You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by kh...@apache.org on 2017/08/02 17:28:59 UTC
maven git commit: [MNG-6123] detect self references in POM and fail
fast o Added unit test and self referencing pom
Repository: maven
Updated Branches:
refs/heads/master b10025751 -> 8f8c45c99
[MNG-6123] detect self references in POM and fail fast
o Added unit test and self referencing pom
Project: http://git-wip-us.apache.org/repos/asf/maven/repo
Commit: http://git-wip-us.apache.org/repos/asf/maven/commit/8f8c45c9
Tree: http://git-wip-us.apache.org/repos/asf/maven/tree/8f8c45c9
Diff: http://git-wip-us.apache.org/repos/asf/maven/diff/8f8c45c9
Branch: refs/heads/master
Commit: 8f8c45c990193b04c1770997d446951c5185b164
Parents: b100257
Author: Karl Heinz Marbaise <kh...@apache.org>
Authored: Tue Apr 4 22:46:11 2017 +0200
Committer: Karl Heinz Marbaise <kh...@apache.org>
Committed: Tue Aug 1 22:01:36 2017 +0200
----------------------------------------------------------------------
.../model/validation/DefaultModelValidator.java | 54 ++++++++++++++++++--
.../validation/DefaultModelValidatorTest.java | 13 +++++
.../validation/raw-model/self-referencing.xml | 38 ++++++++++++++
3 files changed, 102 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/maven/blob/8f8c45c9/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
----------------------------------------------------------------------
diff --git a/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java b/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
index 2e7985f..d97d8f6 100644
--- a/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
+++ b/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
@@ -131,6 +131,9 @@ public class DefaultModelValidator
validate20RawDependencies( problems, m.getDependencies(), "dependencies.dependency", request );
+ validate20RawDependenciesSelfReferencing( problems, m, m.getDependencies(), "dependencies.dependency",
+ request );
+
if ( m.getDependencyManagement() != null )
{
validate20RawDependencies( problems, m.getDependencyManagement().getDependencies(),
@@ -344,12 +347,12 @@ public class DefaultModelValidator
Severity errOn30 = getSeverity( request, ModelBuildingRequest.VALIDATION_LEVEL_MAVEN_3_0 );
- validateEffectiveDependencies( problems, m.getDependencies(), false, request );
+ validateEffectiveDependencies( problems, m, m.getDependencies(), false, request );
DependencyManagement mgmt = m.getDependencyManagement();
if ( mgmt != null )
{
- validateEffectiveDependencies( problems, mgmt.getDependencies(), true, request );
+ validateEffectiveDependencies( problems, m, mgmt.getDependencies(), true, request );
}
if ( request.getValidationLevel() >= ModelBuildingRequest.VALIDATION_LEVEL_MAVEN_2_0 )
@@ -524,7 +527,33 @@ public class DefaultModelValidator
}
}
- private void validateEffectiveDependencies( ModelProblemCollector problems, List<Dependency> dependencies,
+ private void validate20RawDependenciesSelfReferencing( ModelProblemCollector problems, Model m,
+ List<Dependency> dependencies, String prefix,
+ ModelBuildingRequest request )
+ {
+ // We only check for groupId/artifactId cause if there is another
+ // module with the same groupId/artifactId this will fail the build
+ // earlier like "Project '...' is duplicated in the reactor.
+ // So it is sufficient to check only groupId/artifactId and not the
+ // packaging type.
+ for ( Dependency dependency : dependencies )
+ {
+ String key = dependency.getGroupId() + ":" + dependency.getArtifactId() + ":" + dependency.getVersion();
+ String mKey = m.getGroupId() + ":" + m.getArtifactId() + ":" + m.getVersion();
+ if ( key.equals( mKey ) )
+ {
+ // This means a module which is build has a dependency which has the same
+ // groupId, artifactId and version coordinates. This is in consequence
+ // a self reference or in other words a circular reference which can not
+ // being resolved.
+ addViolation( problems, Severity.FATAL, Version.V31, prefix + " " + key, key, "is referencing itself.",
+ dependency );
+
+ }
+ }
+ }
+
+ private void validateEffectiveDependencies( ModelProblemCollector problems, Model m, List<Dependency> dependencies,
boolean management, ModelBuildingRequest request )
{
Severity errOn30 = getSeverity( request, ModelBuildingRequest.VALIDATION_LEVEL_MAVEN_3_0 );
@@ -551,11 +580,30 @@ public class DefaultModelValidator
*/
validateEnum( prefix + "scope", problems, Severity.WARNING, Version.V20, d.getScope(),
d.getManagementKey(), d, "provided", "compile", "runtime", "test", "system" );
+
+ validateEffectiveModelAgainstDependency( prefix, problems, m, d, request );
}
}
}
}
+ private void validateEffectiveModelAgainstDependency( String prefix, ModelProblemCollector problems, Model m,
+ Dependency d, ModelBuildingRequest request )
+ {
+ String key = d.getGroupId() + ":" + d.getArtifactId() + ":" + d.getVersion();
+ String mKey = m.getGroupId() + ":" + m.getArtifactId() + ":" + m.getVersion();
+ if ( key.equals( mKey ) )
+ {
+ // This means a module which is build has a dependency which has the same
+ // groupId, artifactId and version coordinates. This is in consequence
+ // a self reference or in other words a circular reference which can not
+ // being resolved.
+ addViolation( problems, Severity.FATAL, Version.V31, prefix + " " + key, key, "is referencing itself.", d );
+
+ }
+
+ }
+
private void validate20EffectivePluginDependencies( ModelProblemCollector problems, Plugin plugin,
ModelBuildingRequest request )
{
http://git-wip-us.apache.org/repos/asf/maven/blob/8f8c45c9/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
----------------------------------------------------------------------
diff --git a/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java b/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
index 4da3c87..5614daf 100644
--- a/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
+++ b/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
@@ -714,4 +714,17 @@ public class DefaultModelValidatorTest
assertContains( result.getWarnings().get( 1 ),
"'dependencies.dependency.version' for test:b:jar is either LATEST or RELEASE (both of them are being deprecated)" );
}
+
+ public void testSelfReferencingDependencyInRawModel()
+ throws Exception
+ {
+ SimpleProblemCollector result = validateRaw( "raw-model/self-referencing.xml" );
+
+ assertViolations( result, 1, 0, 0 );
+
+ assertEquals( "'dependencies.dependency com.example.group:testinvalidpom:0.0.1-SNAPSHOT' for com.example.group:testinvalidpom:0.0.1-SNAPSHOT is referencing itself.",
+ result.getFatals().get( 0 ) );
+
+ }
+
}
http://git-wip-us.apache.org/repos/asf/maven/blob/8f8c45c9/maven-model-builder/src/test/resources/poms/validation/raw-model/self-referencing.xml
----------------------------------------------------------------------
diff --git a/maven-model-builder/src/test/resources/poms/validation/raw-model/self-referencing.xml b/maven-model-builder/src/test/resources/poms/validation/raw-model/self-referencing.xml
new file mode 100644
index 0000000..a902896
--- /dev/null
+++ b/maven-model-builder/src/test/resources/poms/validation/raw-model/self-referencing.xml
@@ -0,0 +1,38 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>com.example.group</groupId>
+ <artifactId>testinvalidpom</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+
+ <description>
+ This will test if the module validator recognized that this
+ dependency is the same as the module itself.
+ </description>
+ <dependencies>
+ <dependency>
+ <groupId>com.example.group</groupId>
+ <artifactId>testinvalidpom</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>
\ No newline at end of file