jxlsteam#163 commons-compress:1.21

- Gradle 6.8.3
- fix whitespace
- Codestyle
- vulnerabilities check:
poi-ooxml uses commons-compress4:1.19 <CVE-2021-35515>
-> commons-compress4:1.21
Now jxls and jxls-poi have no vulnerabilities (for production).

build.gradle

@@ -1,7 +1,8 @@
 allprojects {
     apply plugin: 'jacoco'
+    apply plugin: 'org.owasp.dependencycheck'
 
-        version = '2.10.1-SNAPSHOT'
+    version = '2.12.0-SNAPSHOT'
     group = 'org.jxls'
 
     repositories {
@@ -10,7 +11,7 @@ allprojects {
 }
 
 subprojects {
-    apply plugin: 'java'
+    apply plugin: 'java-library'
     apply plugin: 'groovy'
     apply plugin: 'eclipse'
 

build.xml

@@ -3,16 +3,20 @@
 	<!-- This helps SoltauFintel to call the Gradle build with Eclipse to get JXLS work in Eclipse. -->
 
 	<target name="eclipse">
-		<gradle task="eclipse"/>
+		<gradle task="cleanEclipse eclipse"/>
 	</target>
     <target name="test">
         <gradle task="test"/>
     </target>
 	<target name="dep">
-        <exec executable="cmd" failonerror="true">
-        	<arg line="/c gradlew.bat -b jxls-poi/build.gradle -g C:\jarcache\gradle dep"/>
-        </exec>
+        <gradle task="-b jxls-poi/build.gradle dep"/>
 	</target>
+    <target name="vulnerabilities check for jxls">
+        <gradle task=":jxls:dependencyCheckAnalyze"/>
+    </target>
+    <target name="vulnerabilities check for jxls-poi">
+        <gradle task=":jxls-poi:dependencyCheckAnalyze"/>
+    </target>
 
 	<macrodef name="gradle">
 		<attribute name="task"/>

gradle/wrapper/gradle-wrapper.properties

@@ -3,4 +3,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-3.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip

jxls-poi/build.gradle

@@ -1,14 +1,15 @@
 dependencies {
-	compile project(':jxls')
-	compile 'org.apache.poi:poi-ooxml:4.1.2'
-	compile 'org.slf4j:jcl-over-slf4j:1.7.30'
-
-	testCompile 'junit:junit:4.12'
-	testCompile 'org.apache.poi:ooxml-schemas:1.4'
-	testCompile 'org.mockito:mockito-core:3.2.4'
-	testCompile 'uk.org.lidalia:slf4j-test:1.2.0'
-	testCompile 'org.spockframework:spock-core:1.3-groovy-2.5'
-	testCompile 'cglib:cglib-nodep:3.3.0'
-	testCompile 'commons-io:commons-io:2.6'
-	testCompile 'org.apache.derby:derby:10.12.1.1'
+    implementation project(':jxls')
+    implementation 'org.apache.poi:poi-ooxml:4.1.2'
+    implementation 'org.apache.commons:commons-compress:1.21'
+    implementation 'org.slf4j:jcl-over-slf4j:1.7.30'
+
+    testImplementation 'junit:junit:4.12'
+    testImplementation 'org.apache.poi:ooxml-schemas:1.4'
+    testImplementation 'org.mockito:mockito-core:3.2.4'
+    testImplementation 'uk.org.lidalia:slf4j-test:1.2.0'
+    testImplementation 'org.spockframework:spock-core:1.3-groovy-2.5'
+    testImplementation 'cglib:cglib-nodep:3.3.0'
+    testImplementation 'commons-io:commons-io:2.6'
+    testImplementation 'org.apache.derby:derby:10.12.1.1'
 }

jxls-poi/pom.xml

@@ -64,6 +64,11 @@
 			<artifactId>poi-ooxml</artifactId>
 			<version>${poi.version}</version>
 		</dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-compress</artifactId>
+            <version>1.21</version>
+        </dependency>
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>ooxml-schemas</artifactId>

jxls-poi/src/main/java/org/jxls/transform/poi/PoiCellData.java

@@ -51,15 +51,15 @@ public PoiCellData(CellRef cellRef, Cell cell) {
         this.cell = cell;
     }
 
-    public static PoiCellData createCellData(PoiRowData poiRowData, CellRef cellRef, Cell cell){
+    public static PoiCellData createCellData(PoiRowData poiRowData, CellRef cellRef, Cell cell) {
         PoiCellData cellData = new PoiCellData(cellRef, cell);
         cellData.poiRowData = poiRowData;
         cellData.readCell(cell);
         cellData.updateFormulaValue();
         return cellData;
     }
 
-    public void readCell(Cell cell){
+    public void readCell(Cell cell) {
         readCellGeneralInfo(cell);
         readCellContents(cell);
         readCellStyle(cell);

jxls-poi/src/main/java/org/jxls/transform/poi/PoiConditionalFormatting.java

@@ -13,7 +13,7 @@ public class PoiConditionalFormatting {
     private final List<CellRangeAddress> ranges;
 
     PoiConditionalFormatting(ConditionalFormatting conditionalFormatting) {
-        for(int i = 0; i < conditionalFormatting.getNumberOfRules(); i++){
+        for (int i = 0; i < conditionalFormatting.getNumberOfRules(); i++) {
             rules.add(conditionalFormatting.getRule(i));
         }
         ranges = Arrays.asList(conditionalFormatting.getFormattingRanges());

jxls-poi/src/test/java/org/jxls/examples/UserCommandDemo.java

@@ -75,14 +75,16 @@ public String getName() {
 
         public Size applyAt(CellRef cellRef, Context context) {
             Size resultSize = area.applyAt(cellRef, context);
-            if( resultSize.equals(Size.ZERO_SIZE)) return resultSize;
+            if (resultSize.equals(Size.ZERO_SIZE)) {
+                return resultSize;
+            }
             PoiTransformer transformer = (PoiTransformer) area.getTransformer();
             Workbook workbook = transformer.getWorkbook();
             Sheet sheet = workbook.getSheet(cellRef.getSheetName());
             int startRow = cellRef.getRow();
             int endRow = cellRef.getRow() + resultSize.getHeight() - 1;
             sheet.groupRow(startRow, endRow);
-            if( collapseIf != null && collapseIf.trim().length() > 0){
+            if (collapseIf != null && collapseIf.trim().length() > 0) {
                 boolean collapseFlag = Util.isConditionTrue(getTransformationConfig().getExpressionEvaluator(), collapseIf, context);
                 sheet.setRowGroupCollapsed(startRow, collapseFlag);
             }

jxls-site/src/site/markdown/changes.md

@@ -3,6 +3,7 @@ Version History
 
 v2.12.0
 --------
+* [#164 Update commons-compress](https://github.com/jxlsteam/jxls/issues/164)
 * [#147 Row height bugfix](https://github.com/jxlsteam/jxls/issues/147), contribution by [jools-uk](https://github.com/jools-uk)
 * [#153 Issue in Excel Output while using SXSSF Transformer](https://github.com/jxlsteam/jxls/issues/153)
 

jxls/build.gradle

@@ -1,12 +1,14 @@
 dependencies {
-	compile 'org.apache.commons:commons-jexl3:3.2'
-	compile 'commons-beanutils:commons-beanutils:1.9.4'
-	compile 'org.slf4j:jcl-over-slf4j:1.7.30'
-	compile 'ch.qos.logback:logback-core:1.2.10'
-
-	testCompile 'junit:junit:4.12'
-	testCompile 'org.mockito:mockito-core:3.2.4'
-	testCompile 'ch.qos.logback:logback-classic:1.2.10'
-	testCompile 'org.spockframework:spock-core:1.3-groovy-2.5'
-	testCompile 'cglib:cglib-nodep:3.3.0'
+    def logbackVersion = '1.2.10'
+
+    api 'org.apache.commons:commons-jexl3:3.2'
+    api 'commons-beanutils:commons-beanutils:1.9.4'
+    implementation 'org.slf4j:jcl-over-slf4j:1.7.30'
+    implementation "ch.qos.logback:logback-core:$logbackVersion"
+
+    testImplementation 'junit:junit:4.12'
+    testImplementation 'org.mockito:mockito-core:3.2.4'
+    testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
+    testImplementation 'org.spockframework:spock-core:1.3-groovy-2.5'
+    testImplementation 'cglib:cglib-nodep:3.3.0'
 }

jxls/src/main/java/org/jxls/area/XlsArea.java

@@ -174,7 +174,7 @@ public Size applyAt(CellRef cellRef, Context context) {
             Size commandInitialSize = commandData.getSize();
             int startCol = commandStartCellRef.getCol() - startCellRef.getCol();
             int startRow = commandStartCellRef.getRow() - startCellRef.getRow();
-            if (startRow > lastProcessedRow){
+            if (startRow > lastProcessedRow) {
                 transformStaticCells(cellRef, context, startRow, 0, startRow, startCol - 1);
                 lastProcessedRow = startRow;
             }
@@ -363,7 +363,7 @@ private boolean isNoWideCommandsInArea(List<CommandData> commandList, int startC
             int relativeEndRow = relativeRow + commandData.getSize().getHeight() - 1;
             int relativeStartCol = commandDataStartCellRef.getCol() - startCellRef.getCol();
             int relativeEndCol = relativeStartCol + commandData.getSize().getWidth() - 1;
-            if( relativeRow >= startRow && relativeEndRow <= endRow
+            if (relativeRow >= startRow && relativeEndRow <= endRow
                     && ((relativeStartCol < startCol && relativeEndCol >= startCol) || (relativeEndCol > endCol && relativeStartCol <= endCol))) {
                 return false;
             }

jxls/src/main/java/org/jxls/command/EachCommand.java

@@ -340,7 +340,7 @@ private Size processCollection(Context context, Iterable<?> itemsCollection, Cel
         int currentIndex = 0;
         for (Object obj : itemsCollection) {
             context.putVar(varName, obj);
-            if (varIndex != null ){
+            if (varIndex != null) {
                 context.putVar(varIndex, currentIndex);
             }
             if (selectEvaluator != null && !util.isConditionTrue(selectEvaluator, context)) {

jxls/src/main/java/org/jxls/common/CellRange.java

@@ -178,13 +178,13 @@ public boolean isExcluded(int row, int col) {
         return !contains(row, col) || cells[row][col] == null || CellRef.NONE.equals(cells[row][col]);
     }
 
-    public boolean contains(int row, int col){
+    public boolean contains(int row, int col) {
         return row >= 0 && row < cells.length && col >= 0 && cells[0].length > col;
     }
 
     public boolean containsCommandsInRow(int row) {
         for (int col = 0; col < width; col++) {
-            if ( isExcluded(row, col) ){
+            if (isExcluded(row, col)) {
                 return true;
             }
         }

jxls/src/main/java/org/jxls/common/RowData.java

@@ -36,7 +36,7 @@ public CellData getCellData(int col) {
         }
     }
 
-    protected void addCellData(CellData cellData){
+    protected void addCellData(CellData cellData) {
         cellDataList.add(cellData);
     }
 

jxls/src/main/java/org/jxls/formula/StandardFormulaProcessor.java

@@ -140,16 +140,16 @@ private List<CellRef> findFormulaCellRefReplacements(Transformer transformer, Ce
             // In that case we assume we should just take only the target cell ref which belongs to the same area
             // as this ref entry
             CellData cellRefData = transformer.getCellData(cellReference);
-            if (cellRefData != null && !cellRefData.getTargetParentAreaRef().isEmpty()){
+            if (cellRefData != null && !cellRefData.getTargetParentAreaRef().isEmpty()) {
                 // non-empty means that there was an outer replication of this cell onto new areas
                 // we need to find an area which contains both the current formula cell
                 // and the cell reference we are searching replacements for
                 // since we assume the intention is to use only the target cell reference from the same parent area
                 List<CellRef> targetReferences = new ArrayList<>();
-                for (AreaRef targetAreaRef : cellRefData.getTargetParentAreaRef()){
-                    if (targetAreaRef.contains(targetFormulaCellRef)){
-                        for (CellRef targetRef : cellReferenceTargets){
-                            if (targetAreaRef.contains(targetRef)){
+                for (AreaRef targetAreaRef : cellRefData.getTargetParentAreaRef()) {
+                    if (targetAreaRef.contains(targetFormulaCellRef)) {
+                        for (CellRef targetRef : cellReferenceTargets) {
+                            if (targetAreaRef.contains(targetRef)) {
                                 targetReferences.add(targetRef);
                             }
                         }

jxls/src/main/java/org/jxls/util/CellRefUtil.java

@@ -337,7 +337,7 @@ public static String parseSheetName(String reference, int indexOfSheetNameDelimi
 
         StringBuilder sb = new StringBuilder(indexOfSheetNameDelimiter);
 
-        for(int i = 1; i < lastQuotePos; i++) { // Note boundaries - skip outer quotes
+        for (int i = 1; i < lastQuotePos; i++) { // Note boundaries - skip outer quotes
             char ch = reference.charAt(i);
             if (ch != SPECIAL_NAME_DELIMITER) {
                 sb.append(ch);

jxls/src/main/java/org/jxls/util/TransformerFactory.java

@@ -78,10 +78,10 @@ public static String getTransformerName() {
     /**
      * @return the transformer class to be loaded by this factory
      */
-    public static String getTransformerClassName(){
+    public static String getTransformerClassName() {
         String transformerClassName = System.getProperty(TRANSFORMER_SYSTEM_PROPERTY, POI_CLASS_NAME);
         // for backwards compatibility we also allow a short name for a poi transformer
-        if (transformerClassName.equalsIgnoreCase(POI_TRANSFORMER)){
+        if (transformerClassName.equalsIgnoreCase(POI_TRANSFORMER)) {
             transformerClassName = POI_CLASS_NAME;
         }
         return transformerClassName;

settings.gradle

@@ -1,2 +1,12 @@
+buildscript {
+    repositories {
+        gradlePluginPortal()
+    }
+    dependencies {
+        // Vulnerabilities
+        classpath 'org.owasp:dependency-check-gradle:6.5.0.1'
+    }
+}
+
 include 'jxls'
 include 'jxls-poi'