This is an automated email from the ASF dual-hosted git repository. rfscholte pushed a commit to branch MNG-6271 in repository https://gitbox.apache.org/repos/asf/maven.git
commit 58429455aa210a8f1ee87ec62eea6a2c2f35d1f2 Author: rfscholte <[email protected]> AuthorDate: Sun Jun 27 13:05:03 2021 +0200 [MNG-6271] Extend validator for expressions in repository URL --- .../model/validation/DefaultModelValidator.java | 25 +++++++++--- .../validation/DefaultModelValidatorTest.java | 16 ++++++++ .../repository-with-basedir-expression.xml | 42 ++++++++++++++++++++ .../raw-model/repository-with-expression.xml | 46 ++++++++++++++++++++++ 4 files changed, 123 insertions(+), 6 deletions(-) diff --git a/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java b/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java index 2e71520..50cf286 100644 --- a/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java +++ b/maven-model-builder/src/main/java/org/apache/maven/model/validation/DefaultModelValidator.java @@ -70,7 +70,7 @@ public class DefaultModelValidator implements ModelValidator { - private static final Pattern CI_FRIENDLY_EXPRESSION = Pattern.compile( "\\$\\{(.+?)\\}" ); + private static final Pattern EXPRESSION_NAME = Pattern.compile( "\\$\\{(.+?)\\}" ); private static final List<String> CI_FRIENDLY_POSSIBLE_PROPERTY_NAMES = Arrays.asList( AbstractStringBasedModelInterpolator.REVISION_PROPERTY, @@ -762,15 +762,28 @@ public class DefaultModelValidator String prefix2, ModelBuildingRequest request ) { Map<String, Repository> index = new HashMap<>(); - + for ( Repository repository : repositories ) { validateStringNotEmpty( prefix, prefix2, "id", problems, Severity.ERROR, Version.V20, repository.getId(), null, repository ); - validateStringNotEmpty( prefix, prefix2, "[" + repository.getId() + "].url", problems, Severity.ERROR, - Version.V20, repository.getUrl(), null, repository ); - + if ( validateStringNotEmpty( prefix, prefix2, "[" + repository.getId() + "].url", problems, Severity.ERROR, + Version.V20, repository.getUrl(), null, repository ) ) + { + // only allow ${basedir} and ${project.basedir} + Matcher m = EXPRESSION_NAME.matcher( repository.getUrl() ); + while ( m.find() ) + { + if ( !( "basedir".equals( m.group( 1 ) ) || "project.basedir".equals( m.group( 1 ) ) ) ) + { + validateStringNoExpression( prefix + prefix2 + "[" + repository.getId() + "].url", problems, + Severity.ERROR, Version.V40, repository.getUrl(), repository ); + break; + } + } + } + String key = repository.getId(); Repository existing = index.get( key ); @@ -992,7 +1005,7 @@ public class DefaultModelValidator // revision // sha1 // - Matcher m = CI_FRIENDLY_EXPRESSION.matcher( string.trim() ); + Matcher m = EXPRESSION_NAME.matcher( string.trim() ); while ( m.find() ) { if ( !CI_FRIENDLY_POSSIBLE_PROPERTY_NAMES.contains( m.group( 1 ) ) ) diff --git a/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java b/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java index c6f3188..fd63809 100644 --- a/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java +++ b/maven-model-builder/src/test/java/org/apache/maven/model/validation/DefaultModelValidatorTest.java @@ -876,4 +876,20 @@ public class DefaultModelValidatorTest assertViolations( result, 0, 0, 1 ); assertEquals( "'parent.version' is either LATEST or RELEASE (both of them are being deprecated)", result.getWarnings().get( 0 ) ); } + + @Test + public void repositoryWithExpression() throws Exception + { + SimpleProblemCollector result = validateRaw( "raw-model/repository-with-expression.xml" ); + assertViolations( result, 0, 1, 0 ); + assertEquals( "'repositories.repository.[repo].url' contains an expression but should be a constant.", result.getErrors().get( 0 ) ); + } + + @Test + public void repositoryWithBasedirExpression() throws Exception + { + SimpleProblemCollector result = validateRaw( "raw-model/repository-with-basedir-expression.xml" ); + assertViolations( result, 0, 0, 0 ); + } + } diff --git a/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-basedir-expression.xml b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-basedir-expression.xml new file mode 100644 index 0000000..3e64091 --- /dev/null +++ b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-basedir-expression.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.maven.validation</groupId> + <artifactId>parent</artifactId> + <version>1</version> + </parent> + + <groupId>org.apache.maven.validation</groupId> + <artifactId>project</artifactId> + <version>1.0.0-SNAPSHOT</version> + + <repositories> + <repository> + <id>repo</id> + <url>file://${basedir}/target/remote-repo</url> + </repository> + </repositories> + +</project> \ No newline at end of file diff --git a/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-expression.xml b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-expression.xml new file mode 100644 index 0000000..fcdd946 --- /dev/null +++ b/maven-model-builder/src/test/resources/poms/validation/raw-model/repository-with-expression.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.maven.validation</groupId> + <artifactId>parent</artifactId> + <version>1</version> + </parent> + + <groupId>org.apache.maven.validation</groupId> + <artifactId>project</artifactId> + <version>1.0.0-SNAPSHOT</version> + + <properties> + <x>just/some/path</x> + </properties> + + <repositories> + <repository> + <id>repo</id> + <url>file://${x}/sdk/maven/repo</url> + </repository> + </repositories> + +</project> \ No newline at end of file
