fixed UTF-8 BOM bug

2026-03-24 18:11:47 +01:00 · 2017-02-17 17:18:10 -05:00
parent df1ee5e8c6
commit d9dcc8cc2d
3 changed files with 281 additions and 5 deletions
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/pom/PomParser.java
@@ -26,6 +26,8 @@ import java.io.InputStreamReader;
 import java.io.Reader;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import org.apache.commons.io.ByteOrderMark;
 import org.apache.commons.io.input.BOMInputStream;
 import org.owasp.dependencycheck.utils.XmlUtils;
 import org.slf4j.Logger;
@@ -88,14 +90,15 @@ public class PomParser {
            final SAXParser saxParser = XmlUtils.buildSecureSaxParser();
            final XMLReader xmlReader = saxParser.getXMLReader();
            xmlReader.setContentHandler(handler);
-            final Reader reader = new InputStreamReader(inputStream, "UTF-8");
+            BOMInputStream bomStream = new BOMInputStream(inputStream);
            ByteOrderMark bom = bomStream.getBOM();
            String defaultEncoding = "UTF-8";
            String charsetName = bom == null ? defaultEncoding : bom.getCharsetName();
            final Reader reader = new InputStreamReader(bomStream, charsetName);
            final InputSource in = new InputSource(reader);
            xmlReader.parse(in);
            return handler.getModel();
-        } catch (ParserConfigurationException ex) {
+        } catch (ParserConfigurationException | SAXException ex) {
            LOGGER.debug("", ex);
            throw new PomParseException(ex);
        } catch (SAXException ex) {
            LOGGER.debug("", ex);
            throw new PomParseException(ex);
        } catch (FileNotFoundException ex) {
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/xml/pom/PomUtilsTest.java
@@ -38,6 +38,11 @@ public class PomUtilsTest extends BaseTest {
        String expResult = "Direct Web Remoting";
        Model result = PomUtils.readPom(file);
        assertEquals(expResult, result.getName());
        file = BaseTest.getResourceAsFile(this, "jmockit-1.26.pom");
        expResult = "Main";
        result = PomUtils.readPom(file);
        assertEquals(expResult, result.getName());
    }
 }
--- a/dependency-check-core/src/test/resources/jmockit-1.26.pom
+++ b/dependency-check-core/src/test/resources/jmockit-1.26.pom
@@ -0,0 +1,268 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project
   xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.jmockit</groupId><artifactId>jmockit</artifactId><version>1.26</version>
   <packaging>jar</packaging>
   <name>Main</name>
   <description>
      JMockit is a Java toolkit for automated developer testing.
      It contains mocking and faking APIs and a code coverage tool, supporting both JUnit and TestNG.
      The mocking API allows all kinds of Java code, without testability restrictions, to be tested
      in isolation from selected dependencies.
   </description>
   <url>http://www.jmockit.org</url>
   <licenses>
      <license>
         <name>The MIT License</name>
         <url>http://www.opensource.org/licenses/mit-license.php</url>
      </license>
   </licenses>
   <developers>
      <developer><name>Rogério Liesenfeld</name></developer>
   </developers>
   <inceptionYear>2006</inceptionYear>
   <scm>
      <url>https://github.com/jmockit/jmockit1</url>
      <connection>scm:git:https://github.com/jmockit/jmockit1</connection>
   </scm>
   <issueManagement>
      <system>GitHub Issues</system>
      <url>https://github.com/jmockit/jmockit1/issues</url>
   </issueManagement>
   <mailingLists>
      <mailingList>
         <name>JMockit Users</name>
         <archive>http://groups.google.com/group/jmockit-users</archive>
         <post>jmockit-users@googlegroups.com</post>
      </mailingList>
   </mailingLists>
   <properties>
      <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
   <build>
      <sourceDirectory>src</sourceDirectory>
      <testSourceDirectory>test</testSourceDirectory>
      <resources>
         <resource>
            <directory>.</directory>
            <includes>
               <include>META-INF/services/org.junit.platform.engine.TestEngine</include>
               <include>META-INF/services/org.testng.ITestNGListener</include>
            </includes>
         </resource>
         <resource>
            <directory>src</directory>
            <includes>
               <include>**/*.css</include>
               <include>**/*.js</include>
               <include>**/*.png</include>
            </includes>
         </resource>
         <resource>
            <directory>..</directory>
            <includes>
               <include>LICENSE.txt</include>
               <include>NOTICE.txt</include>
            </includes>
         </resource>
      </resources>
      <testResources>
         <testResource>
            <directory>test</directory>
            <includes><include>**/*.zip</include></includes>
         </testResource>
      </testResources>
      <plugins>
         <plugin>
            <artifactId>maven-enforcer-plugin</artifactId><version>1.4.1</version>
            <executions>
               <execution>
                  <goals><goal>enforce</goal></goals>
                  <configuration>
                     <rules>
                        <requireJavaVersion><version>1.8</version></requireJavaVersion>
                        <requireMavenVersion><version>3.3.1</version></requireMavenVersion>
                        <dependencyConvergence/>
                     </rules>
                  </configuration>
               </execution>
            </executions>
         </plugin>
         <plugin>
            <artifactId>maven-compiler-plugin</artifactId><version>3.5.1</version>
            <configuration>
               <encoding>UTF-8</encoding>
               <source>1.6</source><target>1.6</target>
               <compilerArgs><arg>-Xlint:none</arg></compilerArgs>
               <useIncrementalCompilation>false</useIncrementalCompilation>
            </configuration>
         </plugin>
         <plugin>
            <artifactId>maven-jar-plugin</artifactId><version>2.6</version>
            <configuration>
               <archive>
                  <addMavenDescriptor>false</addMavenDescriptor>
                  <manifestEntries>
                     <Main-Class>mockit.coverage.CodeCoverage</Main-Class>
                     <Premain-Class>mockit.internal.startup.Startup</Premain-Class>
                     <Agent-Class>mockit.internal.startup.Startup</Agent-Class>
                     <Can-Redefine-Classes>true</Can-Redefine-Classes>
                     <Can-Retransform-Classes>true</Can-Retransform-Classes>
                     <Implementation-Version>${project.version}</Implementation-Version>
                     <Built-By/>
                  </manifestEntries>
               </archive>
            </configuration>
         </plugin>
         <plugin>
            <artifactId>maven-source-plugin</artifactId><version>3.0.0</version>
            <configuration>
               <excludes>
                  <exclude>*</exclude>
                  <exclude>**/*.css</exclude>
                  <exclude>**/*.js</exclude>
               </excludes>
            </configuration>
            <executions>
               <execution>
                  <id>attach-sources</id>
                  <goals><goal>jar-no-fork</goal></goals>
               </execution>
            </executions>
         </plugin>
         <plugin>
            <artifactId>maven-javadoc-plugin</artifactId><version>2.10.3</version>
            <configuration>
               <encoding>UTF-8</encoding>
               <nodeprecated>true</nodeprecated>
               <noindex>true</noindex>
               <notree>true</notree>
               <nohelp>true</nohelp>
               <breakiterator>true</breakiterator>
               <use>false</use>
               <source>1.7</source>
               <windowtitle>JMockit Toolkit API</windowtitle>
               <doctitle>JMockit Toolkit API Documentation</doctitle>
               <stylesheetfile>${project.basedir}/../../jmockit.github.io/api1x/stylesheet.css</stylesheetfile>
               <overview>${project.basedir}/../../jmockit.github.io/api1x/overview.html</overview>
               <header><![CDATA[<a href="http://jmockit.org" target="_top"><img src="resources/logo.png">JMockit Home</a>]]></header>
               <footer><![CDATA[<a href="http://jmockit.org" target="_top"><img src="resources/logo.png">JMockit Home</a>]]></footer>
               <notimestamp>true</notimestamp>
               <quiet>true</quiet>
               <sourcepath>${basedir}/src</sourcepath>
               <subpackages>none</subpackages>
               <additionalparam>-Xdoclint:none mockit mockit.integration.junit4</additionalparam>
            </configuration>
            <executions>
               <execution>
                  <id>attach-javadocs</id>
                  <goals><goal>jar</goal></goals>
               </execution>
            </executions>
         </plugin>
         <plugin>
            <artifactId>maven-surefire-plugin</artifactId><version>2.19.1</version>
            <configuration>
               <skipTests>true</skipTests>
               <disableXmlReport>true</disableXmlReport>
               <runOrder>alphabetical</runOrder>
            </configuration>
            <executions>
               <execution>
                  <id>JUnit-tests</id>
                  <phase>test</phase>
                  <goals><goal>test</goal></goals>
                  <configuration>
                     <skipTests>${skipTests}</skipTests>
                     <testNGArtifactName>none:none</testNGArtifactName>
                     <excludes>
                        <exclude>**/*$*</exclude>
                        <exclude>**/Base*Test.class</exclude>
                        <exclude>**/JUnit4DecoratorTest.class</exclude>
                        <exclude>**/testng/*Test.class</exclude>
                        <exclude>**/MockStateBetweenTestMethodsNGTest.class</exclude>
                        <exclude>**/mockit/integration/TestedClass.class</exclude>
                     </excludes>
                  </configuration>
               </execution>
               <execution>
                  <id>TestNG-tests</id>
                  <phase>test</phase>
                  <goals><goal>test</goal></goals>
                  <configuration>
                     <skipTests>${skipTests}</skipTests>
                     <junitArtifactName>none:none</junitArtifactName>
                     <includes>
                        <include>**/testng/*Test.class</include>
                        <include>**/MockStateBetweenTestMethodsNGTest.class</include>
                     </includes>
                     <excludes>
                        <exclude>**/TestNGViolatedExpectationsTest.class</exclude>
                     </excludes>
                  </configuration>
               </execution>
            </executions>
         </plugin>
         <plugin>
            <artifactId>maven-gpg-plugin</artifactId><version>1.6</version>
            <executions>
               <execution>
                  <id>sign-artifacts</id>
                  <phase>deploy</phase>
                  <goals><goal>sign</goal></goals>
               </execution>
            </executions>
         </plugin>
         <plugin>
            <groupId>org.sonatype.plugins</groupId><artifactId>nexus-staging-maven-plugin</artifactId>
            <version>1.6.7</version>
            <extensions>true</extensions>
            <configuration>
               <serverId>sonatype-nexus-staging</serverId>
               <nexusUrl>https://oss.sonatype.org/</nexusUrl>
               <autoReleaseAfterClose>true</autoReleaseAfterClose>
            </configuration>
         </plugin>
      </plugins>
   </build>
   <dependencies>
      <dependency>
         <groupId>com.google.code.findbugs</groupId><artifactId>jsr305</artifactId><version>3.0.0</version>
         <optional>true</optional>
      </dependency>
      <dependency>
         <groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version>
         <optional>true</optional>
      </dependency>
      <dependency>
         <groupId>org.junit.jupiter</groupId><artifactId>junit-jupiter-engine</artifactId><version>5.0.0-M1</version>
         <optional>true</optional>
      </dependency>
      <dependency>
         <groupId>org.testng</groupId><artifactId>testng</artifactId><version>6.9.10</version>
         <optional>true</optional>
         <exclusions>
            <exclusion><groupId>com.google.inject</groupId><artifactId>guice</artifactId></exclusion>
            <exclusion><groupId>org.beanshell</groupId><artifactId>bsh</artifactId></exclusion>
         </exclusions>
      </dependency>
      <dependency>
         <groupId>javax</groupId><artifactId>javaee-api</artifactId><version>7.0</version>
         <optional>true</optional>
         <exclusions>
            <exclusion><groupId>com.sun.mail</groupId><artifactId>javax.mail</artifactId></exclusion>
         </exclusions>
      </dependency>
      <dependency>
         <groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>4.2.0.RELEASE</version>
         <optional>true</optional>
      </dependency>
   </dependencies>
 </project>