我正在尝试将 Wiremock 的版本升级到 2.35.0 以避免安全漏洞。
为了做到这一点,我在已知的
.POM.xmlmvn -Dmaven.wagon.http.ssl.insecure=true install -DskipTestswiremock-body-transformer.jar下面是正在使用的代码:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.*****.wiremock</groupId>
<artifactId>wiremock-body-transformer</artifactId>
<version>1.0.3-SNAPSHOT</version>
<packaging>jar</packaging>
<name>Wiremock Body Transformer</name>
<description>A Wiremock extensions to transform the response body, http request call back and additional admin API.</description>
<developers>
<developer>
<name>*****</name>
<organization>*****</organization>
<organizationUrl>http://www.*****.com/</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:[email protected]/opentable/wiremock-body-transformer.git</connection>
<developerConnection>scm:git:[email protected]:opentable/wiremock-body-transformer.git</developerConnection>
<url>https://github.com/opentable/wiremock-body-transformer.git</url>
<tag>HEAD</tag>
</scm>
<build>
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<archive>
<manifest>
<mainClass>fully.qualified.MainClass</mainClass>
</manifest>
</archive>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<!-- https://mvnrepository.com/artifact/com.github.tomakehurst/wiremock-jre8-standalone -->
<dependency>
<groupId>com.github.tomakehurst</groupId>
<artifactId>wiremock-jre8-standalone</artifactId>
<version>2.35.0</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
<version>2.14.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.14.2</version>
</dependency>
<!-- tests dependencies -->
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-core</artifactId>
<version>2.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-library</artifactId>
<version>2.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>rest-assured</artifactId>
<version>5.3.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.12.0</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.mashape.unirest</groupId>
<artifactId>unirest-java</artifactId>
<version>1.4.9</version>
</dependency>
</dependencies>
</project>
很想听听你们应该改变什么才能让它发挥作用。
附言我不是编码大师,所以如果你能提到 .pom 文件中需要添加/更改代码的确切位置,那将会有所帮助。
我尝试更新 .POM 文件中的依赖项以升级到 2.35.0,但到目前为止没有成功。
还尝试了标准 Wiremock 版本 2.35.0 而不是独立版本,但没有成功。仍然产生了一个 20kb 的 .JAR 文件。
您的 Maven 程序集插件配置似乎...未链接到 Maven 执行阶段。
您可能需要正确配置
maven-assembly-plugin<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.5.0</version> <!-- Add the version -->
<executions>
<execution>
<phase>package</phase> <!-- Add this line to bind the execution to the package phase -->
<goals>
<goal>single</goal> <!-- Add this line to use the 'single' goal of the plugin -->
</goals>
<configuration>
<archive>
<manifest>
<mainClass>fully.qualified.MainClass</mainClass>
</manifest>
</archive>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</execution>
</executions>
</plugin>
它应该将插件执行绑定到
packagesingle用更新后的配置替换
pom.xmlmvn -Dmaven.wagon.http.ssl.insecure=true install -DskipTests
检查是否确实创建了具有预期大小的 JAR 文件,包括所有依赖项。
感谢 VonC 的回复。当我尝试运行 mvn -Dmaven.wagon.http.ssl.insecure=true install -DskipTests 命令时,它会在特定情况下出错。错误提示:找不到与 BodyTransformer.java 文件相关的符号。它适用于类和变量 WireMockHelpers。
这里是 BodyTransformer 文件:
package com.*****.wiremock.extension;
import com.github.jknack.handlebars.Handlebars;
import com.github.jknack.handlebars.Template;
import com.github.jknack.handlebars.helper.StringHelpers;
import com.github.tomakehurst.wiremock.client.ResponseDefinitionBuilder;
import com.github.tomakehurst.wiremock.common.BinaryFile;
import com.github.tomakehurst.wiremock.common.Exceptions;
import com.github.tomakehurst.wiremock.common.FileSource;
import com.github.tomakehurst.wiremock.extension.Parameters;
import com.github.tomakehurst.wiremock.extension.ResponseDefinitionTransformer;
import com.github.tomakehurst.wiremock.extension.responsetemplating.RequestTemplateModel;
import com.github.tomakehurst.wiremock.extension.responsetemplating.helpers.WiremockHelpers;
import com.github.tomakehurst.wiremock.http.Request;
import com.github.tomakehurst.wiremock.http.ResponseDefinition;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableMap.Builder;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.xml.JacksonXmlModule;
import com.fasterxml.jackson.dataformat.xml.XmlMapper;
import com.github.tomakehurst.wiremock.client.ResponseDefinitionBuilder;
import com.github.tomakehurst.wiremock.common.BinaryFile;
import com.github.tomakehurst.wiremock.common.FileSource;
import com.github.tomakehurst.wiremock.extension.Parameters;
import com.github.tomakehurst.wiremock.extension.ResponseDefinitionTransformer;
import com.github.tomakehurst.wiremock.http.Request;
import com.github.tomakehurst.wiremock.http.ResponseDefinition;
import org.apache.commons.lang3.StringUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class BodyTransformer
extends ResponseDefinitionTransformer
{
private Handlebars handlebars;
private static final String TRANSFORMER_NAME = "body-transformer";
private static final boolean APPLY_GLOBALLY = false;
public String getName()
{
return "body-transformer";
}
public boolean applyGlobally()
{
return false;
}
private String uncheckedApplyTemplate(Template template, Object context)
{
try
{
return template.apply(context);
}
catch (IOException e)
{
return (String)Exceptions.throwUnchecked(e, String.class);
}
}
private Template uncheckedCompileTemplate(String content)
{
try
{
return this.handlebars.compileInline(content);
}
catch (IOException e)
{
return (Template)Exceptions.throwUnchecked(e, Template.class);
}
}
public ResponseDefinition transform(Request request, ResponseDefinition responseDefinition, FileSource fileSource, Parameters parameters)
{
if (hasEmptyResponseBody(responseDefinition)) {
return responseDefinition;
}
String responseBody = getResponseBody(request, responseDefinition, fileSource, parameters);
return
ResponseDefinitionBuilder.like(responseDefinition).but()
.withBodyFile(null)
.withBody(responseBody)
.build();
}
private boolean hasEmptyResponseBody(ResponseDefinition responseDefinition)
{
return (responseDefinition.getBody() == null) && (responseDefinition.getBodyFileName() == null);
}
private String getResponseBody(Request request, ResponseDefinition responseDefinition, FileSource fileSource, Parameters parameters)
{
BinaryFile binaryFile = null;
String body;
if (responseDefinition.specifiesBodyFile())
{
Handlebars handlebars = new Handlebars();
this.handlebars = handlebars;
for (StringHelpers helper : StringHelpers.values()) {
handlebars.registerHelper(helper.name(), helper);
}
for (WiremockHelpers helper : WiremockHelpers.values()) {
handlebars.registerHelper(helper.name(), helper);
}
Object model = ImmutableMap.builder().put("parameters", MoreObjects.firstNonNull(parameters, Collections.emptyMap())).put("request", RequestTemplateModel.from(request)).build();
Template bodyFileTemplate = uncheckedCompileTemplate(responseDefinition.getBodyFileName());
String bodyFileName = uncheckedApplyTemplate(bodyFileTemplate, model).replaceAll(" ", "_");
binaryFile = fileSource.getBinaryFileNamed(bodyFileName);
String FilePath = binaryFile.toString().substring(6);
File f = new File(FilePath );
if(f.exists() && !f.isDirectory()) {
body = new String(binaryFile.readContents(), StandardCharsets.UTF_8);
}else{
if ((parameters != null) && (parameters.containsKey("bodyFileNameDefault")))
{
Template DefaultbodyFileTemplate = uncheckedCompileTemplate(parameters.getString("bodyFileNameDefault"));
String DefaultbodyFileName = uncheckedApplyTemplate(DefaultbodyFileTemplate, model);
binaryFile = fileSource.getBinaryFileNamed(DefaultbodyFileName);
body = new String(binaryFile.readContents(), StandardCharsets.UTF_8);
}
else
{
throw new RuntimeException();
}
}
}
else
{
body = responseDefinition.getBody();
}
return body;
}
}