fix security issues (via #163)

allure-framework · Dec 2, 2020 · 9850137 · 9850137
1 parent b3cf8cd
commit 9850137
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 11 deletions.
diff --git a/pom.xml b/pom.xml
@@ -122,15 +122,19 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.8.6</version>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
         </dependency>
         <dependency>
-            <groupId>net.sf.json-lib</groupId>
-            <artifactId>json-lib</artifactId>
-            <version>2.4</version>
-            <classifier>jdk15</classifier>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.12.0</version>
         </dependency>
     </dependencies>
     <build>
@@ -164,6 +168,11 @@
                     <tagNameFormat>@{project.version}</tagNameFormat>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>6.0.3</version>
+            </plugin>
         </plugins>
     </build>
     <repositories>

diff --git a/src/main/java/io/qameta/allure/bamboo/info/AbstractAddInfo.java b/src/main/java/io/qameta/allure/bamboo/info/AbstractAddInfo.java
@@ -1,6 +1,6 @@
 package io.qameta.allure.bamboo.info;
 
-import net.sf.json.JSONObject;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,9 +27,8 @@ public Path invoke(File file) {
         }
         Path testRun = outputDirectory.resolve(getFileName());
         try (Writer writer = Files.newBufferedWriter(testRun, StandardCharsets.UTF_8)) {
-            JSONObject.fromObject(getData())
-                    .write(writer)
-                    .flush();
+            final ObjectMapper mapper = new ObjectMapper();
+            mapper.writeValue(writer, getData());
         } catch (IOException e) {
             LOGGER.error("Failed to add executor info into the file " + file.getAbsolutePath(), e);
         }