You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Gene Smith (Jira)" <ji...@apache.org> on 2021/08/03 00:17:00 UTC
[jira] [Commented] (MENFORCER-390) "requireFileExists" no longer
handles non-canonical paths
[ https://issues.apache.org/jira/browse/MENFORCER-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17391843#comment-17391843 ]
Gene Smith commented on MENFORCER-390:
--------------------------------------
doing anything here will require defining the use case.
if a file "exists" according to the local system, does it satisfy "requireFilesExist"?
Checking for a file with particular caplitalization sounds like a useful test to me, but not if it breaks symbolic links and dot notation in paths.
{noformat}
*no* further _formatting_ is done here
public static boolean crazyCheck(File original) throws IOException {
File part = original;
File canon = original.getCanonicalFile();
//assumes the original exists
while ( original!=null && canon!=null ) {
String name = original.getName();
if ( !name.equals(canon.getName()) ) {
//the name is different
// if it is very different, we should have gone through a symbolic link or a relative dot section
if ( name.equalsIgnoreCase(canon.getName()) ) {
System.out.println("we have a misspelled section. What we do here depends on the use case");
return ???
} else {
System.out.println("we must have gone through a symbolic link or a relative dot section"); if ( name.equals(".") ) {
System.out.println("What we do here depends on the use case");
/*
I would stop unless my use case VERY clearly said continue
but you could skip a section
original = original.getParentFile();
continue;
*/
???
}
if ( name.equals("..") ) {
System.out.println("What we do here depends on the use case");
/*
I would stop unless my use case VERY clearly said continue
but you could skip sections
you would have to start counting how many to skip, and it would be a wild chase
*/
???
}
//if we don't want to be lazy, we can check if it is a symbolic link
Path oriPath = Path.of(original.toURI());
if ( java.nio.file.Files.isSymbolicLink(oriPath) ) {
System.out.println("we have a symbolic link");
return ???;
}
return ???
}
}
original = original.getParentFile();
canon = canon.getParentFile();
if ( (canon==null) != (original==null) ) {
System.out.println("I don't think this is possible.");
throw???
}
}
//they were the same to the top
return true;
}{noformat}
> "requireFileExists" no longer handles non-canonical paths
> ---------------------------------------------------------
>
> Key: MENFORCER-390
> URL: https://issues.apache.org/jira/browse/MENFORCER-390
> Project: Maven Enforcer Plugin
> Issue Type: Bug
> Affects Versions: 3.0.0
> Reporter: Gene Smith
> Priority: Major
>
> With the commit to resolve MENFORCER-364, the rule "requireFileExists" checks that the canonical path of a file is the same as the absolute path.
> But not all absolute paths are canonical.
> * absolute paths can involve symbolic links
> * and they are allowed to have parts which are relative
> ** {{/../}}
> ** {{/./}}{{}}{{}}{{}}
> And when it fails to handle a path, it can report that a file does not exist, even though the local system will resolve the path.
> A blunt solution might be three separate rules:
> * requireFileExists
> ** the provided path must resolve to a file (which may be a directory or link)
> * requireCanonicalFileExists
> ** the provided path must exist as a canonical file
> * requireCasesenstiveFileExists
> ** the provided path must file a file
> ** the file name must have the same case (upper//lower) as the
> ** the parts of the path from the file up must have the same case until they go through a symbolic link
> I have used the "nio" package to handle some of stuff before. I will add a comment with some java code I would start with. Since the outcome here is very dependent on the use case you pick, the java will be "meta code" with ??? where you have to know the use case to know the outcome.
> but basically, with "nio" you can march up a path checking for symbolic links and such.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)