You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2022/05/16 12:14:00 UTC

[jira] [Updated] (SLING-10787) BundleEntryHandler.extractArtifactId prone to IllegalArgumentException

     [ https://issues.apache.org/jira/browse/SLING-10787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler updated SLING-10787:
-------------------------------------
    Fix Version/s:     (was: Content-Package to Feature Model Converter 1.1.16)

> BundleEntryHandler.extractArtifactId prone to IllegalArgumentException
> ----------------------------------------------------------------------
>
>                 Key: SLING-10787
>                 URL: https://issues.apache.org/jira/browse/SLING-10787
>             Project: Sling
>          Issue Type: Bug
>          Components: Content-Package to Feature Model Converter
>            Reporter: Angela Schreiber
>            Priority: Major
>
> trying to address sonar findings for {{BundleEntryHandler}} (see SLING-10784) i noticed that there is no guarantee that 'artifactId' and 'version' are not left null after all the processing completed. if any of the two is null constructing a new {{ArtifactId}} object from the given strings will fail will {{IllegalArgumentException}}.
> it might be as simple as extracting the following statements out of the previous block that handles the {{groupId == null}} case:
> {code}
> if (artifactId == null || artifactId.isEmpty()) {
>             artifactId = groupId;
> }
>         
>         if (version == null) {
>             Version osgiVersion = Version.parseVersion(getCheckedProperty(jarFile.getManifest(), Constants.BUNDLE_VERSION));
>             version = osgiVersion.getMajor() + "." + osgiVersion.getMinor() + "." + osgiVersion.getMicro() + (osgiVersion.getQualifier().isEmpty() ? "" : "-" + osgiVersion.getQualifier());
>         }
> {code}
> but i am not totally sure.... there is a reason the method {{BundleEntryHandler.extractArtifactId}} gets called out by sonar :)
> note: on line 472 of the same method {{IllegalArgumentException}} is caught.... so i assume the code doesn't expect this method to fail upon building the {{ArtifactId}}.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)