Merge pull request diffblue#375 from diffblue/improved_dspace_benchmark_install_guide

marek-trtik · web-flow · commit c9470b728e3a · 2018-04-12T14:39:18.000+01:00
SEC-331: Improved DSpace install guide.
diff --git a/benchmarks/GENUINE/README.txt b/benchmarks/GENUINE/README.txt
@@ -61,24 +61,46 @@ Contributors: 107
 Install guide for Ubuntu:
 
 1. Open a terminal in the directory of this readme file and clone DSpace:
-      git clone https://github.com/DSpace/DSpace
-2. Enter the directory "DSpace" and type the following command:
+        git clone https://github.com/DSpace/DSpace
+2. (Optional) Checkout commit:
+        git checkout ed7d2980e264901bb60c63da183d620d49772f3e
+   and in the file:
+        <this-dir>/DSpace/build.properties
+   update the variable 'dspace.install.dir' as follows:
+        dspace.install.dir=<this-dir>/DSpace/__dist__
+   where <this-dir> a full pathname of the directory of this README.txt file.
+   The checkout will give you a version with a fixed XSS issue. In order to
+   return the XSS issue back comment out lines 94-108 in file:
+        <this-dir>/DSpace/dspace-jspui/src/main/java/org/dspace/app/webui/servlet/AbstractBrowserServlet.java
+   (NOTE: you can also check out the previous commit; but was not tested)
+   And continue with step 4 (i.e. skip 3).
+3. Copy file:
+        <this-dir>/DSpace/dspace/config/local.cfg.EXAMPLE
+   to:
+        <this-dir>/DSpace/dspace/config/local.cfg
+   and set there the variable 'dspace.dir' as follows:
+        dspace.dir=<this-dir>/DSpace/__dist__
+   where <this-dir> a full pathname of the directory of this README.txt file.
+4. Enter the directory '<this-dir>/DSpace' and type the following command:
       mvn clean package
-
-The built binaries will be stored in:
-    "dspace",
-    "dspace-api",
-    "dspace-jspui",
-    "dspace-oai",
-    "dspace-rdf",
-    "dspace-rest",
-    "dspace-services",
-    "dspace-solr",
-    "dspace-sword",
-    "dspace-swordv2",
-    "dspace-xmlui",
-    "dspace-xmlui-mirage2"
-
+5. Enter the directory '<this-dir>/DSpace/dspace/target/dspace-installer'
+   and type the following commands:
+        ant init_installation
+        ant init_configs
+        ant install_code
+        ant copy_webapps
+
+The built webapps of DSpace will be installed under directory:
+        <this-dir>/DSpace/__dist__/webapps
+
+Here are commits where a XSS bug was fixed:
+    - ed7d2980e264901bb60c63da183d620d49772f3e
+        - [DS-2044] fix cross-site scripting vulnerability and minor related issue
+          (verbose error output, avoid NPE on JSP during an attack)
+        - There are modified 2 java sources and 4 JSP sources
+    - 5aa9ce16f07450324bd3302b5e3147915795cc92
+        - DS-1702 add code to prevent XSS attach on recent submission
+        - There are modified 3 JSP sources
 
 (3) encuestame
 --------------
