You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2021/09/02 14:29:00 UTC

[jira] [Created] (SLING-10790) BundleEntryHandler.extractArtifactId may used wrong GAV

Angela Schreiber created SLING-10790:
----------------------------------------

             Summary: BundleEntryHandler.extractArtifactId may used wrong GAV
                 Key: SLING-10790
                 URL: https://issues.apache.org/jira/browse/SLING-10790
             Project: Sling
          Issue Type: Bug
          Components: Content-Package to Feature Model Converter
            Reporter: Angela Schreiber


[~kpauls], if my reading of {{BundleEntryHandler.extractArtifactId}} is correct it the method might be ending up using the wrong groupId/artifactId/version.

the code will loop over jar-entries and stop if the extracted GAV matches the bundle name. however, groupId/artifactId/version are not reset to {{null}} in case they were successfully extracted but didn't end up matching the bundle name i.e. {quote}it was the pom.properties  we were looking for{quote}.

i can't tell how big of an issue that is (and how likely). but given the fact that there is some extra effort to verify that the parsed pom is actually the right one, it might actually be relevant. the relies on a compliant content package that does contain a matching pom, which may or may not be the case... 
logging a warning or throwing a ConverterException in case of violation might help spotting troublesome content packages instead of getting some sort of side effect if another pom was spotted.

a heavily simplified copy of the method:
{code}
        String artifactId = null;
        String version = null;
        String groupId = null;
        String classifier = null;

        for (Enumeration<JarEntry> e = jarFile.entries(); e.hasMoreElements();) {
            [...]
            // extract groupId/artifactId/version
            [...]
       
            if (groupId != null && artifactId != null && version != null) {
                // bundleName is now the bare name without extension
                String synthesized = artifactId + "-" + version;

                // it was the pom.properties  we were looking for
                if (bundleName.startsWith(synthesized) || bundleName.equals(artifactId)) {

                    [...]
                    
                    // no need to iterate further
                    break;
                }
            }
        }

        
        if (groupId == null) {
            [...]
        }

        return new ArtifactId(groupId, artifactId, version, classifier, JAR_TYPE);
{code}

feel free to resolve as not a problem in case my reading of the code is all wrong.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)