|
|
| Line 1: |
Line 1: |
| − | [[Category:OWASP_AntiSamy_Project]]
| |
| | | | |
| − | = Building AntiSamy (Java) =
| |
| − |
| |
| − | AntiSamy is extremely easy to build. In order to start playing with the source, follow these simple instructions.
| |
| − |
| |
| − | == How to get started ==
| |
| − | 1. Install [http://www.eclipse.org Eclipse IDE]. Any version from 3.0 on should be fine.
| |
| − | 2. Make sure the "Ant" plugin is installed.
| |
| − | 3. Checkout the latest source from SVN. The instructions for how to do so are located on its home in [http://code.google.com/p/owaspantisamy/source/checkout Google Code]. Mind what local
| |
| − | directory you check out the HEAD revision to, as that will be needed later. Make sure you also select the "Java/current"
| |
| − | directory so that you only get the Java version of AntiSamy!
| |
| − | 4. Go to File->New->Java Project
| |
| − | 5a. Under project name, enter "AntiSamy", or whatever you'd like.
| |
| − | 5b. Under "Contents", choose the "Create project from existing source" radio button and enter the directory that you remembered from
| |
| − | step 3.
| |
| − | 6. Hit "Finish"
| |
| − |
| |
| − | All the source should build automatically out of the box after the project is created. If "Build Automatically" is turned off, you may have to manually compile the source.
| |
| − |
| |
| − | To generate the jar, javadocs, or other distributions, load the build.xml inside the project root into the Ant plugin and select your desired build target, such as "jar".
| |
| − |
| |
| − | == Building from Maven ==
| |
| − |
| |
| − | It's also possible to build AntiSamy directly through Maven. The POM file is located http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/pom.xml. There's also a source and binary snapshot at http://antisamy.happyfern.com/maven2-snapshot/. To generate a source JAR with (along with the binary) add the following snippet to the <build> tag of the POM: (thanks to thiaghop!)
| |
| − |
| |
| − | <pre>
| |
| − | <plugin>
| |
| − | <groupId>org.apache.maven.plugins</groupId>
| |
| − | <artifactId>maven-source-plugin</artifactId>
| |
| − | <version>LATEST</version>
| |
| − | <executions>
| |
| − | <execution>
| |
| − | <id>attach-sources</id>
| |
| − | <goals>
| |
| − | <goal>jar</goal>
| |
| − | </goals>
| |
| − | </execution>
| |
| − | </executions>
| |
| − | </plugin>
| |
| − | </pre>
| |
| − |
| |
| − | == Test Case Coverage ==
| |
| − |
| |
| − | AntiSamy Java has a number of test cases which are broken down into essentially two categories. There are a number of XSS and presentation layer attacks in the first category which help developers make sure they don't introduce any vulnerabilities, and a number of test cases to confirm that previously reported issues no longer exist or have not been resurrected. They are labeled in [http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/AntiSamyTest.java AntiSamyTest.java] ([http://code.google.com/p/owaspantisamy/source/browse/trunk/Java/current/TestSource/org/owasp/validator/html/test/?r=84 org.owasp.validator.html.test]), which is available inside the Test source tree.
| |
| − |
| |
| − | Depending on which version of NekoHTML is being used in the nightly build, you will either get 100% or just less in test case coverage. Details about the failing test cases (which are crashes from a 3rd party library) can be found in the Google Code [http://code.google.com/p/owaspantisamy/issues/detail?id=12 issue tracker].
| |
| − |
| |
| − | = Developing AntiSamy (Java) =
| |
| − |
| |
| − | If you're interested in submitting patches, feel free to submit them to the Google Code issues page or e-mail them to the mailing list. There are a few principles we look at when considering patches to AntiSamy:
| |
| − |
| |
| − | * security
| |
| − | * performance
| |
| − | * simplicity
| |
| − |
| |
| − | There are about 7 contributors to the Java version, and we would appreciate as many as we can get!
| |
