diff --git a/.github/sync-repo-settings.yaml b/.github/sync-repo-settings.yaml index aed3a5713..8d21f4666 100644 --- a/.github/sync-repo-settings.yaml +++ b/.github/sync-repo-settings.yaml @@ -8,6 +8,7 @@ branchProtectionRules: requiresCodeOwnerReviews: true requiresStrictStatusChecks: false requiredStatusCheckContexts: + - units (7) - units (8) - units (11) - windows diff --git a/.github/workflows/ci-java7.yaml b/.github/workflows/ci-java7.yaml new file mode 100644 index 000000000..2c8257d45 --- /dev/null +++ b/.github/workflows/ci-java7.yaml @@ -0,0 +1,62 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# Github action job to test core java library features on +# downstream client libraries before they are released. +on: + push: + branches: + - main + pull_request: +name: ci-java7 +jobs: + units: + name: "units (7)" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-java@v1 + # setup-java v2 or higher does not have version 1.7 + with: + version: 1.7 + architecture: x64 + - run: | + java -version + # This value is used in "-Djvm=" later + echo "JAVA7_HOME=${JAVA_HOME}" >> $GITHUB_ENV + - uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: temurin + - name: Set up Maven + uses: stCarolas/setup-maven@v4.5 + with: + maven-version: 3.8.8 + - name: Build + shell: bash + run: | + # Leveraging surefire's jvm option, running the test on Java 7. + # Surefire plugin 2.22.2 is the last version for Java 7. Newer version would fail with + # "UnsupportedClassVersionError: org/apache/maven/surefire/booter/ForkedBooter" error. + + # Why are these modules are skipped? + # google-http-client-jackson2 and google-http-client-appengine do not work with Java 7 + # any more because of Jackson and appengine library are compiled for Java 8. + # dailymotion-simple-cmdline-sample and google-http-client-assembly depend on + # google-http-client-jackson2 + mvn --batch-mode --show-version -ntp test \ + --projects '!google-http-client-jackson2,!google-http-client-appengine,!samples/dailymotion-simple-cmdline-sample,!google-http-client-assembly' \ + -Dclirr.skip=true -Denforcer.skip=true -Dmaven.javadoc.skip=true \ + -Dgcloud.download.skip=true -T 1C \ + -Dproject.surefire.version=2.22.2 \ + -Djvm=${JAVA7_HOME}/bin/java diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 000000000..fa7beedc3 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,72 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '15 0 * * 4' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + with: + sarif_file: results.sarif diff --git a/CHANGELOG.md b/CHANGELOG.md index c981336d5..ee6e5c0e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [1.43.2](https://github.com/googleapis/google-http-java-client/compare/v1.43.1...v1.43.2) (2023-05-09) + + +### Bug Fixes + +* UriTemplate reserved expansion does not escape reserved chars ([#1844](https://github.com/googleapis/google-http-java-client/issues/1844)) ([91c46a9](https://github.com/googleapis/google-http-java-client/commit/91c46a99b0b9464d01b5aca2116bbe073b878725)), closes [#1838](https://github.com/googleapis/google-http-java-client/issues/1838) + ## [1.43.1](https://github.com/googleapis/google-http-java-client/compare/v1.43.0...v1.43.1) (2023-03-14) diff --git a/README.md b/README.md index b9aa0f867..ab51e6e53 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,8 @@ content. The JSON and XML libraries are also fully pluggable, and they include s The library supports the following Java environments: - Java 7 or higher + - The google-http-client-jackson2 and google-http-client-appengine modules require Java 8 or + higher due to their dependencies. - Android 4.4 (Kit Kat) - GoogleAppEngine Google App Engine diff --git a/google-http-client-android-test/pom.xml b/google-http-client-android-test/pom.xml index e93992041..8025ba083 100644 --- a/google-http-client-android-test/pom.xml +++ b/google-http-client-android-test/pom.xml @@ -4,7 +4,7 @@ google-http-client google-http-client-android-test Test project for google-http-client-android. - 1.43.1 + 1.43.2 apk @@ -53,7 +53,7 @@ com.google.http-client google-http-client-android - 1.43.1 + 1.43.2 android @@ -72,7 +72,7 @@ com.google.http-client google-http-client-test - 1.43.1 + 1.43.2 junit diff --git a/google-http-client-android/pom.xml b/google-http-client-android/pom.xml index 018d87c19..2d6901e40 100644 --- a/google-http-client-android/pom.xml +++ b/google-http-client-android/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-android - 1.43.1 + 1.43.2 Android Platform Extensions to the Google HTTP Client Library for Java. diff --git a/google-http-client-apache-v2/pom.xml b/google-http-client-apache-v2/pom.xml index e03822626..685d5788b 100644 --- a/google-http-client-apache-v2/pom.xml +++ b/google-http-client-apache-v2/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-apache-v2 - 1.43.1 + 1.43.2 Apache HTTP transport v2 for the Google HTTP Client Library for Java. diff --git a/google-http-client-apache-v2/src/main/java/com/google/api/client/http/apache/v2/ApacheHttpTransport.java b/google-http-client-apache-v2/src/main/java/com/google/api/client/http/apache/v2/ApacheHttpTransport.java index fcbbecf2d..ccf736f84 100644 --- a/google-http-client-apache-v2/src/main/java/com/google/api/client/http/apache/v2/ApacheHttpTransport.java +++ b/google-http-client-apache-v2/src/main/java/com/google/api/client/http/apache/v2/ApacheHttpTransport.java @@ -46,8 +46,8 @@ *

Default settings are specified in {@link #newDefaultHttpClient()}. Use the {@link * #ApacheHttpTransport(HttpClient)} constructor to override the Apache HTTP Client used. Please * read the Apache HTTP - * Client connection management tutorial for more complex configuration options. + * href="https://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/pdf/httpclient-tutorial.pdf"> + * Apache HTTP Client connection management tutorial for more complex configuration options. * * @since 1.30 * @author Yaniv Inbar diff --git a/google-http-client-appengine/pom.xml b/google-http-client-appengine/pom.xml index bbb6c6e56..3a3eaed3e 100644 --- a/google-http-client-appengine/pom.xml +++ b/google-http-client-appengine/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-appengine - 1.43.1 + 1.43.2 Google App Engine extensions to the Google HTTP Client Library for Java. diff --git a/google-http-client-assembly/pom.xml b/google-http-client-assembly/pom.xml index 437c173c7..6e1715903 100644 --- a/google-http-client-assembly/pom.xml +++ b/google-http-client-assembly/pom.xml @@ -4,12 +4,12 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml com.google.http-client google-http-client-assembly - 1.43.1 + 1.43.2 pom Assembly for the Google HTTP Client Library for Java diff --git a/google-http-client-bom/pom.xml b/google-http-client-bom/pom.xml index 27ab6c2b0..6a66d5943 100644 --- a/google-http-client-bom/pom.xml +++ b/google-http-client-bom/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.google.http-client google-http-client-bom - 1.43.1 + 1.43.2 pom Google HTTP Client Library for Java BOM @@ -63,52 +63,52 @@ com.google.http-client google-http-client - 1.43.1 + 1.43.2 com.google.http-client google-http-client-android - 1.43.1 + 1.43.2 com.google.http-client google-http-client-apache-v2 - 1.43.1 + 1.43.2 com.google.http-client google-http-client-appengine - 1.43.1 + 1.43.2 com.google.http-client google-http-client-findbugs - 1.43.1 + 1.43.2 com.google.http-client google-http-client-gson - 1.43.1 + 1.43.2 com.google.http-client google-http-client-jackson2 - 1.43.1 + 1.43.2 com.google.http-client google-http-client-protobuf - 1.43.1 + 1.43.2 com.google.http-client google-http-client-test - 1.43.1 + 1.43.2 com.google.http-client google-http-client-xml - 1.43.1 + 1.43.2 diff --git a/google-http-client-findbugs/pom.xml b/google-http-client-findbugs/pom.xml index 2f6511c9e..32e4848dd 100644 --- a/google-http-client-findbugs/pom.xml +++ b/google-http-client-findbugs/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-findbugs - 1.43.1 + 1.43.2 Google APIs Client Library Findbugs custom plugin. diff --git a/google-http-client-gson/pom.xml b/google-http-client-gson/pom.xml index a5b1dceed..09135e7a6 100644 --- a/google-http-client-gson/pom.xml +++ b/google-http-client-gson/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-gson - 1.43.1 + 1.43.2 GSON extensions to the Google HTTP Client Library for Java. diff --git a/google-http-client-jackson2/pom.xml b/google-http-client-jackson2/pom.xml index 06a095475..ccbebf555 100644 --- a/google-http-client-jackson2/pom.xml +++ b/google-http-client-jackson2/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-jackson2 - 1.43.1 + 1.43.2 Jackson 2 extensions to the Google HTTP Client Library for Java. diff --git a/google-http-client-protobuf/pom.xml b/google-http-client-protobuf/pom.xml index d39bf44ca..2b5d64fb0 100644 --- a/google-http-client-protobuf/pom.xml +++ b/google-http-client-protobuf/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-protobuf - 1.43.1 + 1.43.2 Protocol Buffer extensions to the Google HTTP Client Library for Java. diff --git a/google-http-client-test/pom.xml b/google-http-client-test/pom.xml index 1894277d7..c74b04f95 100644 --- a/google-http-client-test/pom.xml +++ b/google-http-client-test/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-test - 1.43.1 + 1.43.2 Shared classes used for testing of artifacts in the Google HTTP Client Library for Java. diff --git a/google-http-client-xml/pom.xml b/google-http-client-xml/pom.xml index 681b9cdbd..e0ea47073 100644 --- a/google-http-client-xml/pom.xml +++ b/google-http-client-xml/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client-xml - 1.43.1 + 1.43.2 XML extensions to the Google HTTP Client Library for Java. diff --git a/google-http-client/pom.xml b/google-http-client/pom.xml index 4579a0c8c..649d36236 100644 --- a/google-http-client/pom.xml +++ b/google-http-client/pom.xml @@ -4,11 +4,11 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../pom.xml google-http-client - 1.43.1 + 1.43.2 Google HTTP Client Library for Java Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, diff --git a/google-http-client/src/main/java/com/google/api/client/util/escape/PercentEscaper.java b/google-http-client/src/main/java/com/google/api/client/util/escape/PercentEscaper.java index 3866265a3..601b52c14 100644 --- a/google-http-client/src/main/java/com/google/api/client/util/escape/PercentEscaper.java +++ b/google-http-client/src/main/java/com/google/api/client/util/escape/PercentEscaper.java @@ -64,10 +64,15 @@ public class PercentEscaper extends UnicodeEscaper { public static final String SAFEPATHCHARS_URLENCODER = "-_.!~*'()@:$&,;=+"; /** - * Contains the safe characters plus all reserved characters. This happens to be the safe path - * characters plus those characters which are reserved for URI segments, namely '/' and '?'. + * A string of characters that do not need to be encoded when used in URI Templates reserved + * expansion, as specified in RFC 6570. This includes the safe characters plus all reserved + * characters. + * + *

For details on escaping URI Templates using the reserved expansion, see RFC 6570 - section 3.2.3. */ - public static final String SAFE_PLUS_RESERVED_CHARS_URLENCODER = SAFEPATHCHARS_URLENCODER + "/?"; + public static final String SAFE_PLUS_RESERVED_CHARS_URLENCODER = + SAFEPATHCHARS_URLENCODER + "/?#[]"; /** * A string of characters that do not need to be encoded when used in URI user info part, as diff --git a/google-http-client/src/test/java/com/google/api/client/http/UriTemplateTest.java b/google-http-client/src/test/java/com/google/api/client/http/UriTemplateTest.java index 1a38eeafa..14ebc61b6 100644 --- a/google-http-client/src/test/java/com/google/api/client/http/UriTemplateTest.java +++ b/google-http-client/src/test/java/com/google/api/client/http/UriTemplateTest.java @@ -322,4 +322,30 @@ public void testExpandSeveralTemplatesNoParametersUsed() { SortedMap map = Maps.newTreeMap(); assertEquals("", UriTemplate.expand("{?id,uid}", map, false)); } + + public void testExpandTemplates_reservedExpansion_mustNotEscapeReservedCharSet() { + + String reservedSet = ":/?#[]@!$&'()*+,;="; + + SortedMap requestMap = Maps.newTreeMap(); + requestMap.put("var", reservedSet); + + assertEquals( + "Reserved expansion must not escape chars from reserved set according to rfc6570#section-3.2.3", + reservedSet, + UriTemplate.expand("{+var}", requestMap, false)); + } + + public void testExpandTemplates_reservedExpansion_mustNotEscapeUnreservedCharSet() { + + String unReservedSet = "-._~"; + + SortedMap requestMap = Maps.newTreeMap(); + requestMap.put("var", unReservedSet); + + assertEquals( + "Reserved expansion must not escape chars from unreserved set according to rfc6570#section-3.2.3", + unReservedSet, + UriTemplate.expand("{+var}", requestMap, false)); + } } diff --git a/pom.xml b/pom.xml index 648d95228..d02488ed9 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 pom Parent for the Google HTTP Client Library for Java Google HTTP Client Library for Java @@ -326,7 +326,7 @@ maven-surefire-plugin - 3.0.0-M7 + ${project.surefire.version} -Xmx1024m sponge_log @@ -568,7 +568,7 @@ - google-api-java-client/google-api-client-assembly/android-properties (make the filenames match the version here) - Internally, update the default features.json file --> - 1.43.1 + 1.43.2 2.0.12 UTF-8 3.0.2 @@ -581,6 +581,7 @@ 4.4.16 0.31.1 .. + 3.0.0-M7 false diff --git a/samples/dailymotion-simple-cmdline-sample/pom.xml b/samples/dailymotion-simple-cmdline-sample/pom.xml index b2b80d0a8..700067495 100644 --- a/samples/dailymotion-simple-cmdline-sample/pom.xml +++ b/samples/dailymotion-simple-cmdline-sample/pom.xml @@ -4,7 +4,7 @@ com.google.http-client google-http-client-parent - 1.43.1 + 1.43.2 ../../pom.xml dailymotion-simple-cmdline-sample diff --git a/versions.txt b/versions.txt index c8133569f..a6f6401b9 100644 --- a/versions.txt +++ b/versions.txt @@ -1,17 +1,17 @@ # Format: # module:released-version:current-version -google-http-client:1.43.1:1.43.1 -google-http-client-bom:1.43.1:1.43.1 -google-http-client-parent:1.43.1:1.43.1 -google-http-client-android:1.43.1:1.43.1 -google-http-client-android-test:1.43.1:1.43.1 -google-http-client-apache-v2:1.43.1:1.43.1 -google-http-client-appengine:1.43.1:1.43.1 -google-http-client-assembly:1.43.1:1.43.1 -google-http-client-findbugs:1.43.1:1.43.1 -google-http-client-gson:1.43.1:1.43.1 -google-http-client-jackson2:1.43.1:1.43.1 -google-http-client-protobuf:1.43.1:1.43.1 -google-http-client-test:1.43.1:1.43.1 -google-http-client-xml:1.43.1:1.43.1 +google-http-client:1.43.2:1.43.2 +google-http-client-bom:1.43.2:1.43.2 +google-http-client-parent:1.43.2:1.43.2 +google-http-client-android:1.43.2:1.43.2 +google-http-client-android-test:1.43.2:1.43.2 +google-http-client-apache-v2:1.43.2:1.43.2 +google-http-client-appengine:1.43.2:1.43.2 +google-http-client-assembly:1.43.2:1.43.2 +google-http-client-findbugs:1.43.2:1.43.2 +google-http-client-gson:1.43.2:1.43.2 +google-http-client-jackson2:1.43.2:1.43.2 +google-http-client-protobuf:1.43.2:1.43.2 +google-http-client-test:1.43.2:1.43.2 +google-http-client-xml:1.43.2:1.43.2