This is an automated email from the ASF dual-hosted git repository. gnodet pushed a commit to branch fix/issue-11919-maven-4-rc5-fails-with-npe-in-defaultmod in repository https://gitbox.apache.org/repos/asf/maven.git
commit 2e6973399074dbfc998b69f3fce2dca2d87c15f0 Author: Guillaume Nodet <[email protected]> AuthorDate: Sat May 23 07:37:25 2026 +0200 Address review suggestions: reorder guard condition and add test Co-Authored-By: Claude Opus 4.6 <[email protected]> --- .../maven/impl/model/DefaultModelBuilder.java | 2 +- .../maven/impl/model/DefaultModelBuilderTest.java | 25 ++++++++++++++++++++++ .../resources/poms/factory/resolved-dependency.xml | 23 ++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/impl/maven-impl/src/main/java/org/apache/maven/impl/model/DefaultModelBuilder.java b/impl/maven-impl/src/main/java/org/apache/maven/impl/model/DefaultModelBuilder.java index 75ec841cde..b36ff00504 100644 --- a/impl/maven-impl/src/main/java/org/apache/maven/impl/model/DefaultModelBuilder.java +++ b/impl/maven-impl/src/main/java/org/apache/maven/impl/model/DefaultModelBuilder.java @@ -1398,7 +1398,7 @@ private Model readEffectiveModel() throws ModelBuilderException { // path correctly if it was not set in the input model if (inputModel.getParent() != null && inputModel.getParent().getRelativePath() == null) { String relPath; - if (parentModel.getPomFile() != null && inputModel.getPomFile() != null && isBuildRequest()) { + if (isBuildRequest() && parentModel.getPomFile() != null && inputModel.getPomFile() != null) { relPath = inputModel .getPomFile() .getParent() diff --git a/impl/maven-impl/src/test/java/org/apache/maven/impl/model/DefaultModelBuilderTest.java b/impl/maven-impl/src/test/java/org/apache/maven/impl/model/DefaultModelBuilderTest.java index 5f6146fc2c..80c49e7f2c 100644 --- a/impl/maven-impl/src/test/java/org/apache/maven/impl/model/DefaultModelBuilderTest.java +++ b/impl/maven-impl/src/test/java/org/apache/maven/impl/model/DefaultModelBuilderTest.java @@ -254,6 +254,31 @@ public void testMissingDependencyGroupIdInference() throws Exception { } } + /** + * Verify that building a model from a resolved source (null pomFile) does not throw + * a NullPointerException. This simulates the scenario from GH-11919 where the + * cyclonedx-maven-plugin resolves a dependency POM from the repository, which + * produces a ModelSource whose {@code getPath()} returns {@code null}. + */ + @Test + public void testResolvedSourceWithNullPomFile() { + Path pomPath = getPom("resolved-dependency"); + // resolvedSource returns null for getPath(), simulating a dependency POM + // resolved from a remote repository (not a local project build) + ModelBuilderRequest request = ModelBuilderRequest.builder() + .session(session) + .requestType(ModelBuilderRequest.RequestType.CONSUMER_DEPENDENCY) + .source(Sources.resolvedSource(pomPath, "org.example:resolved-dep:1.0.0")) + .build(); + ModelBuilderResult result = builder.newSession().build(request); + assertNotNull(result); + assertNotNull(result.getEffectiveModel()); + assertNull(result.getEffectiveModel().getPomFile(), "pomFile should be null for resolved sources"); + assertEquals("org.example", result.getEffectiveModel().getGroupId()); + assertEquals("resolved-dep", result.getEffectiveModel().getArtifactId()); + assertEquals("1.0.0", result.getEffectiveModel().getVersion()); + } + private Path getPom(String name) { return Paths.get("src/test/resources/poms/factory/" + name + ".xml").toAbsolutePath(); } diff --git a/impl/maven-impl/src/test/resources/poms/factory/resolved-dependency.xml b/impl/maven-impl/src/test/resources/poms/factory/resolved-dependency.xml new file mode 100644 index 0000000000..ed7a6adf59 --- /dev/null +++ b/impl/maven-impl/src/test/resources/poms/factory/resolved-dependency.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0";> + <modelVersion>4.0.0</modelVersion> + <groupId>org.example</groupId> + <artifactId>resolved-dep</artifactId> + <version>1.0.0</version> +</project>
