Check for suspicious gradle-wrapper.jar #1434

snjeza · 2020-05-05T18:07:55Z

Requires redhat-developer/vscode-java#1440

Signed-off-by: Snjezana Peco [email protected]

fbricon

Code translated from https://github.com/gradle/wrapper-validation-action/ should retain original copyright/license, with a link to the original source

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/internal/gradle/checksums/WrapperValidator.java

...se.jdt.ls.tests/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporterTest.java

...eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporter.java

snjeza · 2020-05-06T15:49:29Z

Code translated from https://github.com/gradle/wrapper-validation-action/ should retain original copyright/license, with a link to the original source

I haven't copied anything from https://github.com/gradle/wrapper-validation-action/. I have only used those class names that you sent.

fbricon · 2020-05-06T16:18:00Z

I have only used those class names that you sent.

Well that code I translated from https://github.com/gradle/wrapper-validation-action/.

snjeza · 2020-05-10T17:02:09Z

Well that code I translated from https://github.com/gradle/wrapper-validation-action/.

I haven't used any code, but only the WrapperValidator, ValidationResult class names.

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/JobHelpers.java

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/preferences/Preferences.java

...eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporter.java

fbricon · 2020-05-13T16:51:38Z

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/preferences/Preferences.java

@@ -1367,4 +1443,9 @@ public Preferences setStaticImportOnDemandThreshold(int staticImportOnDemandThre
 		defEclipsePrefs.put(CodeStyleConfiguration.ORGIMPORTS_STATIC_ONDEMANDTHRESHOLD, String.valueOf(this.staticImportOnDemandThreshold));
 		return this;
 	}
+
+	class Sha256 {


ChecksumWrapper

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/preferences/Preferences.java

...clipse.jdt.ls.core/src/org/eclipse/jdt/ls/internal/gradle/checksums/DownloadChecksumJob.java

snjeza · 2020-05-13T20:32:00Z

@fbricon I have updated the PR.

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/internal/gradle/checksums/WrapperValidator.java

...clipse.jdt.ls.core/src/org/eclipse/jdt/ls/internal/gradle/checksums/DownloadChecksumJob.java

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/preferences/Preferences.java

org.eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/internal/gradle/checksums/WrapperValidator.java

...eclipse.jdt.ls.tests/src/org/eclipse/jdt/ls/core/internal/managers/WrapperValidatorTest.java

...eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporter.java

snjeza · 2020-05-19T19:04:02Z

test this please

fbricon · 2020-05-19T19:24:59Z

...eclipse.jdt.ls.tests/src/org/eclipse/jdt/ls/core/internal/managers/WrapperValidatorTest.java

+		File sha256Directory = WrapperValidator.getSha256CacheFile();
+		// test cache
+		file = new File(sha256Directory, "gradle-6.4-wrapper.jar.sha256");
+		String sha256 = Files.lines(Paths.get(file.getAbsolutePath()), StandardCharsets.UTF_8).findFirst().get();


java.nio.file.NoSuchFileException: /Users/fbricon/Dev/projects/eclipse.jdt.ls/org.eclipse.jdt.ls.tests/target/gradle/checksums/gradle-6.4-wrapper.jar.sha256
at org.eclipse.jdt.ls.core.internal.managers.WrapperValidatorTest.testGradleWrapper(WrapperValidatorTest.java:63)

Signed-off-by: Snjezana Peco <[email protected]>

fbricon · 2020-05-20T18:57:47Z

Thanks @snjeza !

snjeza requested review from gorkem and fbricon May 5, 2020 18:07

Eskibear mentioned this pull request May 6, 2020

highlight QualifiedName together in packages #1435

Merged

fbricon requested changes May 6, 2020

View reviewed changes

snjeza changed the title ~~Check gradle-wrapper.jar~~ [WIP] Check gradle-wrapper.jar May 6, 2020

snjeza added the in progress label May 10, 2020

snjeza force-pushed the gradlewrapper branch from 8df1aed to fef3cf9 Compare May 10, 2020 16:50

snjeza mentioned this pull request May 10, 2020

Check for suspicious gradle-wrapper.jar redhat-developer/vscode-java#1440

Merged

snjeza force-pushed the gradlewrapper branch from fef3cf9 to 60b4583 Compare May 13, 2020 14:57

snjeza changed the title ~~[WIP] Check gradle-wrapper.jar~~ Check gradle-wrapper.jar May 13, 2020

snjeza removed the in progress label May 13, 2020

fbricon requested changes May 13, 2020

View reviewed changes

snjeza force-pushed the gradlewrapper branch from 60b4583 to 71622b7 Compare May 13, 2020 19:56

fbricon requested changes May 18, 2020

View reviewed changes

...eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporter.java Outdated Show resolved Hide resolved

...eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporter.java Outdated Show resolved Hide resolved

snjeza force-pushed the gradlewrapper branch from 71622b7 to c12552f Compare May 19, 2020 15:41

fbricon requested changes May 19, 2020

View reviewed changes

...eclipse.jdt.ls.core/src/org/eclipse/jdt/ls/core/internal/managers/GradleProjectImporter.java Outdated Show resolved Hide resolved

snjeza force-pushed the gradlewrapper branch from c12552f to 3d89de8 Compare May 19, 2020 16:53

fbricon reviewed May 19, 2020

View reviewed changes

fbricon changed the title ~~Check gradle-wrapper.jar~~ Check for suspicious gradle-wrapper.jar May 20, 2020

fbricon added this to the Mid May 2020 milestone May 20, 2020

fbricon added enhancement gradle labels May 20, 2020

snjeza added 2 commits May 20, 2020 20:25

Check for suspicious gradle-wrapper.jar

9d8498d

Signed-off-by: Snjezana Peco <[email protected]>

Fix WrapperValidatorTest.testGradleWrapper

31c55fb

Signed-off-by: Snjezana Peco <[email protected]>

snjeza force-pushed the gradlewrapper branch from 3d89de8 to 31c55fb Compare May 20, 2020 18:25

fbricon merged commit 8d33bd0 into eclipse-jdtls:master May 20, 2020

Eskibear mentioned this pull request Jul 16, 2020

Semantic highlighting improvements #1501

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check for suspicious gradle-wrapper.jar #1434

Check for suspicious gradle-wrapper.jar #1434

snjeza commented May 5, 2020 •

edited

Loading

fbricon left a comment

snjeza commented May 6, 2020

fbricon commented May 6, 2020

snjeza commented May 10, 2020

fbricon May 13, 2020

snjeza commented May 13, 2020

snjeza commented May 19, 2020

fbricon May 19, 2020

snjeza May 19, 2020

fbricon commented May 20, 2020

Check for suspicious gradle-wrapper.jar #1434

Check for suspicious gradle-wrapper.jar #1434

Conversation

snjeza commented May 5, 2020 • edited Loading

fbricon left a comment

Choose a reason for hiding this comment

snjeza commented May 6, 2020

fbricon commented May 6, 2020

snjeza commented May 10, 2020

fbricon May 13, 2020

Choose a reason for hiding this comment

snjeza commented May 13, 2020

snjeza commented May 19, 2020

fbricon May 19, 2020

Choose a reason for hiding this comment

snjeza May 19, 2020

Choose a reason for hiding this comment

fbricon commented May 20, 2020

snjeza commented May 5, 2020 •

edited

Loading