Merge branch 'selenium4' of https://github.com/qld-gov-au/seleniumHelper

pom.xml

@@ -95,14 +95,41 @@
 
         <dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.36</version></dependency>
         <dependency><groupId>com.google.guava</groupId><artifactId>guava</artifactId><version>31.1-jre</version></dependency>
-        <dependency><groupId>org.seleniumhq.selenium</groupId><artifactId>selenium-java</artifactId><version>3.141.59</version>
+        <!-- netty included manually due to clashes on convergences internal to selenium-java -->
+        <dependency><groupId>io.netty</groupId><artifactId>netty-codec-http</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-buffer</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-transport</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-handler</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-transport-native-epoll</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-common</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-transport-native-kqueue</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-codec</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-codec-socks</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>io.netty</groupId><artifactId>netty-handler-proxy</artifactId><version>4.1.76.Final</version></dependency>
+        <dependency><groupId>org.seleniumhq.selenium</groupId><artifactId>selenium-java</artifactId><version>4.1.4</version>
             <exclusions>
                 <exclusion><groupId>org.seleniumhq.selenium</groupId><artifactId>selenium-opera-driver</artifactId></exclusion>
-                <exclusion><groupId>com.google.guava</groupId><artifactId>guava</artifactId></exclusion></exclusions>
+                <exclusion><groupId>com.google.guava</groupId><artifactId>guava</artifactId></exclusion>
+                <exclusion><groupId>org.slf4j</groupId><artifactId>slf4j</artifactId></exclusion>
+                <exclusion><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId></exclusion>
+                <!-- netty miss match between remote driver and rest of selenium-java -->
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-common</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-codec-http</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-buffer</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-transport</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-handler</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-transport-native-epoll</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-transport-native-kqueue</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-codec</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-codec-socks</artifactId></exclusion>
+                <exclusion><groupId>io.netty</groupId><artifactId>netty-handler-proxy</artifactId></exclusion>
+        </exclusions>
         </dependency>
-        <dependency><groupId>net.sourceforge.htmlunit</groupId><artifactId>htmlunit</artifactId><version>2.61.0</version></dependency>
-        <dependency><groupId>org.seleniumhq.selenium</groupId><artifactId>htmlunit-driver</artifactId><version>2.56.0</version>
-            <exclusions><exclusion><groupId>net.sourceforge.htmlunit</groupId><artifactId>htmlunit</artifactId></exclusion></exclusions>
+        <dependency><groupId>org.seleniumhq.selenium</groupId><artifactId>htmlunit-driver</artifactId><version>3.61.0</version>
+            <exclusions>
+                <exclusion><groupId>org.seleniumhq.selenium</groupId><artifactId>selenium-api</artifactId></exclusion>
+                <exclusion><groupId>org.seleniumhq.selenium</groupId><artifactId>selenium-support</artifactId></exclusion>
+            </exclusions>
         </dependency>
         <dependency><scope>test</scope><groupId>junit</groupId><artifactId>junit</artifactId><version>4.13.2</version></dependency>
         <dependency><scope>test</scope><groupId>org.assertj</groupId><artifactId>assertj-core</artifactId><version>3.22.0</version></dependency>
@@ -462,6 +489,10 @@
                     <failBuildOnCVSS>2</failBuildOnCVSS>
                     <skip>${dependency.skip}</skip>
                     <bundleAuditAnalyzerEnabled>false</bundleAuditAnalyzerEnabled>
+                    <!-- .Disable Net content-->
+                    <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+                    <nugetconfAnalyzerEnabled>false</nugetconfAnalyzerEnabled>
+                    <nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
                 </configuration>
                 <executions>
                     <execution>

src/main/java/au/gov/qld/online/selenium/SeleniumHelper.java

@@ -30,9 +30,9 @@
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.text.SimpleDateFormat;
+import java.time.Duration;
 import java.util.*;
 import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.TimeUnit;
 
 import static org.openqa.selenium.Platform.MAC;
 import static org.openqa.selenium.Platform.WINDOWS;
@@ -59,6 +59,7 @@ public final class SeleniumHelper {
     /**
      * This cleans up anything that used this helper class
      */
+    @SuppressWarnings("PMD.UseTryWithResources") //can't as its a list opened in another place
     private static final Thread CLOSE_THREAD = new Thread() {
         @Override
         public void run() {
@@ -78,6 +79,8 @@ public void run() {
                         service.stop();
                     } catch (Exception e) {
                         LOGGER.error("exception on close", e);
+                    } finally {
+                        service.close();
                     }
                 }
             }
@@ -119,6 +122,7 @@ public static File getDestinationFolder() {
         return screenprintFolder;
     }
 
+    @SuppressWarnings("PMD.CloseResource") //CloseResource is done on CLOSE_THREAD
     public static synchronized WebDriverHolder getWebDriver(DriverTypes driverType) {
         //reuse any active session that was released
         for (String key: webDriverListReleased.keySet()) {
@@ -204,7 +208,7 @@ public static synchronized WebDriverHolder getWebDriver(DriverTypes driverType)
             }
 
             webDriver.manage().deleteAllCookies();
-            webDriver.manage().timeouts().pageLoadTimeout(360, TimeUnit.SECONDS);
+            webDriver.manage().timeouts().pageLoadTimeout(Duration.ofSeconds(360));
             webDriver.manage().window().maximize();
             Dimension maximizeDim = webDriver.manage().window().getSize();
             LOGGER.info("Size of screen. Height: " + maximizeDim.getHeight() + ", Width:" + maximizeDim.getWidth());
@@ -291,7 +295,8 @@ public static void forceClearAll(WebDriverHolder webDriverHolder) {
         WebDriver driver = webDriverHolder.getWebDriver();
         if (webDriverHolder.getBrowserName().equalsIgnoreCase(DriverTypes.CHROME.name())) {
             driver.navigate().to("chrome://settings/clearBrowserData");
-            WebDriverWait waiter = new WebDriverWait(driver, 30, 500);
+
+            WebDriverWait waiter = new WebDriverWait(driver, Duration.ofSeconds(30), Duration.ofSeconds(500));
             String ccs = "* /deep/ #clearBrowsingDataConfirm";
             waiter.until(ExpectedConditions.visibilityOfElementLocated(By.cssSelector(ccs)));
             driver.findElement(By.cssSelector("* /deep/ #clearBrowsingDataConfirm")).click();

src/qa/owasp-dependency-checker-suppressions.xml

@@ -2,28 +2,9 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
         <notes><![CDATA[
-   file name: okhttp-3.11.0.jar
-   ** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass
-   certificate pinning by changing SSLContext and the boolean values while hooking the application.
-   NOTE: This id is disputed because some parties don't consider this is a vulnerability.
-   Their rationale can be found in https://github.com/square/okhttp/issues/4967.
-   ]]></notes>
-        <gav regex="true">^com\.squareup\.okhttp3:okhttp:.*$</gav>
-        <cve>CVE-2018-20200</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
    file name: htmlunit-cssparser-1.12.0.jar, regex for cve CVE-2020-5529 is htmlunit* which hits cssparser
    ]]></notes>
         <packageUrl regex="true">^pkg:maven/net\.sourceforge\.htmlunit/htmlunit\-cssparser@.*$</packageUrl>
         <cpe>cpe:/a:htmlunit_project:htmlunit</cpe>
     </suppress>
-    <suppress>
-        <notes><![CDATA[
-   file name: htmlunit-driver-2.56.0.jar
-   cve is for neko-htmlunit-driver and flags seleniumhq driver instead, so false positive
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.seleniumhq\.selenium/htmlunit\-driver@.*$</packageUrl>
-        <cve>CVE-2022-29546</cve>
-    </suppress>
 </suppressions>