bump Apache Commons lang3 to 3.18.0

opengrok-indexer/src/test/java/org/opengrok/indexer/web/DummyHttpServletRequest.java

@@ -77,7 +77,7 @@ public long getCreationTime() {
 
         @Override
         public String getId() {
-            return RandomStringUtils.random(32, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.");
+            return RandomStringUtils.secure().next(32, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.");
         }
 
         @Override

opengrok-web/src/main/java/org/opengrok/web/api/v1/suggester/parser/SuggesterQueryDataParser.java

@@ -18,7 +18,7 @@
  */
 
 /*
- * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 package org.opengrok.web.api.v1.suggester.parser;
 
@@ -110,11 +110,11 @@ private static ProcessedQueryData processQuery(final String text, final int care
 
         logger.log(Level.FINEST, "Processing suggester query: {0} at {1}", new Object[] {text, caretPosition});
 
-        String randomIdentifier = RandomStringUtils.
-                randomAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT
+        String randomIdentifier = RandomStringUtils.secure().
+                nextAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT
         while (text.contains(randomIdentifier)) {
-            randomIdentifier = RandomStringUtils.
-                    randomAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT
+            randomIdentifier = RandomStringUtils.secure().
+                    nextAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT
         }
 
         String newText = new StringBuilder(text).insert(caretPosition, randomIdentifier).toString();

plugins/src/test/java/opengrok/auth/plugin/FalsePluginTest.java

@@ -19,6 +19,7 @@
 
 /*
  * Copyright (c) 2020, Chris Fraire <[email protected]>.
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
  */
 package opengrok.auth.plugin;
 
@@ -62,27 +63,27 @@ void shouldUnload() {
     @Test
     void shouldNotAllowRandomUserForAnyProject() {
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8)));
+        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8)));
 
-        Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomProject);
         assertFalse(projectAllowed, "should not allow rando for random project 1");
 
-        randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomProject);
         assertFalse(projectAllowed, "should not allow rando for random project 2");
     }
 
     @Test
     void shouldNotAllowRandomUserForAnyGroup() {
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8)));
+        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8)));
 
-        Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomGroup);
         assertFalse(projectAllowed, "should not allow rando for random group 1");
 
-        randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomGroup);
         assertFalse(projectAllowed, "should not allow rando for random group 2");
     }

plugins/src/test/java/opengrok/auth/plugin/TruePluginTest.java

@@ -19,6 +19,7 @@
 
 /*
  * Copyright (c) 2020, Chris Fraire <[email protected]>.
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
  */
 package opengrok.auth.plugin;
 
@@ -62,27 +63,27 @@ void shouldUnload() {
     @Test
     void shouldAllowRandomUserForAnyProject() {
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8)));
+        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8)));
 
-        Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomProject);
         assertTrue(projectAllowed, "should allow rando for random project 1");
 
-        randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomProject);
         assertTrue(projectAllowed, "should allow rando for random project 2");
     }
 
     @Test
     void shouldAllowRandomUserForAnyGroup() {
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8)));
+        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8)));
 
-        Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomGroup);
         assertTrue(projectAllowed, "should allow rando for random group 1");
 
-        randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomGroup);
         assertTrue(projectAllowed, "should allow rando for random group 2");
     }

plugins/src/test/java/opengrok/auth/plugin/UserWhiteListPluginTest.java

@@ -19,7 +19,7 @@
 
 /*
  * Copyright (c) 2020, Chris Fraire <[email protected]>.
- * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 package opengrok.auth.plugin;
 
@@ -141,7 +141,7 @@ void shouldThrowOnLoadIfUnreadableFileSpecified(String param) {
         init(param);
         HashMap<String, Object> unreadablePluginParameters = new HashMap<>();
         unreadablePluginParameters.put(UserWhiteListPlugin.FILE_PARAM,
-                RandomStringUtils.randomAlphanumeric(24));
+                RandomStringUtils.secure().nextAlphanumeric(24));
 
         IllegalArgumentException caughtException = null;
         try {
@@ -188,8 +188,9 @@ void shouldStripWhitespaceFromWhitelists(String param) throws IOException {
         }
 
         // Make sure there as some entries with trailing spaces in the file.
-        Stream<String> stream = Files.lines(tmpFile.toPath());
-        assertTrue(stream.anyMatch(s -> s.startsWith(" ") || s.endsWith(" ")));
+        try (Stream<String> stream = Files.lines(tmpFile.toPath())) {
+            assertTrue(stream.anyMatch(s -> s.startsWith(" ") || s.endsWith(" ")));
+        }
 
         pluginParameters.put(UserWhiteListPlugin.FILE_PARAM, tmpFile.toString());
         plugin.load(pluginParameters);
@@ -221,11 +222,11 @@ void shouldAllowWhitelistedUserForAnyProject(String param) {
         }
         req.setAttribute(UserPlugin.REQUEST_ATTR, user);
 
-        Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomProject);
         assertTrue(projectAllowed, "should allow OK entity for random project 1");
 
-        randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomProject);
         assertTrue(projectAllowed, "should allow OK entity for random project 2");
     }
@@ -237,13 +238,13 @@ void shouldNotAllowRandomUserForAnyProject(String param) {
         plugin.load(validPluginParameters);
 
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8)));
+        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8)));
 
-        Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomProject);
         assertFalse(projectAllowed, "should not allow random user for random project 1");
 
-        randomProject = new Project(RandomStringUtils.randomAlphanumeric(10));
+        randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomProject);
         assertFalse(projectAllowed, "should not allow random user for random project 2");
     }
@@ -263,11 +264,11 @@ void shouldAllowWhitelistedUserForAnyGroup(String param) {
         }
         req.setAttribute(UserPlugin.REQUEST_ATTR, user);
 
-        Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean groupAllowed = plugin.isAllowed(req, randomGroup);
         assertTrue(groupAllowed, "should allow OK entity for random group 1");
 
-        randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         groupAllowed = plugin.isAllowed(req, randomGroup);
         assertTrue(groupAllowed, "should allow OK entity for random group 2");
     }
@@ -279,13 +280,13 @@ void shouldNotAllowRandomUserForAnyGroup(String param) {
         plugin.load(validPluginParameters);
 
         DummyHttpServletRequest req = new DummyHttpServletRequest();
-        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8)));
+        req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8)));
 
-        Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         boolean projectAllowed = plugin.isAllowed(req, randomGroup);
         assertFalse(projectAllowed, "should not allow random group 1");
 
-        randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10));
+        randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10));
         projectAllowed = plugin.isAllowed(req, randomGroup);
         assertFalse(projectAllowed, "should not allow random group 2");
     }

plugins/src/test/java/opengrok/auth/plugin/util/DummyHttpServletRequestLdap.java

@@ -18,7 +18,7 @@
  */
 
 /*
- * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 package opengrok.auth.plugin.util;
 
@@ -69,7 +69,7 @@ public String getId() {
             if ((user = (User) getAttribute(UserPlugin.REQUEST_ATTR)) != null) {
                 return user.getUsername();
             }
-            return RandomStringUtils.randomAlphanumeric(5);
+            return RandomStringUtils.secure().nextAlphanumeric(5);
         }
 
         @Override

pom.xml

@@ -72,7 +72,7 @@ Portions Copyright (c) 2018, 2020, Chris Fraire <[email protected]>.
         <junit.version>5.10.0</junit.version>
         <hamcrest.version>2.2</hamcrest.version>
         <maven-surefire.version>3.0.0-M5</maven-surefire.version>
-        <apache-commons-lang3.version>3.13.0</apache-commons-lang3.version>
+        <apache-commons-lang3.version>3.18.0</apache-commons-lang3.version>
         <micrometer.version>1.14.1</micrometer.version>
         <mockito.version>5.17.0</mockito.version>
         <commons-io.version>2.14.0</commons-io.version>