - com.google.common.html.types.UncheckedConversions - - safeHtmlFromStringKnownToSatisfyTypeContract - org.owasp.html.htmltypes.SafeHtmlMint - - - diff --git a/html-types/src/test/java/org/owasp/html/htmltypes/SafeHtmlMintTest.java b/html-types/src/test/java/org/owasp/html/htmltypes/SafeHtmlMintTest.java deleted file mode 100644 index 151d2d15..00000000 --- a/html-types/src/test/java/org/owasp/html/htmltypes/SafeHtmlMintTest.java +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright (c) 2016, Mike Samuel -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// Neither the name of the OWASP nor the names of its contributors may -// be used to endorse or promote products derived from this software -// without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. - -package org.owasp.html.htmltypes; - -import org.junit.Test; - -import junit.framework.TestCase; - -import com.google.common.html.types.SafeHtml; -import org.owasp.html.HtmlPolicyBuilder; -import org.owasp.html.PolicyFactory; - -@SuppressWarnings("javadoc") -public final class SafeHtmlMintTest extends TestCase { - - @Test - public static final void testSafeHtml() { - PolicyFactory f = new HtmlPolicyBuilder() - .allowElements("b") - .toFactory(); - SafeHtmlMint m = SafeHtmlMint.fromPolicyFactory(f); - assertEquals("", m.sanitize("").getSafeHtmlString()); - assertEquals( - "foo", - m.sanitize("foo").getSafeHtmlString()); - assertEquals("I <3 HTML", m.sanitize("I <3 HTML").getSafeHtmlString()); - } - -} diff --git a/html-types/src/test/resources/osgi-integration-verification.xml b/html-types/src/test/resources/osgi-integration-verification.xml deleted file mode 100644 index ca529ae2..00000000 --- a/html-types/src/test/resources/osgi-integration-verification.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - target/classes/META-INF/MANIFEST.MF - Export-Package: org.owasp.html.htmltypes - - - \ No newline at end of file