From cc567c0cb782fdecf6703df6e123081d6c7dd54d Mon Sep 17 00:00:00 2001 From: anandsudhir Date: Mon, 2 Jul 2018 10:40:09 +0200 Subject: [PATCH 1/3] Use spotbugs instead of findbugs --- .../{findbugs-base.xml => spotbugs-base.xml} | 0 .../spotbugs-base.xml | 0 .../spotbugs-base.xml | 0 pom.xml | 18 +++++++++--------- .../findbugs-base.xml => spotbugs-base.xml | 0 ...udefilter.xml => spotbugs-excludefilter.xml | 7 +++++-- 6 files changed, 14 insertions(+), 11 deletions(-) rename burp-maven-plugin/{findbugs-base.xml => spotbugs-base.xml} (100%) rename findbugs-base.xml => headless-burp-proxy/spotbugs-base.xml (100%) rename headless-burp-proxy/findbugs-base.xml => headless-burp-scanner/spotbugs-base.xml (100%) rename headless-burp-scanner/findbugs-base.xml => spotbugs-base.xml (100%) rename findbugs-excludefilter.xml => spotbugs-excludefilter.xml (58%) diff --git a/burp-maven-plugin/findbugs-base.xml b/burp-maven-plugin/spotbugs-base.xml similarity index 100% rename from burp-maven-plugin/findbugs-base.xml rename to burp-maven-plugin/spotbugs-base.xml diff --git a/findbugs-base.xml b/headless-burp-proxy/spotbugs-base.xml similarity index 100% rename from findbugs-base.xml rename to headless-burp-proxy/spotbugs-base.xml diff --git a/headless-burp-proxy/findbugs-base.xml b/headless-burp-scanner/spotbugs-base.xml similarity index 100% rename from headless-burp-proxy/findbugs-base.xml rename to headless-burp-scanner/spotbugs-base.xml diff --git a/pom.xml b/pom.xml index fc3b1f8..a836e73 100644 --- a/pom.xml +++ b/pom.xml @@ -20,8 +20,8 @@ 1.8 false ${project.basedir} - ${project.basedir}/../findbugs-excludefilter.xml - + ${project.basedir}/../spotbugs-excludefilter.xml + @@ -206,15 +206,15 @@ - org.codehaus.mojo - findbugs-maven-plugin - 3.0.5 + com.github.spotbugs + spotbugs-maven-plugin + 3.1.3 Max Low true - ${findbugs-excludefilter.location} - ${project.basedir}/findbugs-base.xml + ${spotbugs-excludefilter.location} + ${project.basedir}/spotbugs-base.xml com.h3xstream.findsecbugs @@ -291,10 +291,10 @@ quick true - true + true true - \ No newline at end of file + diff --git a/headless-burp-scanner/findbugs-base.xml b/spotbugs-base.xml similarity index 100% rename from headless-burp-scanner/findbugs-base.xml rename to spotbugs-base.xml diff --git a/findbugs-excludefilter.xml b/spotbugs-excludefilter.xml similarity index 58% rename from findbugs-excludefilter.xml rename to spotbugs-excludefilter.xml index 8d1a10a..e0996af 100644 --- a/findbugs-excludefilter.xml +++ b/spotbugs-excludefilter.xml @@ -1,4 +1,7 @@ - + @@ -21,6 +24,6 @@ - + From d18458e6ef83f52fa08189017bf25f284d227c27 Mon Sep 17 00:00:00 2001 From: anandsudhir Date: Mon, 2 Jul 2018 10:41:15 +0200 Subject: [PATCH 2/3] Bump version of jackson-databind as fix for CVE-2018-7489 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a836e73..2a10f88 100644 --- a/pom.xml +++ b/pom.xml @@ -66,7 +66,7 @@ com.fasterxml.jackson.core jackson-databind - 2.9.4 + 2.9.5 From fde4512dfc48b1140367d2512c091d15c9537e22 Mon Sep 17 00:00:00 2001 From: anandsudhir Date: Mon, 2 Jul 2018 10:44:00 +0200 Subject: [PATCH 3/3] Exclude false positive from findsecbugs --- spotbugs-excludefilter.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spotbugs-excludefilter.xml b/spotbugs-excludefilter.xml index e0996af..10933fd 100644 --- a/spotbugs-excludefilter.xml +++ b/spotbugs-excludefilter.xml @@ -26,4 +26,8 @@ + + + +