Skip to content

Gradle RAT: Add plainOutput, xmlOutput and htmlOutput options#2

Closed
eskatos wants to merge 1 commit into
apache:trunkfrom
eskatos:rat-gradle-txt-output
Closed

Gradle RAT: Add plainOutput, xmlOutput and htmlOutput options#2
eskatos wants to merge 1 commit into
apache:trunkfrom
eskatos:rat-gradle-txt-output

Conversation

@eskatos

@eskatos eskatos commented Sep 9, 2015

Copy link
Copy Markdown
Member

As requested in RAT-163, this pull-request contains changes to add RAT plain text output support.
BTW, xml & html output are now optional.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's an extremely expensive requirement for large code bases. We've seen with the RAT/gradle integration that the Samza team uses that it's definitely possible to generate multiple outputs from one run.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The plugin uses the report ant task that runs rat and produces a single output.

plainOutput = true triggers a rat run and output plain text report
xmlOutput = true triggers a rat run and output xml report
htmlOutput = true triggers xmlOutput and xsl the xml output to html report

Defaults are respectively false, true, true.
If you only need the plain text output set all theses to their opposite.

However, it could be possible to get all reports with a single rat run by rewriting the plugin to use the RAT api directly. Or should we propose an enhancement for rat ant tasks?

@eskatos

eskatos commented Nov 15, 2018

Copy link
Copy Markdown
Member Author

This is now 3 years old, closing as outdated

@eskatos eskatos closed this Nov 15, 2018
ottlinger pushed a commit that referenced this pull request Oct 20, 2023
potiuk added a commit to potiuk/creadur-rat that referenced this pull request Jun 27, 2026
…e labels

Answers Claudenw's review note (does apache#679 impact the XXE data-flow line?):
the §5a/§8 text already records that RAT disables external entities + the
apache#679 DOCTYPE hardening, but the data-flow diagram and the input/residual
tables still labelled XXE a bare "surface". Annotate those three labels with
the mitigation so the diagram is consistent with §5a/§8 apache#2.

Generated-by: Claude Opus 4.8 (1M context)
potiuk added a commit to potiuk/creadur-rat that referenced this pull request Jun 27, 2026
Consistency with THREAT_MODEL.md (§5a / §8 apache#2): since RAT-560 (apache#679) RAT
builds XML parsers via the hardened StandardXmlFactory (DOCTYPE + external
entities disabled), so XXE is actively prevented. Lead with that; keep the
operator-trusted-config argument as defense-in-depth.

Generated-by: Claude Opus 4.8 (1M context)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants