This is an automated email from the ASF dual-hosted git repository. elharo pushed a commit to branch mo in repository https://gitbox.apache.org/repos/asf/maven-doap-plugin.git
commit 78e93a85d6db1b7cb361c81020cf6cafbe3d0ace Author: Elliotte Rusty Harold <[email protected]> AuthorDate: Sat Dec 13 12:07:23 2025 -0500 Remove vulnerable dependency --- pom.xml | 5 -- .../org/apache/maven/plugin/doap/DoapMojo.java | 6 -- .../org/apache/maven/plugin/doap/DoapUtil.java | 81 ++-------------------- 3 files changed, 6 insertions(+), 86 deletions(-) diff --git a/pom.xml b/pom.xml index e4f5559..40265ab 100644 --- a/pom.xml +++ b/pom.xml @@ -140,11 +140,6 @@ under the License. <artifactId>jena-core</artifactId> <version>3.17.0</version> </dependency> - <dependency> - <groupId>commons-httpclient</groupId> - <artifactId>commons-httpclient</artifactId> - <version>3.1</version> - </dependency> <!-- test --> <dependency> diff --git a/src/main/java/org/apache/maven/plugin/doap/DoapMojo.java b/src/main/java/org/apache/maven/plugin/doap/DoapMojo.java index c03f1b0..5ac2b0a 100644 --- a/src/main/java/org/apache/maven/plugin/doap/DoapMojo.java +++ b/src/main/java/org/apache/maven/plugin/doap/DoapMojo.java @@ -1348,12 +1348,6 @@ public class DoapMojo extends AbstractMojo { } String fileRelease = repo.getUrl() + "/" + repo.pathOf(artifactRelease); - try { - DoapUtil.fetchURL(settings, new URL(fileRelease)); - } catch (IOException e) { - getLog().debug("IOException :" + e.getMessage()); - continue; - } DoapUtil.writeElement(writer, doapOptions.getXmlnsPrefix(), "file-release", fileRelease); Date releaseDate = null; diff --git a/src/main/java/org/apache/maven/plugin/doap/DoapUtil.java b/src/main/java/org/apache/maven/plugin/doap/DoapUtil.java index 4a62e86..3d5cebc 100644 --- a/src/main/java/org/apache/maven/plugin/doap/DoapUtil.java +++ b/src/main/java/org/apache/maven/plugin/doap/DoapUtil.java @@ -19,12 +19,10 @@ package org.apache.maven.plugin.doap; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Method; import java.net.MalformedURLException; -import java.net.SocketTimeoutException; import java.net.URL; import java.text.DateFormat; import java.util.ArrayList; @@ -43,25 +41,13 @@ import java.util.WeakHashMap; import java.util.regex.Matcher; import java.util.regex.Pattern; -import org.apache.commons.httpclient.Credentials; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.HttpStatus; -import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager; -import org.apache.commons.httpclient.UsernamePasswordCredentials; -import org.apache.commons.httpclient.auth.AuthScope; -import org.apache.commons.httpclient.methods.GetMethod; -import org.apache.commons.httpclient.params.HttpClientParams; -import org.apache.commons.httpclient.params.HttpMethodParams; import org.apache.jena.rdf.model.Model; import org.apache.jena.rdf.model.ModelFactory; import org.apache.jena.rdf.model.RDFReader; import org.apache.jena.rdf.model.impl.RDFDefaultErrorHandler; import org.apache.maven.model.Contributor; import org.apache.maven.project.MavenProject; -import org.apache.maven.settings.Proxy; import org.apache.maven.settings.Settings; -import org.apache.maven.wagon.proxy.ProxyInfo; -import org.apache.maven.wagon.proxy.ProxyUtils; import org.codehaus.plexus.i18n.I18N; import org.codehaus.plexus.interpolation.EnvarBasedValueSource; import org.codehaus.plexus.interpolation.InterpolationException; @@ -458,77 +444,22 @@ public class DoapUtil { } /** - * Fetch an URL + * Pings a URL. * - * @param settings the user settings used to fetch the url with an active proxy, if defined. + * @param settings ignored * @param url the url to fetch * @throws IOException if any - * @see #DEFAULT_TIMEOUT * @since 1.1 + * @deprecated use a different library to load a URL. */ + @Deprecated + @SuppressWarnings("checkstyle:emptyblock") public static void fetchURL(Settings settings, URL url) throws IOException { if (url == null) { throw new IllegalArgumentException("The url is null"); } - if ("file".equals(url.getProtocol())) { - InputStream in = null; - try { - in = url.openStream(); - in.close(); - in = null; - } finally { - IOUtil.close(in); - } - - return; - } - - // http, https... - HttpClient httpClient = new HttpClient(new MultiThreadedHttpConnectionManager()); - httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(DEFAULT_TIMEOUT); - httpClient.getHttpConnectionManager().getParams().setSoTimeout(DEFAULT_TIMEOUT); - httpClient.getParams().setBooleanParameter(HttpClientParams.ALLOW_CIRCULAR_REDIRECTS, true); - - // Some web servers don't allow the default user-agent sent by httpClient - httpClient - .getParams() - .setParameter(HttpMethodParams.USER_AGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"); - - if (settings != null && settings.getActiveProxy() != null) { - Proxy activeProxy = settings.getActiveProxy(); - - ProxyInfo proxyInfo = new ProxyInfo(); - proxyInfo.setNonProxyHosts(activeProxy.getNonProxyHosts()); - - if (StringUtils.isNotEmpty(activeProxy.getHost()) - && !ProxyUtils.validateNonProxyHosts(proxyInfo, url.getHost())) { - httpClient.getHostConfiguration().setProxy(activeProxy.getHost(), activeProxy.getPort()); - - if (StringUtils.isNotEmpty(activeProxy.getUsername()) && activeProxy.getPassword() != null) { - Credentials credentials = - new UsernamePasswordCredentials(activeProxy.getUsername(), activeProxy.getPassword()); - - httpClient.getState().setProxyCredentials(AuthScope.ANY, credentials); - } - } - } - - GetMethod getMethod = new GetMethod(url.toString()); - try { - int status; - try { - status = httpClient.executeMethod(getMethod); - } catch (SocketTimeoutException e) { - // could be a sporadic failure, one more retry before we give up - status = httpClient.executeMethod(getMethod); - } - - if (status != HttpStatus.SC_OK) { - throw new FileNotFoundException(url.toString()); - } - } finally { - getMethod.releaseConnection(); + try (InputStream in = url.openStream()) { } }
