You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by rf...@apache.org on 2021/06/27 11:05:29 UTC
[maven] 02/02: [MNG-6271] Extend validator for expressions in
repository URL
This is an automated email from the ASF dual-hosted git repository.
rfscholte pushed a commit to branch MNG-6271
in repository https://gitbox.apache.org/repos/asf/maven.git
commit 58429455aa210a8f1ee87ec62eea6a2c2f35d1f2
Author: rfscholte <rf...@apache.org>
AuthorDate: Sun Jun 27 13:05:03 2021 +0200
[MNG-6271] Extend validator for expressions in repository URL
---
.../model/validation/DefaultModelValidator.java | 25 +++++++++---
.../validation/DefaultModelValidatorTest.java | 16 ++++++++
.../repository-with-basedir-expression.xml | 42 ++++++++++++++++++++
.../raw-model/repository-with-expression.xml | 46 ++++++++++++++++++++++
4 files changed, 123 insertions(+), 6 deletions(-)
diff --git a/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java b/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
index 2e71520..50cf286 100644
--- a/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
+++ b/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java
@@ -70,7 +70,7 @@ public class DefaultModelValidator
implements ModelValidator
{
- private static final Pattern CI_FRIENDLY_EXPRESSION = Pattern.compile( "\\$\\{(.+?)\\}" );
+ private static final Pattern EXPRESSION_NAME = Pattern.compile( "\\$\\{(.+?)\\}" );
private static final List<String> CI_FRIENDLY_POSSIBLE_PROPERTY_NAMES =
Arrays.asList( AbstractStringBasedModelInterpolator.REVISION_PROPERTY,
@@ -762,15 +762,28 @@ public class DefaultModelValidator
String prefix2, ModelBuildingRequest request )
{
Map<String, Repository> index = new HashMap<>();
-
+
for ( Repository repository : repositories )
{
validateStringNotEmpty( prefix, prefix2, "id", problems, Severity.ERROR, Version.V20, repository.getId(),
null, repository );
- validateStringNotEmpty( prefix, prefix2, "[" + repository.getId() + "].url", problems, Severity.ERROR,
- Version.V20, repository.getUrl(), null, repository );
-
+ if ( validateStringNotEmpty( prefix, prefix2, "[" + repository.getId() + "].url", problems, Severity.ERROR,
+ Version.V20, repository.getUrl(), null, repository ) )
+ {
+ // only allow ${basedir} and ${project.basedir}
+ Matcher m = EXPRESSION_NAME.matcher( repository.getUrl() );
+ while ( m.find() )
+ {
+ if ( !( "basedir".equals( m.group( 1 ) ) || "project.basedir".equals( m.group( 1 ) ) ) )
+ {
+ validateStringNoExpression( prefix + prefix2 + "[" + repository.getId() + "].url", problems,
+ Severity.ERROR, Version.V40, repository.getUrl(), repository );
+ break;
+ }
+ }
+ }
+
String key = repository.getId();
Repository existing = index.get( key );
@@ -992,7 +1005,7 @@ public class DefaultModelValidator
// revision
// sha1
//
- Matcher m = CI_FRIENDLY_EXPRESSION.matcher( string.trim() );
+ Matcher m = EXPRESSION_NAME.matcher( string.trim() );
while ( m.find() )
{
if ( !CI_FRIENDLY_POSSIBLE_PROPERTY_NAMES.contains( m.group( 1 ) ) )
diff --git a/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java b/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
index c6f3188..fd63809 100644
--- a/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
+++ b/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java
@@ -876,4 +876,20 @@ public class DefaultModelValidatorTest
assertViolations( result, 0, 0, 1 );
assertEquals( "'parent.version' is either LATEST or RELEASE (both of them are being deprecated)", result.getWarnings().get( 0 ) );
}
+
+ @Test
+ public void repositoryWithExpression() throws Exception
+ {
+ SimpleProblemCollector result = validateRaw( "raw-model/repository-with-expression.xml" );
+ assertViolations( result, 0, 1, 0 );
+ assertEquals( "'repositories.repository.[repo].url' contains an expression but should be a constant.", result.getErrors().get( 0 ) );
+ }
+
+ @Test
+ public void repositoryWithBasedirExpression() throws Exception
+ {
+ SimpleProblemCollector result = validateRaw( "raw-model/repository-with-basedir-expression.xml" );
+ assertViolations( result, 0, 0, 0 );
+ }
+
}
diff --git a/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-basedir-expression.xml b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-basedir-expression.xml
new file mode 100644
index 0000000..3e64091
--- /dev/null
+++ b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-basedir-expression.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.maven.validation</groupId>
+ <artifactId>parent</artifactId>
+ <version>1</version>
+ </parent>
+
+ <groupId>org.apache.maven.validation</groupId>
+ <artifactId>project</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+
+ <repositories>
+ <repository>
+ <id>repo</id>
+ <url>file://${basedir}/target/remote-repo</url>
+ </repository>
+ </repositories>
+
+</project>
\ No newline at end of file
diff --git a/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-expression.xml b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-expression.xml
new file mode 100644
index 0000000..fcdd946
--- /dev/null
+++ b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-expression.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.maven.validation</groupId>
+ <artifactId>parent</artifactId>
+ <version>1</version>
+ </parent>
+
+ <groupId>org.apache.maven.validation</groupId>
+ <artifactId>project</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+
+ <properties>
+ <x>just/some/path</x>
+ </properties>
+
+ <repositories>
+ <repository>
+ <id>repo</id>
+ <url>file://${x}/sdk/maven/repo</url>
+ </repository>
+ </repositories>
+
+</project>
\ No newline at end of file