From 9209de6b3fe29b251569c92862d43b8a821921c9 Mon Sep 17 00:00:00 2001
From: Mark Raynsford <code@io7m.com>
Date: Sun, 11 Jun 2023 11:24:59 +0000
Subject: [PATCH] Mark 1.0.0-SNAPSHOT and update README.

---
 .../workflows/main.linux.temurin.current.yml  |  6 ++
 .github/workflows/main.linux.temurin.lts.yml  |  6 ++
 .../main.windows.temurin.current.yml          |  6 ++
 .../workflows/main.windows.temurin.lts.yml    |  6 ++
 README.in                                     | 64 ++++++++++++++++++
 README.md                                     | 65 +++++++++++++++++++
 com.io7m.dixmont.colors/pom.xml               |  2 +-
 com.io7m.dixmont.core/pom.xml                 |  2 +-
 com.io7m.dixmont.tests/pom.xml                |  2 +-
 pom.xml                                       | 22 +------
 10 files changed, 159 insertions(+), 22 deletions(-)
 create mode 100644 README.in

diff --git a/.github/workflows/main.linux.temurin.current.yml b/.github/workflows/main.linux.temurin.current.yml
index 83aba87..d008a82 100644
--- a/.github/workflows/main.linux.temurin.current.yml
+++ b/.github/workflows/main.linux.temurin.current.yml
@@ -18,3 +18,9 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports
diff --git a/.github/workflows/main.linux.temurin.lts.yml b/.github/workflows/main.linux.temurin.lts.yml
index 7a6890a..b5f0a58 100644
--- a/.github/workflows/main.linux.temurin.lts.yml
+++ b/.github/workflows/main.linux.temurin.lts.yml
@@ -18,6 +18,12 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports
       - name: Coverage
         uses: codecov/codecov-action@v1
         with:
diff --git a/.github/workflows/main.windows.temurin.current.yml b/.github/workflows/main.windows.temurin.current.yml
index ebaf4cf..a7d0970 100644
--- a/.github/workflows/main.windows.temurin.current.yml
+++ b/.github/workflows/main.windows.temurin.current.yml
@@ -18,3 +18,9 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports
diff --git a/.github/workflows/main.windows.temurin.lts.yml b/.github/workflows/main.windows.temurin.lts.yml
index 209717c..883c1cb 100644
--- a/.github/workflows/main.windows.temurin.lts.yml
+++ b/.github/workflows/main.windows.temurin.lts.yml
@@ -18,3 +18,9 @@ jobs:
           distribution: 'temurin'
       - name: Build
         run: mvn --errors clean verify site
+      - name: Upload test logs
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: test-logs
+          path: ./com.io7m.dixmont.tests/target/surefire-reports
diff --git a/README.in b/README.in
new file mode 100644
index 0000000..91c89a8
--- /dev/null
+++ b/README.in
@@ -0,0 +1,64 @@
+
+## dixmont
+
+Some useful extension classes for [jackson](https://github.com/FasterXML/jackson).
+
+### Features
+
+  * Restricted JSON deserializer for preventing reflection-based serialization attacks.
+  * Written in pure Java 17.
+  * [OSGi](https://www.osgi.org/) ready.
+  * [JPMS](https://en.wikipedia.org/wiki/Java_Platform_Module_System) ready.
+  * ISC license.
+  * High-coverage automated test suite.
+
+### Motivation
+
+Systems that use reflection to deserialize data are typically subject to
+[deserialization attacks](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).
+The [jackson](https://github.com/FasterXML/jackson) JSON library is no
+exception to this.
+
+The `dixmont` package provides a blunt and brute-force means to reduce the
+impact of attacks: All of the permitted classes that can be deserialized are
+listed, and everything else is rejected.
+
+### Building
+
+```
+$ mvn clean verify
+```
+
+### Usage
+
+Create a restricted serializer that is permitted to deserialize only the
+given classes and no others, and then register it with an `ObjectMapper`:
+
+```
+var serializers =
+  DmJsonRestrictedDeserializers.builder()
+    .allowClass(Optional.class)
+    .allowClass(Path.class)
+    .allowClass(String.class)
+    .allowClass(URI.class)
+    .allowClass(int.class)
+    .allowClass(double.class)
+    .allowClass(List.class)
+    .allowClassName(
+      "java.util.Optional<java.lang.Integer>")
+    .allowClassName(
+      "java.util.List<java.lang.String>")
+    .build();
+
+var mapper =
+  JsonMapper.builder()
+    .build();
+
+final var simpleModule = new SimpleModule();
+simpleModule.setDeserializers(this.serializers);
+mapper.registerModule(simpleModule);
+```
+
+Parser code using the given `ObjectMapper` will be prevented from deserializing
+values of anything other than the given classes. Hostile JSON text that attempts
+to get the deserializer to instantiate other classes will fail.
diff --git a/README.md b/README.md
index f829e89..6498a7d 100644
--- a/README.md
+++ b/README.md
@@ -13,3 +13,68 @@ dixmont
 | OpenJDK (Temurin) LTS | Linux | [![Build (OpenJDK (Temurin) LTS, Linux)](https://img.shields.io/github/actions/workflow/status/io7m/dixmont/main.linux.temurin.lts.yml)](https://github.com/io7m/dixmont/actions?query=workflow%3Amain.linux.temurin.lts)|
 | OpenJDK (Temurin) Current | Windows | [![Build (OpenJDK (Temurin) Current, Windows)](https://img.shields.io/github/actions/workflow/status/io7m/dixmont/main.windows.temurin.current.yml)](https://github.com/io7m/dixmont/actions?query=workflow%3Amain.windows.temurin.current)|
 | OpenJDK (Temurin) LTS | Windows | [![Build (OpenJDK (Temurin) LTS, Windows)](https://img.shields.io/github/actions/workflow/status/io7m/dixmont/main.windows.temurin.lts.yml)](https://github.com/io7m/dixmont/actions?query=workflow%3Amain.windows.temurin.lts)|
+
+## dixmont
+
+Some useful extension classes for [jackson](https://github.com/FasterXML/jackson).
+
+### Features
+
+  * Restricted JSON deserializer for preventing reflection-based serialization attacks.
+  * Written in pure Java 17.
+  * [OSGi](https://www.osgi.org/) ready.
+  * [JPMS](https://en.wikipedia.org/wiki/Java_Platform_Module_System) ready.
+  * ISC license.
+  * High-coverage automated test suite.
+
+### Motivation
+
+Systems that use reflection to deserialize data are typically subject to
+[deserialization attacks](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html).
+The [jackson](https://github.com/FasterXML/jackson) JSON library is no
+exception to this.
+
+The `dixmont` package provides a blunt and brute-force means to reduce the
+impact of attacks: All of the permitted classes that can be deserialized are
+listed, and everything else is rejected.
+
+### Building
+
+```
+$ mvn clean verify
+```
+
+### Usage
+
+Create a restricted serializer that is permitted to deserialize only the
+given classes and no others, and then register it with an `ObjectMapper`:
+
+```
+var serializers =
+  DmJsonRestrictedDeserializers.builder()
+    .allowClass(Optional.class)
+    .allowClass(Path.class)
+    .allowClass(String.class)
+    .allowClass(URI.class)
+    .allowClass(int.class)
+    .allowClass(double.class)
+    .allowClass(List.class)
+    .allowClassName(
+      "java.util.Optional<java.lang.Integer>")
+    .allowClassName(
+      "java.util.List<java.lang.String>")
+    .build();
+
+var mapper =
+  JsonMapper.builder()
+    .build();
+
+final var simpleModule = new SimpleModule();
+simpleModule.setDeserializers(this.serializers);
+mapper.registerModule(simpleModule);
+```
+
+Parser code using the given `ObjectMapper` will be prevented from deserializing
+values of anything other than the given classes. Hostile JSON text that attempts
+to get the deserializer to instantiate other classes will fail.
+
diff --git a/com.io7m.dixmont.colors/pom.xml b/com.io7m.dixmont.colors/pom.xml
index 941605b..d8b969b 100644
--- a/com.io7m.dixmont.colors/pom.xml
+++ b/com.io7m.dixmont.colors/pom.xml
@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.dixmont</artifactId>
     <groupId>com.io7m.dixmont</groupId>
-    <version>0.0.3-SNAPSHOT</version>
+    <version>1.0.0-SNAPSHOT</version>
   </parent>
   <artifactId>com.io7m.dixmont.colors</artifactId>
 
diff --git a/com.io7m.dixmont.core/pom.xml b/com.io7m.dixmont.core/pom.xml
index 74da3f1..66c8032 100644
--- a/com.io7m.dixmont.core/pom.xml
+++ b/com.io7m.dixmont.core/pom.xml
@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.dixmont</artifactId>
     <groupId>com.io7m.dixmont</groupId>
-    <version>0.0.3-SNAPSHOT</version>
+    <version>1.0.0-SNAPSHOT</version>
   </parent>
   <artifactId>com.io7m.dixmont.core</artifactId>
 
diff --git a/com.io7m.dixmont.tests/pom.xml b/com.io7m.dixmont.tests/pom.xml
index 8602f1f..032485a 100644
--- a/com.io7m.dixmont.tests/pom.xml
+++ b/com.io7m.dixmont.tests/pom.xml
@@ -9,7 +9,7 @@
   <parent>
     <artifactId>com.io7m.dixmont</artifactId>
     <groupId>com.io7m.dixmont</groupId>
-    <version>0.0.3-SNAPSHOT</version>
+    <version>1.0.0-SNAPSHOT</version>
   </parent>
   <artifactId>com.io7m.dixmont.tests</artifactId>
 
diff --git a/pom.xml b/pom.xml
index dac0ef2..f85a002 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,12 +8,12 @@
   <parent>
     <groupId>com.io7m.primogenitor</groupId>
     <artifactId>com.io7m.primogenitor.full</artifactId>
-    <version>7.5.0</version>
+    <version>7.7.0</version>
   </parent>
 
   <groupId>com.io7m.dixmont</groupId>
   <artifactId>com.io7m.dixmont</artifactId>
-  <version>0.0.3-SNAPSHOT</version>
+  <version>1.0.0-SNAPSHOT</version>
 
   <packaging>pom</packaging>
   <name>com.io7m.dixmont</name>
@@ -27,9 +27,8 @@
   </modules>
 
   <properties>
-    <com.io7m.xstructural.version>1.2.0</com.io7m.xstructural.version>
     <io7m.api.previousVersion>0.0.1-SNAPSHOT</io7m.api.previousVersion>
-    <jackson.version>2.15.0</jackson.version>
+    <jackson.version>2.15.2</jackson.version>
     <org.immutables.version>2.8.8</org.immutables.version>
     <junit.version>5.9.3</junit.version>
   </properties>
@@ -152,21 +151,6 @@
     </pluginManagement>
 
     <plugins>
-      <!-- Generate immutables.org types -->
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <annotationProcessorPaths>
-            <dependency>
-              <groupId>org.immutables</groupId>
-              <artifactId>value</artifactId>
-              <version>${org.immutables.version}</version>
-            </dependency>
-          </annotationProcessorPaths>
-        </configuration>
-      </plugin>
-
       <!-- Generate a site -->
       <plugin>
         <groupId>com.io7m.minisite</groupId>