[
https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839259#comment-17839259
]
ASF GitHub Bot commented on MBUILDCACHE-86:
-------------------------------------------
hboutemy commented on code in PR #104:
URL:
https://github.com/apache/maven-build-cache-extension/pull/104#discussion_r1573334304
##########
src/main/java/org/apache/maven/buildcache/checksum/MavenProjectInput.java:
##########
@@ -92,16 +92,17 @@
import static
org.apache.maven.buildcache.xml.CacheConfigImpl.CACHE_ENABLED_PROPERTY_NAME;
import static org.apache.maven.buildcache.xml.CacheConfigImpl.CACHE_SKIP;
import static
org.apache.maven.buildcache.xml.CacheConfigImpl.RESTORE_GENERATED_SOURCES_PROPERTY_NAME;
+import static
org.apache.maven.buildcache.xml.CacheConfigImpl.RESTORE_ON_DISK_ARTEFACTS_PROPERTY_NAME;
Review Comment:
s/ARTEFACT/ARTIFACT/
##########
src/main/java/org/apache/maven/buildcache/artifact/OutputType.java:
##########
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.buildcache.artifact;
+
+public enum OutputType {
+ // generated project artefact
+ ARTEFACT(""),
Review Comment:
yes, ARTIFACT in english, not nice french ARTEFACT :)
##########
src/main/java/org/apache/maven/buildcache/xml/CacheConfigImpl.java:
##########
@@ -90,6 +91,7 @@ public class CacheConfigImpl implements
org.apache.maven.buildcache.xml.CacheCon
public static final String FAIL_FAST_PROPERTY_NAME =
"maven.build.cache.failFast";
public static final String BASELINE_BUILD_URL_PROPERTY_NAME =
"maven.build.cache.baselineUrl";
public static final String LAZY_RESTORE_PROPERTY_NAME =
"maven.build.cache.lazyRestore";
+ public static final String RESTORE_ON_DISK_ARTEFACTS_PROPERTY_NAME =
"maven.build.cache.restoreOnDiskArtefacts";
Review Comment:
same
##########
src/main/java/org/apache/maven/buildcache/checksum/MavenProjectInput.java:
##########
@@ -710,6 +711,18 @@ public static boolean
isRestoreGeneratedSources(MavenProject project) {
project.getProperties().getProperty(RESTORE_GENERATED_SOURCES_PROPERTY_NAME,
"true"));
}
+ /**
+ * Allow skipping artefacts restoration on a per-project level via a
property (which defaults to true)
Review Comment:
s/artefacts/artifacts/ (in comment, not critical)
##########
src/main/java/org/apache/maven/buildcache/CacheControllerImpl.java:
##########
@@ -112,13 +114,10 @@
@SuppressWarnings("unused")
public class CacheControllerImpl implements CacheController {
- public static final String FILE_SEPARATOR_SUBST = "_";
- /**
- * Prefix for generated sources stored as a separate artifact in cache
- */
- private static final String BUILD_PREFIX = "build" + FILE_SEPARATOR_SUBST;
-
private static final Logger LOGGER =
LoggerFactory.getLogger(CacheControllerImpl.class);
+ private static final String DEFAULT_FILE_GLOB = "*";
+ public static final String ERROR_MSG_RESTORATION_OUTSIDE_PROJECT =
+ "Blocked an attempt to restore files outside of a project
directory : ";
Review Comment:
in english, no space before `:` (yes, french with non-breaking space is much
better, but we must adapt :) )
##########
src/main/java/org/apache/maven/buildcache/xml/CacheConfig.java:
##########
@@ -131,5 +132,10 @@ public interface CacheConfig {
*/
boolean isRestoreGeneratedSources();
+ /**
+ * Flag to restore (default) or not generated artefacts
+ */
+ boolean isRestoreOnDiskArtefacts();
Review Comment:
s/artefacts/artifacts/
##########
src/main/java/org/apache/maven/buildcache/CacheControllerImpl.java:
##########
@@ -133,6 +132,15 @@ public class CacheControllerImpl implements
CacheController {
private final RestoredArtifactHandler restoreArtifactHandler;
private volatile Scm scm;
+ /**
+ * A map dedicated to store the base path of resources stored to the cache
which are not original artefacts
Review Comment:
s/artefacts/artifacts/
> Bugfix and enhancements with the restoration of outputs on disk
> ---------------------------------------------------------------
>
> Key: MBUILDCACHE-86
> URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86
> Project: Maven Build Cache Extension
> Issue Type: Improvement
> Reporter: Kevin Buntrock
> Priority: Major
> Labels: pull-request-available
>
> *Fixes :*
> * Files containing an underscore in their name can't be restored in the
> cache directory correctly (not in the same directory location).
> * The cache is able to extract/restore files in locations outside the
> project. I guess the extraction part is not a vulnerability since someone
> with commit permissions can guess other ways to extract data. But the
> possibility of restoring at any place on the disk looks pretty dangerous to
> me if a remote cache server is compromised.
> *Enhancements :*
> * Possibility to restore artefacts on disk, with a dedicated property :
> maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the
> project directory, as opposed to the cache directory.
> ** IDE integration and use of the cache locally in developement is way
> easier. It is now possible to retrieve a cached jar in the "target" directory.
> * Introduce "globs" to filter extra attached outputs by filenames.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
