github-advanced-security[bot] commented on code in PR #2449:
URL:
https://github.com/apache/incubator-kie-tools/pull/2449#discussion_r1657169457
##########
packages/maven-config-setup-helper/index.js:
##########
@@ -23,23 +23,98 @@
const MVN_CONFIG_ORIGINAL_FILE_PATH = path.join(".mvn",
"maven.config.original");
const MVN_CONFIG_FILE_PATH = path.join(".mvn", "maven.config");
+const MVN_POM_FILE_PATH = path.resolve("./pom.xml");
+const MVN_FLAT_POM_XML = ".flat_pom.xml";
+const MVN_PARENT_RELATIVE_PATH =
`<relativePath>../${MVN_FLAT_POM_XML}</relativePath>`;
module.exports = {
+ setRevisionVersion: (newVersion) => {
+ if (!newVersion) {
+ console.error("[maven-config-setup-helper] Wrong values provided");
+ process.exit(1);
+ }
+ if (!fs.existsSync(MVN_POM_FILE_PATH)) {
+ console.error("[maven-config-setup-helper] pom.xml not found");
+ process.exit(1);
+ }
+
+ const rootPath = path.dirname(MVN_POM_FILE_PATH);
+
+ const processPomXML = (pomPath) => {
+ if (path.basename(pomPath) === "pom.xml") {
+ const newPomPath = path.resolve(path.dirname(pomPath),
MVN_FLAT_POM_XML);
+
+ console.info(`[maven-config-setup-helper] Creating
"${MVN_FLAT_POM_XML}" for "${pomPath}"`);
+
+ if (fs.existsSync(newPomPath)) {
+ console.info(`[maven-config-setup-helper] Found existing
"${MVN_FLAT_POM_XML}"... removing`);
+ fs.rmSync(newPomPath);
+ }
+
+ fs.copyFileSync(pomPath, newPomPath);
+
+ let pomContent = fs
+ .readFileSync(newPomPath, "utf-8")
+ .replace(/\${revision}/g, newVersion)
+ .replace(/<\/module>/g, `/${MVN_FLAT_POM_XML}</module>`);
+
+ if (pomContent.includes("<relativePath>")) {
+ pomContent = pomContent.replace(
+ /.\/node_modules\/@kie-tools\/maven-base\/pom.xml/,
+ `./node_modules/@kie-tools/maven-base/${MVN_FLAT_POM_XML}`
+ );
+ } else if (path.dirname(pomPath) !== rootPath) {
+ pomContent = pomContent.replace(/<\/parent>/,
`${MVN_PARENT_RELATIVE_PATH}</parent>`);
+ }
+
+ fs.writeFileSync(newPomPath, pomContent);
+ }
+ };
+
+ const processMavenModule = (modulePath) => {
+ if (!modulePath) {
+ console.error("[maven-config-setup-helper] module path not found");
+ process.exit(1);
+ }
+
+ const modulePom = path.resolve(modulePath, "./pom.xml");
+
+ if (fs.existsSync(modulePom)) {
+ processPomXML(modulePom);
+
+ fs.readdirSync(modulePath).forEach((file) => {
+ const filePath = path.resolve(modulePath, file);
+ const stat = fs.statSync(filePath);
+ if (stat.isDirectory()) {
+ processMavenModule(filePath);
+ }
+ });
+ }
+ };
+
+ processMavenModule(rootPath);
+ },
setPomProperty: ({ key, value }) => {
if (!key || !value) {
console.error("[maven-config-setup-helper] Wrong values provided");
process.exit(1);
}
if (process.platform === "win32") {
- execSync(`mvn versions:set-property \`-Dproperty=${key}
\`-DnewVersion=${value} \`-DgenerateBackupPoms=false`, {
- stdio: "inherit",
- shell: "powershell.exe",
- });
+ execSync(
+ `mvn versions:set-property \`-Dproperty=${key} \`-DnewVersion=${value}
\`-DgenerateBackupPoms=false \-f pom.xml`,
+ {
+ stdio: "inherit",
+ shell: "powershell.exe",
+ }
+ );
} else {
- execSync(`mvn versions:set-property -Dproperty=${key}
-DnewVersion=${value} -DgenerateBackupPoms=false`, {
- stdio: "inherit",
- });
+ execSync(
+ `mvn versions:set-property -Dproperty=${key} -DnewVersion=${value}
-DgenerateBackupPoms=false -f pom.xml`,
Review Comment:
## Unsafe shell command constructed from library input
This string concatenation which depends on [library input](1) is later used
in a [shell command](2).
This string concatenation which depends on [library input](1) is later used
in a [shell command](2).
[Show more
details](https://github.com/apache/incubator-kie-tools/security/code-scanning/885)
##########
packages/maven-config-setup-helper/index.js:
##########
@@ -23,23 +23,98 @@
const MVN_CONFIG_ORIGINAL_FILE_PATH = path.join(".mvn",
"maven.config.original");
const MVN_CONFIG_FILE_PATH = path.join(".mvn", "maven.config");
+const MVN_POM_FILE_PATH = path.resolve("./pom.xml");
+const MVN_FLAT_POM_XML = ".flat_pom.xml";
+const MVN_PARENT_RELATIVE_PATH =
`<relativePath>../${MVN_FLAT_POM_XML}</relativePath>`;
module.exports = {
+ setRevisionVersion: (newVersion) => {
+ if (!newVersion) {
+ console.error("[maven-config-setup-helper] Wrong values provided");
+ process.exit(1);
+ }
+ if (!fs.existsSync(MVN_POM_FILE_PATH)) {
+ console.error("[maven-config-setup-helper] pom.xml not found");
+ process.exit(1);
+ }
+
+ const rootPath = path.dirname(MVN_POM_FILE_PATH);
+
+ const processPomXML = (pomPath) => {
+ if (path.basename(pomPath) === "pom.xml") {
+ const newPomPath = path.resolve(path.dirname(pomPath),
MVN_FLAT_POM_XML);
+
+ console.info(`[maven-config-setup-helper] Creating
"${MVN_FLAT_POM_XML}" for "${pomPath}"`);
+
+ if (fs.existsSync(newPomPath)) {
+ console.info(`[maven-config-setup-helper] Found existing
"${MVN_FLAT_POM_XML}"... removing`);
+ fs.rmSync(newPomPath);
+ }
+
+ fs.copyFileSync(pomPath, newPomPath);
+
+ let pomContent = fs
+ .readFileSync(newPomPath, "utf-8")
+ .replace(/\${revision}/g, newVersion)
+ .replace(/<\/module>/g, `/${MVN_FLAT_POM_XML}</module>`);
+
+ if (pomContent.includes("<relativePath>")) {
+ pomContent = pomContent.replace(
+ /.\/node_modules\/@kie-tools\/maven-base\/pom.xml/,
+ `./node_modules/@kie-tools/maven-base/${MVN_FLAT_POM_XML}`
+ );
+ } else if (path.dirname(pomPath) !== rootPath) {
+ pomContent = pomContent.replace(/<\/parent>/,
`${MVN_PARENT_RELATIVE_PATH}</parent>`);
+ }
+
+ fs.writeFileSync(newPomPath, pomContent);
+ }
+ };
+
+ const processMavenModule = (modulePath) => {
+ if (!modulePath) {
+ console.error("[maven-config-setup-helper] module path not found");
+ process.exit(1);
+ }
+
+ const modulePom = path.resolve(modulePath, "./pom.xml");
+
+ if (fs.existsSync(modulePom)) {
+ processPomXML(modulePom);
+
+ fs.readdirSync(modulePath).forEach((file) => {
+ const filePath = path.resolve(modulePath, file);
+ const stat = fs.statSync(filePath);
+ if (stat.isDirectory()) {
+ processMavenModule(filePath);
+ }
+ });
+ }
+ };
+
+ processMavenModule(rootPath);
+ },
setPomProperty: ({ key, value }) => {
if (!key || !value) {
console.error("[maven-config-setup-helper] Wrong values provided");
process.exit(1);
}
if (process.platform === "win32") {
- execSync(`mvn versions:set-property \`-Dproperty=${key}
\`-DnewVersion=${value} \`-DgenerateBackupPoms=false`, {
- stdio: "inherit",
- shell: "powershell.exe",
- });
+ execSync(
+ `mvn versions:set-property \`-Dproperty=${key} \`-DnewVersion=${value}
\`-DgenerateBackupPoms=false \-f pom.xml`,
Review Comment:
## Unsafe shell command constructed from library input
This string concatenation which depends on [library input](1) is later used
in a [shell command](2).
This string concatenation which depends on [library input](1) is later used
in a [shell command](2).
[Show more
details](https://github.com/apache/incubator-kie-tools/security/code-scanning/884)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
