Merge remote-tracking branch 'origin/update-from-template-merged' into develop

Author: xdev-gh-bot

.config/pmd/java/ruleset.xml

@@ -194,4 +194,52 @@
 	</rule>
 
 	<rule ref="category/java/security.xml"/>
+
+	<rule name="AvoidSystemSetterCall"
+		  language="java"
+		  message="Setters of java.lang.System should not be called unless really needed"
+		  class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
+		<description>
+			Calling setters of java.lang.System usually indicates bad design and likely causes unexpected behavior.
+			For example, it may break when multiple Threads are setting the value.
+			It may also overwrite user defined options or properties.
+
+			Try to pass the value only to the place where it's really needed and use it there accordingly.
+		</description>
+		<priority>3</priority>
+		<properties>
+			<property name="xpath">
+				<value>
+					<![CDATA[
+//MethodCall[starts-with(@MethodName,'set')]/TypeExpression[pmd-java:typeIsExactly('java.lang.System')]
+]]>
+				</value>
+			</property>
+		</properties>
+	</rule>
+
+	<rule name="JavaObjectSerializationIsUnsafe"
+		  language="java"
+		  message="Using Java Object (De-)Serialization is unsafe and has led to too many security vulnerabilities"
+		  class="net.sourceforge.pmd.lang.rule.xpath.XPathRule">
+		<description>
+			Nearly every known usage of (Java) Object Deserialization has resulted in [a security vulnerability](https://cloud.google.com/blog/topics/threat-intelligence/hunting-deserialization-exploits?hl=en).
+			Vulnerabilities are so common that there are [dedicated projects for exploit payload generation](https://github.com/frohoff/ysoserial).
+
+			Java Object Serialization may also fail to deserialize when the underlying classes are changed.
+
+			Use proven data interchange formats like JSON instead.
+		</description>
+		<priority>2</priority>
+		<properties>
+			<property name="xpath">
+				<value>
+					<![CDATA[
+//ClassDeclaration[@Interface = false()]/ClassBody/FieldDeclaration/VariableDeclarator/VariableId[@Name='serialVersionUID'] |
+//ConstructorCall/ClassType[pmd-java:typeIsExactly('java.io.ObjectInputStream') or pmd-java:typeIsExactly('java.io.ObjectOutputStream')]
+]]>
+				</value>
+			</property>
+		</properties>
+	</rule>
 </ruleset>

.github/workflows/broken-links.yml

@@ -13,13 +13,13 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - run: mv .github/.lycheeignore .lycheeignore
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2
+        uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2
         with:
           fail: false # Don't fail on broken links, create an issue instead
 

.github/workflows/check-build.yml

@@ -33,10 +33,10 @@ jobs:
         distribution: [temurin]
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
@@ -90,10 +90,10 @@ jobs:
         distribution: [temurin]
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}
@@ -113,10 +113,10 @@ jobs:
         distribution: [temurin]
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: ${{ matrix.distribution }}
         java-version: ${{ matrix.java }}

.github/workflows/release.yml

@@ -16,10 +16,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: '17'
         distribution: 'temurin'
@@ -53,7 +53,7 @@ jobs:
     outputs:
       upload_url: ${{ steps.create-release.outputs.upload_url }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Configure Git
       run: |
@@ -105,7 +105,7 @@ jobs:
     needs: [prepare-release]
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Init Git and pull
       run: |
@@ -114,7 +114,7 @@ jobs:
         git pull
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
@@ -131,7 +131,7 @@ jobs:
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java again overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
@@ -153,7 +153,7 @@ jobs:
     needs: [prepare-release]
     timeout-minutes: 15
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Init Git and pull
       run: |
@@ -162,7 +162,7 @@ jobs:
         git pull
 
     - name: Setup - Java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: '17'
         distribution: 'temurin'
@@ -184,7 +184,7 @@ jobs:
     needs: [publish-maven]
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Init Git and pull
       run: |

.github/workflows/sync-labels.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           sparse-checkout: .github/labels.yml
 

.github/workflows/test-deploy.yml

@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
@@ -31,7 +31,7 @@ jobs:
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with: # running setup-java again overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'

.github/workflows/update-from-template.yml

@@ -36,7 +36,7 @@ jobs:
       update_branch_merged_commit: ${{ steps.manage-branches.outputs.update_branch_merged_commit }}
       create_update_branch_merged_pr: ${{ steps.manage-branches.outputs.create_update_branch_merged_pr }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           # Required because otherwise there are always changes detected when executing diff/rev-list
           fetch-depth: 0
@@ -183,7 +183,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           # Required because otherwise there are always changes detected when executing diff/rev-list
           fetch-depth: 0

.gitignore

@@ -44,6 +44,7 @@ hs_err_pid*
 !.idea/saveactions_settings.xml
 !.idea/checkstyle-idea.xml
 !.idea/externalDependencies.xml
+!.idea/PMDPlugin.xml
 
 !.idea/inspectionProfiles/
 .idea/inspectionProfiles/*