Skip to content

CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader #772

CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader

CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader #772

Workflow file for this run

name: Build
on:
push:
pull_request:
branches: [ master ]
jobs:
build-maven:
runs-on: ${{ matrix.os }}
strategy:
matrix:
java: [ '8', '11', '17', '21','22' ]
os: [ 'ubuntu-latest', 'macos-latest', 'windows-latest' ]
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Java ${{ matrix.Java }} (${{ matrix.os }})
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: 'zulu'
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-repository-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2-repository
- name: Set Integration Test Environment
if: matrix.os == 'ubuntu-latest'
run: |
echo "MAVEN_PROFILE_FLAG=-P integration-test" >> $GITHUB_OUTPUT
echo "MAVEN_VERIFY_STAGE=verify" >> $GITHUB_OUTPUT
echo "127.0.0.1 openam.local" | sudo tee -a /etc/hosts
id: maven-profile-flag
- name: Build with Maven
env:
MAVEN_OPTS: -Dhttps.protocols=TLSv1.2 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 -Dmaven.wagon.http.retryHandler.requestSentEnabled=true -Dmaven.wagon.http.retryHandler.count=10
run: mvn --batch-mode --errors --update-snapshots package ${{ steps.maven-profile-flag.outputs.MAVEN_VERIFY_STAGE }} --file pom.xml ${{ steps.maven-profile-flag.outputs.MAVEN_PROFILE_FLAG }}
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-${{ matrix.java }}
retention-days: 5
path: |
openam-distribution/openam-distribution-kit/target/*.zip
openam-distribution/openam-distribution-ssoconfiguratortools/target/*.zip
openam-distribution/openam-distribution-fedlet-unconfigured/target/*.zip
openam-distribution/openam-distribution-ssoadmintools/target/*.zip
openam-console/target/*.war
openam-server/target/*.war
openam-server-only/target/*.war
openam-distribution/openam-distribution-docker/Dockerfile*
build-docker:
runs-on: 'ubuntu-latest'
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Get latest release version
shell: bash
run: |
export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenAM/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
echo "release_version=$git_version_last" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
localhost:5000/${{ github.repository }}
tags: |
type=raw,value=latest
type=raw,value=${{ env.release_version }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build image
uses: docker/build-push-action@v5
continue-on-error: true
with:
context: ./openam-distribution/openam-distribution-docker
file: ./openam-distribution/openam-distribution-docker/Dockerfile
build-args: |
VERSION=${{ env.release_version }}
platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Docker test
shell: bash
run: |
docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
build-docker-alpine:
runs-on: 'ubuntu-latest'
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
- name: Get latest release version
shell: bash
run: |
export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenAM/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
echo "release_version=$git_version_last" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
localhost:5000/${{ github.repository }}
tags: |
type=raw,value=alpine
type=raw,value=${{ env.release_version }}-alpine
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build image
uses: docker/build-push-action@v5
continue-on-error: true
with:
context: ./openam-distribution/openam-distribution-docker
file: ./openam-distribution/openam-distribution-docker/Dockerfile-alpine
build-args: |
VERSION=${{ env.release_version }}
platforms: linux/amd64,linux/arm64/8, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6, linux/ppc64le
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Docker test
shell: bash
run: |
docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'