Merge branch 'master' into tests-fixes-universal

annot/src/main/java/com/predic8/membrane/annot/generator/HelpReference.java

@@ -18,16 +18,19 @@
 
 import javax.annotation.processing.*;
 import javax.lang.model.element.*;
+import javax.tools.Diagnostic;
+import javax.tools.FileObject;
+import javax.tools.StandardLocation;
 import javax.xml.stream.*;
 import javax.xml.transform.*;
 import javax.xml.transform.stream.*;
 import java.io.*;
+import java.nio.file.*;
 import java.util.*;
 
 import static java.util.Comparator.*;
 
 public class HelpReference {
-
 	private final ProcessingEnvironment processingEnv;
 
 	private XMLStreamWriter xew;
@@ -39,21 +42,19 @@ public HelpReference(ProcessingEnvironment processingEnv) {
 
 	public void writeHelp(Model m) {
 		try {
-			String path = System.getenv("MEMBRANE_GENERATE_DOC_DIR");
-			if (path == null)
-				return;
-			path = path.replace("%VERSION%", "5.1");
-
-			System.out.println("Generating Reference in location: " + path);
-
 			sw = new StringWriter();
 			XMLOutputFactory output = XMLOutputFactory.newInstance();
 			xew = output.createXMLStreamWriter(sw);
 			xew.writeStartDocument();
 			handle(m);
 			xew.writeEndDocument();
 
-			System.out.println(sw.toString());
+			String path = System.getenv("MEMBRANE_GENERATE_DOC_DIR");
+			if (path == null)
+				return;
+			path = path.replace("%VERSION%", "5.1");
+
+			System.out.println("Generating Reference in location: " + path);
 
 			writeFiles(m, path);
 
@@ -64,13 +65,25 @@ public void writeHelp(Model m) {
 
 	}
 
-	private void writeFiles(Model m, String path) throws TransformerException {
+	private void writeFiles(Model m, String path) throws TransformerException, IOException {
 		// indent
 		TransformerFactory factory = TransformerFactory.newInstance();
 		Transformer transformer = factory.newTransformer();
 		transformer.setOutputProperty(OutputKeys.INDENT, "yes");
 		transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
-		transformer.transform(new StreamSource(new StringReader(sw.toString())), new StreamResult(new File(path + "/" + getFileName(m) + ".xml")));
+
+		String xml = sw.toString();
+		try {
+			transformer.transform(new StreamSource(new StringReader(xml)), new StreamResult(new File(path + "/" + getFileName(m) + ".xml")));
+		} catch (Exception e) {
+			FileObject docPath = processingEnv.getFiler().createResource(StandardLocation.CLASS_OUTPUT, "", "error-doc.xml");
+			try (Writer w = docPath.openWriter()) {
+				w.write(xml);
+			}
+
+			processingEnv.getMessager().printMessage(Diagnostic.Kind.ERROR, "Error parsing generated XML in " + docPath.getName() + " " + e.getMessage());
+		}
+
 	}
 
 	private String getFileName(Model m) {

annot/src/main/java/com/predic8/membrane/annot/model/doc/Doc.java

@@ -57,8 +57,8 @@ public Entry(String key, String value) {
 					}
 				}
 			} catch (XMLStreamException f) {
-				value = "";
-				processingEnv.getMessager().printMessage(Kind.WARNING, f.getMessage(), e);
+				this.value = "";
+				processingEnv.getMessager().printMessage(Kind.ERROR, f.getMessage().replaceAll("[\\r\\n]", ""), e);
 			}
 		}
 

core/src/main/java/com/predic8/membrane/core/graphql/GraphQLProtectionInterceptor.java

@@ -14,47 +14,43 @@
 
 package com.predic8.membrane.core.graphql;
 
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.Lists;
-import com.predic8.membrane.annot.MCAttribute;
-import com.predic8.membrane.annot.MCElement;
-import com.predic8.membrane.core.exchange.Exchange;
+import com.fasterxml.jackson.core.*;
+import com.fasterxml.jackson.databind.*;
+import com.google.common.collect.*;
+import com.predic8.membrane.annot.*;
+import com.predic8.membrane.core.exchange.*;
 import com.predic8.membrane.core.graphql.model.*;
 import com.predic8.membrane.core.http.*;
-import com.predic8.membrane.core.interceptor.AbstractInterceptor;
-import com.predic8.membrane.core.interceptor.Outcome;
-import com.predic8.membrane.core.util.TextUtil;
-import com.predic8.membrane.core.util.URLParamUtil;
-import jakarta.mail.internet.ContentType;
-import jakarta.mail.internet.ParseException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.ByteArrayInputStream;
-import java.security.InvalidParameterException;
+import com.predic8.membrane.core.interceptor.*;
+import com.predic8.membrane.core.util.*;
+import jakarta.mail.internet.*;
+import org.slf4j.*;
+
+import java.io.*;
+import java.security.*;
 import java.util.*;
 
-import static com.fasterxml.jackson.core.JsonParser.Feature.STRICT_DUPLICATE_DETECTION;
-import static com.fasterxml.jackson.databind.DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY;
-import static com.google.common.collect.Iterables.getOnlyElement;
-import static com.predic8.membrane.core.util.URLParamUtil.DuplicateKeyOrInvalidFormStrategy.ERROR;
-import static java.nio.charset.StandardCharsets.UTF_8;
+import static com.fasterxml.jackson.core.JsonParser.Feature.*;
+import static com.fasterxml.jackson.databind.DeserializationFeature.*;
+import static com.predic8.membrane.core.util.URLParamUtil.DuplicateKeyOrInvalidFormStrategy.*;
+import static java.nio.charset.StandardCharsets.*;
 
 /**
  * @description
  * Check GraphQL-over-HTTP requests, enforcing several limits and/or restrictions. This effectively helps to reduce
  * the attack surface.
  * <p>
  * GraphQL Specification "October2021" is used. (But GraphQL only covers formulation of Documents/Queries.)
+ * </p>
  * <p>
  * GraphQL-over-HTTP, which specifies how to submit GraphQL queries via HTTP, has not been released/finalized yet. We
  * therefore use Version
  * <a href="https://github.com/graphql/graphql-over-http/blob/a1e6d8ca248c9a19eb59a2eedd988c204909ee3f/spec/GraphQLOverHTTP.md">a1e6d8ca</a>.
+ * </p>
  * <p>
  * Only GraphQL documents conforming to the 'ExecutableDocument' of the grammar are allowed: This includes the usual
  * 'query', 'mutation', 'subscription' and 'fragment's.
+ * </p>
  */
 @MCElement(name = "graphQLProtection")
 public class GraphQLProtectionInterceptor extends AbstractInterceptor {

core/src/main/java/com/predic8/membrane/core/interceptor/groovy/GroovyTemplateInterceptor.java

@@ -44,6 +44,8 @@
  * The word "spring" refers to the Spring ApplicationContext.
  * The word "exc" refers to the Membrane Exchange being handled.
  * The word "flow" refers to the current Membrane Flow (=REQUEST).
+ * </p>
+ *
  * @topic 4. Interceptors/Features
  */
 @MCElement(name = "groovyTemplate", mixed = true)

core/src/main/java/com/predic8/membrane/core/interceptor/json/JsonProtectionInterceptor.java

@@ -294,6 +294,7 @@ public int getMaxStringLength() {
      * <p>
      * The maximum string length also affects keys ("abcd", "ijkl", "qrst" and "uvwx" in the example). The keys can be
      * also limited by the separate property maxKeyLength. The stricter limit applies.
+     * </p>
      * @default 262144
      * @param maxStringLength
      */
@@ -313,6 +314,7 @@ public int getMaxKeyLength() {
      * <p>
      * The maximum key length also affects strings ("abcd", "ijkl", "qrst" and "uvwx" in the example). The strings can be
      * also limited by the separate property maxStringLength. The stricter limit applies.
+     * </p>
      * @default 256
      * @param maxKeyLength
      */

core/src/main/java/com/predic8/membrane/core/interceptor/kubernetes/KubernetesValidationInterceptor.java

@@ -48,14 +48,17 @@
  * <p>
  * To create the CustomResourceDefinitions, apply kubernetes-config.yaml from
  * core/target/classes/com/predic8/membrane/core/config/kubernetes/ or a part (e.g. the 'serviceproxies' CRD) of the file.
+ * </p>
  * <p>
  * Create a key and certificate for TLS for <a href="https://membrane-validator.membrane-soa.svc:444/">https://membrane-validator.membrane-soa.svc:444/</a> and setup Membrane to serve
  * this address. The configuration shown below configures Membrane on a fixed IP address outside of the Kubernetes cluster,
  * but this is no requirement.
+ * </p>
  * <p>
  * Embed the following serviceProxy and adjust the 'resources' attribute to a comma-separated list of CRDs that you applied.
  * Note that while the CRDs have plural names, here you need to use the corresponding singular. Configure the "ssl" section
  * using your key and certificate.
+ * </p>
  * <code>
  *    &gt;serviceProxy port="444">
  *      &gt;ssl>
@@ -78,7 +81,7 @@
  * <p>
  * Now register a Webhook to validate the new CRDs. (A note to the experts: Membrane's validation schemas are too
  * complex to fit into the CRD, because they are highly nestable and self-referencing. We therefore use webhooks.)
- * <p>
+ * </p>
  * <code>
  * apiVersion: admissionregistration.k8s.io/v1
  * kind: ValidatingWebhookConfiguration
@@ -101,16 +104,12 @@
  *         port: 444
  *       caBundle: LS0t...LQ0K        # base64 encoded, PEM-formatted CA certificate
  *     sideEffects: None
- * <p>
  * ---
- * <p>
  * apiVersion: v1
  * kind: Namespace
  * metadata:
  *   name: membrane-soa
- * <p>
  * ---
- * <p>
  * apiVersion: v1
  * kind: Service
  * metadata:
@@ -119,9 +118,7 @@
  * spec:
  *   ports:
  *     - port: 444
- * <p>
  * ---
- * <p>
  * apiVersion: v1
  * kind: Endpoints
  * metadata:
@@ -135,7 +132,7 @@
  * </code>
  * <p>
  * Once this setup is complete, you can enable serviceProxies like this:
- * <p>
+ * </p>
  * <code>
  * apiVersion: membrane-soa.org/v1beta1
  * kind: serviceproxy

core/src/main/java/com/predic8/membrane/core/interceptor/misc/ReturnInterceptor.java

@@ -34,10 +34,13 @@
  * <p>
  * 1. If there is already a response in the exchange, that response is returned
  * 2. If there is no response in the exchange, the body and contentType of the request is copied into a new response.
+ * </p>
  * <p>
  * The options statusCode and contentType will overwrite the values from the messages.
+ * </p>
  * <p>
  * This plugin is useful together with the template plugin. See examples/template.
+ * </p>
  * @topic 4. Interceptors/Features
  */
 @MCElement(name = "return")

core/src/main/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptor.java

@@ -45,7 +45,7 @@
  * <p>
  * The X-Forwarded-For header can only be trusted when a trustworthy reverse proxy or load balancer is between the client and server. The gateway not should be
  * reachable directly. Only activate this feature when you know what you are doing.
- * <p>
+ * </p>
  * @see <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For">X-Forwarded-For @Mozilla</a>
  */
 @MCElement(name = "rateLimiter")

core/src/main/java/com/predic8/membrane/core/rules/SwaggerProxy.java

@@ -13,8 +13,6 @@
    limitations under the License. */
 package com.predic8.membrane.core.rules;
 
-//import io.swagger.models.Swagger;
-//import io.swagger.parser.SwaggerParser;
 import com.predic8.membrane.core.interceptor.swagger.OpenAPIAdapter;
 import com.predic8.membrane.core.interceptor.swagger.SwaggerAdapter;
 import com.predic8.membrane.core.interceptor.swagger.SwaggerCompatibleOpenAPI;