pom.xml文件在IntelliJ IDEA中显示黄色警告,但我可以正常运行项目。

huangapple go评论159阅读模式
英文:

pom.xml file is showing these yellow color warnings in IntelliJIDEA while I can run the project just fine

问题

我正在使用Appium 2.0.0-beta66,Java客户端8.5.0,node 18.xx,Selenium-java 4.9.1,Selenium Server 3.141.59,TestNG 7.7.1和JDK 1.15.0-02,下一个长期支持的JDK我可以选择什么?

顺便说一下,我在pom.xml文件中看到了这些黄色的高亮显示,带有警告,如下所示...

  1. 提供了传递性的脆弱依赖maven:commons-collections:commons-collections:3.2.2 Cx78f40514-81ff 7.5未控制的递归漏洞待分配CVSS分数Cx78f40514-81ff 7.5未控制的递归漏洞待分配CVSS分数,由Checkmarx(c)提供支持的结果
  2. 提供了传递性的脆弱依赖maven:org.yaml:snakeyaml:1.19 CVE-2017-18640 7.5 DTD中递归实体引用的不当限制('XML实体扩展')漏洞待分配CVSS分数CVE-2022-25857 7.5未控制的资源消耗漏洞待分配CVSS分数CVE-2022-38752 6.5带有中等严重性的越界写漏洞CVE-2022-38749 6.5带有中等严重性的越界写漏洞待分配CVSS分数CVE-2022-38750 5.5带有中等严重性的越界写漏洞待分配CVSS分数CVE-2022-38751 6.5带有中等严重性的越界写漏洞待分配CVSS分数CVE-2022-41854 6.5带有中等严重性的越界写漏洞CVE-2022-1471 9.8不受信任数据的反序列化漏洞,具有高严重性的发现,由Checkmarx(c)提供支持的结果
  3. 提供了传递性的脆弱依赖maven:com.google.guava:guava:25.0-jre CVE-2020-8908 3.3关键资源的不正确权限分配漏洞待分配CVSS分数,由Checkmarx(c)提供支持的结果

这是我的pom.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.zimperium</groupId>
    <artifactId>zMTD</artifactId>
    <version>1.0-SNAPSHOT</version>
    <properties>
        <maven.compiler.source>15</maven.compiler.source>
        <maven.compiler.target>15</maven.compiler.target>
    </properties>
    <build>
        <pluginManagement>
            <plugins>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-compiler-plugin</artifactId>
                    <version>3.8.1</version>
                    <configuration>
                        <source>15</source>
                        <target>15</target>
                    </configuration>
                </plugin>
                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-surefire-plugin</artifactId>
                    <version>3.1.0</version>
                    <configuration>
                        <suiteXmlFiles>
                            <suiteXmlFile>testng.xml</suiteXmlFile>
                        </suiteXmlFiles>
                    </configuration>
                </plugin>
            </plugins>
        </pluginManagement>
    </build>
    <dependencies>
        <!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-java -->
        <dependency>
            <groupId>io.cucumber</groupId>
            <artifactId>cucumber-java</artifactId>
            <version>7.0.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/io.appium/java-client -->
        <dependency>
            <groupId>io.appium</groupId>
            <artifactId>java-client</artifactId>
            <version>8.5.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.json/json 20210307-->
        <dependency>
            <groupId>org.json</groupId>
            <artifactId>json</artifactId>
            <version>20220320</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-core</artifactId>
            <version>2.20.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
            <version>2.20.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-testng -->
        <dependency>
            <groupId>io.cucumber</groupId>
            <artifactId>cucumber-testng</artifactId>
            <version>7.0.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/commons-codec/commons-codec -->
        <dependency>
            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
            <version>1.15</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/io.rest-assured/rest-assured -->
        <dependency>
            <groupId>io.rest-assured</groupId>
            <artifactId>rest-assured</artifactId>
            <version>5.1.1</version>
            <scope>test</scope>
        </dependency>
        <!-- https://mvnrepository.com/artifact/io.rest-assured/json-path (new) -->
        <dependency>
            <groupId>io.rest-assured</groupId

<details>
<summary>英文:</summary>

I am using Appium 2.0.0-beta66, Java Client 8.5.0, node 18.xx, Selenium-java 4.9.1, Selenium Server 3.141.59, TestNG 7.7.1, and JDK 1.15.0-02, what is the next long term JDK I can go for ?

BTW, I am seeing these yellow color highlights in pom.xml file with warnings like ...

 1.  Provides transitive vulnerable dependency maven:commons-collections:commons-collections:3.2.2 Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation Cx78f40514-81ff 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation  Results powered by Checkmarx(c) 
 2.  Provides transitive vulnerable dependency maven:org.yaml:snakeyaml:1.19 CVE-2017-18640 7.5 Improper Restriction of Recursive Entity References in DTDs (&#39;XML Entity Expansion&#39;) vulnerability pending CVSS allocation CVE-2022-25857 7.5 Uncontrolled Resource Consumption vulnerability pending CVSS allocation CVE-2022-38752 6.5 Out-of-bounds Write vulnerability with medium severity found CVE-2022-38749 6.5 Out-of-bounds Write vulnerability pending CVSS allocation CVE-2022-38750 5.5 Out-of-bounds Write vulnerability pending CVSS allocation CVE-2022-38751 6.5 Out-of-bounds Write vulnerability pending CVSS allocation CVE-2022-41854 6.5 Out-of-bounds Write vulnerability with medium severity found CVE-2022-1471 9.8 Deserialization of Untrusted Data vulnerability with high severity found  Results powered by Checkmarx(c) 

 3.  Provides transitive vulnerable dependency maven:com.google.guava:guava:25.0-jre CVE-2020-8908 3.3 Incorrect Permission Assignment for Critical Resource vulnerability pending CVSS allocation  Results powered by Checkmarx(c) 

    Here is my pom.xml file
    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    &lt;project xmlns=&quot;http://maven.apache.org/POM/4.0.0&quot;
             xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
             xsi:schemaLocation=&quot;http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd&quot;&gt;
        &lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt;
        &lt;groupId&gt;org.zimperium&lt;/groupId&gt;
        &lt;artifactId&gt;zMTD&lt;/artifactId&gt;
        &lt;version&gt;1.0-SNAPSHOT&lt;/version&gt;
        &lt;properties&gt;
            &lt;maven.compiler.source&gt;15&lt;/maven.compiler.source&gt;
            &lt;maven.compiler.target&gt;15&lt;/maven.compiler.target&gt;
        &lt;/properties&gt;
        &lt;build&gt;
            &lt;pluginManagement&gt;
                &lt;plugins&gt;
                    &lt;plugin&gt;
                        &lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
                        &lt;artifactId&gt;maven-compiler-plugin&lt;/artifactId&gt;
                        &lt;version&gt;3.8.1&lt;/version&gt;
                        &lt;configuration&gt;
                            &lt;source&gt;15&lt;/source&gt;
                            &lt;target&gt;15&lt;/target&gt;
                        &lt;/configuration&gt;
                    &lt;/plugin&gt;
                    &lt;plugin&gt;
                        &lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
                        &lt;artifactId&gt;maven-surefire-plugin&lt;/artifactId&gt;
                        &lt;version&gt;3.1.0&lt;/version&gt;
                        &lt;configuration&gt;
                            &lt;suiteXmlFiles&gt;
                                &lt;suiteXmlFile&gt;testng.xml&lt;/suiteXmlFile&gt;
                            &lt;/suiteXmlFiles&gt;
                        &lt;/configuration&gt;
                    &lt;/plugin&gt;
                &lt;/plugins&gt;
            &lt;/pluginManagement&gt;
        &lt;/build&gt;
        &lt;dependencies&gt;
            &lt;!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-java --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;io.cucumber&lt;/groupId&gt;
                &lt;artifactId&gt;cucumber-java&lt;/artifactId&gt;
                &lt;version&gt;7.0.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/io.appium/java-client --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;io.appium&lt;/groupId&gt;
                &lt;artifactId&gt;java-client&lt;/artifactId&gt;
                &lt;version&gt;8.5.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/org.json/json 20210307--&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.json&lt;/groupId&gt;
                &lt;artifactId&gt;json&lt;/artifactId&gt;
                &lt;version&gt;20220320&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.apache.logging.log4j&lt;/groupId&gt;
                &lt;artifactId&gt;log4j-core&lt;/artifactId&gt;
                &lt;version&gt;2.20.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.apache.logging.log4j&lt;/groupId&gt;
                &lt;artifactId&gt;log4j-api&lt;/artifactId&gt;
                &lt;version&gt;2.20.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/io.cucumber/cucumber-testng --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;io.cucumber&lt;/groupId&gt;
                &lt;artifactId&gt;cucumber-testng&lt;/artifactId&gt;
                &lt;version&gt;7.0.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/commons-codec/commons-codec --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;commons-codec&lt;/groupId&gt;
                &lt;artifactId&gt;commons-codec&lt;/artifactId&gt;
                &lt;version&gt;1.15&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/io.rest-assured/rest-assured --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;io.rest-assured&lt;/groupId&gt;
                &lt;artifactId&gt;rest-assured&lt;/artifactId&gt;
                &lt;version&gt;5.1.1&lt;/version&gt;
                &lt;scope&gt;test&lt;/scope&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/io.rest-assured/json-path (new) --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;io.rest-assured&lt;/groupId&gt;
                &lt;artifactId&gt;json-path&lt;/artifactId&gt;
                &lt;version&gt;5.1.1&lt;/version&gt;
                &lt;scope&gt;test&lt;/scope&gt;
            &lt;/dependency&gt;
    
            &lt;!-- https://mvnrepository.com/artifact/javax.json/javax.json-api --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.glassfish&lt;/groupId&gt;
                &lt;artifactId&gt;javax.json&lt;/artifactId&gt;
                &lt;version&gt;1.1.4&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/com.google.zxing/core --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;com.google.zxing&lt;/groupId&gt;
                &lt;artifactId&gt;core&lt;/artifactId&gt;
                &lt;version&gt;3.5.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/com.google.zxing/javase --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;com.google.zxing&lt;/groupId&gt;
                &lt;artifactId&gt;javase&lt;/artifactId&gt;
                &lt;version&gt;3.5.0&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/me.jvt.cucumber/reporting-plugin --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;me.jvt.cucumber&lt;/groupId&gt;
                &lt;artifactId&gt;reporting-plugin&lt;/artifactId&gt;
                &lt;version&gt;7.11.0&lt;/version&gt;
    &lt;!--            &lt;version&gt;7.0.0&lt;/version&gt;--&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-server --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.seleniumhq.selenium&lt;/groupId&gt;
                &lt;artifactId&gt;selenium-server&lt;/artifactId&gt;
                &lt;version&gt;3.141.59&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;!-- https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-java --&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.seleniumhq.selenium&lt;/groupId&gt;
                &lt;artifactId&gt;selenium-java&lt;/artifactId&gt;
                &lt;version&gt;4.9.1&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.openjfx&lt;/groupId&gt;
                &lt;artifactId&gt;javafx-controls&lt;/artifactId&gt;
                &lt;version&gt;19&lt;/version&gt;
            &lt;/dependency&gt;
            &lt;dependency&gt;
                &lt;groupId&gt;org.testng&lt;/groupId&gt;
                &lt;artifactId&gt;testng&lt;/artifactId&gt;
                &lt;version&gt;7.7.1&lt;/version&gt;
            &lt;/dependency&gt;
    
    
        &lt;/dependencies&gt;
    
    &lt;/project&gt;

**How do I make those warning go away ?**

</details>


# 答案1
**得分**: 2

你可以点击警告旁边的灯泡,第一个选项应该是:`inspection &lt;your warning&gt; options`。 点击进去,你可以选择在文件中抑制所有警告,或者选择适合你情况的其他选项。

你可以在[这里][1]了解更多。

但在抑制这些警告之前,它们存在的原因是有道理的,请做好尽职调查,然后决定是否要抑制它们或修复它们。


  [1]: https://www.jetbrains.com/help/idea/disabling-and-enabling-inspections.html#suppress-inspections

<details>
<summary>英文:</summary>

You can click on the light bulb next to the warning, the first option should be: `inspection &lt;your warning&gt; options`. Click on that and you can choose suppress all warnings in file, or whatever works best for your case.

You can read more [here][1].

But before suppressing these warnings, they exist in the first place for a reason, do your due diligence and decide afterwards if you want to suppress them or fix them.


  [1]: https://www.jetbrains.com/help/idea/disabling-and-enabling-inspections.html#suppress-inspections

</details>



huangapple
  • 本文由 发表于 2023年6月13日 03:21:47
  • 转载请务必保留本文链接:https://go.coder-hub.com/76459726.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定