Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate to httpclient5 #197

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

strangelookingnerd
Copy link
Contributor

@strangelookingnerd strangelookingnerd commented Feb 20, 2025

Replaces outdated httpclient4 with the successor httpclient5.

Iam well aware that this is a quite large changeset however I hope that there is still interest in this PR and it will be reviewed.
If there are any questions, please do not hesitate to ping me.

Testing done

mvn clean verify and some manual testing.

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@strangelookingnerd strangelookingnerd requested a review from a team as a code owner February 20, 2025 10:25
}
}

private void configureTimeoutAndSsl(HttpClientBuilder clientBuilder) throws NoSuchAlgorithmException, KeyManagementException {

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Generally unsafe method calls Warning

Potentially unsafe invocation of SSLContext#init
}
return items;
}
public ListBoxModel doFillResponseHandleItems() {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in DescriptorImpl#doFillResponseHandleItems
}
return items;
}
public ListBoxModel doFillResponseHandleItems() {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If DescriptorImpl#doFillResponseHandleItems connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
@QueryParameter String url) {
return HttpRequest.DescriptorImpl.fillAuthenticationItems(project, url);
}
public ListBoxModel doFillProxyAuthenticationItems(@AncestorInPath Item project,

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If DescriptorImpl#doFillProxyAuthenticationItems connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

public FormValidation doCheckValidResponseCodes(@QueryParameter String value) {
public FormValidation doCheckValidResponseCodes(@QueryParameter String value) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in DescriptorImpl#doCheckValidResponseCodes

public FormValidation doCheckValidResponseCodes(@QueryParameter String value) {
public FormValidation doCheckValidResponseCodes(@QueryParameter String value) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If DescriptorImpl#doCheckValidResponseCodes connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

private final String keyName;
private final String keyName;

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Plaintext password storage Warning

Field should be reviewed whether it stores a password and is serialized to disk: keyName
private final String keyName;
@Serial
private static final long serialVersionUID = -4370238820437831639L;
private final String keyName;

Check warning

Code scanning / Jenkins Security Scan

Jenkins: Plaintext password storage Warning

Field should be reviewed whether it stores a password and is serialized to disk: keyName
* Migrate imports, classes and methods
* Reduce usage of deprecated classes and methods
* Minor code cleanup
@strangelookingnerd
Copy link
Contributor Author

Jenkins Security Scan alerts are unrelated to these changes and should be adressed in a separate PR.

@gounthar
Copy link
Contributor

It looks like the build failure has nothing to do with your code modification:
10:19:45 ExecutionException The forked VM terminated without properly saying goodbye. VM crash or System.exit called?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants