From 3da3c8a06ef4f1a43e738b10f809261dde63d871 Mon Sep 17 00:00:00 2001
From: Koen Aben <koen.aben@carapaxit.nl>
Date: Sat, 4 May 2024 15:41:28 +0200
Subject: [PATCH 1/2] security upgrade: the core project j2html had an insecure
dependency (a very old apache velocity).
also added an GETTING_STARTED.md document, so it is easier getting started with this project.
---
.gitignore | 2 ++
GETTING_STARTED.md | 21 +++++++++++++++++++
j2html-codegen/pom.xml | 4 ++--
j2html-website/pom.xml | 2 --
j2html-website/src/main/java/app/Main.java | 21 ++++++++++++++++---
j2html/pom.xml | 8 ++++++-
.../src/test/java/j2html/PerformanceTest.java | 4 ++--
.../java/j2html/RenderPerformanceTest.java | 2 +-
.../RenderPerformanceComparisonTest.java | 16 +++++++-------
...tJ2html.java => TestOptionsForJ2html.java} | 5 ++++-
...ocity.java => TestOptionsForVelocity.java} | 9 ++++++--
pom.xml | 20 ++++++++++++------
12 files changed, 86 insertions(+), 28 deletions(-)
create mode 100644 GETTING_STARTED.md
rename j2html/src/test/java/j2html/comparison/{TestJ2html.java => TestOptionsForJ2html.java} (87%)
rename j2html/src/test/java/j2html/comparison/{TestVelocity.java => TestOptionsForVelocity.java} (91%)
diff --git a/.gitignore b/.gitignore
index bcc0e4eb..379aafd4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,5 @@ buildNumber.properties
### IntelliJ ###
*.iml
.idea/
+
+target
diff --git a/GETTING_STARTED.md b/GETTING_STARTED.md
new file mode 100644
index 00000000..eb096aa8
--- /dev/null
+++ b/GETTING_STARTED.md
@@ -0,0 +1,21 @@
+# Getting started
+
+### Build all projects:
+- `mvn clean install`
+
+### Core project
+- The core project is situated in the `j2html` directory. When building, source code is generated using the maven plugin from project `j2html-codegen`
+
+### Extra projects
+- `j2html-website` - the project website (using j2html code) that runs via Javalin (https://javalin.io/)
+- `j2html-codegen` - maven plugin for generating Java sources from a configured collection of tags (in a .model file).
+- `j2html-mathml` - a mathml extension
+
+### Hints when using Intellij:
+- Mark directory `j2html/target/generated-sources/j2html-codegen` as Generated Sources Root
+- Mark directory `j2html-ext-mathml/target/generated-sources/j2html-codegen` as Generated Sources Root
+
+### Security check on dependencies
+- Type `mvn org.owasp:dependency-check-maven:6.5.3:aggregate` and wait for the generated security report
+
+
diff --git a/j2html-codegen/pom.xml b/j2html-codegen/pom.xml
index e9ca1495..56553a1f 100644
--- a/j2html-codegen/pom.xml
+++ b/j2html-codegen/pom.xml
@@ -18,14 +18,14 @@
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
- <version>3.8.4</version>
+ <version>3.8.8</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
- <version>3.6.0</version>
+ <version>3.6.4</version>
<scope>provided</scope>
</dependency>
diff --git a/j2html-website/pom.xml b/j2html-website/pom.xml
index c0598da9..64a432f3 100644
--- a/j2html-website/pom.xml
+++ b/j2html-website/pom.xml
@@ -15,13 +15,11 @@
<dependency>
<groupId>io.javalin</groupId>
<artifactId>javalin</artifactId>
- <version>4.0.0.ALPHA2</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
- <version>1.7.26</version>
</dependency>
<dependency>
diff --git a/j2html-website/src/main/java/app/Main.java b/j2html-website/src/main/java/app/Main.java
index 60164f06..66134666 100644
--- a/j2html-website/src/main/java/app/Main.java
+++ b/j2html-website/src/main/java/app/Main.java
@@ -3,12 +3,27 @@
import app.controllers.PageController;
import io.javalin.Javalin;
import io.javalin.http.staticfiles.Location;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
public class Main {
+ private static final Logger LOG = LoggerFactory.getLogger(Main.class);
+
+ public static void main(String[] args) {
+ String path = "./src/main/resources/public";
+ File file = new File(path);
+
+ try {
+ LOG.info("static files served from location: {}, ready {} ", file.getCanonicalFile(), file.exists());
+ } catch (IOException ex) {
+ throw new IllegalStateException(ex);
+ }
- public static void main(String[] args) {
- Javalin app = Javalin.create(config ->
- config.addStaticFiles("website/src/main/resources/public", Location.EXTERNAL)
+ Javalin app = Javalin.create(
+ config -> config.staticFiles.add(path, Location.EXTERNAL)
).start(8888);
app.get("/", PageController::serveIndex);
diff --git a/j2html/pom.xml b/j2html/pom.xml
index 14434bb0..2016c202 100644
--- a/j2html/pom.xml
+++ b/j2html/pom.xml
@@ -39,9 +39,15 @@
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
<packaging>jar</packaging>
diff --git a/j2html/src/test/java/j2html/PerformanceTest.java b/j2html/src/test/java/j2html/PerformanceTest.java
index de33ee7e..06767a1a 100644
--- a/j2html/src/test/java/j2html/PerformanceTest.java
+++ b/j2html/src/test/java/j2html/PerformanceTest.java
@@ -18,13 +18,13 @@ public class PerformanceTest {
@Rule
public TestRule benchmarkRun = new BenchmarkRule();
- private String shortTestString = "<body>\n"
+ private final String shortTestString = "<body>\n"
+ " <h1 class=\"example\">Heading!</h1>\n"
+ " <img src=\"img/hello.png\">\n"
+ "</body>";
// syntax-highlighted getting started example from j2html.com:
- private String longTestString =
+ private final String longTestString =
"<pre class=\" language-java\"><code class=\" language-java\"><span class=\"token keyword\">import</span> <span class=\"token keyword\">static</span> j2html<span class=\"token punctuation\">.</span>TagCreator<span class=\"token punctuation\">.</span>*<span class=\"token punctuation\">;</span>\n"
+ "\n"
+ "<span class=\"token keyword\">public</span> <span class=\"token keyword\">class</span> <span class=\"token class-name\">Main</span> <span class=\"token punctuation\">{</span>\n"
diff --git a/j2html/src/test/java/j2html/RenderPerformanceTest.java b/j2html/src/test/java/j2html/RenderPerformanceTest.java
index f4869c96..fda74fd3 100644
--- a/j2html/src/test/java/j2html/RenderPerformanceTest.java
+++ b/j2html/src/test/java/j2html/RenderPerformanceTest.java
@@ -29,7 +29,7 @@ public class RenderPerformanceTest {
@Rule
public TestRule benchmarkRun = new BenchmarkRule();
String expected = "<html><head><title>Browsertitle</title></head><body><h1>Hello World!</h1><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2 id=\"title\" class=\"visible-small\">Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2>Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2 id=\"title\" class=\"visible-small\">Hello World!</h2><div class=\"button\"><div class=\"button-text\">Action!</div></div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2>Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h1>Hello World!</h1><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2>Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2>Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2>Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><h2>Hello World!</h2><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p>Hello World!</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></body></html>";
- private DomContent template;
+ private final DomContent template;
public RenderPerformanceTest() {
this.template =
diff --git a/j2html/src/test/java/j2html/comparison/RenderPerformanceComparisonTest.java b/j2html/src/test/java/j2html/comparison/RenderPerformanceComparisonTest.java
index e821c50c..98399b24 100644
--- a/j2html/src/test/java/j2html/comparison/RenderPerformanceComparisonTest.java
+++ b/j2html/src/test/java/j2html/comparison/RenderPerformanceComparisonTest.java
@@ -17,18 +17,18 @@ public class RenderPerformanceComparisonTest {
@Test
public void j2htmlPerformance() throws Exception {
- TestJ2html.helloWorld();
- TestJ2html.fiveHundredEmployees();
- TestJ2html.macros();
- TestJ2html.multiplicationTable();
+ TestOptionsForJ2html.helloWorld();
+ TestOptionsForJ2html.fiveHundredEmployees();
+ TestOptionsForJ2html.macros();
+ TestOptionsForJ2html.multiplicationTable();
}
@Test
public void velocityPerformance() throws Exception {
- TestVelocity.helloWorld();
- TestVelocity.fiveHundredEmployees();
- TestVelocity.macros();
- TestVelocity.multiplicationTable();
+ TestOptionsForVelocity.helloWorld();
+ TestOptionsForVelocity.fiveHundredEmployees();
+ TestOptionsForVelocity.macros();
+ TestOptionsForVelocity.multiplicationTable();
}
}
diff --git a/j2html/src/test/java/j2html/comparison/TestJ2html.java b/j2html/src/test/java/j2html/comparison/TestOptionsForJ2html.java
similarity index 87%
rename from j2html/src/test/java/j2html/comparison/TestJ2html.java
rename to j2html/src/test/java/j2html/comparison/TestOptionsForJ2html.java
index ec66dab1..9c0df25c 100644
--- a/j2html/src/test/java/j2html/comparison/TestJ2html.java
+++ b/j2html/src/test/java/j2html/comparison/TestOptionsForJ2html.java
@@ -5,7 +5,10 @@
import j2html.comparison.j2html.Macros;
import j2html.comparison.j2html.MultiplicationTable;
-public class TestJ2html {
+/**
+ * Options are used in {@link RenderPerformanceComparisonTest}
+ */
+class TestOptionsForJ2html {
public static String helloWorld() {
return HelloWorld.tag.render();
diff --git a/j2html/src/test/java/j2html/comparison/TestVelocity.java b/j2html/src/test/java/j2html/comparison/TestOptionsForVelocity.java
similarity index 91%
rename from j2html/src/test/java/j2html/comparison/TestVelocity.java
rename to j2html/src/test/java/j2html/comparison/TestOptionsForVelocity.java
index 3048014d..f92613f5 100644
--- a/j2html/src/test/java/j2html/comparison/TestVelocity.java
+++ b/j2html/src/test/java/j2html/comparison/TestOptionsForVelocity.java
@@ -7,9 +7,12 @@
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
-public class TestVelocity {
+/**
+ * Options are used in {@link RenderPerformanceComparisonTest}
+ */
+class TestOptionsForVelocity {
- private static VelocityEngine velocityEngine;
+ private static final VelocityEngine velocityEngine;
static {
velocityEngine = new VelocityEngine();
@@ -45,6 +48,8 @@ public static String multiplicationTable() {
return render("/comparison/velocity/multiplicationTable.vm", model);
}
+
+
public static void main(String[] args) {
System.out.println(multiplicationTable());
}
diff --git a/pom.xml b/pom.xml
index 919ca8b7..8d4eef82 100644
--- a/pom.xml
+++ b/pom.xml
@@ -66,16 +66,17 @@
<maven.compiler.source>${jdk.version}</maven.compiler.source>
<maven.compiler.target>${jdk.version}</maven.compiler.target>
- <junit.version>4.13.1</junit.version>
+ <junit.version>4.13.2</junit.version>
<mockito.version>4.8.1</mockito.version>
<hamcrest-library.version>1.3</hamcrest-library.version>
<commons-lang3.version>3.0</commons-lang3.version>
<junit-benchmarks.version>0.7.2</junit-benchmarks.version>
- <apache-velocity.version>1.7</apache-velocity.version>
- <jsoup.version>1.14.3</jsoup.version>
+ <apache-velocity.version>2.3</apache-velocity.version>
+ <hsqldb.version>2.7.2</hsqldb.version>
+ <jsoup.version>1.17.2</jsoup.version>
<javapoet.version>1.9.0</javapoet.version>
- <javalin.version>4.0.0.ALPHA2</javalin.version>
- <slf4j-simple.version>1.7.26</slf4j-simple.version>
+ <javalin.version>6.1.3</javalin.version>
+ <slf4j-simple.version>2.0.13</slf4j-simple.version>
</properties>
<dependencyManagement>
@@ -109,12 +110,19 @@
</dependency>
<!-- performance test dependencies -->
+
<dependency>
<groupId>org.apache.velocity</groupId>
- <artifactId>velocity</artifactId>
+ <artifactId>velocity-engine-core</artifactId>
<version>${apache-velocity.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>${hsqldb.version}</version>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
From 6c70d13385352ccf3c4123a0c151dc8df0085686 Mon Sep 17 00:00:00 2001
From: Koen Aben <koen.aben@carapaxit.nl>
Date: Tue, 14 May 2024 21:41:04 +0200
Subject: [PATCH 2/2] updates .github/workflow/main.yml for build for Java21
(and removed the outdated Java8
---
.github/workflows/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d829b820..d6b5c291 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -9,7 +9,7 @@ jobs:
strategy:
fail-fast: false
matrix:
- java_version: [1.8, 11, 17]
+ java_version: [11, 17, 21]
os: [windows-latest, macOS-latest, ubuntu-latest]
steps: