Skip to content

Commit

Permalink
Ban log4j all together and update OWASP dep check
Browse files Browse the repository at this point in the history 
Remove
  • Loading branch information
@nbaars
nbaars committed Dec 20, 2021
1 parent cb6b1d7 commit 7ded096
Showing 1 changed file with 38 additions and 10 deletions.
48 changes: 38 additions & 10 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,8 @@
<maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
<java.version>17</java.version>
<thymeleaf.version>3.0.14.RELEASE</thymeleaf.version>
<pmd.version>3.15.0</pmd.version>
<checkstyle.version>3.1.2</checkstyle.version>
</properties>

<modules>
Expand All @@ -141,14 +143,15 @@
<module>webgoat-server</module>
<module>webwolf</module>
<module>webgoat-integration-tests</module>
<module>docker</module><!-- copy required jars in preparation of docker all-in-one build -->
<module>docker</module><!-- copy required jars in preparation of docker all-in-one build -->
</modules>


<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
Expand Down Expand Up @@ -187,7 +190,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.1.2</version>
<version>${checkstyle.version}</version>
<configuration>
<encoding>UTF-8</encoding>
<consoleOutput>true</consoleOutput>
Expand All @@ -200,10 +203,11 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.14.0</version>
<version>${pmd.version}</version>
<configuration>
<targetJdk>15</targetJdk>
<failurePriority>1</failurePriority><!-- 5 means fail even on the lowest priority, 0 means never fail -->
<targetJdk>${maven.compiler.target}</targetJdk>
<failurePriority>1
</failurePriority><!-- 5 means fail even on the lowest priority, 0 means never fail -->
<rulesets>
<!--suppress UnresolvedMavenProperty -->
<ruleset>${maven.multiModuleProjectDirectory}/config/pmd/pmd-ruleset.xml</ruleset>
Expand All @@ -219,6 +223,30 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>Restrict-bad-log4j-versions</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>org.apache.logging.log4j:log4j-core:(,2.15.0)</exclude>
</excludes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>

Expand All @@ -233,7 +261,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.1.3</version>
<version>6.5.1</version>
<configuration>
<failBuildOnCVSS>7</failBuildOnCVSS>
<skipProvidedScope>true</skipProvidedScope>
Expand Down

0 comments on commit 7ded096

Please sign in to comment.