Makefile


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

default: javadoc runtests findbugs

help:
	@echo "Usage: make [<target> ...]"
	@echo ""
	@echo "Targets include:"
	@echo "  help      - Displays this message."
	@echo "  ----------- QUICK"
	@echo "  clean     - Delete all built files."
	@echo "  default   - Build documentation&classes, and run checks."
	@echo "              The output will be available under out/."
	@echo "  ----------- DIAGNOSTIC"
	@echo "  classes   - Put Java .class files under out/."
	@echo "  tests     - Compile tests."
	@echo "  runtests  - Runs tests.  Some require a network connection."
	@echo "  coverage  - Runs tests and generates a code coverage report."
	@echo "  findbugs  - Runs a code quality tool.  Slow."
	@echo "  benchmark - Times the sanitizer against a tree builder."
	@echo "  profile   - Profiles the benchmark."
	@echo "  ----------- ARTIFACTS"
	@echo "  distrib   - Build everything and package it into JARs."
	@echo "              Requires an svn executable on PATH."
	@echo "  release   - Additionally, cut a new Maven version."
	@echo "              Should be run from client that has sibling"
	@echo "              directories of trunk checked out."
	@echo "  download  - Bundle docs, externally required jars, and"
	@echo "              license files into a zip file suitable for"
	@echo "              the code.google site downloads."
	@echo ""
	@echo "For more verbose test runner output, do"
	@echo "  make VERBOSE=1 runtests"
	@echo ""
	@echo "To run tests with assertions on, do"
	@echo "  make NOASSERTS=1 runtests"

SHELL=/bin/bash
CLASSPATH=lib/guava-libraries/guava.jar:lib/jsr305/jsr305.jar
TEST_CLASSPATH=$(CLASSPATH):lib/htmlparser-1.3/htmlparser-1.3.jar:lib/junit/junit.jar:lib/commons-codec-1.4/commons-codec-1.4.jar:benchmark-data
JAVAC_FLAGS=-source 1.5 -target 1.5 -Xlint -encoding UTF-8
TEST_RUNNER=junit.textui.TestRunner
JASSERTS=-ea
# Run tests in the Turkish locale to trigger any extra-case-folding-rule bugs
# http://www.moserware.com/2008/02/does-your-code-pass-turkey-test.html
TURKEYTEST=-Duser.counter=TR -Duser.language-tr

ifdef VERBOSE
override TEST_RUNNER=org.owasp.html.VerboseTestRunner
endif

ifdef NOASSERTS
override JASSERTS=
endif

out:
	mkdir -p out

out/classes: out
	mkdir -p out/classes

out/genfiles: out
	mkdir -p out/genfiles

clean:
	rm -rf out

classes: out/classes.tstamp
out/classes.tstamp: out/classes src/main/org/owasp/html/*.java
	javac -g ${JAVAC_FLAGS} -classpath ${CLASSPATH} -d out/classes \
	  $$(echo $^ | tr ' ' '\n' | egrep '\.java$$')
	touch out/classes.tstamp

examples: out/examples.tstamp
out/examples.tstamp: out/classes.tstamp src/main/org/owasp/html/examples/*.java
	javac -g ${JAVAC_FLAGS} -classpath ${CLASSPATH}:out/classes \
	  -d out/classes \
	  $$(echo $^ | tr ' ' '\n' | egrep '\.java$$')
	touch out/examples.tstamp

# Depends on all java files under tests.
tests: out/tests.tstamp
out/tests.tstamp: out/classes.tstamp out/genfiles.tstamp out/examples.tstamp src/tests/org/owasp/html/*.java
	javac -g ${JAVAC_FLAGS} \
          -classpath out/classes:out/genfiles:${TEST_CLASSPATH} \
	  -d out/classes \
	  $$((echo $^; find out/genfiles -type f) | tr ' ' '\n' | \
	     egrep '\.java$$')
	touch out/tests.tstamp

out/genfiles.tstamp: out/genfiles/org/owasp/html/AllExamples.java out/genfiles/org/owasp/html/AllTests.java
	touch out/genfiles.tstamp
out/genfiles/org/owasp/html/AllTests.java: src/tests/org/owasp/html/*Test.java
	mkdir -p "$$(dirname $@)"
	(echo 'package org.owasp.html;'; \
         echo 'import junit.framework.Test;'; \
         echo 'import junit.framework.TestSuite;'; \
	 echo 'public class AllTests {'; \
	 echo '  public static Test suite() {'; \
	 echo '    TestSuite suite = new TestSuite();'; \
	 echo $^ | tr ' ' '\n' | perl -pe \
	   's#^src/tests/#      suite.addTestSuite(#; s#\.java$$#.class);#g; \
	    s#/#.#g;'; \
	 echo '    return suite;'; \
	 echo '  }'; \
	 echo '}'; \
	) > $@

out/genfiles/org/owasp/html/AllExamples.java: src/main/org/owasp/html/examples/*.java
	mkdir -p "$$(dirname $@)"
	(echo 'package org.owasp.html;'; \
	 echo 'final class AllExamples {'; \
	 echo '  static final Class<?>[] CLASSES = {'; \
	 echo $^ | tr ' ' '\n' | perl -pe \
	   's#^src/main/#      #; s#\.java$$#.class,#g; \
	    s#/#.#g;'; \
	 echo '  };'; \
	 echo '}'; \
	) > $@

runtests: tests
	java ${TURKEYTEST} ${JASSERTS} \
	    -classpath out/classes:src/tests:${TEST_CLASSPATH} \
	    ${TEST_RUNNER} org.owasp.html.AllTests

coverage: tests
	java ${JASSERTS} -cp tools/emma/lib/emma.jar:lib/guava-libraries/guava.jar:lib/jsr305/jsr305.jar:lib/htmlparser-1.3/htmlparser-1.3.jar:lib/commons-codec-1.4/commons-codec-1.4.jar:benchmark-data \
	  -Demma.report.out.file=out/coverage/index.html \
	  -Demma.report.out.encoding=UTF-8 \
	  emmarun \
	  -r html \
	  -cp out/classes:src/tests:lib/junit/junit.jar \
	  -sp src/main:src/tests:out/genfiles \
	  -f \
	  -ix '-junit.*' \
	  -ix '-org.junit.*' \
	  -ix '-org.hamcrest.*' \
	  ${TEST_RUNNER} \
	  org.owasp.html.AllTests

# Runs findbugs to identify problems.
findbugs: out/findbugs.txt
	cat $^
out/findbugs.txt: out/tests.tstamp
	find out/classes/org -type d | \
	  xargs tools/findbugs/bin/findbugs -textui -effort:max \
	  -auxclasspath ${TEST_CLASSPATH} > $@

# Runs a benchmark that compares performance.
benchmark: out/tests.tstamp
	java -cp ${TEST_CLASSPATH}:out/classes \
	  org.owasp.html.Benchmark benchmark-data/Yahoo\!.html

# Profiles the benchmark.
profile: out/java.hprof.txt
out/java.hprof.txt: out/tests.tstamp
	java -cp ${TEST_CLASSPATH}:out/classes -agentlib:hprof=cpu=times,format=a,file=out/java.hprof.txt,lineno=y,doe=y org.owasp.html.Benchmark benchmark-data/Yahoo\!.html s

# Builds the documentation.
javadoc: out/javadoc.tstamp
out/javadoc.tstamp: src/main/org/owasp/html/*.java src/main/org/owasp/html/examples/*.java
	mkdir -p out/javadoc
	javadoc -locale en -d out/javadoc \
	  -notimestamp \
	  -charset UTF-8 \
	  -classpath ${CLASSPATH} \
	  -use -splitIndex \
	  -windowtitle 'OWASP Java HTML Sanitizer' \
	  -doctitle 'OWASP Java HTML Sanitizer' \
	  -header '<a href="http://code.google.com/p/owasp-java-html-sanitizer" target=_top>code.google.com home</a>' \
	  -J-Xmx250m -nohelp -sourcetab 8 -docencoding UTF-8 -protected \
	  -encoding UTF-8 -author -version $^ \
	&& touch out/javadoc.tstamp

# Packages the documentation, and libraries in the distrib directory,
# and creates a script containing svn commands to commit those changes.
distrib: out/run_me_before_committing_release.sh
out/run_me_before_committing_release.sh: clean out/staging.tstamp
	tools/update_tree_in_svn.py out/staging distrib > $@
	chmod +x $@
out/staging.tstamp: out/javadoc.tstamp out/classes.tstamp
	mkdir -p out/staging
	echo Copying Javadoc
	rm -rf out/staging/javadoc
	cp -r out/javadoc out/staging/javadoc
	echo Suppressing spurious Javadoc diffs
	for doc_html in $$(find out/staging/javadoc -name \*.html); do \
	  perl -i -pe 's/<!-- Generated by javadoc .+?-->//; s/<META NAME="date" CONTENT="[^"]*">//' "$$doc_html"; \
	done
	echo Linking required jars
	mkdir -p out/staging/lib
	for jar in $$(echo ${CLASSPATH} | tr : ' '); do \
	  cp "$$jar" out/staging/lib/; \
	  cp "$$(dirname $$jar)"/COPYING out/staging/lib/"$$(basename $$jar .jar)"-COPYING; \
	done
	echo Bundling compiled classes
	jar cf out/staging/lib/owasp-java-html-sanitizer.jar -C out/classes org
	echo Bundling sources and docs
	for f in $$(find src/main -name \*.java); do \
	  mkdir -p out/staging/"$$(dirname $$f)"; \
	  cp "$$f" out/staging/"$$f"; \
	done
	jar cf out/staging/lib/owasp-java-html-sanitizer-sources.jar -C out/staging/src/main org
	jar cf out/staging/lib/owasp-java-html-sanitizer-javadoc.jar -C out javadoc
	rm -rf out/staging/src
	cp COPYING out/staging/lib/owasp-java-html-sanitizer-COPYING
	touch $@

# Packages the distrib jars into the maven directory which is a sibling of
# trunk.
release: out/run_me_before_committing_maven.sh
out/run_me_before_committing_maven.sh: distrib
	tools/cut_release.py > $@
	chmod +x $@

download: out/owasp-java-html-sanitizer.zip
out/zip.tstamp: out/staging.tstamp
	rm -f out/zip/owasp-java-html-sanitizer
	mkdir -p out/zip/owasp-java-html-sanitizer
	cp -r out/staging/lib out/staging/javadoc \
	    out/zip/owasp-java-html-sanitizer/
	touch $@
out/owasp-java-html-sanitizer.zip: out/zip.tstamp
	jar cMf out/owasp-java-html-sanitizer.zip \
	    -C out/zip owasp-java-html-sanitizer