phillipross opened a new issue, #1686: URL: https://github.com/apache/jena/issues/1686
### Version 4.7.0-SNAPSHOT ### What happened? Build fails on MacOS (but not Ubuntu) in service enhancer module running dataset assembler test due to Guava's paranoia of temp files. The test cleanup uses `deleteRecursively` method of the `MoreFiles` class in Guava, but on MacOS the heuristics used to determine if this can be done securely are apparently different (or buggy/non-existent?) compared to Ubuntu. Since the test specifies a static pathname for the temp directory, there's no actual security risk in this test. It would be safe to pass an option to relax the security check. Alternatively, dropping the use of the Guava method and just using a standard Java NIO2 recursive delete might be better. NIST NVD might agree 😁 https://nvd.nist.gov/vuln/detail/CVE-2020-8908 I'd be happy to submit a PR. ### Relevant output and stacktrace ```shell [INFO] Running org.apache.jena.sparql.service.enhancer.assembler.TestServiceEnhancerDatasetAssembler [ERROR] Tests run: 4, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.689 s <<< FAILURE! - in org.apache.jena.sparql.service.enhancer.assembler.TestServiceEnhancerDatasetAssembler [ERROR] testAssemblerTdbUnionDefaultGraph(org.apache.jena.sparql.service.enhancer.assembler.TestServiceEnhancerDatasetAssembler) Time elapsed: 0.679 s <<< ERROR! org.apache.jena.ext.com.google.common.io.InsecureRecursiveDeleteException: /var/folders/ym/nz12yzkn1c36g6sm7b6fpqzw0000gn/T/jena-service-enhancer-tdb211741644755841214087: unable to guarantee security of recursive delete at org.apache.jena.sparql.service.enhancer.assembler.TestServiceEnhancerDatasetAssembler.testAssemblerTdbUnionDefaultGraph(TestServiceEnhancerDatasetAssembler.java:174) ``` ### Are you interested in making a pull request? Yes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
