I am trying to expend the XML rule to scan through the POM.xml file to capture unapproved usage of library so my requirements are below
Minimum allowed version: 1.7.0
Version: 1.9.2
what is the pattern I should use
Rebse
(Gilbert Rebhan)
April 12, 2024, 5:31pm
2
Welcome
not sure if you’re able to extend the xml rules, but maybe this community plugin is an option !?
Gilbert
in the shown screenshot this is the template we reusing to check the dependency version I want to understand more on the pattern to be used
Rebse
(Gilbert Rebhan)
April 15, 2024, 1:43pm
4
The parameters of xml:S3417 are explained in detail, what is the problem?
I used the below pattern to limit the dependency version from 1.7.3 and above but it is not working
1.0-7.0-2
Rebse
(Gilbert Rebhan)
April 15, 2024, 2:25pm
6
Never used this template so far, but i would try 1.7.3-*
as dependency version pattern for your case.
HI,
the pattern is for the negative case not the positive … so the pattern should indicate which versions are not allowed where the pattern you have shared is for the positive scenario
Rebse
(Gilbert Rebhan)
April 16, 2024, 7:20am
8
Hi,
you’re right, after checking the sources
/*
* SonarQube XML Plugin
* Copyright (C) 2010-2024 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.plugins.xml.checks.maven;
This file has been truncated. show original
/*
* SonarQube XML Plugin
* Copyright (C) 2010-2024 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
package org.sonar.plugins.xml.checks.maven;
This file has been truncated. show original
and the informations here
HTTP Connector Release Notes - Mule 4 | MuleSoft Documentation has version 1.1.0 (deprecated) listed as first version - don’t know if there are other versions in the wild.
the pattern should be something like that !?
0.*.*-1.7.3
or
1.1.0-1.7.3
EDIT
according to this test
this should also work
*-1.7.3
Gilbert
yes this is working … the only comment is the range is inclusive which means if 1.7.3 is allowed you have to do *-1.7.2 … otherwise works like magic … .thanks a lot
1 Like
system
(system)
Closed
April 23, 2024, 9:11am
10
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.