secure-software-engineering
diff --git a/‎.github/workflows/maven-deploy.yml
+20 b/‎.github/workflows/maven-deploy.yml
+20
diff --git a/‎.github/workflows/maven.yml
+35 b/‎.github/workflows/maven.yml
+35
diff --git a/‎.gitignore
+4-1 b/‎.gitignore
+4-1
diff --git a/‎README.md
+28-7 b/‎README.md
+28-7
diff --git a/‎pom.xml
+86-22 b/‎pom.xml
+86-22
@@ -0,0 +1,20 @@
+name: Publish package to GitHub Packages
+on:
+  release:
+    types: [created]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+      - name: Publish package
+        run: mvn --batch-mode deploy
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,35 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 11
+        uses: actions/setup-java@v3
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          cache: maven
+      - name: Build with Maven
+        run: mvn -B package --file pom.xml
+
+      # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+     # - name: Update dependency graph
+      #  uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
@@ -194,4 +194,7 @@ buildNumber.properties
 
 ### allow the ecj and jdt core jar ###
 !src/test/resources/ecj-3.15.1.jar
-!src/test/resources/org.eclipse.jdt.core-3.15.0.jar
+!src/test/resources/org.eclipse.jdt.core-3.15.0.jar
+/sootdiff.iml
+**/sootOutput
+.idea
@@ -1,16 +1,24 @@
+![Maven Build](https://github.com/secure-software-engineering/sootdiff/actions/workflows/maven.yml/badge.svg)
+
 # SootDiff - Bytecode Comparison Across Different Java Compilers
 
-This repository hosts the SootDiff analysis tool. SootDiff allows the comparison of the Java ByteCode create by different Java compilers.
-To do so it uses static analysis and optimizations to unify the generated ByteCode, e.g. Constant Propagation, Dead Code Elimination, String Handling. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations. 
+This repository hosts the SootDiff analysis tool. SootDiff allows the comparison of the Java ByteCode create by
+different Java compilers. To do so it uses static analysis and optimizations to unify the generated ByteCode, e.g.
+Constant Propagation, Dead Code Elimination, String Handling. Its goal is to provide researchers and practitioners with
+a tool and library on which they can base their own research projects and product implementations.
 
 ## Obtaining SootDiff
+
 You can either build SootDiff on your own using Maven, or you can download a release from here on Github.
 
 ### Downloading the Release
-The Release Page contains all pre-built JAR files for each release that we officially publish. We recommend using the latest and greatest version unless you have a specific issue that prevents you from doing so. In that case, please let us know.
 
+The Release Page contains all pre-built JAR files for each release that we officially publish. We recommend using the
+latest and greatest version unless you have a specific issue that prevents you from doing so. In that case, please let
+us know.
 
 ### Building SootDiff with Maven
+
 To build SootDiff with Maven run
 ```
 mvn install
@@ -21,11 +29,24 @@ or to build a standalone `jar-with-dependencies` run
 mvn clean compile assembly:single
 ```
 
-
 ## Publications
-If you want to read the details on how SootDiff works, the published paper [SootDiff @SOAP'19,Phoenix, AZ, USA](https://dl.acm.org/citation.cfm?id=3329966) is a good place to start.
-
 
+If you want to read the details on how SootDiff works, the published
+paper [SootDiff @SOAP'19,Phoenix, AZ, USA](https://dl.acm.org/citation.cfm?id=3329966) is a good place to start.
 
 ## License
-SootDiff is licensed under the MIT license, see LICENSE file. This basically means that you are free to use the tool (even in commercial, closed-source projects). 
+
+SootDiff is licensed under the MIT license, see LICENSE file. This basically means that you are free to use the tool (
+even in commercial, closed-source projects).
+
+# Use SootDiff to compare Jars
+
+The class `src/test/java/MainCompareArtifacts.java` can be used to compare multiple jars on the basis of class sha,tlshs
+and timestamps and produces a markdown report of that.
+
+Invoke the main method with parameters `-inJars jar1,jar2,jar3 -fileFilter pathToFilterFile.txt`
+
+The filter file can be used to specify classes of interest (e.g. classes fixed in a fixing commit). Make sure to specify
+the files as they would be located in the analyzed jar, e.g., in a commit the change might be related
+to `src/main/java/pack/a/b.java`, in the jar it would be referenced from the package onwards and in class
+format: `pack/a/b.class`. 
@@ -1,24 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://maven.apache.org/POM/4.0.0"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>de.upb</groupId>
     <artifactId>sootdiff</artifactId>
-    <version>1.0</version>
+    <version>2.3-SNAPSHOT</version>
+
 
     <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
-        <maven-compiler-plugin.version>3.7.0</maven-compiler-plugin.version>
+        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
     </properties>
 
-
     <build>
         <plugins>
-
-
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
@@ -27,9 +26,7 @@
                     <source>${maven.compiler.source}</source>
                     <target>${maven.compiler.target}</target>
                 </configuration>
-
             </plugin>
-
             <plugin>
                 <artifactId>maven-assembly-plugin</artifactId>
                 <configuration>
@@ -44,50 +41,117 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-release-plugin</artifactId>
+                <version>2.5.3</version>
+            </plugin>
+
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>3.0.0-M4</version>
+                <configuration>
+                    <trimStackTrace>false</trimStackTrace>
+                    <reuseForks>false</reuseForks>
+                    <forkCount>1</forkCount>
+                </configuration>
+            </plugin>
+
+
+            <plugin>
+                <artifactId>exec-maven-plugin</artifactId>
+                <groupId>org.codehaus.mojo</groupId>
+                <version>1.6.0</version>
+                <executions>
+                    <execution><!-- Run our version calculation script -->
+                        <id>Compile Test Classes/Resources</id>
+                        <phase>generate-sources</phase>
+                        <goals>
+                            <goal>exec</goal>
+                        </goals>
+                        <configuration>
+                            <executable>${basedir}/src/test/resources/compile.sh</executable>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
         </plugins>
     </build>
 
 
     <dependencies>
         <dependency>
-            <groupId>ca.mcgill.sable</groupId>
+            <groupId>org.soot-oss</groupId>
             <artifactId>soot</artifactId>
-            <version>3.2.0-SNAPSHOT</version>
+            <version>4.2.1</version>
         </dependency>
 
-
         <dependency>
             <groupId>commons-cli</groupId>
             <artifactId>commons-cli</artifactId>
             <version>1.4</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.github.java-diff-utils</groupId>
+            <artifactId>java-diff-utils</artifactId>
+            <version>4.5</version>
+        </dependency>
+
+
+
+
+
+        <!-- https://mvnrepository.com/artifact/commons-codec/commons-codec -->
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.14</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.code.findbugs</groupId>
+            <artifactId>jsr305</artifactId>
+            <version>3.0.2</version>
+        </dependency>
 
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.8.1</version>
+            <version>3.9</version>
         </dependency>
-
         <dependency>
-            <groupId>io.github.java-diff-utils</groupId>
-            <artifactId>java-diff-utils</artifactId>
-            <version>4.0</version>
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-annotations</artifactId>
+            <version>4.0.1</version>
         </dependency>
+
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13</version>
             <scope>test</scope>
         </dependency>
-
     </dependencies>
+
     <repositories>
         <repository>
-            <id>soot-snapshot</id>
-            <name>soot snapshots</name>
-            <url>https://soot-build.cs.uni-paderborn.de/nexus/repository/swt-upb/</url>
+            <id>jcenter</id>
+            <url>https://jcenter.bintray.com/</url>
         </repository>
     </repositories>
 
+
+    <distributionManagement>
+        <repository>
+            <id>github</id>
+            <name>GitHub Packages</name>
+            <url>https://maven.pkg.github.com/secure-software-engineering/sootdiff</url>
+        </repository>
+    </distributionManagement>
+
 </project>