You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ant.apache.org by Dominique Devienne <DD...@lgc.com> on 2003/02/28 16:48:12 UTC
Loophole in Ant...
These recent posts asking how to export properties and references defined in
a child Project to the parent Project (the child project is created by the
<ant> and <antcall> tasks) made me think about the recent addition in 1.5 of
reference passing from the parent to the child, and the fact that Ant
defines the <project name=""> as a reference...
By passing the project reference under a different name to the child Project
(Ant 1.5+), you can have the child project programmatically set properties
and references on the parent Project, either using a custom task, or a
script as I demonstrate below.
Even worse, since Project#setProperty will override an existing property for
backward compatibility reasons (setNewProperty doesn't), the child project
could even *modify* the parent project, albeit with a warning message about
the property or reference override.
Given that most datatypes know about their owning project, passing any
datatype reference to the child project can lead to the same kind of
exploits, so the loophole cannot be plugged in the future by forbidding
passing references of Project type, as I initially thought!
Very curious twist on an innocent change (passing references to child
projects) indeed...
Use at your own risk, and not recommended of course. --DD
P:\org_apache\antx>ant -emacs -f export-properties.xml
Buildfile: export-properties.xml
test:
parent: Initially, p1 = 1 and p2 = ${p2}
Regular <antcall>:
set-properties:
child1: Then, it's p1 = 1 and p2 = B
parent: Then, it's p1 = 1 and p2 = ${p2}
Regular <antcall>, passing parent Project reference:
export-properties:
child2: Then, it's p1 = 1 and p2 = ${p2}
parent: Then, it's p1 = 1 and p2 = beta
Regular <antcall>, passing parent Project reference:
parent: mypathRef = ${mypathRef} before
export-reference:
parent: mypathRef = C:\jdk\jre\lib\rt.jar after
BUILD SUCCESSFUL
Total time: 1 second
P:\org_apache\antx>type export-properties.xml
<?xml version="1.0"?>
<!-- ANT build file to test a specific feature or bug of ANT.
Dominique Devienne <dd...@lgc.com> Feb 2003
-->
<project name="antx" default="test">
<target name="test">
<property name="p1" value="1" />
<echo>parent: Initially, p1 = ${p1} and p2 = ${p2}</echo>
<echo>
Regular <antcall>:</echo>
<antcall target="set-properties" />
<echo>parent: Then, it's p1 = ${p1} and p2 = ${p2}</echo>
<echo>
Regular <antcall>, passing parent Project reference:</echo>
<antcall target="export-properties">
<reference refid="antx" torefid="parent" />
</antcall>
<echo>parent: Then, it's p1 = ${p1} and p2 = ${p2}</echo>
<echo>
Regular <antcall>, passing parent Project reference:</echo>
<echo>parent: mypathRef = ${mypathRef} before</echo>
<antcall target="export-reference">
<reference refid="antx" torefid="parent" />
</antcall>
<property name="mypathRef" refid="mypath" />
<echo>parent: mypathRef = ${mypathRef} after</echo>
</target>
<target name="set-properties">
<property name="p1" value="A" />
<property name="p2" value="B" />
<echo>child1: Then, it's p1 = ${p1} and p2 = ${p2}</echo>
</target>
<target name="export-properties">
<script language="javascript">
parent = project.getReference("parent");
parent.setNewProperty("p1", "alpha");
parent.setNewProperty("p2", "beta");
</script>
<echo>child2: Then, it's p1 = ${p1} and p2 = ${p2}</echo>
</target>
<target name="export-reference">
<path id="mypath" path="C:/jdk/jre/lib/rt.jar" />
<script language="javascript">
parent = project.getReference("parent");
mypath = project.getReference("mypath");
parent.addReference("mypath", mypath);
</script>
</target>
</project>
P:\org_apache\antx>