Deprecated whitelist methods

This allows for passivity until we fully remove the whitelist method names Issue gh-37
spring-io · Jun 10, 2020 · 766a539 · 766a539
1 parent 7ee57ff
commit 766a539
Show file tree

Hide file tree

Showing 6 changed files with 120 additions and 2 deletions.
diff --git a/nohttp-checkstyle/src/main/java/io/spring/nohttp/checkstyle/check/NoHttpCheck.java b/nohttp-checkstyle/src/main/java/io/spring/nohttp/checkstyle/check/NoHttpCheck.java
@@ -139,6 +139,26 @@ public void setAllowlist(String allowlist) {
 		this.allowlist = allowlist;
 	}
 
+	/**
+	 * Sets the allow list file name
+	 * @param allowlistFileName
+	 * @deprecated Use {@link #setAllowlistFileName(String)} instead
+	 */
+	@Deprecated
+	public void setWhitelistFileName(String allowlistFileName) {
+		setAllowlistFileName(allowlistFileName);
+	}
+
+	/**
+	 * Sets the allow list to use
+	 * @param allowlist the allowlist to use
+	 * @deprecated use {@link #setAllowlist(String)}
+	 */
+	@Deprecated
+	public void setWhitelist(String allowlist) {
+		setWhitelistFileName(allowlist);
+	}
+
 	private boolean isAllowlistFileSet() {
 		return !this.allowlistFileName.isEmpty();
 	}

diff --git a/nohttp-gradle/src/main/java/io/spring/nohttp/gradle/NoHttpCheckstylePlugin.java b/nohttp-gradle/src/main/java/io/spring/nohttp/gradle/NoHttpCheckstylePlugin.java
@@ -53,6 +53,18 @@
 public class NoHttpCheckstylePlugin implements Plugin<Project> {
 	private static final String NOHTTP_VERSION = determineNohttpVersion();
 
+	/**
+	 * @deprecated Prefer {@link #DEFAULT_ALLOWLIST_FILE_PATH}
+	 */
+	@Deprecated
+	public static final String DEFAULT_WHITELIST_FILE_PATH = "config/nohttp/whitelist.lines";
+
+	/**
+	 * @deprecated Prefer {@link #DEFAULT_ALLOWLIST_FILE_PATH}
+	 */
+	@Deprecated
+	public static final String LEGACY_WHITELIST_FILE_PATH = "etc/nohttp/whitelist.lines";
+
 	public static final String DEFAULT_ALLOWLIST_FILE_PATH = "config/nohttp/allowlist.lines";
 
 	public static final String NOHTTP_EXTENSION_NAME = "nohttp";
@@ -101,6 +113,14 @@ public void execute(Project p) {
 				files.exclude("**/spring.tooling");
 			}
 		}));
+		File legacyWhiteListFile = project.file(LEGACY_WHITELIST_FILE_PATH);
+		if (legacyWhiteListFile.exists()) {
+			this.extension.setAllowlistFile(legacyWhiteListFile);
+		}
+		File defaultWhiteListFile = project.file(DEFAULT_WHITELIST_FILE_PATH);
+		if (defaultWhiteListFile.exists()) {
+			this.extension.setAllowlistFile(defaultWhiteListFile);
+		}
 		File allowlistFile = this.project.file(DEFAULT_ALLOWLIST_FILE_PATH);
 		if (allowlistFile.exists()) {
 			this.extension.setAllowlistFile(allowlistFile);

diff --git a/nohttp-gradle/src/main/java/io/spring/nohttp/gradle/NoHttpExtension.java b/nohttp-gradle/src/main/java/io/spring/nohttp/gradle/NoHttpExtension.java
@@ -31,6 +31,26 @@ public class NoHttpExtension {
 
 	private File allowlistFile;
 
+	/**
+	 *
+	 * @return
+	 * @deprecated use {@link #getAllowlistFile()}
+	 */
+	@Deprecated
+	public File getWhitelistFile() {
+		return getAllowlistFile();
+	}
+
+	/**
+	 *
+	 * @param whitelistFile
+	 * @deprecated use {@link #setAllowlistFile(File)}
+	 */
+	@Deprecated
+	public void setWhitelistFile(File whitelistFile) {
+		setAllowlistFile(whitelistFile);
+	}
+
 	public File getAllowlistFile() {
 		return this.allowlistFile;
 	}

diff --git a/nohttp-gradle/src/test/kotlin/io/spring/nohttp/gradle/NoHttpCheckstylePluginTest.kt b/nohttp-gradle/src/test/kotlin/io/spring/nohttp/gradle/NoHttpCheckstylePluginTest.kt
@@ -251,12 +251,12 @@ class NoHttpCheckstylePluginTest {
 	fun configuredCheckstyleLegacyAllowlist() {
 		val project = projectWithTempDirs()
 				.build()
-		project.file("etc/nohttp/allowlist.lines").touch()
+		project.file("etc/nohttp/whitelist.lines").touch()
 		project.pluginManager.apply(NoHttpCheckstylePlugin::class.java)
 
 		val task: Checkstyle = project.tasks.findByName(NoHttpCheckstylePlugin.CHECKSTYLE_NOHTTP_TASK_NAME)!! as Checkstyle
 
-		assertThat(task.configProperties).containsEntry("nohttp.checkstyle.allowlistFileName", project.relativePath("etc/nohttp/allowlist.lines"))
+		assertThat(task.configProperties).containsEntry("nohttp.checkstyle.allowlistFileName", project.relativePath("etc/nohttp/whitelist.lines"))
 	}
 
     @Test

diff --git a/nohttp/src/main/java/io/spring/nohttp/RegexHttpMatcher.java b/nohttp/src/main/java/io/spring/nohttp/RegexHttpMatcher.java
@@ -130,6 +130,15 @@ public void addHttpAllow(Predicate<String> allow) {
 		this.allow = this.allow.or(allow);
 	}
 
+	/**
+	 *
+	 * @param whitelist
+	 * @deprecated Use {@link #addHttpWhitelist(Predicate)}
+	 */
+	public void addHttpWhitelist(Predicate<String> whitelist) {
+		addHttpAllow(whitelist);
+	}
+
 	private static class NoOpWriter extends Writer {
 		public static final NoOpWriter INSTANCE = new NoOpWriter();
 

diff --git a/nohttp/src/main/java/io/spring/nohttp/RegexPredicate.java b/nohttp/src/main/java/io/spring/nohttp/RegexPredicate.java
@@ -103,6 +103,55 @@ public static Predicate<String> createAllowlistFromPatterns(InputStream resource
 		return new RegexPredicate(patterns);
 	}
 
+	/**
+	 * Creates an instance that uses the default URL allowlist. The allowlist is expected to
+	 * be updated in upcoming releases, but generally contains
+	 *
+	 * <ul>
+	 *     <li>localhost</li>
+	 *     <li>URLs that use a TLD defined in https://tools.ietf.org/html/rfc2606 (i.e. tld of test, .example, invalid, localhost)</li>
+	 *     <li>XML Namespace names (not the locations)</li>
+	 *     <li>Java specific URLs that do not work over http. For example, Java Properties
+	 *     <a href="https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/43ca3768126e/src/share/classes/sun/util/xml/PlatformXmlPropertiesProvider.java#l198">hard codes</a> using http.
+	 *     </li>
+	 * </ul>
+	 * @return the {@link Predicate} that determines what is allowed
+	 * @deprecated Use {@link #createDefaultUrlAllowlist()}
+	 */
+	@Deprecated
+	public static Predicate<String> createDefaultUrlWhitelist() {
+		return createDefaultUrlAllowlist();
+	}
+
+	/**
+	 * Creates a {@link Predicate} from an {@link InputStream}.
+	 * The format of the {@link InputStream} contains regular expressions of what inputs
+	 * should be allowed such that:
+	 *
+	 * <ul>
+	 *     <li>Each line contains a regular expression that should be allowed</li>
+	 *     <li>Lines can begin with // to create a comment within the file</li>
+	 *     <li>Lines are trimmed for whitespace</li>
+	 *     <li>Lines that are empty are ignored</li>
+	 * </ul>
+	 *
+	 * An example file can be found below:
+	 *
+	 * <pre>
+	 * // Ignore Maven XML Namespace id of http://maven.apache.org/POM/4.0.0
+	 * ^http://maven\.apache\.org/POM/4.0.0$
+	 * // Allow Company XML namespace names but not the locations (which end in .xsd)
+	 * ^http://mycompany.test/xml/.*(?<!\.(xsd))$
+	 * </pre>
+	 * @param resource
+	 * @return the {@link Predicate} that determines what is allowed
+	 * @deprecated Use {@link #createAllowlistFromPatterns(InputStream)}
+	 */
+	@Deprecated
+	public static Predicate<String> createWhitelistFromPatterns(InputStream resource) {
+		return createAllowlistFromPatterns(resource);
+	}
+
 	/**
 	 * Reads an input stream and creates {@link Pattern} from the {@link InputStream} using
 	 * logic defined in {@link #createPatternsFromInputStream(InputStream)}