You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by hb...@apache.org on 2021/10/10 07:39:19 UTC
[maven-studies] 04/04: Remove md5hash in path,
it's considered fake security
This is an automated email from the ASF dual-hosted git repository.
hboutemy pushed a commit to branch maven-wrapper
in repository https://gitbox.apache.org/repos/asf/maven-studies.git
commit 801ef03263e305326b8758af1f96d646d55143da
Author: rfscholte <rf...@apache.org>
AuthorDate: Thu Apr 16 23:24:46 2020 +0200
Remove md5hash in path, it's considered fake security
---
.../java/org/apache/maven/wrapper/Installer.java | 22 ---
.../org/apache/maven/wrapper/PathAssembler.java | 30 +---
.../apache/maven/wrapper/PathAssemblerTest.java | 167 ++++++++++-----------
3 files changed, 82 insertions(+), 137 deletions(-)
diff --git a/src/main/java/org/apache/maven/wrapper/Installer.java b/src/main/java/org/apache/maven/wrapper/Installer.java
index b4fae27..9b4943d 100644
--- a/src/main/java/org/apache/maven/wrapper/Installer.java
+++ b/src/main/java/org/apache/maven/wrapper/Installer.java
@@ -205,28 +205,6 @@ public class Installer
return false;
}
- private Path deleteDir( Path dir ) throws IOException
- {
- return Files.walkFileTree( dir, new SimpleFileVisitor<Path>()
- {
- @Override
- public FileVisitResult postVisitDirectory( Path dir, IOException exc )
- throws IOException
- {
- Files.delete( dir );
- return FileVisitResult.CONTINUE;
- }
-
- @Override
- public FileVisitResult visitFile( Path file, BasicFileAttributes attrs )
- throws IOException
- {
- Files.delete( file );
- return FileVisitResult.CONTINUE;
- }
- } );
- }
-
private void unzip( Path zip, Path dest )
throws IOException
{
diff --git a/src/main/java/org/apache/maven/wrapper/PathAssembler.java b/src/main/java/org/apache/maven/wrapper/PathAssembler.java
index 8d544d9..4cabc5b 100644
--- a/src/main/java/org/apache/maven/wrapper/PathAssembler.java
+++ b/src/main/java/org/apache/maven/wrapper/PathAssembler.java
@@ -19,11 +19,9 @@ package org.apache.maven.wrapper;
* under the License.
*/
-import java.math.BigInteger;
import java.net.URI;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.security.MessageDigest;
/**
* @author Hans Dockter
@@ -51,8 +49,7 @@ public class PathAssembler
public LocalDistribution getDistribution( WrapperConfiguration configuration )
{
String baseName = getDistName( configuration.getDistribution() );
- String distName = removeExtension( baseName );
- String rootDirName = rootDirName( distName, configuration );
+ String rootDirName = removeExtension( baseName );
Path distDir = getBaseDir( configuration.getDistributionBase() )
.resolve( configuration.getDistributionPath() )
.resolve( rootDirName );
@@ -63,27 +60,6 @@ public class PathAssembler
return new LocalDistribution( distDir, distZip );
}
- private String rootDirName( String distName, WrapperConfiguration configuration )
- {
- String urlHash = getMd5Hash( configuration.getDistribution().toString() );
- return String.format( "%s/%s", distName, urlHash );
- }
-
- private String getMd5Hash( String string )
- {
- try
- {
- MessageDigest messageDigest = MessageDigest.getInstance( "MD5" );
- byte[] bytes = string.getBytes();
- messageDigest.update( bytes );
- return new BigInteger( 1, messageDigest.digest() ).toString( 32 );
- }
- catch ( Exception e )
- {
- throw new RuntimeException( "Could not hash input string.", e );
- }
- }
-
private String removeExtension( String name )
{
int p = name.lastIndexOf( "." );
@@ -107,11 +83,11 @@ public class PathAssembler
private Path getBaseDir( String base )
{
- if ( base.equals( MAVEN_USER_HOME_STRING ) )
+ if ( MAVEN_USER_HOME_STRING.equals( base ) )
{
return mavenUserHome;
}
- else if ( base.equals( PROJECT_STRING ) )
+ else if ( PROJECT_STRING.equals( base ) )
{
return Paths.get( System.getProperty( "user.dir" ) );
}
diff --git a/src/test/java/org/apache/maven/wrapper/PathAssemblerTest.java b/src/test/java/org/apache/maven/wrapper/PathAssemblerTest.java
index 9bd3916..0bf5df3 100644
--- a/src/test/java/org/apache/maven/wrapper/PathAssemblerTest.java
+++ b/src/test/java/org/apache/maven/wrapper/PathAssemblerTest.java
@@ -15,106 +15,97 @@
*/
package org.apache.maven.wrapper;
+import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.fail;
+import static org.junit.Assert.assertThrows;
import java.net.URI;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.util.regex.Pattern;
-import org.hamcrest.BaseMatcher;
-import org.hamcrest.Description;
-import org.hamcrest.Matcher;
import org.junit.Before;
import org.junit.Test;
/**
* @author Hans Dockter
*/
-public class PathAssemblerTest {
- public static final String TEST_MAVEN_USER_HOME = "someUserHome";
-
- private PathAssembler pathAssembler = new PathAssembler( Paths.get( TEST_MAVEN_USER_HOME ) );
-
- final WrapperConfiguration configuration = new WrapperConfiguration();
-
- @Before
- public void setup() {
- configuration.setDistributionBase(PathAssembler.MAVEN_USER_HOME_STRING);
- configuration.setDistributionPath("somePath");
- configuration.setZipBase(PathAssembler.MAVEN_USER_HOME_STRING);
- configuration.setZipPath("somePath");
- }
-
- @Test
- public void distributionDirWithMavenUserHomeBase() throws Exception {
- configuration.setDistribution(new URI("http://server/dist/maven-0.9-bin.zip"));
-
- Path distributionDir = pathAssembler.getDistribution(configuration).getDistributionDir();
- assertThat(distributionDir.getFileName().toString(), matchesRegexp("[a-z0-9]+"));
- assertThat(distributionDir.getParent(), equalTo(Paths.get(TEST_MAVEN_USER_HOME, "/somePath/maven-0.9-bin")));
- }
-
- @Test
- public void distributionDirWithProjectBase() throws Exception {
- configuration.setDistributionBase(PathAssembler.PROJECT_STRING);
- configuration.setDistribution(new URI("http://server/dist/maven-0.9-bin.zip"));
-
- Path distributionDir = pathAssembler.getDistribution(configuration).getDistributionDir();
- assertThat(distributionDir.getFileName().toString(), matchesRegexp("[a-z0-9]+"));
- assertThat(distributionDir.getParent(), equalTo(Paths.get(currentDirPath(), "/somePath/maven-0.9-bin")));
- }
-
- @Test
- public void distributionDirWithUnknownBase() throws Exception {
- configuration.setDistribution(new URI("http://server/dist/maven-1.0.zip"));
- configuration.setDistributionBase("unknownBase");
-
- try {
- pathAssembler.getDistribution(configuration);
- fail();
- } catch (RuntimeException e) {
- assertEquals("Base: unknownBase is unknown", e.getMessage());
+public class PathAssemblerTest
+{
+ public static final String TEST_MAVEN_USER_HOME = "someUserHome";
+
+ private PathAssembler pathAssembler = new PathAssembler( Paths.get( TEST_MAVEN_USER_HOME ) );
+
+ final WrapperConfiguration configuration = new WrapperConfiguration();
+
+ @Before
+ public void setup()
+ {
+ configuration.setDistributionBase( PathAssembler.MAVEN_USER_HOME_STRING );
+ configuration.setDistributionPath( "somePath" );
+ configuration.setZipBase( PathAssembler.MAVEN_USER_HOME_STRING );
+ configuration.setZipPath( "somePath" );
+ }
+
+ @Test
+ public void distributionDirWithMavenUserHomeBase()
+ throws Exception
+ {
+ configuration.setDistribution( new URI( "http://server/dist/maven-0.9-bin.zip" ) );
+
+ Path distributionDir = pathAssembler.getDistribution( configuration ).getDistributionDir();
+ assertThat( distributionDir, is( Paths.get( TEST_MAVEN_USER_HOME, "/somePath/maven-0.9-bin" ) ) );
+ }
+
+ @Test
+ public void distributionDirWithProjectBase()
+ throws Exception
+ {
+ configuration.setDistributionBase( PathAssembler.PROJECT_STRING );
+ configuration.setDistribution( new URI( "http://server/dist/maven-0.9-bin.zip" ) );
+
+ Path distributionDir = pathAssembler.getDistribution( configuration ).getDistributionDir();
+ assertThat( distributionDir, equalTo( Paths.get( currentDirPath(), "/somePath/maven-0.9-bin" ) ) );
+ }
+
+ @Test
+ public void distributionDirWithUnknownBase()
+ throws Exception
+ {
+ configuration.setDistribution( new URI( "http://server/dist/maven-1.0.zip" ) );
+ configuration.setDistributionBase( "unknownBase" );
+
+ RuntimeException e =
+ assertThrows( RuntimeException.class, () -> pathAssembler.getDistribution( configuration ) );
+ assertEquals( "Base: unknownBase is unknown", e.getMessage() );
+ }
+
+ @Test
+ public void distZipWithMavenUserHomeBase()
+ throws Exception
+ {
+ configuration.setDistribution( new URI( "http://server/dist/maven-1.0.zip" ) );
+
+ Path dist = pathAssembler.getDistribution( configuration ).getZipFile();
+ assertThat( dist.getFileName().toString(), equalTo( "maven-1.0.zip" ) );
+ assertThat( dist.getParent(), equalTo( Paths.get( TEST_MAVEN_USER_HOME, "/somePath/maven-1.0" ) ) );
+ }
+
+ @Test
+ public void distZipWithProjectBase()
+ throws Exception
+ {
+ configuration.setZipBase( PathAssembler.PROJECT_STRING );
+ configuration.setDistribution( new URI( "http://server/dist/maven-1.0.zip" ) );
+
+ Path dist = pathAssembler.getDistribution( configuration ).getZipFile();
+ assertThat( dist.getFileName().toString(), equalTo( "maven-1.0.zip" ) );
+ assertThat( dist.getParent(), equalTo( Paths.get( currentDirPath(), "/somePath/maven-1.0" ) ) );
+ }
+
+ private String currentDirPath()
+ {
+ return System.getProperty( "user.dir" );
}
- }
-
- @Test
- public void distZipWithMavenUserHomeBase() throws Exception {
- configuration.setDistribution(new URI("http://server/dist/maven-1.0.zip"));
-
- Path dist = pathAssembler.getDistribution(configuration).getZipFile();
- assertThat(dist.getFileName().toString(), equalTo("maven-1.0.zip"));
- assertThat(dist.getParent().getFileName().toString(), matchesRegexp("[a-z0-9]+"));
- assertThat(dist.getParent().getParent(), equalTo(Paths.get(TEST_MAVEN_USER_HOME, "/somePath/maven-1.0")));
- }
-
- @Test
- public void distZipWithProjectBase() throws Exception {
- configuration.setZipBase(PathAssembler.PROJECT_STRING);
- configuration.setDistribution(new URI("http://server/dist/maven-1.0.zip"));
-
- Path dist = pathAssembler.getDistribution(configuration).getZipFile();
- assertThat(dist.getFileName().toString(), equalTo("maven-1.0.zip"));
- assertThat(dist.getParent().getFileName().toString(), matchesRegexp("[a-z0-9]+"));
- assertThat(dist.getParent().getParent(), equalTo(Paths.get(currentDirPath(), "/somePath/maven-1.0")));
- }
-
- private String currentDirPath() {
- return System.getProperty("user.dir");
- }
-
- public static <T extends CharSequence> Matcher<T> matchesRegexp(final String pattern) {
- return new BaseMatcher<T>() {
- public boolean matches(Object o) {
- return Pattern.compile(pattern).matcher((CharSequence) o).matches();
- }
-
- public void describeTo(Description description) {
- description.appendText("a CharSequence that matches regexp ").appendValue(pattern);
- }
- };
- }
}