You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Matías San Martín (JIRA)" <ji...@apache.org> on 2012/06/09 17:41:42 UTC
[jira] [Updated] (FELIX-3541) Make repository creation safer by
forbidding the use of resources without URI
[ https://issues.apache.org/jira/browse/FELIX-3541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matías San Martín updated FELIX-3541:
-------------------------------------
Attachment: badrepo_1.0.0.jar
The attached Bundle reproduces the creation of an invalid Repository as described by the issue
> Make repository creation safer by forbidding the use of resources without URI
> -----------------------------------------------------------------------------
>
> Key: FELIX-3541
> URL: https://issues.apache.org/jira/browse/FELIX-3541
> Project: Felix
> Issue Type: Improvement
> Components: Bundle Repository (OBR)
> Affects Versions: bundlerepository-1.6.6
> Environment: Felix Framework 4.0.2
> Reporter: Matías San Martín
> Priority: Minor
> Labels: repository, validation
> Attachments: badrepo_1.0.0.jar
>
>
> Make the API safer by generating an error if someone tries to create an invalid repository.
> In current implementation, somebody could create an invalid bundle repository (particularly, a repository in which the resources have no URI associated) through the bundlerepository API.
> This can be accomplished throught the use of the methods:
> 1- DataModelHelper#createResource(Bundle)
> For creating a Resource from a Bundle (note that, then, the Resources won't have an associated URI)
> 2- DataModelHelper#repository(Resource[])
> For creating a (invalid) Repository from the Resources just created
> 3- DataModelHelper#writeRepository(..) //any of the writeRepository variants will work
> For writing the just created Repository
> ------------
> It may be useful if the DataModelHelper could "prevent" the writing of such an invalid Repository by validating it has all the "mandatory" fields.
> However, because the use of the Repository created (in memory) from Bundles may be useful, the validation may/should be done only when trying to generate an "external" representation of it (i.e. when trying to write it as XML).
> The afore mentioned "validation" may simply be a check followed by an exception if the mandatory fields are not present. This way, the execution will fail and not silently ignore the invalid repository just created (possibly leading to a worse inconsistency).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira