You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2022/04/15 18:07:00 UTC

[jira] [Commented] (MJAVADOC-585) Incorrect quoting and escaping of nonProxyHosts-information from settings.xml

    [ https://issues.apache.org/jira/browse/MJAVADOC-585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522917#comment-17522917 ] 

Michael Osipov commented on MJAVADOC-585:
-----------------------------------------

Still waiting for feedback...

> Incorrect quoting and escaping of nonProxyHosts-information from settings.xml
> -----------------------------------------------------------------------------
>
>                 Key: MJAVADOC-585
>                 URL: https://issues.apache.org/jira/browse/MJAVADOC-585
>             Project: Maven Javadoc Plugin
>          Issue Type: Bug
>          Components: jar, javadoc
>    Affects Versions: 3.1.0
>         Environment: Maven 3.6.0 on RHEL 7.6 using OpenJDK 1.8.9.191 and Bash; Maven 3.6.0 on Windows 7 using Oracle JDK 8 Update 201 and Windows-CMD
>            Reporter: Paul Busch
>            Priority: Major
>             Fix For: waiting-for-feedback
>
>
> At my development site, I am behind a proxy server. That proxy server is configured in my {{settings.xml}} in a corresponding {{proxies/proxy}}-section.
> For site-deployments I use an internal server named {{my-site-host}}.
> To bypass the proxy for access to {{my-site-host}} and several other hosts in the local network, there is a {{nonProxyHosts}}-element in the proxy-configuration-section of my {{settings.xml}} which looks like this:
> {code:java}
> <nonProxyHosts>my-site-host|my-nexus-host</nonProxyHosts>
> {code}
> In an internal project {{linking-project,}} which uses a class {{LinkTarget}} from another internal project {{link-target}} in its API, I would like to have the class {{LinkTarget}} in the Javadocs of project {{linking-project}} to be displayed as links to the Javadocs of project {{link-target}}. The Javadocs of project {{link-target}} are published on {{my-site-host}} as part of a maven-site. To achieve the linking I have configured the {{maven-javadoc-plugin}} in {{linking-project}} as follows:
> {code:java}
> <configuration>
>     <links>
>         <link>http://my-site-host/link-target/0.1.0-SNAPSHOT/apidocs</link>
>     </links>
> </configuration>
> {code}
> When the report {{javadoc:javadoc}} or the goal {{javadoc:jar}} is executed during the build, I get the following warning:
> {code:java}
> [WARNING] javadoc: warning - Error fetching URL: http://my-site-host/link-target/0.1.0-SNAPSHOT/apidocs/
> {code}
> As a result, class {{LinkTarget}} in the generated Javadocs is displayed with its fully qualified class name and not as a link. The expected behavior would be class {{LinkTarget}} being displayed using its local name only and with an underlying link to the Javadocs of that class. The problem occurs on both Linux and Windows.
> The problem also occurs when executing the {{javadoc.(sh|bat)}} script, which is generated in {{target/site/apidocs}} when {{-Ddebug=true}} is used (on Linux using Bash; on Windows using Windows-CMD).
> The problem seems to be in the handling of the {{nonProxyHosts}}-information from the {{settings.xml}} in {{AbstractJavadocMojo}}. In method {{addProxyArg(Commandline)}} this information is (in two places) handled as follows:
> {code:java}
> cmd.createArg().setValue( "-J-Dhttp.nonProxyHosts=\""
>         + httpProxy.getNonProxyHosts().replace( "|", "^|" ) + "\"" );
> {code}
> When the report/goal is executed, the {{Commandline}}-object is delegated to {{CommandLineUtils.executeCommandLine(...)}} which in the end delegates to the {{javadoc}}-program using {{Runtime.exec(...)}}. {{Runtime.exec(...)}} is fed the command line parts as an array of Strings and apparently does not need any quoting and escaping. When looking at it in a debugger the {{nonProxyHosts}}-information – escaped with the code above – is passed to the {{javadoc}}-program as {{"-J-Dhttp.nonProxyHosts=\"my-site-host^|my-nexus-host\""}}. I guess this value is split by the {{javadoc}}-program at the pipe symbol, resulting in {{"my-site-host^}} and {{my-nexus-host"}} as the two host names. Thus the {{javadoc}}-program bypasses the proxy for the nonexisting/nonsense host name {{"my-site-host^}} (with a leading quote and a trailing caret) but uses the proxy for the actual host {{my-site-host}} causing the malfuntion and the warning.
> For the sake of the report/goal-execution the above code could be fixed as follows:
> {code:java}
> cmd.createArg().setValue( "-J-Dhttp.nonProxyHosts=" + httpProxy.getNonProxyHosts() );
> {code}
> i.e. no quoting and no escaping of pipe symbols.
> This code change albeit completely breaks the generated {{javadoc.(sh|bat)}}-scripts generated in {{target/site/apidocs}} with {{-Ddebug=true}}. While {{Runtime.exec(...)}} *must not* have quoting and escaping, Windows-CMD and Bash, for which the scripts are generated, *need* special handling. Otherwise the pipe symbols in {{nonProxyHosts}} will be interpreted as redirection of output to the input of another program.
> The following aspects need to be observed regarding the generation of the debug scripts:
>  # The scripts may be based on the {{Commandline}}-object but must have the pipe symbol escaped.
>  # Quoting is not necessary when the pipe symbol is properly escaped and the host-names do not contain whitespace – I would take no-whitespace-hostnames for granted.
>  # The pipe symbol must be escaped in the way that matches the platform – escaping the pip symbol with a caret {{^}} is specific to Windows-CMD, for Linux/Bash the escaping must be done with a backslash {{\}}.
> This could be achieved with a code change in addition to the one above. The additional change could be in {{AbstractJavadocMojo.writeDebugJavadocScript(...)}} or – consistent with the existing code – in all places where {{CommandLineUtils.toString( cmd.getCommandline() ).replaceAll( "'", "" )}} is called (three occurrences in {{AbstractJavadocMojo.executeJavadocCommandLine(...)}}, one for logging and two for generating the debug script). The latter variant could look like this for the script generation, the logging code would be very similar:
> {code:java}
> String pipeSymbolEscape = "\\\\|";
> if ( SystemUtils.IS_OS_WINDOWS )
> {
>     pipeSymbolEscape = "^|";
> }
> cmdLine = CommandLineUtils.toString( cmd.getCommandline() ).replaceAll( "'", "" )
>         .replaceAll( "\\|", pipeSymbolEscape );
> writeDebugJavadocScript( cmdLine, javadocOutputDirectory );
> {code}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)