[maven] branch maven-3.9.x updated: [MNG-7529] Maven resolver makes bad repository choices (#787)

Wed, 24 Aug 2022 21:26:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

henning pushed a commit to branch maven-3.9.x
in repository https://gitbox.apache.org/repos/asf/maven.git


The following commit(s) were added to refs/heads/maven-3.9.x by this push:
     new 9fe564cdc [MNG-7529] Maven resolver makes bad repository choices (#787)
9fe564cdc is described below

commit 9fe564cdc736bde1f799774913c84a020fef81f7
Author: Henning Schmiedehausen <henn...@schmiedehausen.org>
AuthorDate: Wed Aug 24 21:26:02 2022 -0700

    [MNG-7529] Maven resolver makes bad repository choices (#787)
    
    Ensure that any versions resolved as part of a version range request
    only reference repositories that are actually enabled for the type of
    version (SNAPSHOT versions against snapshot repos, release versions
    against release repositories).
---
 .../internal/DefaultVersionRangeResolver.java       | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git 
a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
 
b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
index d870fbb95..3e2330f98 100644
--- 
a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
+++ 
b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
@@ -72,6 +72,8 @@ public class DefaultVersionRangeResolver
 
     private static final String MAVEN_METADATA_XML = "maven-metadata.xml";
 
+    private static final String SNAPSHOT = "SNAPSHOT";
+
     private MetadataResolver metadataResolver;
 
     private SyncContextFactory syncContextFactory;
@@ -218,9 +220,11 @@ public class DefaultVersionRangeResolver
             }
 
             Versioning versioning = readVersions( session, trace, 
metadataResult.getMetadata(), repository, result );
+            RemoteRepository remoteRepository = 
metadataResult.getRequest().getRepository();
+
             for ( String version : versioning.getVersions() )
             {
-                if ( !versionIndex.containsKey( version ) )
+                if ( isEnabled( remoteRepository, version ) && 
!versionIndex.containsKey( version ) )
                 {
                     versionIndex.put( version, repository );
                 }
@@ -230,6 +234,19 @@ public class DefaultVersionRangeResolver
         return versionIndex;
     }
 
+    private boolean isEnabled( RemoteRepository remoteRepository, String 
version )
+    {
+        if ( remoteRepository == null )
+        {
+            return true;
+        }
+
+        boolean snapshot = version != null && version.endsWith( SNAPSHOT );
+
+        return remoteRepository.getPolicy( snapshot ).isEnabled();
+    }
+
+
     private Versioning readVersions( RepositorySystemSession session, 
RequestTrace trace, Metadata metadata,
                                      ArtifactRepository repository, 
VersionRangeResult result )
     {
@@ -273,4 +290,4 @@ public class DefaultVersionRangeResolver
         repositoryEventDispatcher.dispatch( event.build() );
     }
 
-}
\ No newline at end of file
+}

Reply via email to