spotless: spotlessXmlApply task is never completing
Running ./gradlew spotlessXmlApply the :spotlessXml task is never completing.
spotless {
xml {
eclipse()
}
}
This is a little bit of the output running with the gradle --info flag:
All projects evaluated.
Selected primary task ':spotlessXmlApply' from project :
Tasks to be executed: [task ':spotlessXml', task ':spotlessXmlApply']
:spotlessXml (Thread[Task worker for ':',5,main]) started.
> Task :spotlessXml
Caching disabled for task ':spotlessXml': Caching has not been enabled for the task
Task ':spotlessXml' is not up-to-date because:
No history is available.
All input files are considered out-of-date for incremental task ':spotlessXml'.
<-------------> 0% EXECUTING [1m 17s]
> :spotlessXml
After this, the process gets hung up.
Spotless version: 3.15.0.
------------------------------------------------------------
Gradle 4.10.1
------------------------------------------------------------
Build time: 2018-09-12 11:33:27 UTC
Revision: 76c9179ea9bddc32810f9125ad97c3315c544919
Kotlin DSL: 1.0-rc-6
Kotlin: 1.2.61
Groovy: 2.4.15
Ant: Apache Ant(TM) version 1.9.11 compiled on March 23 2018
JVM: 1.8.0_92 (Oracle Corporation 25.92-b14)
OS: Mac OS X 10.13.6 x86_64
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 18 (16 by maintainers)
Hold on. @fvgh. If you’re seeing HTTP get requests inside of your XML parser that means that the parser is vulnerable to XXE.
We need to fix this so that the spotless XML formatter is not making external entity requests.
We can’t have our linting infrastructure making web requests. Especially web requests over HTTP as those can be maliciously intercepted by a MITM.
Here’s an example where this has been a serious problem in the past.
https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/
CC: @nedtwigg