A simple example of some BDD-style automated acceptance criteria, running against http://automationpractice.com
Run the tests like this:
mvn clean aggregate
The reports will be generated in target/site/serenity
.
This is to test Serenity with Jbehave
License: The Unlicense
A simple example of some BDD-style automated acceptance criteria, running against http://automationpractice.com
Run the tests like this:
mvn clean aggregate
The reports will be generated in target/site/serenity
.
The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.
path: /root/.m2/repository/io/netty/netty/3.5.7.Final/netty-3.5.7.Final.jar
Dependency Hierarchy:
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
Publish Date: 2014-07-31
URL: CVE-2014-3488
Type: Change files
Origin: netty/netty@2fa9400
Release Date: 2014-06-10
Fix Resolution: Replace or update the following file: SslHandler.java
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/jqueryui/1.11.2-start/external/jquery/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js
Dependency Hierarchy:
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/datatables/1.10.4/media/js/jquery.js,/KiranSerenityJBehave/target/site/serenity/scripts/jquery-1.11.1.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/scripts/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.5.1/jquery.js
Dependency Hierarchy:
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/nivo-slider/3.2/demo/scripts/jquery-1.9.0.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js
Dependency Hierarchy:
In v2.2.4 and previous, a lowercasing logic was used on the attribute names and was removed in v3.0.0.
Because of this, boolean attributes whose names were not all lowercase cause infinite recursion, and will exceed the stack call limit.
Publish Date: 2017-04-15
URL: WS-2017-0195
Type: Change files
Origin: jquery/jquery@d12e13d
Release Date: 2016-05-29
Fix Resolution: Replace or update the following files: attr.js, attributes.js
Step up your Open Source Security Game with WhiteSource here
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.</p>
path: /root/.m2/repository/xerces/xercesImpl/2.11.0/xercesImpl-2.11.0.jar
Dependency Hierarchy:
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
Publish Date: 2013-07-23
URL: CVE-2013-4002
Type: Upgrade version
Origin: http://security.gentoo.org/glsa/glsa-201406-32.xml
Release Date: 2014-06-29
Fix Resolution: All IcedTea JDK users should upgrade to the latest version >= icedtea-bin-6.1.13.3
Step up your Open Source Security Game with WhiteSource here
XStream is a serialization library from Java objects to XML and back.
path: /root/.m2/repository/com/thoughtworks/xstream/xstream/1.4.9/xstream-1.4.9.jar
Library home page: http://x-stream.github.io/xstream
Dependency Hierarchy:
It was found that XStream would deserialize arbitrary user-supplied XML content, representing objects of any type
Publish Date: 2015-07-16
URL: CVE-2013-7285
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201612-35
Release Date: 2016-12-13
Fix Resolution: All XStream users should upgrade to the latest version >= xstream-1.4.8-r1
Step up your Open Source Security Game with WhiteSource here
Utility classes for Jetty
path: /root/.m2/repository/org/eclipse/jetty/jetty-util/9.2.15.v20160210/jetty-util-9.2.15.v20160210.jar
Library home page: http://www.eclipse.org/jetty
Dependency Hierarchy:
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Publish Date: 2017-06-16
URL: CVE-2017-9735
Base Score Metrics:
Type: Change files
Origin: jetty/jetty.project@f3751d7
Release Date: 2017-05-16
Fix Resolution: Replace or update the following file: Credential.java
Step up your Open Source Security Game with WhiteSource here
DataTables enhances HTML tables with the ability to sort, filter and page the data in the table very easily. It provides a comprehensive API and set of configuration options, allowing you to consume data from virtually any data source.
path: /KiranSerenityJBehave/target/site/serenity/datatables/1.10.4/media/js/jquery.dataTables.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.4/js/jquery.dataTables.min.js
Dependency Hierarchy:
DataTables enhances HTML tables with the ability to sort, filter and page the data in the table very easily. It provides a comprehensive API and set of configuration options, allowing you to consume data from virtually any data source.
path: /KiranSerenityJBehave/target/site/serenity/datatables/1.10.4/media/js/jquery.dataTables.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.4/js/jquery.dataTables.js
Dependency Hierarchy:
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Publish Date: 2017-05-08
URL: WS-2017-0234
Type: Change files
Origin: DataTables/DataTables@6f67df2
Release Date: 2015-11-06
Fix Resolution: Replace or update the following files: .datatables-commit-sync, jquery.dataTables.js, jquery.dataTables.min.js
Step up your Open Source Security Game with WhiteSource here
The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.
path: /root/.m2/repository/io/netty/netty/3.5.7.Final/netty-3.5.7.Final.jar
Dependency Hierarchy:
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
Publish Date: 2017-10-18
URL: CVE-2015-2156
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1222923
Fix Resolution: Upgrade to version netty 3.9.8.Final, netty 3.10.3.Final or greater
Step up your Open Source Security Game with WhiteSource here
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>
path: /root/.m2/repository/com/google/guava/guava/20.0/guava-20.0.jar
Library home page: https://github.com/google/guava/guava
Dependency Hierarchy:
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Publish Date: 2018-04-26
URL: CVE-2018-10237
Base Score Metrics:
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1041707
Fix Resolution: Red Hat has issued a fix.
The Red Hat advisory is available at:
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743
Step up your Open Source Security Game with WhiteSource here
Tree widget for jQuery
path: /KiranSerenityJBehave/target/site/serenity/jqtree/0.22/tree.jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqtree/0.22.0/tree.jquery.js
Dependency Hierarchy:
Versions 1.3.3 and below contain a cross site scripting vulnerability in the drag and drop functionality for modifying tree data. A node that contains a standard XSS vector will have its payload execute when a user attempts to drag a node to a different position in the hierarchy.
Publish Date: 2016-07-25
URL: WS-2016-0045
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/132
Release Date: 2016-07-25
Fix Resolution: Upgrade to 1.3.4 or later.
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/scripts/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.5.1/jquery.js
Dependency Hierarchy:
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Publish Date: 2013-03-08
URL: CVE-2011-4969
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1036620
Fix Resolution: The vendor has issued a fix (iLO 3, firmware version 1.88).
The vendor advisory is available at:
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05232730
Step up your Open Source Security Game with WhiteSource here
XStream is a serialization library from Java objects to XML and back.
path: /root/.m2/repository/com/thoughtworks/xstream/xstream/1.4.9/xstream-1.4.9.jar
Library home page: http://x-stream.github.io/xstream
Dependency Hierarchy:
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.
Publish Date: 2017-04-29
URL: CVE-2017-7957
Base Score Metrics:
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1039499
Fix Resolution: IBM has issued a fix (8.5.3 Fix Pack 6 Interim Fix 15, 9.0.1 Feature Pack 9).
The IBM advisory is available at:
Step up your Open Source Security Game with WhiteSource here
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
path: /root/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
Library home page: http://commons.apache.org/proper/commons-codec/
Dependency Hierarchy:
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
path: /KiranSerenityJBehave/target/site/serenity/bootstrap/js/bootstrap.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.0/js/bootstrap.js
Dependency Hierarchy:
XSS in data-target in bootstrap (3.3.7 and before)
Publish Date: 2017-06-27
URL: WS-2018-0021
Type: Change files
Origin: twbs/bootstrap@d9be1da
Release Date: 2017-08-25
Fix Resolution: Replace or update the following files: alert.js, carousel.js, collapse.js, dropdown.js, modal.js
Step up your Open Source Security Game with WhiteSource here
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.
path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.48/bcprov-jdk15on-1.48.jar
Library home page: http://www.bouncycastle.org/java.html
Dependency Hierarchy:
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Publish Date: 2015-11-09
URL: CVE-2015-7940
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1037046
Fix Resolution: The vendor has issued a fix as part of the October 2016 Oracle Critical Patch Update.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Step up your Open Source Security Game with WhiteSource here
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.
path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.48/bcprov-jdk15on-1.48.jar
Library home page: http://www.bouncycastle.org/java.html
Dependency Hierarchy:
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later.
Publish Date: 2018-07-09
URL: CVE-2018-1000613
Base Score Metrics:
Type: Change files
Origin: bcgit/bc-java@4092ede#diff-2c06e2edef41db889ee14899e12bd574
Release Date: 2018-03-03
Fix Resolution: Replace or update the following files: XMSSMTPrivateKeyParameters.java, XMSSPrivateKeyParameters.java, BCXMSSMTPrivateKey.java, XMSSUtil.java, RainbowParameters.java, GF2nField.java, GMSSKeyPairGenerator.java, BCXMSSPrivateKey.java, XMSSMTPrivateKeyTest.java
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/scripts/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.5.1/jquery.js
Dependency Hierarchy:
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Change files
Origin: jquery/jquery@05531fc
Release Date: 2012-12-13
Fix Resolution: Replace or update the following files: selector.js, traversing.js, core.js, sizzle, core.js
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/jqueryui/1.11.2-start/external/jquery/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js
Dependency Hierarchy:
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/datatables/1.10.4/media/js/jquery.js,/KiranSerenityJBehave/target/site/serenity/scripts/jquery-1.11.1.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/scripts/jquery.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.5.1/jquery.js
Dependency Hierarchy:
JavaScript library for DOM operations
path: /KiranSerenityJBehave/target/site/serenity/nivo-slider/3.2/demo/scripts/jquery-1.9.0.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js
Dependency Hierarchy:
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Change files
Origin: jquery/jquery@b078a62#diff-bee4304906ea68bebadfc11be4368419
Release Date: 2015-10-12
Fix Resolution: Replace or update the following files: script.js, ajax.js, ajax.js
Step up your Open Source Security Game with WhiteSource here
Hibernate's Bean Validation (JSR-303) reference implementation.
path: /root/.m2/repository/org/hibernate/hibernate-validator/5.1.1.Final/hibernate-validator-5.1.1.Final.jar
Dependency Hierarchy:
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Publish Date: 2014-09-30
URL: CVE-2014-3558
Type: Upgrade version
Origin: https://hibernate.atlassian.net/browse/HV-912
Release Date: 2014-07-25
Fix Resolution: Upgrade to version 4.3.2.Final, 4.2.1.Final, 5.1.2.Final, 5.2.0.Alpha1 or greater
Step up your Open Source Security Game with WhiteSource here
Utility classes for Jetty
path: /root/.m2/repository/org/eclipse/jetty/jetty-util/9.2.15.v20160210/jetty-util-9.2.15.v20160210.jar
Library home page: http://www.eclipse.org/jetty
Dependency Hierarchy:
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Publish Date: 2017-04-13
URL: CVE-2016-4800
Base Score Metrics:
Type: Change files
Origin: jetty/jetty.project@97af3d6#diff-3f826383561a9af15d610a1aa21187d9
Release Date: 2016-05-13
Fix Resolution: Replace or update the following files: ContextHandlerGetResourceTest.java, PathResource.java, AllowSymLinkAliasChecker.java, FileResource.java, AsyncMiddleManServletTest.java, URIUtil.java, GracefulStopTest.java, FileSystemResourceTest.java
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.