Forced use of Woodstox parser for FormatCommand and fixed bug

andrecsilva · andrecsilva · commit 6c76a1a68362 · 2024-12-06T11:14:31.000-03:00
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -15,6 +15,7 @@ picocli = "4.7.0"
 slf4j = "2.0.6"
 guice = "5.1.0"
 dom4j = "2.1.4"
+woodstox = "7.1.0"
 
 [libraries]
 autovalue-annotations = { module = "com.google.auto.value:auto-value-annotations", version.ref = "auto-value" }
@@ -27,6 +28,7 @@ contrast-sarif = "com.contrastsecurity:java-sarif:2.0"
 gson = "com.google.code.gson:gson:2.9.0"
 guice = { module = "com.google.inject:guice", version.ref = "guice" }
 immutables = "org.immutables:value:2.9.0"
+woodstox = { module = "com.fasterxml.woodstox:woodstox-core", version.ref = "woodstox" }
 jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jackson" }
 jackson-yaml = { module = "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", version.ref = "jackson" }
 javadiff = "io.github.java-diff-utils:java-diff-utils:4.12"
diff --git a/plugins/codemodder-plugin-maven/build.gradle.kts b/plugins/codemodder-plugin-maven/build.gradle.kts
@@ -31,4 +31,5 @@ dependencies {
     implementation(libs.diff.match.patch)
     implementation(libs.slf4j.simple)
     implementation(libs.slf4j.api)
+    implementation(libs.woodstox)
 }
diff --git a/plugins/codemodder-plugin-maven/src/main/java/io/codemodder/plugins/maven/MavenProvider.java b/plugins/codemodder-plugin-maven/src/main/java/io/codemodder/plugins/maven/MavenProvider.java
@@ -18,7 +18,7 @@
  *
  * <p>a. We skip parent finding if there's not a relativePath declaration (this is by design), so
  * sometimes pom finding will fail on purpose b. there are several flags on ProjectModelFactory
- * which aren't applied. They relate to verisons, upgrading and particularly: Actives Profiles c. If
+ * which aren't applied. They relate to versions, upgrading and particularly: Actives Profiles c. If
  * you need anything declared in a ~/.m2/settings.xml, we don't support that (e.g., passwords or
  * proxies) d. Haven't tested, but I'm almost sure that it wouldn't work on any repo other than
  * central e. We allow on this module to do online resolution. HOWEVER by default its offline f. You
diff --git a/plugins/codemodder-plugin-maven/src/main/java/io/codemodder/plugins/maven/operator/FormatCommand.java b/plugins/codemodder-plugin-maven/src/main/java/io/codemodder/plugins/maven/operator/FormatCommand.java
@@ -2,6 +2,8 @@
 
 import static io.github.pixee.security.XMLInputFactorySecurity.hardenFactory;
 
+import com.ctc.wstx.evt.CompactStartElement;
+import com.ctc.wstx.stax.WstxInputFactory;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -38,7 +40,7 @@ class FormatCommand extends AbstractCommand {
   private static final Logger LOGGER = LoggerFactory.getLogger(FormatCommand.class);
 
   /** StAX InputFactory */
-  private XMLInputFactory inputFactory = hardenFactory(XMLInputFactory.newInstance());
+  private XMLInputFactory inputFactory = WstxInputFactory.newInstance();
 
   /** StAX OutputFactory */
   private XMLOutputFactory outputFactory = XMLOutputFactory.newInstance();
@@ -270,6 +272,10 @@ private void parseXmlAndCharset(POMDocument pomFile) throws XMLStreamException,
     int elementStart = 0;
     List<XMLEvent> prevEvents = new ArrayList<>();
 
+    System.out.println("=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=");
+    System.out.println(inputFactory.getClass());
+    System.out.println(eventReader.getClass());
+    System.out.println("=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=");
     while (eventReader.hasNext()) {
       XMLEvent event = eventReader.nextEvent();
 
@@ -324,8 +330,15 @@ private void parseXmlAndCharset(POMDocument pomFile) throws XMLStreamException,
           String originalPomCharsetString =
               new String(pomFile.getOriginalPom(), pomFile.getCharset());
 
-          String untrimmedOriginalContent =
-              originalPomCharsetString.substring(elementStart, offset);
+          String untrimmedOriginalContent = "";
+          // is self closing element, tag is contained within the offset of the next element
+          if (prevEvents.get(prevEvents.size() - 1) instanceof CompactStartElement) {
+            untrimmedOriginalContent =
+                originalPomCharsetString.substring(
+                    offset, eventReader.peek().getLocation().getCharacterOffset());
+          } else {
+            untrimmedOriginalContent = originalPomCharsetString.substring(elementStart, offset);
+          }
 
           String trimmedOriginalContent = untrimmedOriginalContent.trim();
 

Original file line number	Diff line number	Diff line change
`@@ -31,4 +31,5 @@ dependencies {`
`31`	`31`	`implementation(libs.diff.match.patch)`
`32`	`32`	`implementation(libs.slf4j.simple)`
`33`	`33`	`implementation(libs.slf4j.api)`
	`34`	`+ implementation(libs.woodstox)`
`34`	`35`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`*`
`19`	`19`	`* <p>a. We skip parent finding if there's not a relativePath declaration (this is by design), so`
`20`	`20`	`* sometimes pom finding will fail on purpose b. there are several flags on ProjectModelFactory`
`21`		`- * which aren't applied. They relate to verisons, upgrading and particularly: Actives Profiles c. If`
	`21`	`+ * which aren't applied. They relate to versions, upgrading and particularly: Actives Profiles c. If`
`22`	`22`	`* you need anything declared in a ~/.m2/settings.xml, we don't support that (e.g., passwords or`
`23`	`23`	`* proxies) d. Haven't tested, but I'm almost sure that it wouldn't work on any repo other than`
`24`	`24`	`* central e. We allow on this module to do online resolution. HOWEVER by default its offline f. You`