From d268cb5180871a53b2008345512582f66a464b50 Mon Sep 17 00:00:00 2001
From: Jim Bethancourt <jimbethancourt@gmail.com>
Date: Sun, 17 Nov 2024 15:47:30 -0600
Subject: [PATCH 1/3] #116 #119 Fix Doxia issues

- #116 Fixed Doxia issues by upgrading maven-reporting-api and maven-reporting-impl versions
- #119 Updated vulnerable dependencies or excluded their vulnerable transitive dependencies
- Updated Maven api & plugin dependency versions
---
 pom.xml                             | 35 ++++++++++-----------
 refactor-first-maven-plugin/pom.xml | 48 +++++++++--------------------
 2 files changed, 31 insertions(+), 52 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9f451d0..543413c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -69,7 +69,7 @@
         <sonar.organization>jimbethancourt-github</sonar.organization>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 
-        <maven.core.version>3.9.4</maven.core.version>
+        <maven.core.version>3.9.9</maven.core.version>
     </properties>
 
     <modules>
@@ -140,7 +140,7 @@
             <dependency>
                 <groupId>org.eclipse.jgit</groupId>
                 <artifactId>org.eclipse.jgit</artifactId>
-                <version>6.7.0.202309050840-r</version>
+                <version>6.10.0.202406032230-r</version>
                 <scope>compile</scope>
             </dependency>
 
@@ -183,7 +183,6 @@
 
 
     <dependencies>
-
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
@@ -338,21 +337,21 @@
                 </executions>
                 -->
             </plugin>
-<!--            <plugin>-->
-<!--                <groupId>org.owasp</groupId>-->
-<!--                <artifactId>dependency-check-maven</artifactId>-->
-<!--                <version>6.1.0</version>-->
-<!--                <configuration>-->
-<!--                    <failBuildOnCVSS>8.0</failBuildOnCVSS>-->
-<!--                </configuration>-->
-<!--                <executions>-->
-<!--                    <execution>-->
-<!--                        <goals>-->
-<!--                            <goal>check</goal>-->
-<!--                        </goals>-->
-<!--                    </execution>-->
-<!--                </executions>-->
-<!--            </plugin>-->
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>6.1.0</version>
+                <configuration>
+                    <failBuildOnCVSS>8.0</failBuildOnCVSS>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
             <!--TODO: Add the SNYK plugin-->
             <!-- https://github.com/snyk/snyk-maven-plugin -->
 
diff --git a/refactor-first-maven-plugin/pom.xml b/refactor-first-maven-plugin/pom.xml
index b0fc1ec..7e8d307 100644
--- a/refactor-first-maven-plugin/pom.xml
+++ b/refactor-first-maven-plugin/pom.xml
@@ -22,28 +22,6 @@
             <groupId>org.hjug.refactorfirst.report</groupId>
             <artifactId>report</artifactId>
         </dependency>
-        <!-- Doxia -->
-        <!-- Needed since maven-reporting-impl brings in Struts 1.3.8 jars that have CVSS > 8 -->
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-sink-api</artifactId>
-            <version>2.0.0-M6</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-decoration-model</artifactId>
-            <version>2.0.0-M6</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-core</artifactId>
-            <version>2.0.0-M7</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.maven.doxia</groupId>
-            <artifactId>doxia-site-renderer</artifactId>
-            <version>2.0.0-M11</version>
-        </dependency>
 
         <!-- Maven Reporting -->
         <dependency>
@@ -52,35 +30,37 @@
             <version>${maven.core.version}</version>
         </dependency>
 
-        <!-- Maven Reporting -->
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-impl</artifactId>
-            <version>3.2.0</version>
+            <version>4.0.0</version>
+            <exclusions>
+                <!-- Remediates xz-1.9.jar: CVE-2022-1271 -->
+                <!-- Unused transitive dependency -->
+                <exclusion>
+                    <groupId>org.tukaani</groupId>
+                    <artifactId>xz</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-api</artifactId>
-            <version>3.1.1</version>
+            <version>4.0.0</version>
         </dependency>
 
         <!-- plugin API and plugin-tools -->
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-plugin-api</artifactId>
-            <version>3.5.2</version>
+            <version>3.9.9</version>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
-            <version>3.6.1</version>
+            <version>3.15.1</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.maven.shared</groupId>
-            <artifactId>maven-shared-utils</artifactId>
-            <version>3.3.3</version>
-        </dependency>
 
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
@@ -92,12 +72,12 @@
         <plugins>
             <plugin>
                 <artifactId>maven-install-plugin</artifactId>
-                <version>2.5.2</version>
+                <version>3.1.3</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
-                <version>3.9.0</version>
+                <version>3.15.1</version>
                 <configuration>
                     <goalPrefix>refactor-first</goalPrefix>
                 </configuration>

From 2154d230c5a555d6aa5d2d9b817b14f0965be1ec Mon Sep 17 00:00:00 2001
From: Jim Bethancourt <jimbethancourt@gmail.com>
Date: Sun, 17 Nov 2024 15:52:54 -0600
Subject: [PATCH 2/3] #115 Rendering bubble charts inline

Rendering bubble chars inline in both the HTML report and Maven report
---
 .../mavenreport/RefactorFirstMavenReport.java | 83 +++++--------------
 .../hjug/refactorfirst/report/HtmlReport.java | 62 +++-----------
 .../report/SimpleHtmlReport.java              | 10 ++-
 3 files changed, 36 insertions(+), 119 deletions(-)

diff --git a/refactor-first-maven-plugin/src/main/java/org/hjug/mavenreport/RefactorFirstMavenReport.java b/refactor-first-maven-plugin/src/main/java/org/hjug/mavenreport/RefactorFirstMavenReport.java
index e5ee6a8..9c03b90 100644
--- a/refactor-first-maven-plugin/src/main/java/org/hjug/mavenreport/RefactorFirstMavenReport.java
+++ b/refactor-first-maven-plugin/src/main/java/org/hjug/mavenreport/RefactorFirstMavenReport.java
@@ -1,9 +1,6 @@
 package org.hjug.mavenreport;
 
-import java.io.BufferedWriter;
 import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
 import java.nio.file.Paths;
 import java.time.Instant;
 import java.time.ZoneId;
@@ -147,20 +144,6 @@ public void executeReport(Locale locale) throws MavenReportException {
         mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_START}, googleChartImport);
         mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_END}, null);
 
-        SinkEventAttributeSet godClassJavascript = new SinkEventAttributeSet();
-        godClassJavascript.addAttribute(SinkEventAttributes.TYPE, "text/javascript");
-        godClassJavascript.addAttribute(SinkEventAttributes.SRC, "./godClassChart.js");
-
-        mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_START}, godClassJavascript);
-        mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_END}, null);
-
-        SinkEventAttributeSet cboJavascript = new SinkEventAttributeSet();
-        cboJavascript.addAttribute(SinkEventAttributes.TYPE, "text/javascript");
-        cboJavascript.addAttribute(SinkEventAttributes.SRC, "./cboChart.js");
-
-        mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_START}, cboJavascript);
-        mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_END}, null);
-
         SinkEventAttributeSet d3js = new SinkEventAttributeSet();
         d3js.addAttribute(SinkEventAttributes.TYPE, "text/javascript");
         d3js.addAttribute(SinkEventAttributes.SRC, "https://d3js.org/d3.v5.min.js");
@@ -289,13 +272,19 @@ public void executeReport(Locale locale) throws MavenReportException {
             mainSink.section2_();
             mainSink.division_();
 
-            writeGodClassGchartJs(rankedGodClassDisharmonies, maxGodClassPriority - 1);
+            String godClassScript = writeGodClassGchartJs(rankedGodClassDisharmonies, maxGodClassPriority - 1);
             SinkEventAttributeSet seriesChartDiv = new SinkEventAttributeSet();
             seriesChartDiv.addAttribute(SinkEventAttributes.ID, "series_chart_div");
             seriesChartDiv.addAttribute(SinkEventAttributes.ALIGN, "center");
             mainSink.division(seriesChartDiv);
             mainSink.division_();
 
+            SinkEventAttributeSet godClassJavascript = new SinkEventAttributeSet();
+            godClassJavascript.addAttribute(SinkEventAttributes.TYPE, "text/javascript");
+            mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_START}, godClassJavascript);
+            mainSink.rawText(godClassScript);
+            mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_END}, null);
+
             renderGitHubButtons(mainSink);
 
             String legendHeading = "God Class Chart Legend:";
@@ -399,7 +388,14 @@ public void executeReport(Locale locale) throws MavenReportException {
             seriesChartDiv.addAttribute(SinkEventAttributes.ALIGN, "center");
             mainSink.division(seriesChartDiv);
             mainSink.division_();
-            writeGCBOGchartJs(rankedCBODisharmonies, maxCboPriority - 1);
+
+            String cboScript = writeGCBOGchartJs(rankedCBODisharmonies, maxCboPriority - 1);
+
+            SinkEventAttributeSet cboJavascript = new SinkEventAttributeSet();
+            cboJavascript.addAttribute(SinkEventAttributes.TYPE, "text/javascript");
+            mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_START}, cboJavascript);
+            mainSink.rawText(cboScript);
+            mainSink.unknown(script, new Object[] {HtmlMarkup.TAG_TYPE_END}, null);
 
             renderGitHubButtons(mainSink);
 
@@ -775,63 +771,22 @@ private static void renderGitHubButton(
         mainSink.unknown("a", new Object[] {HtmlMarkup.TAG_TYPE_END}, null);
     }
 
-    // TODO: Move to another class to allow use by Gradle plugin
-    void writeGodClassGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority) {
+    String writeGodClassGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority) {
         GraphDataGenerator graphDataGenerator = new GraphDataGenerator();
         String scriptStart = graphDataGenerator.getGodClassScriptStart();
         String bubbleChartData = graphDataGenerator.generateGodClassBubbleChartData(rankedDisharmonies, maxPriority);
         String scriptEnd = graphDataGenerator.getGodClassScriptEnd();
 
-        String javascriptCode = scriptStart + bubbleChartData + scriptEnd;
-
-        String reportOutputDirectory = project.getModel().getReporting().getOutputDirectory();
-        File reportOutputDir = new File(reportOutputDirectory);
-        if (!reportOutputDir.exists()) {
-            reportOutputDir.mkdirs();
-        }
-        String pathname = reportOutputDirectory + File.separator + "godClassChart.js";
-
-        File scriptFile = new File(pathname);
-        try {
-            scriptFile.createNewFile();
-        } catch (IOException e) {
-            log.error("Failure creating God Class chart script file", e);
-        }
-
-        try (BufferedWriter writer = new BufferedWriter(new FileWriter(scriptFile))) {
-            writer.write(javascriptCode);
-        } catch (IOException e) {
-            log.error("Error writing chart script file", e);
-        }
+        return scriptStart + bubbleChartData + scriptEnd;
     }
 
-    void writeGCBOGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority) {
+    String writeGCBOGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority) {
         GraphDataGenerator graphDataGenerator = new GraphDataGenerator();
         String scriptStart = graphDataGenerator.getCBOScriptStart();
         String bubbleChartData = graphDataGenerator.generateCBOBubbleChartData(rankedDisharmonies, maxPriority);
         String scriptEnd = graphDataGenerator.getCBOScriptEnd();
 
-        String javascriptCode = scriptStart + bubbleChartData + scriptEnd;
-
-        String reportOutputDirectory = project.getModel().getReporting().getOutputDirectory();
-        File reportOutputDir = new File(reportOutputDirectory);
-        if (!reportOutputDir.exists()) {
-            reportOutputDir.mkdirs();
-        }
-        String pathname = reportOutputDirectory + File.separator + "cboChart.js";
-
-        File scriptFile = new File(pathname);
-        try {
-            scriptFile.createNewFile();
-        } catch (IOException e) {
-            log.error("Failure creating CBO chart script file", e);
-        }
-
-        try (BufferedWriter writer = new BufferedWriter(new FileWriter(scriptFile))) {
-            writer.write(javascriptCode);
-        } catch (IOException e) {
-            log.error("Error writing CBO chart script file", e);
-        }
+        return scriptStart + bubbleChartData + scriptEnd;
     }
 
     void renderCycleImage(Graph<String, DefaultWeightedEdge> classGraph, RankedCycle cycle, Sink mainSink) {
diff --git a/report/src/main/java/org/hjug/refactorfirst/report/HtmlReport.java b/report/src/main/java/org/hjug/refactorfirst/report/HtmlReport.java
index 88ceaf0..11e60d4 100644
--- a/report/src/main/java/org/hjug/refactorfirst/report/HtmlReport.java
+++ b/report/src/main/java/org/hjug/refactorfirst/report/HtmlReport.java
@@ -1,9 +1,5 @@
 package org.hjug.refactorfirst.report;
 
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
 import java.util.List;
 import java.util.Locale;
 import lombok.extern.slf4j.Slf4j;
@@ -78,64 +74,25 @@ void renderGithubButtons(StringBuilder stringBuilder) {
         stringBuilder.append("</div>");
     }
 
-    // TODO: Move to another class to allow use by Gradle plugin
     @Override
-    void writeGodClassGchartJs(
+    String writeGodClassGchartJs(
             List<RankedDisharmony> rankedDisharmonies, int maxPriority, String reportOutputDirectory) {
         GraphDataGenerator graphDataGenerator = new GraphDataGenerator();
         String scriptStart = graphDataGenerator.getGodClassScriptStart();
         String bubbleChartData = graphDataGenerator.generateGodClassBubbleChartData(rankedDisharmonies, maxPriority);
         String scriptEnd = graphDataGenerator.getGodClassScriptEnd();
 
-        String javascriptCode = scriptStart + bubbleChartData + scriptEnd;
-
-        File reportOutputDir = new File(reportOutputDirectory);
-        if (!reportOutputDir.exists()) {
-            reportOutputDir.mkdirs();
-        }
-        String pathname = reportOutputDirectory + File.separator + "gchart.js";
-
-        File scriptFile = new File(pathname);
-        try {
-            scriptFile.createNewFile();
-        } catch (IOException e) {
-            log.error("Failure creating God Class chart script file", e);
-        }
-
-        try (BufferedWriter writer = new BufferedWriter(new FileWriter(scriptFile))) {
-            writer.write(javascriptCode);
-        } catch (IOException e) {
-            log.error("Error writing chart script file", e);
-        }
+        return scriptStart + bubbleChartData + scriptEnd;
     }
 
     @Override
-    void writeGCBOGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority, String reportOutputDirectory) {
+    String writeGCBOGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority, String reportOutputDirectory) {
         GraphDataGenerator graphDataGenerator = new GraphDataGenerator();
         String scriptStart = graphDataGenerator.getCBOScriptStart();
         String bubbleChartData = graphDataGenerator.generateCBOBubbleChartData(rankedDisharmonies, maxPriority);
         String scriptEnd = graphDataGenerator.getCBOScriptEnd();
 
-        String javascriptCode = scriptStart + bubbleChartData + scriptEnd;
-
-        File reportOutputDir = new File(reportOutputDirectory);
-        if (!reportOutputDir.exists()) {
-            reportOutputDir.mkdirs();
-        }
-        String pathname = reportOutputDirectory + File.separator + "gchart2.js";
-
-        File scriptFile = new File(pathname);
-        try {
-            scriptFile.createNewFile();
-        } catch (IOException e) {
-            log.error("Failure creating CBO chart script file", e);
-        }
-
-        try (BufferedWriter writer = new BufferedWriter(new FileWriter(scriptFile))) {
-            writer.write(javascriptCode);
-        } catch (IOException e) {
-            log.error("Error writing CBO chart script file", e);
-        }
+        return scriptStart + bubbleChartData + scriptEnd;
     }
 
     public String getName(Locale locale) {
@@ -155,8 +112,10 @@ void renderGodClassChart(
             List<RankedDisharmony> rankedGodClassDisharmonies,
             int maxGodClassPriority,
             StringBuilder stringBuilder) {
-        writeGodClassGchartJs(rankedGodClassDisharmonies, maxGodClassPriority - 1, outputDirectory);
-        stringBuilder.append("<div id=\"series_chart_div\" align=\"center\"></div>\n");
+        String godClassChart =
+                writeGodClassGchartJs(rankedGodClassDisharmonies, maxGodClassPriority - 1, outputDirectory);
+        stringBuilder.append(
+                "<div id=\"series_chart_div\" align=\"center\"><script>" + godClassChart + "</script></div>\n");
         renderGithubButtons(stringBuilder);
         stringBuilder.append(GOD_CLASS_CHART_LEGEND);
     }
@@ -167,8 +126,9 @@ void renderCBOChart(
             List<RankedDisharmony> rankedCBODisharmonies,
             int maxCboPriority,
             StringBuilder stringBuilder) {
-        writeGCBOGchartJs(rankedCBODisharmonies, maxCboPriority - 1, outputDirectory);
-        stringBuilder.append("<div id=\"series_chart_div_2\" align=\"center\"></div>\n");
+        String cboChart = writeGCBOGchartJs(rankedCBODisharmonies, maxCboPriority - 1, outputDirectory);
+        stringBuilder.append(
+                "<div id=\"series_chart_div_2\" align=\"center\"><script>" + cboChart + "</script></div>\n");
         renderGithubButtons(stringBuilder);
         stringBuilder.append(COUPLING_BETWEEN_OBJECT_CHART_LEGEND);
     }
diff --git a/report/src/main/java/org/hjug/refactorfirst/report/SimpleHtmlReport.java b/report/src/main/java/org/hjug/refactorfirst/report/SimpleHtmlReport.java
index 73db6d1..7c868c5 100644
--- a/report/src/main/java/org/hjug/refactorfirst/report/SimpleHtmlReport.java
+++ b/report/src/main/java/org/hjug/refactorfirst/report/SimpleHtmlReport.java
@@ -560,13 +560,15 @@ void renderGodClassChart(
         // empty on purpose
     }
 
-    void writeGodClassGchartJs(
+    String writeGodClassGchartJs(
             List<RankedDisharmony> rankedDisharmonies, int maxPriority, String reportOutputDirectory) {
-        // empty on purpose
+        // return empty string on purpose
+        return "";
     }
 
-    void writeGCBOGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority, String reportOutputDirectory) {
-        // empty on purpose
+    String writeGCBOGchartJs(List<RankedDisharmony> rankedDisharmonies, int maxPriority, String reportOutputDirectory) {
+        // return empty string on purpose
+        return "";
     }
 
     void renderCBOChart(

From 795f1536fd62c67c62f4145e65a92b4b7708ba80 Mon Sep 17 00:00:00 2001
From: Jim Bethancourt <jimbethancourt@gmail.com>
Date: Sun, 17 Nov 2024 16:03:19 -0600
Subject: [PATCH 3/3] Moved dependency-check to a profile

Moved dependency-check to a profile since it breaks the GitHub Actions build
---
 pom.xml | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/pom.xml b/pom.xml
index 543413c..1223280 100644
--- a/pom.xml
+++ b/pom.xml
@@ -337,21 +337,6 @@
                 </executions>
                 -->
             </plugin>
-            <plugin>
-                <groupId>org.owasp</groupId>
-                <artifactId>dependency-check-maven</artifactId>
-                <version>6.1.0</version>
-                <configuration>
-                    <failBuildOnCVSS>8.0</failBuildOnCVSS>
-                </configuration>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>check</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
             <!--TODO: Add the SNYK plugin-->
             <!-- https://github.com/snyk/snyk-maven-plugin -->
 
@@ -394,6 +379,28 @@
 
 
     <profiles>
+        <profile>
+            <id>local</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.owasp</groupId>
+                        <artifactId>dependency-check-maven</artifactId>
+                        <version>6.1.0</version>
+                        <configuration>
+                            <failBuildOnCVSS>8.0</failBuildOnCVSS>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>check</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>snapshot-release</id>
             <build>