Add .gitattributes file to manage line endings on different platforms

and apply this config to all files in this repo.

Author: Dave Wichers

.gitattributes

@@ -0,0 +1,38 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files we want normalized, but converted to
+# native line endings on checkout.
+.gitignore
+LICENSE
+*.code
+*.css
+*.csv
+*.html
+*.java
+*.js
+*.map
+*.md
+*.txt
+*.xml
+*.xsd
+*.MF
+*.URL
+
+# Declare files that will always have CRLF line endings on checkout.
+*.{cmd,[cC][mM][dD]} text eol=crlf
+*.{bat,[bB][aA][tT]} text eol=crlf
+
+# Declare files that will always have LF line endings on checkout.
+*.sh text eol=lf
+
+# Denote all files that are truly binary and should not be modified.
+.keystore binary
+*.eot binary
+*.jar binary
+*.jpg binary
+*.png binary
+*.svg binary
+*.ttf binary
+*.woff binary
+*.woff2 binary

OWASP Benchmark.URL

@@ -1,6 +1,6 @@
-[InternetShortcut]
-URL=https://localhost:8443/benchmark/
-IDList=
-HotKey=0
-IconFile=./src/main/webapp/favicon.ico
-IconIndex=0
+[InternetShortcut]
+URL=https://localhost:8443/benchmark/
+IDList=
+HotKey=0
+IconFile=./src/main/webapp/favicon.ico
+IconIndex=0

results/Benchmark_1.2-ZAPweekly-20160905.xml

@@ -1 +1 @@
-<?xml version="1.0" encoding="UTF-8"?><note><to>Tove</to><from>Jani</from><heading>Reminder</heading><body>Don't forget me this weekend!</body></note>
+<?xml version="1.0" encoding="UTF-8"?><note><to>Tove</to><from>Jani</from><heading>Reminder</heading><body>Don't forget me this weekend!</body></note>

src/config/note.xml

@@ -1,58 +1,58 @@
-/**
-* OWASP Benchmark Project
-*
-* This file is part of the Open Web Application Security Project (OWASP)
-* Benchmark Project For details, please see
-* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
-*
-* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
-* of the GNU General Public License as published by the Free Software Foundation, version 2.
-*
-* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
-* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details
-*
-* @author Dave Wichers
-* @created 2015
-*/
-
-package org.owasp.benchmark.helpers;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-public class SeparateClassRequest {
-	private HttpServletRequest request;
-	
-
-	public SeparateClassRequest( HttpServletRequest request ) {
-		this.request = request;
-	}
-	
-	public String getTheParameter(String p) {
-		return request.getParameter(p);
-	}
-	
-	public String getTheCookie(String c) {
-		Cookie[] cookies = request.getCookies();
-		
-		String value = "";
-		
-		if (cookies != null) {
-			for (Cookie cookie : cookies) {
-				if (cookie.getName().equals(c)) {
-					value = cookie.getValue();
-					break;
-				}
-			}
-		} 
-		
-		return value;
-	}
-	
-	// This method is a 'safe' source.
-	public String getTheValue(String p) {
-		return "bar";
-	}
-	
-}
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Dave Wichers
+* @created 2015
+*/
+
+package org.owasp.benchmark.helpers;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+public class SeparateClassRequest {
+	private HttpServletRequest request;
+	
+
+	public SeparateClassRequest( HttpServletRequest request ) {
+		this.request = request;
+	}
+	
+	public String getTheParameter(String p) {
+		return request.getParameter(p);
+	}
+	
+	public String getTheCookie(String c) {
+		Cookie[] cookies = request.getCookies();
+		
+		String value = "";
+		
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				if (cookie.getName().equals(c)) {
+					value = cookie.getValue();
+					break;
+				}
+			}
+		} 
+		
+		return value;
+	}
+	
+	// This method is a 'safe' source.
+	public String getTheValue(String p) {
+		return "bar";
+	}
+	
+}

src/main/java/org/owasp/benchmark/helpers/SeparateClassRequest.java

@@ -1,29 +1,29 @@
-/**
-* OWASP Benchmark Project
-*
-* This file is part of the Open Web Application Security Project (OWASP)
-* Benchmark Project For details, please see
-* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
-*
-* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
-* of the GNU General Public License as published by the Free Software Foundation, version 2.
-*
-* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
-* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details
-*
-* @author Nick Sanidas
-* @created 2015
-*/
-
-package org.owasp.benchmark.helpers;
-
-public class Thing1 implements ThingInterface {
-
-	@Override
-	public String doSomething(String i) {
-		// just assign input to return value
-		String r = i;
-		return r;
-	}
-}
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Nick Sanidas
+* @created 2015
+*/
+
+package org.owasp.benchmark.helpers;
+
+public class Thing1 implements ThingInterface {
+
+	@Override
+	public String doSomething(String i) {
+		// just assign input to return value
+		String r = i;
+		return r;
+	}
+}

src/main/java/org/owasp/benchmark/helpers/Thing1.java

@@ -1,29 +1,29 @@
-/**
-* OWASP Benchmark Project
-*
-* This file is part of the Open Web Application Security Project (OWASP)
-* Benchmark Project For details, please see
-* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
-*
-* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
-* of the GNU General Public License as published by the Free Software Foundation, version 2.
-*
-* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
-* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details
-*
-* @author Nick Sanidas
-* @created 2015
-*/
-
-package org.owasp.benchmark.helpers;
-
-public class Thing2 implements ThingInterface {
-
-	@Override
-	public String doSomething(String i) {
-		if (i == null) return "";
-		String r = new StringBuilder(i).toString();
-		return r;
-	}
-}
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Nick Sanidas
+* @created 2015
+*/
+
+package org.owasp.benchmark.helpers;
+
+public class Thing2 implements ThingInterface {
+
+	@Override
+	public String doSomething(String i) {
+		if (i == null) return "";
+		String r = new StringBuilder(i).toString();
+		return r;
+	}
+}

src/main/java/org/owasp/benchmark/helpers/Thing2.java

@@ -1,53 +1,53 @@
-/**
-* OWASP Benchmark Project
-*
-* This file is part of the Open Web Application Security Project (OWASP)
-* Benchmark Project For details, please see
-* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
-*
-* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
-* of the GNU General Public License as published by the Free Software Foundation, version 2.
-*
-* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
-* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details
-*
-* @author Nick Sanidas
-* @created 2015
-*/
-
-package org.owasp.benchmark.helpers;
-
-import java.io.InputStream;
-import java.lang.reflect.Constructor;
-import java.util.Properties;
-
-public class ThingFactory {
-	
-	public static ThingInterface createThing() {
-		
-		Properties props = new Properties();
-
-		// create a thing using reflection
-		try (InputStream thingproperties = ThingFactory.class.getClassLoader().getResourceAsStream("thing.properties")) {
-			if (thingproperties == null) {
-				System.out.println("Can't find thing.properties");
-				return new Thing2();
-			}
-			props.load(thingproperties);
-			String which = "org.owasp.benchmark.helpers." + props.getProperty("thing");
-			
-			Class<?> thing = Class.forName(which);
-			Constructor<?> thingConstructor = thing.getConstructor();
-			Object thingInstance = thingConstructor.newInstance();
-			
-			return (ThingInterface)thingInstance;
-			
-		} catch (Exception e) {
-			System.out.println("Error constructing Thing.");			
-			e.printStackTrace();
-			return new Thing1();
-		}
-	}
-
-}
+/**
+* OWASP Benchmark Project
+*
+* This file is part of the Open Web Application Security Project (OWASP)
+* Benchmark Project For details, please see
+* <a href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+*
+* The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+* of the GNU General Public License as published by the Free Software Foundation, version 2.
+*
+* The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details
+*
+* @author Nick Sanidas
+* @created 2015
+*/
+
+package org.owasp.benchmark.helpers;
+
+import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.util.Properties;
+
+public class ThingFactory {
+	
+	public static ThingInterface createThing() {
+		
+		Properties props = new Properties();
+
+		// create a thing using reflection
+		try (InputStream thingproperties = ThingFactory.class.getClassLoader().getResourceAsStream("thing.properties")) {
+			if (thingproperties == null) {
+				System.out.println("Can't find thing.properties");
+				return new Thing2();
+			}
+			props.load(thingproperties);
+			String which = "org.owasp.benchmark.helpers." + props.getProperty("thing");
+			
+			Class<?> thing = Class.forName(which);
+			Constructor<?> thingConstructor = thing.getConstructor();
+			Object thingInstance = thingConstructor.newInstance();
+			
+			return (ThingInterface)thingInstance;
+			
+		} catch (Exception e) {
+			System.out.println("Error constructing Thing.");			
+			e.printStackTrace();
+			return new Thing1();
+		}
+	}
+
+}