You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2022/01/02 10:10:00 UTC
[jira] [Comment Edited] (MNG-7375) Potential NPE in org.apache.maven.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17467584#comment-17467584 ]
Michael Osipov edited comment on MNG-7375 at 1/2/22, 10:09 AM:
---------------------------------------------------------------
I agree with both, but robustness would mean for me to perferom checks on all required fields, thus we need a {{MetadataValidator}} just like for settings or POM.
was (Author: michael-o):
I agree with boh, but robustness would mean for me to perferom checks on all required fields, thus we need a {{MetadataValidator}} just like for settings or POM.
> Potential NPE in org.apache.maven.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
> Affects Versions: 3.8.4
> Reporter: Konrad Windszus
> Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE during org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp - Sonatype JIRA.pdf
>
>
> Currently the metadata at https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml contains an invalid entry without a prefix:
> {code}
> <metadata>
> <plugins>
> <plugin>
> <name>Apache Jackrabbit FileVault - Package Maven Plugin</name>
> <prefix>filevault-package</prefix>
> <artifactId>filevault-package-maven-plugin</artifactId>
> </plugin>
> <plugin>
> <name>filevault-package-maven-plugin</name>
> <artifactId>filevault-package-maven-plugin</artifactId>
> </plugin>
> </plugins>
> </metadata>
> {code}
> This leads to an NPE when trying to deploy a new version with {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {code}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:276)
> at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata (AbstractRepositoryMetadata.java:121)
> at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy (DefaultArtifactDeployer.java:142)
> {code}
> Although this happened in the context of using "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8" (https://issues.sonatype.org/browse/NEXUS-30749, exported to [^NEXUS-30749 - Broken groupId metadata and follow-up NPE during org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp - Sonatype JIRA.pdf] ) the affected code is in Maven.
> The metadata is probably invalid but the Metadata class should be more robust when trying to do the merge in https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100 and just ignore all plugin entries without all mandatory elements.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)