fix clashing dependencies

Fraunhofer-AISEC · Dec 13, 2023 · d46bcdc · d46bcdc
1 parent ee66096
commit d46bcdc
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/codyze-plugins/build.gradle.kts b/codyze-plugins/build.gradle.kts
@@ -3,12 +3,17 @@ plugins {
     id("publish")
 }
 
+repositories {
+    maven("https://dl.bintray.com/palantir/releases")
+}
+
 dependencies {
-    // FIXME conflicts in dependencies!!
-    //  e.g. both Spotbugs and PMD depend on Saxon-HE, so package signature does not match when PMD tries to call it
     implementation(libs.sarif4k)
     // https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs
-    implementation("com.github.spotbugs:spotbugs:4.8.2")
+    // it is necessary to exclude saxon because of conflicts with same transitive dependency in PMD
+    implementation("com.github.spotbugs:spotbugs:4.8.2") {
+        exclude(group = "net.sf.saxon", module = "Saxon-HE")
+    }
     // https://mvnrepository.com/artifact/net.sourceforge.pmd/
     implementation("net.sourceforge.pmd:pmd-core:7.0.0-rc4")
     implementation("net.sourceforge.pmd:pmd-java:7.0.0-rc4")

diff --git a/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/PMDExecutor.kt b/codyze-plugins/src/main/kotlin/de/fraunhofer/aisec/codyze/plugins/executor/PMDExecutor.kt
@@ -16,12 +16,9 @@ class PMDExecutor: Executor {
         config.isIgnoreIncrementalAnalysis = true
 
         // from https://github.com/pmd/pmd/tree/master/pmd-core/src/main/resources/
-        config.addRuleSet("src/main/resources/pmd-rulesets/all-java.xml");
+        config.addRuleSet("src/main/resources/pmd-rulesets/all-java.xml")
 
         val analysis = PmdAnalysis.create(config)
-        // TODO: fix error while parsing TlsServer.java
-        //  class "net.sf.saxon.om.ValueRepresentation"'s signer information does not match signer information of other classes in the same package
-        //  class "net.sf.saxon.value.UntypedAtomicValue"'s signer information does not match signer information of other classes in the same package
         analysis.performAnalysis()
     }
 }
diff --git a/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/PMDExecutorTest.kt b/codyze-plugins/src/test/kotlin/de/fraunhofer/aisec/codyze/executor/PMDExecutorTest.kt
@@ -28,7 +28,6 @@ class PMDExecutorTest {
             run.invocations!!.forEach { assertTrue { it.executionSuccessful } }
         }
 
-        // TODO - Find Fix for clashing dependencies
         // we expect 1 "AvoidPrintStackTrace" and 24 "SystemPrintln" results
         var results = run.results
         assertNotNull(results)