You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by sj...@apache.org on 2022/07/29 20:47:58 UTC
[maven-enforcer] branch master updated: [MENFORCER-424] - Add rule which bans scope from dependencyManagement
This is an automated email from the ASF dual-hosted git repository.
sjaranowski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-enforcer.git
The following commit(s) were added to refs/heads/master by this push:
new 28684b2 [MENFORCER-424] - Add rule which bans scope from dependencyManagement
28684b2 is described below
commit 28684b2c4be04857e964985f9659c6950ed84bfc
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Tue Jun 28 19:32:15 2022 +0200
[MENFORCER-424] - Add rule which bans scope from
dependencyManagement
---
.../enforcer/BanDependencyManagementScope.java | 218 +++++++++++++++++++++
.../plugins/enforcer/utils/ArtifactMatcher.java | 72 +++++--
.../site/apt/banDependencyManagementScope.apt.vm | 94 +++++++++
enforcer-rules/src/site/apt/index.apt | 2 +
.../enforcer/BanDependencyManagementScopeTest.java | 74 +++++++
.../enforcer/utils/TestArtifactMatcher.java | 2 +-
.../invoker.properties | 18 ++
.../ban-dependency-management-scope-fail/pom.xml | 92 +++++++++
.../verify.groovy | 23 +++
9 files changed, 574 insertions(+), 21 deletions(-)
diff --git a/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScope.java b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScope.java
new file mode 100644
index 0000000..94fe177
--- /dev/null
+++ b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScope.java
@@ -0,0 +1,218 @@
+package org.apache.maven.plugins.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
+import org.apache.maven.enforcer.rule.api.EnforcerRule2;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.model.DependencyManagement;
+import org.apache.maven.model.InputLocation;
+import org.apache.maven.plugin.logging.Log;
+import org.apache.maven.plugins.enforcer.utils.ArtifactMatcher;
+import org.apache.maven.project.MavenProject;
+import org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+
+/**
+ * This rule bans all scope values except for {@code import} from dependencies within the dependency management.
+ * There is a configuration option to ignore certain dependencies in this check.
+ */
+public class BanDependencyManagementScope
+ extends AbstractNonCacheableEnforcerRule
+ implements EnforcerRule2
+{
+
+ /**
+ * Specify the dependencies that will be ignored. This can be a list of artifacts in the format
+ * <code>groupId[:artifactId][:version][:type][:scope]</code>. Wildcard '*' can be used to in place of specific
+ * section (ie group:*:1.0 will match both 'group:artifact:1.0' and 'group:anotherArtifact:1.0'). Version is a
+ * string representing standard Maven version range. Empty patterns will be ignored.
+ *
+ * @see {@link #setExcludes(List)}
+ */
+ private List<String> excludes = null;
+
+ /**
+ * If {@code true} the dependencyManagement from imported dependencyManagement and parent pom's is checked as well,
+ * otherwise only the local dependencyManagement defined in the current project's pom.xml.
+ */
+ private boolean checkEffectivePom = false;
+
+ @Override
+ public void execute( EnforcerRuleHelper helper )
+ throws EnforcerRuleException
+ {
+ Log logger = helper.getLog();
+ MavenProject project;
+ try
+ {
+ project = (MavenProject) helper.evaluate( "${project}" );
+ if ( project == null )
+ {
+ throw new EnforcerRuleException( "${project} is null" );
+ }
+ // only evaluate local depMgmt, without taking into account inheritance and interpolation
+ DependencyManagement depMgmt = checkEffectivePom ? project.getModel().getDependencyManagement()
+ : project.getOriginalModel().getDependencyManagement();
+ if ( depMgmt != null && depMgmt.getDependencies() != null )
+ {
+ List<Dependency> violatingDependencies = getViolatingDependencies( logger, depMgmt );
+ if ( !violatingDependencies.isEmpty() )
+ {
+ String projectId = getProjectId( project );
+ String message = getMessage();
+ StringBuilder buf = new StringBuilder();
+ if ( message == null )
+ {
+ message = "Scope other than 'import' is not allowed in 'dependencyManagement'";
+ }
+ buf.append( message + System.lineSeparator() );
+ for ( Dependency violatingDependency : violatingDependencies )
+ {
+ buf.append( getErrorMessage( projectId, violatingDependency ) );
+ }
+ throw new EnforcerRuleException( buf.toString() );
+ }
+ }
+ }
+ catch ( ExpressionEvaluationException e )
+ {
+ throw new EnforcerRuleException( "Cannot resolve expression: " + e.getCause(), e );
+ }
+ catch ( InvalidVersionSpecificationException e )
+ {
+ throw new EnforcerRuleException( "Invalid version range give in excludes " + e.getCause(), e );
+ }
+ }
+
+ protected List<Dependency> getViolatingDependencies( Log logger, DependencyManagement depMgmt )
+ throws InvalidVersionSpecificationException
+ {
+ final ArtifactMatcher excludesMatcher;
+ if ( excludes != null )
+ {
+ excludesMatcher = new ArtifactMatcher( excludes, Collections.emptyList() );
+ }
+ else
+ {
+ excludesMatcher = null;
+ }
+ List<Dependency> violatingDependencies = new ArrayList<>();
+ for ( Dependency dependency : depMgmt.getDependencies() )
+ {
+ if ( dependency.getScope() != null && !"import".equals( dependency.getScope() ) )
+ {
+ if ( excludesMatcher != null && excludesMatcher.match( dependency ) )
+ {
+ logger.debug( "Skipping excluded dependency " + dependency + " with scope "
+ + dependency.getScope() );
+ continue;
+ }
+ violatingDependencies.add( dependency );
+ }
+ }
+ return violatingDependencies;
+ }
+
+ private static CharSequence getErrorMessage( String projectId, Dependency violatingDependency )
+ {
+ return "Banned scope '" + violatingDependency.getScope() + "' used on dependency '"
+ + violatingDependency.getManagementKey() + "' @ "
+ + formatLocation( projectId, violatingDependency.getLocation( "" ) )
+ + System.lineSeparator();
+ }
+
+ // Get the identifier of the POM in the format <groupId>:<artifactId>:<version>.
+ protected static String getProjectId( MavenProject project )
+ {
+ StringBuilder buffer = new StringBuilder( 128 );
+
+ buffer.append( ( project.getGroupId() != null && project.getGroupId().length() > 0 ) ? project.getGroupId()
+ : "[unknown-group-id]" );
+ buffer.append( ':' );
+ buffer.append( ( project.getArtifactId() != null && project.getArtifactId().length() > 0 )
+ ? project.getArtifactId()
+ : "[unknown-artifact-id]" );
+ buffer.append( ':' );
+ buffer.append( ( project.getVersion() != null && project.getVersion().length() > 0 ) ? project.getVersion()
+ : "[unknown-version]" );
+
+ return buffer.toString();
+ }
+
+ /**
+ * Creates a string with line/column information for problems originating directly from this POM. Inspired by
+ * {@code o.a.m.model.building.ModelProblemUtils.formatLocation(...)}.
+ *
+ * @param projectId the id of the current project's pom.
+ * @param location The location which should be formatted, must not be {@code null}.
+ * @return The formatted problem location or an empty string if unknown, never {@code null}.
+ */
+ protected static String formatLocation( String projectId, InputLocation location )
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ if ( !location.getSource().getModelId().equals( projectId ) )
+ {
+ buffer.append( location.getSource().getModelId() );
+
+ if ( location.getSource().getLocation().length() > 0 )
+ {
+ if ( buffer.length() > 0 )
+ {
+ buffer.append( ", " );
+ }
+ buffer.append( location.getSource().getLocation() );
+ }
+ }
+ if ( location.getLineNumber() > 0 )
+ {
+ if ( buffer.length() > 0 )
+ {
+ buffer.append( ", " );
+ }
+ buffer.append( "line " ).append( location.getLineNumber() );
+ }
+ if ( location.getColumnNumber() > 0 )
+ {
+ if ( buffer.length() > 0 )
+ {
+ buffer.append( ", " );
+ }
+ buffer.append( "column " ).append( location.getColumnNumber() );
+ }
+ return buffer.toString();
+ }
+
+ public void setExcludes( List<String> theExcludes )
+ {
+ this.excludes = theExcludes;
+ }
+
+ public void setCheckEffectivePom( boolean checkEffectivePom )
+ {
+ this.checkEffectivePom = checkEffectivePom;
+ }
+}
diff --git a/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java
index 3817569..3511518 100644
--- a/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java
+++ b/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/utils/ArtifactMatcher.java
@@ -23,9 +23,11 @@ import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.versioning.DefaultArtifactVersion;
import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
import org.apache.maven.artifact.versioning.VersionRange;
+import org.apache.maven.model.Dependency;
import org.apache.maven.plugins.enforcer.AbstractVersionEnforcer;
import java.util.Collection;
import java.util.LinkedList;
+import java.util.Objects;
/**
* This class is used for matching Artifacts against a list of patterns.
@@ -73,21 +75,31 @@ public final class ArtifactMatcher
public boolean match( Artifact artifact )
throws InvalidVersionSpecificationException
{
- if ( artifact == null )
- {
- throw new NullPointerException( "artifact" );
- }
+ Objects.requireNonNull( artifact, "artifact must not be null" );
+ return match( artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion(),
+ artifact.getType(), artifact.getScope(), artifact.getClassifier() );
+ }
+ public boolean match( Dependency dependency )
+ throws InvalidVersionSpecificationException
+ {
+ Objects.requireNonNull( dependency, "dependency must not be null" );
+ return match( dependency.getGroupId(), dependency.getArtifactId(), dependency.getVersion(),
+ dependency.getType(), dependency.getScope(), dependency.getClassifier() );
+ }
+
+ private boolean match( String groupId, String artifactId, String version,
+ String type, String scope, String classifier )
+ throws InvalidVersionSpecificationException
+ {
switch ( parts.length )
{
case 6:
- String classifier = artifact.getClassifier();
if ( !matches( parts[5], classifier ) )
{
return false;
}
case 5:
- String scope = artifact.getScope();
if ( scope == null || scope.equals( "" ) )
{
scope = Artifact.SCOPE_COMPILE;
@@ -98,7 +110,6 @@ public final class ArtifactMatcher
return false;
}
case 4:
- String type = artifact.getType();
if ( type == null || type.equals( "" ) )
{
type = "jar";
@@ -110,12 +121,11 @@ public final class ArtifactMatcher
}
case 3:
- if ( !matches( parts[2], artifact.getVersion() ) )
+ if ( !matches( parts[2], version ) )
{
// CHECKSTYLE_OFF: LineLength
if ( !AbstractVersionEnforcer.containsVersion( VersionRange.createFromVersionSpec( parts[2] ),
- new DefaultArtifactVersion(
- artifact.getVersion() ) ) )
+ new DefaultArtifactVersion( version ) ) )
// CHECKSTYLE_ON: LineLength
{
return false;
@@ -123,12 +133,12 @@ public final class ArtifactMatcher
}
case 2:
- if ( !matches( parts[1], artifact.getArtifactId() ) )
+ if ( !matches( parts[1], artifactId ) )
{
return false;
}
case 1:
- return matches( parts[0], artifact.getGroupId() );
+ return matches( parts[0], groupId );
default:
throw new AssertionError();
}
@@ -169,14 +179,8 @@ public final class ArtifactMatcher
*/
public ArtifactMatcher( final Collection<String> patterns, final Collection<String> ignorePatterns )
{
- if ( patterns == null )
- {
- throw new NullPointerException( "patterns" );
- }
- if ( ignorePatterns == null )
- {
- throw new NullPointerException( "ignorePatterns" );
- }
+ Objects.requireNonNull( patterns, "patterns must not be null" );
+ Objects.requireNonNull( ignorePatterns, "ignorePatterns must not be null" );
for ( String pattern : patterns )
{
if ( pattern != null && !"".equals( pattern ) )
@@ -221,4 +225,32 @@ public final class ArtifactMatcher
}
return false;
}
+
+ /**
+ * Check if dependency matches patterns.
+ *
+ * @param dependency the dependency to match
+ * @return {@code true} if dependency matches any {@link #patterns} and none of the {@link #ignorePatterns},
+ * otherwise {@code false}
+ * @throws InvalidVersionSpecificationException if any pattern contains an invalid version range
+ */
+ public boolean match( Dependency dependency )
+ throws InvalidVersionSpecificationException
+ {
+ for ( Pattern pattern : patterns )
+ {
+ if ( pattern.match( dependency ) )
+ {
+ for ( Pattern ignorePattern : ignorePatterns )
+ {
+ if ( ignorePattern.match( dependency ) )
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+ }
+ return false;
+ }
}
diff --git a/enforcer-rules/src/site/apt/banDependencyManagementScope.apt.vm b/enforcer-rules/src/site/apt/banDependencyManagementScope.apt.vm
new file mode 100644
index 0000000..6b00cf7
--- /dev/null
+++ b/enforcer-rules/src/site/apt/banDependencyManagementScope.apt.vm
@@ -0,0 +1,94 @@
+~~ Licensed to the Apache Software Foundation (ASF) under one
+~~ or more contributor license agreements. See the NOTICE file
+~~ distributed with this work for additional information
+~~ regarding copyright ownership. The ASF licenses this file
+~~ to you under the Apache License, Version 2.0 (the
+~~ "License"); you may not use this file except in compliance
+~~ with the License. You may obtain a copy of the License at
+~~
+~~ http://www.apache.org/licenses/LICENSE-2.0
+~~
+~~ Unless required by applicable law or agreed to in writing,
+~~ software distributed under the License is distributed on an
+~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~~ KIND, either express or implied. See the License for the
+~~ specific language governing permissions and limitations
+~~ under the License.
+
+ ------
+ Ban Dependency Management Scope
+ ------
+ Konrad Windszus
+ ------
+ June 2022
+ ------
+
+Ban Dependency Management Scope
+
+ This rule bans all scope values except for {{{https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies}<<<import>>>}} from dependencies within the dependency management.
+
+ The following parameters are supported by this rule:
+
+ * <<checkEffectivePom>> - if <<<true>>> the dependencyManagement from imports and parent pom's are checked as well, otherwise only the local dependencyManagement defined in the current project's pom.xml. Default is <<<false>>>.
+
+ * <<excludes>> - a list of dependencies to ignore. The format is <<<groupId[:artifactId][:version][:type][:scope][:classifier]>>> where <<<artifactId>>>, <<<version>>>, <<<type>>>, <<<scope>>> and <<<classifier>>> are optional. Wildcards may be used to replace an entire or just parts of a section.
+ Examples:
+
+ * <<<org.apache.maven>>>
+
+ * <<<org.apache.maven:someArtifact>>>
+
+ * <<<org.apache.maven:artifact:someVersion>>>
+
+ * <<<org.apache.maven:*:1.2>>> (exclude version 1.2 and above, equivalent to [1.2,) )
+
+ * <<<org.apache.maven:*:[1.2]>>> (explicit exclude of version 1.2)
+
+ * <<<org.apache.maven:*:*:jar:test>>>
+
+ * <<<*:*:*:jar:compile:tests>>>
+
+ * <<<org.apache.*:maven-*:*>>>
+
+ []
+
+ * <<message>> - an optional message to the user if the rule fails.
+
+ []
+
+
+ Sample Plugin Configuration:
+
++---+
+<project>
+ [...]
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>${project.version}</version>
+ <executions>
+ <execution>
+ <id>ban-dependency-management-scope</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <banDependencyManagementScope>
+ <excludes>
+ <exclude>org.apache.maven</exclude>
+ </excludes>
+ <checkEffectivePom>true</checkEffectivePom>
+ </banDependencyManagementScope>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ [...]
+</project>
++---+
diff --git a/enforcer-rules/src/site/apt/index.apt b/enforcer-rules/src/site/apt/index.apt
index 5567a6f..f9dee96 100644
--- a/enforcer-rules/src/site/apt/index.apt
+++ b/enforcer-rules/src/site/apt/index.apt
@@ -30,6 +30,8 @@ Built-In Rules
* {{{./alwaysFail.html}alwaysFail}} - Always fail... used to test plugin configuration.
* {{{./alwaysPass.html}alwaysPass}} - Always passes... used to test plugin configuration.
+
+ * {{{./banDependencyManagementScope.html}banDependencyManagementScope}} - bans all scope values except for 'import' from dependencies within the dependency management.
* {{{./banDistributionManagement.html}banDistributionManagement}} - enforces that project doesn't have distributionManagement.
diff --git a/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScopeTest.java b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScopeTest.java
new file mode 100644
index 0000000..0d55597
--- /dev/null
+++ b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/BanDependencyManagementScopeTest.java
@@ -0,0 +1,74 @@
+package org.apache.maven.plugins.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Collections;
+
+import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.model.DependencyManagement;
+import org.apache.maven.plugin.logging.SystemStreamLog;
+import org.hamcrest.MatcherAssert;
+import org.hamcrest.Matchers;
+import org.junit.jupiter.api.Test;
+
+class BanDependencyManagementScopeTest
+{
+ @Test
+ void testGetViolatingDependencies()
+ throws EnforcerRuleException, InvalidVersionSpecificationException
+ {
+ BanDependencyManagementScope rule = new BanDependencyManagementScope();
+ DependencyManagement depMgmt = new DependencyManagement();
+ Dependency depWithoutScope = createDependency( "myGroup", "artifact1", null );
+ Dependency depWithScope = createDependency( "myGroup", "artifact2", "1.1.0", "provided" );
+ Dependency depWithImportScope = createDependency( "myGroup", "artifact3", "1.1.0", "import" );
+ Dependency excludedDepWithScope = createDependency( "myGroup", "artifact4", "1.1.0", "provided" );
+ depMgmt.addDependency( depWithoutScope );
+ depMgmt.addDependency( depWithScope );
+ depMgmt.addDependency( depWithImportScope );
+ depMgmt.addDependency( excludedDepWithScope );
+ rule.setExcludes( Collections.singletonList( "*:artifact4" ) );
+ MatcherAssert.assertThat( rule.getViolatingDependencies( new SystemStreamLog(), depMgmt ),
+ Matchers.contains( depWithScope ) );
+ }
+
+ static Dependency createDependency( String groupId, String artifactId, String version )
+ {
+ return createDependency( groupId, artifactId, version, null );
+ }
+
+ static Dependency createDependency( String groupId, String artifactId, String version, String scope )
+ {
+ Dependency dependency = new Dependency();
+ dependency.setGroupId( groupId );
+ dependency.setArtifactId( artifactId );
+ if ( version != null )
+ {
+ dependency.setVersion( version );
+ }
+ if ( scope != null )
+ {
+ dependency.setScope( scope );
+ }
+ return dependency;
+ }
+}
diff --git a/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java
index 3307076..70703a1 100644
--- a/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java
+++ b/enforcer-rules/src/test/java/org/apache/maven/plugins/enforcer/utils/TestArtifactMatcher.java
@@ -75,7 +75,7 @@ public class TestArtifactMatcher
try
{
Pattern p = new Pattern( "*" );
- p.match( null );
+ p.match( (Artifact)null );
fail( "NullPointerException expected." );
}
catch ( NullPointerException ignored )
diff --git a/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/invoker.properties b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/invoker.properties
new file mode 100644
index 0000000..58b6526
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult = failure
diff --git a/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/pom.xml b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/pom.xml
new file mode 100644
index 0000000..c8f6eff
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/pom.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project>
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.maven.its.enforcer</groupId>
+ <artifactId>ban-dependency-management-scope-fail-test</artifactId>
+ <version>1.0</version>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>@project.version@</version>
+ <executions>
+ <execution>
+ <id>test</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <banDependencyManagementScope>
+ <excludes>
+ <exclude>org.apache.maven.plugins.enforcer.its:menforcer138_classworlds</exclude>
+ <exclude>org.apache.maven.plugins.enforcer.its:menforcer138_io</exclude>
+ </excludes>
+ </banDependencyManagementScope>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+ <artifactId>menforcer128_api</artifactId>
+ <version>1.4.0</version>
+ <scope>import</scope><!-- allowed scope -->
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+ <artifactId>menforcer138_archiver</artifactId>
+ <version>2.1.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+ <artifactId>menforcer138_utils</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+ <artifactId>menforcer138_archiver</artifactId>
+ <version>2.1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+ <artifactId>menforcer138_utils</artifactId>
+ <version>3.0</version>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/verify.groovy b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/verify.groovy
new file mode 100644
index 0000000..67651ac
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/ban-dependency-management-scope-fail/verify.groovy
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+File buildLog = new File( basedir, 'build.log' )
+assert buildLog.text.contains( '[ERROR] Rule 0: org.apache.maven.plugins.enforcer.BanDependencyManagementScope failed with message:' )
+assert buildLog.text.contains( 'Scope other than \'import\' is not allowed in \'dependencyManagement\'' )
+assert buildLog.text.contains( 'Banned scope \'provided\' used on dependency \'org.apache.maven.plugins.enforcer.its:menforcer138_archiver:jar\' @ line 65, column 19' )
+assert buildLog.text.contains( 'Banned scope \'test\' used on dependency \'org.apache.maven.plugins.enforcer.its:menforcer138_utils:jar\' @ line 71, column 19' )
\ No newline at end of file