You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Matías San Martín (JIRA)" <ji...@apache.org> on 2012/06/09 17:41:42 UTC

[jira] [Updated] (FELIX-3541) Make repository creation safer by forbidding the use of resources without URI

     [ https://issues.apache.org/jira/browse/FELIX-3541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matías San Martín updated FELIX-3541:
-------------------------------------

    Attachment: badrepo_1.0.0.jar

The attached Bundle reproduces the creation of an invalid Repository as described by the issue
                
> Make repository creation safer by forbidding the use of resources without URI
> -----------------------------------------------------------------------------
>
>                 Key: FELIX-3541
>                 URL: https://issues.apache.org/jira/browse/FELIX-3541
>             Project: Felix
>          Issue Type: Improvement
>          Components: Bundle Repository (OBR)
>    Affects Versions: bundlerepository-1.6.6
>         Environment: Felix Framework 4.0.2
>            Reporter: Matías San Martín
>            Priority: Minor
>              Labels: repository, validation
>         Attachments: badrepo_1.0.0.jar
>
>
> Make the API safer by generating an error if someone tries to create an invalid repository.
> In current implementation, somebody could create an invalid bundle repository (particularly, a repository in which the resources have no URI associated)  through the bundlerepository API. 
> This can be accomplished throught the use of the methods:
> 1- DataModelHelper#createResource(Bundle)
> For creating a Resource from a Bundle (note that, then, the Resources won't have an associated URI)
> 2- DataModelHelper#repository(Resource[])
> For creating a (invalid) Repository from the Resources just created
> 3- DataModelHelper#writeRepository(..) //any of the writeRepository variants will work
> For writing the just created Repository
> ------------
> It may be useful if the DataModelHelper could "prevent" the writing of such an invalid Repository by validating it has all the "mandatory" fields. 
> However, because the use of the Repository created (in memory) from Bundles may be useful, the validation may/should be done only when trying to generate an "external" representation of it (i.e. when trying to write it as XML).
> The afore mentioned "validation" may simply be a check followed by an exception if the mandatory fields are not present. This way, the execution will fail and not silently ignore the invalid repository just created (possibly leading to a worse inconsistency).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira