[maven] branch master updated: [MNG-7529] Maven resolver makes bad repository choices (#786)

[he...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

henning pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven.git


The following commit(s) were added to refs/heads/master by this push:
     new ce4579108 [MNG-7529] Maven resolver makes bad repository choices (#786)
ce4579108 is described below

commit ce4579108d653be2ab7eab43be7d5951151dae5b
Author: Henning Schmiedehausen <he...@schmiedehausen.org>
AuthorDate: Wed Aug 24 21:26:19 2022 -0700

    [MNG-7529] Maven resolver makes bad repository choices (#786)
    
    Ensure that any versions resolved as part of a version range request
    only reference repositories that are actually enabled for the type of
    version (SNAPSHOT versions against snapshot repos, release versions
    against release repositories).
---
 .../internal/DefaultVersionRangeResolver.java        | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
index dfc7181a4..a4f66a6e9 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
@@ -69,6 +69,8 @@ public class DefaultVersionRangeResolver
 
     private static final String MAVEN_METADATA_XML = "maven-metadata.xml";
 
+    private static final String SNAPSHOT = "SNAPSHOT";
+
     private final MetadataResolver metadataResolver;
     private final SyncContextFactory syncContextFactory;
     private final RepositoryEventDispatcher repositoryEventDispatcher;
@@ -183,9 +185,11 @@ public class DefaultVersionRangeResolver
             }
 
             Versioning versioning = readVersions( session, trace, metadataResult.getMetadata(), repository, result );
+            RemoteRepository remoteRepository = metadataResult.getRequest().getRepository();
+
             for ( String version : versioning.getVersions() )
             {
-                if ( !versionIndex.containsKey( version ) )
+                if ( isEnabled( remoteRepository, version ) && !versionIndex.containsKey( version ) )
                 {
                     versionIndex.put( version, repository );
                 }
@@ -195,6 +199,18 @@ public class DefaultVersionRangeResolver
         return versionIndex;
     }
 
+    private boolean isEnabled( RemoteRepository remoteRepository, String version )
+    {
+        if ( remoteRepository == null )
+        {
+            return true;
+        }
+
+        boolean snapshot = version != null && version.endsWith( SNAPSHOT );
+
+        return remoteRepository.getPolicy( snapshot ).isEnabled();
+    }
+
     private Versioning readVersions( RepositorySystemSession session, RequestTrace trace, Metadata metadata,
                                      ArtifactRepository repository, VersionRangeResult result )
     {
@@ -238,4 +254,4 @@ public class DefaultVersionRangeResolver
         repositoryEventDispatcher.dispatch( event.build() );
     }
 
-}
\ No newline at end of file
+}