The build is broken. This maybe should have been a git revert instead of a plain commit.
Gary On Wed, May 22, 2024, 2:00 PM <joc...@apache.org> wrote: > This is an automated email from the ASF dual-hosted git repository. > > jochen pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/commons-lang.git > > > The following commit(s) were added to refs/heads/master by this push: > new 9980cf11e Undoing 3322d974876b8d4f934d3544967103ebbcaef726 > 9980cf11e is described below > > commit 9980cf11e36ee58bf8556188bf252946f290b6c8 > Author: Jochen Wiedmann <jochen.wiedm...@gmail.com> > AuthorDate: Wed May 22 20:00:10 2024 +0200 > > Undoing 3322d974876b8d4f934d3544967103ebbcaef726 > --- > src/changes/changes.xml | 1 - > .../apache/commons/lang3/annotations/Insecure.java | 48 ----------------- > .../org/apache/commons/lang3/annotations/Safe.java | 61 > ---------------------- > .../commons/lang3/annotations/package-info.java | 37 ------------- > 4 files changed, 147 deletions(-) > > diff --git a/src/changes/changes.xml b/src/changes/changes.xml > index b69e1f8a2..34841687a 100644 > --- a/src/changes/changes.xml > +++ b/src/changes/changes.xml > @@ -140,7 +140,6 @@ The <action> type attribute can be > add,update,fix,remove. > <action type="update" dev="ggregory" > due-to="Dependabot">Bump org.apache.commons:commons-text from 1.11.0 to > 1.12.0 #1200.</action> > <!-- REMOVE --> > <action type="remove" dev="ggregory" > due-to="Paranoïd User">Drop obsolete JDK 13 Maven profile #1142.</action> > - <action type="add" dev="jochen">Added the > annotations package, including the Insecure, and Safe annotations.</action> > </release> > <release version="3.14.0" date="2023-11-18" description="New features > and bug fixes (Java 8 or above)."> > <!-- FIX --> > diff --git > a/src/main/java/org/apache/commons/lang3/annotations/Insecure.java > b/src/main/java/org/apache/commons/lang3/annotations/Insecure.java > deleted file mode 100644 > index 2802f1189..000000000 > --- a/src/main/java/org/apache/commons/lang3/annotations/Insecure.java > +++ /dev/null > @@ -1,48 +0,0 @@ > -/* > - * Licensed to the Apache Software Foundation (ASF) under one or more > - * contributor license agreements. See the NOTICE file distributed with > - * this work for additional information regarding copyright ownership. > - * The ASF licenses this file to You under the Apache License, Version 2.0 > - * (the "License"); you may not use this file except in compliance with > - * the License. You may obtain a copy of the License at > - * > - * http://www.apache.org/licenses/LICENSE-2.0 > - * > - * Unless required by applicable law or agreed to in writing, software > - * distributed under the License is distributed on an "AS IS" BASIS, > - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > - * See the License for the specific language governing permissions and > - * limitations under the License. > - */ > -package org.apache.commons.lang3.annotations; > - > -import java.lang.annotation.Documented; > -import java.lang.annotation.ElementType; > -import java.lang.annotation.Retention; > -import java.lang.annotation.RetentionPolicy; > -import java.lang.annotation.Target; > - > -/** > - * This annotation is used to indicate, that a constructor, or method > - * is insecure to use, unless the input parameters contain safe > ("trusted") > - * values. > - * > - * For example, consider a method like <pre> > - * {@literal @Insecure} > - * public void runCommand(String pCmdLine) { > - * } > - * </pre> > - * > - * The example method would invoke {@code /bin/sh} (Linux, Unix, or > MacOS), or > - * {@code cmd} (Windows) to run an external command, as given by the > parameter > - * {@code pCmdLine}. Obviously, depending on the value of the parameter, > - * this can be dangerous, unless the API user (downstream developer) > - * <em>knows</em>, that the parameter value is safe (for example, because > it > - * is hard coded, or because it has been compared to a white list of > - * permissible values). > - */ > -@Retention(RetentionPolicy.RUNTIME) > -@Target({ElementType.CONSTRUCTOR, ElementType.METHOD}) > -@Documented > -public @interface Insecure { > -} > diff --git a/src/main/java/org/apache/commons/lang3/annotations/Safe.java > b/src/main/java/org/apache/commons/lang3/annotations/Safe.java > deleted file mode 100644 > index c3a710cf2..000000000 > --- a/src/main/java/org/apache/commons/lang3/annotations/Safe.java > +++ /dev/null > @@ -1,61 +0,0 @@ > -/* > - * Licensed to the Apache Software Foundation (ASF) under one or more > - * contributor license agreements. See the NOTICE file distributed with > - * this work for additional information regarding copyright ownership. > - * The ASF licenses this file to You under the Apache License, Version 2.0 > - * (the "License"); you may not use this file except in compliance with > - * the License. You may obtain a copy of the License at > - * > - * http://www.apache.org/licenses/LICENSE-2.0 > - * > - * Unless required by applicable law or agreed to in writing, software > - * distributed under the License is distributed on an "AS IS" BASIS, > - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > - * See the License for the specific language governing permissions and > - * limitations under the License. > - */ > -package org.apache.commons.lang3.annotations; > - > -import java.lang.annotation.Documented; > -import java.lang.annotation.ElementType; > -import java.lang.annotation.Retention; > -import java.lang.annotation.RetentionPolicy; > -import java.lang.annotation.Target; > - > -/** > - * This annotation is used to indicate, that a variable, field, or > parameter > - * contains a safe value. If so, the annotated element may be used in an > - * invocation of a constructor, or method, which is annotated with > - * {@code @Insecure}. > - * > - * For example, suggest the following method declaration: > - * <pre> > - * {@literal @Insecure} > - * public void runCommand(String pCmdLine) { > - * } > - * </pre> > - * > - * Based on the example, this piece of source code would be invalid: > - * <pre>{@code > - * String cmdLine = "echo" + " " + "okay"; > - * // It is unknown, whether the {@code cmdLine} variable contains a > safe value. > - * // Thus, the following should be considered dangerous: > - * runCommand(cmdLine); > - * }</pre> > - * > - * In the following example, however, the value of {@code cmdLine} is > - * supposed to be safe, so it may be used when invoking the {@code > runCommand} > - * method. > - * <pre> > - * {@literal @Safe} String cmdLine = "echo" + " " + "okay"; > - * // It is unknown, whether the {@code cmdLine} variable contains a > safe value. > - * // Thus, the following should be considered dangerous: > - * runCommand(cmdLine); > - * </pre> > - */ > -@Retention(RetentionPolicy.RUNTIME) > -@Target({ElementType.LOCAL_VARIABLE, ElementType.FIELD, > ElementType.PARAMETER}) > -@Documented > -public @interface Safe { > - > -} > diff --git > a/src/main/java/org/apache/commons/lang3/annotations/package-info.java > b/src/main/java/org/apache/commons/lang3/annotations/package-info.java > deleted file mode 100644 > index 720d61069..000000000 > --- a/src/main/java/org/apache/commons/lang3/annotations/package-info.java > +++ /dev/null > @@ -1,37 +0,0 @@ > -/* > - * Licensed to the Apache Software Foundation (ASF) under one or more > - * contributor license agreements. See the NOTICE file distributed with > - * this work for additional information regarding copyright ownership. > - * The ASF licenses this file to You under the Apache License, Version 2.0 > - * (the "License"); you may not use this file except in compliance with > - * the License. You may obtain a copy of the License at > - * > - * http://www.apache.org/licenses/LICENSE-2.0 > - * > - * Unless required by applicable law or agreed to in writing, software > - * distributed under the License is distributed on an "AS IS" BASIS, > - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > - * See the License for the specific language governing permissions and > - * limitations under the License. > - */ > - > -/** > - * Provides annotations, that are designed to aim in static code analysis, > - * and other areas of self-describing code. As of this writing, the > following > - * annotations are available: > - * <dl> > - * <dt>{@link Insecure}</dt> > - * <dd>Indicates, that a constructor, method, or parameter should only > - * take input, that can be considered as <em>safe</em>. > - * The API user (the downstream developer) is supposed to ensure, by > - * whatever means, that the input is safe, and doesn't trigger any > - * security related issues.</dd> > - * <dt>{@link Safe}</dt> > - * <dd>By annotating a variable with {@code @Safe}, the API user > - * declares, that the variable contains trusted input, that can be > - * used as a parameter in an invocation of a constructor, or method, > - * that is annotated with {@code @Insecure}.</dd> > - * </dl> > - * @since 3.15 > - */ > -package org.apache.commons.lang3.annotations; > >
