You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by he...@apache.org on 2022/08/25 04:26:11 UTC

[maven] branch maven-3.9.x updated: [MNG-7529] Maven resolver makes bad repository choices (#787)

This is an automated email from the ASF dual-hosted git repository.

henning pushed a commit to branch maven-3.9.x
in repository https://gitbox.apache.org/repos/asf/maven.git


The following commit(s) were added to refs/heads/maven-3.9.x by this push:
     new 9fe564cdc [MNG-7529] Maven resolver makes bad repository choices (#787)
9fe564cdc is described below

commit 9fe564cdc736bde1f799774913c84a020fef81f7
Author: Henning Schmiedehausen <he...@schmiedehausen.org>
AuthorDate: Wed Aug 24 21:26:02 2022 -0700

    [MNG-7529] Maven resolver makes bad repository choices (#787)
    
    Ensure that any versions resolved as part of a version range request
    only reference repositories that are actually enabled for the type of
    version (SNAPSHOT versions against snapshot repos, release versions
    against release repositories).
---
 .../internal/DefaultVersionRangeResolver.java       | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
index d870fbb95..3e2330f98 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
@@ -72,6 +72,8 @@ public class DefaultVersionRangeResolver
 
     private static final String MAVEN_METADATA_XML = "maven-metadata.xml";
 
+    private static final String SNAPSHOT = "SNAPSHOT";
+
     private MetadataResolver metadataResolver;
 
     private SyncContextFactory syncContextFactory;
@@ -218,9 +220,11 @@ public class DefaultVersionRangeResolver
             }
 
             Versioning versioning = readVersions( session, trace, metadataResult.getMetadata(), repository, result );
+            RemoteRepository remoteRepository = metadataResult.getRequest().getRepository();
+
             for ( String version : versioning.getVersions() )
             {
-                if ( !versionIndex.containsKey( version ) )
+                if ( isEnabled( remoteRepository, version ) && !versionIndex.containsKey( version ) )
                 {
                     versionIndex.put( version, repository );
                 }
@@ -230,6 +234,19 @@ public class DefaultVersionRangeResolver
         return versionIndex;
     }
 
+    private boolean isEnabled( RemoteRepository remoteRepository, String version )
+    {
+        if ( remoteRepository == null )
+        {
+            return true;
+        }
+
+        boolean snapshot = version != null && version.endsWith( SNAPSHOT );
+
+        return remoteRepository.getPolicy( snapshot ).isEnabled();
+    }
+
+
     private Versioning readVersions( RepositorySystemSession session, RequestTrace trace, Metadata metadata,
                                      ArtifactRepository repository, VersionRangeResult result )
     {
@@ -273,4 +290,4 @@ public class DefaultVersionRangeResolver
         repositoryEventDispatcher.dispatch( event.build() );
     }
 
-}
\ No newline at end of file
+}