diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 237b2c2f..8e4f825d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,12 +8,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
-
- - name: Set up JDK 8
- uses: actions/setup-java@v3.3.0
with:
- distribution: 'temurin'
- java-version: 8
+ token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Cache local Maven repository
uses: actions/cache@v3
@@ -23,7 +19,19 @@ jobs:
restore-keys: |
${{ runner.os }}-maven-
+ - name: Set up JDK 11
+ uses: actions/setup-java@v3.3.0
+ with:
+ distribution: 'temurin'
+ java-version: '11'
+ server-id: ossrh
+ server-username: MAVEN_USERNAME
+ server-password: MAVEN_PASSWORD
+ gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
+ gpg-passphrase: MAVEN_GPG_PASSPHRASE
+
- name: Run tests with Maven
+ run: mvn -B test --file pom.xml
env:
CX_CLIENT_ID: ${{ secrets.CX_CLIENT_ID}}
CX_CLIENT_SECRET: ${{ secrets.CX_CLIENT_SECRET}}
@@ -31,4 +39,16 @@ jobs:
CX_TENANT: ${{ secrets.CX_TENANT }}
CX_SCAN_ID: ${{ secrets.CX_SCAN_ID }}
CX_APIKEY: ${{ secrets.CX_APIKEY }}
- run: mvn -B test --file pom.xml
+
+
+ - name: Build with Maven
+ run: mvn -B verify -DskipTests --file pom.xml
+ env:
+ MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+ MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
+
+ - name: Run SpotBugs Analysis
+ uses: jwgmeligmeyling/spotbugs-github-action@master
+ with:
+ path: '**/spotbugsXml.xml'
diff --git a/pom.xml b/pom.xml
index 4fdc68ad..7aef0a28 100644
--- a/pom.xml
+++ b/pom.xml
@@ -9,7 +9,7 @@
jar
Checkmarx AST Client
- Checkmarx AST ClI SDK
+ Checkmarx AST CLI SDK
https://www.checkmarx.com
@@ -60,6 +60,24 @@
+
+ com.github.spotbugs
+ spotbugs-maven-plugin
+ 4.7.0.0
+
+ Max
+ High
+ true
+ false
+
+
+
+
+ check
+
+
+
+
org.apache.maven.plugins
maven-surefire-plugin
diff --git a/src/main/java/com/checkmarx/ast/results/result/Node.java b/src/main/java/com/checkmarx/ast/results/result/Node.java
index d79fdc32..dd6fc121 100644
--- a/src/main/java/com/checkmarx/ast/results/result/Node.java
+++ b/src/main/java/com/checkmarx/ast/results/result/Node.java
@@ -9,7 +9,6 @@
import com.fasterxml.jackson.databind.type.TypeFactory;
import lombok.Value;
import org.apache.commons.lang3.StringUtils;
-
import java.io.IOException;
import java.util.List;
import java.util.Objects;
@@ -103,14 +102,18 @@ public boolean equals(Object obj) {
}
Node node = (Node) obj;
return line == node.line &&
- column == node.column &&
- length == node.length &&
- Objects.equals(name, node.name) &&
- Objects.equals(method, node.method) &&
- Objects.equals(domType, node.domType) &&
- Objects.equals(fileName, node.fileName) &&
- Objects.equals(fullName, node.fullName) &&
- Objects.equals(methodLine, node.methodLine);
+ column == node.column &&
+ length == node.length &&
+ Objects.equals(name, node.name) &&
+ Objects.equals(method, node.method) &&
+ Objects.equals(domType, node.domType) &&
+ Objects.equals(fileName, node.fileName) &&
+ Objects.equals(fullName, node.fullName) &&
+ Objects.equals(methodLine, node.methodLine);
}
+ @Override
+ public int hashCode() {
+ return id.hashCode();
+ }
}
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
index 14646281..383c4bfa 100644
--- a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
+++ b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
@@ -15,7 +15,6 @@
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import java.io.IOException;
import java.nio.file.Files;
import java.util.ArrayList;
@@ -35,7 +34,7 @@ public class CxWrapper {
@NonNull
private final String executable;
- public CxWrapper(@NonNull CxConfig cxConfig)
+ public CxWrapper(CxConfig cxConfig)
throws CxConfig.InvalidCLIConfigException, IOException {
this(cxConfig, LoggerFactory.getLogger(CxWrapper.class));
}
diff --git a/src/main/java/com/checkmarx/ast/wrapper/Execution.java b/src/main/java/com/checkmarx/ast/wrapper/Execution.java
index d0824eb6..abbd7a5b 100644
--- a/src/main/java/com/checkmarx/ast/wrapper/Execution.java
+++ b/src/main/java/com/checkmarx/ast/wrapper/Execution.java
@@ -1,7 +1,6 @@
package com.checkmarx.ast.wrapper;
import org.slf4j.Logger;
-
import java.io.*;
import java.net.URL;
import java.nio.charset.StandardCharsets;
@@ -83,7 +82,7 @@ static String executeCommand(List arguments,
File outputFile = new File(directory, file);
return new String(Files.readAllBytes(Paths.get(outputFile.getAbsolutePath())),
- StandardCharsets.UTF_8);
+ StandardCharsets.UTF_8);
}
static String getTempBinary() throws IOException {
@@ -98,7 +97,7 @@ static String getTempBinary() throws IOException {
}
File tempExecutable = new File(TEMP_DIR, fileName);
if (!tempExecutable.exists() || !compareChecksum(resource.openStream(),
- new FileInputStream(tempExecutable))) {
+ new FileInputStream(tempExecutable))) {
copyURLToFile(resource, tempExecutable);
}
if (!tempExecutable.canExecute() && !tempExecutable.setExecutable(true)) {
@@ -111,7 +110,7 @@ static String getTempBinary() throws IOException {
private static BufferedReader getReader(Process process) {
InputStream is = process.getInputStream();
- InputStreamReader isr = new InputStreamReader(is);
+ InputStreamReader isr = new InputStreamReader(is, StandardCharsets.UTF_8);
return new BufferedReader(isr);
}
@@ -167,7 +166,7 @@ private static String md5(InputStream a) {
while ((i = a.read(buf)) != -1) {
md.update(buf, 0, i);
}
- md5 = new String(md.digest());
+ md5 = new String(md.digest(), StandardCharsets.UTF_8);
} catch (NoSuchAlgorithmException | IOException e) {
// ignore
}