This is an automated email from the ASF dual-hosted git repository. henning pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/maven.git
The following commit(s) were added to refs/heads/master by this push: new ce4579108 [MNG-7529] Maven resolver makes bad repository choices (#786) ce4579108 is described below commit ce4579108d653be2ab7eab43be7d5951151dae5b Author: Henning Schmiedehausen <henn...@schmiedehausen.org> AuthorDate: Wed Aug 24 21:26:19 2022 -0700 [MNG-7529] Maven resolver makes bad repository choices (#786) Ensure that any versions resolved as part of a version range request only reference repositories that are actually enabled for the type of version (SNAPSHOT versions against snapshot repos, release versions against release repositories). --- .../internal/DefaultVersionRangeResolver.java | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java index dfc7181a4..a4f66a6e9 100644 --- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java +++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java @@ -69,6 +69,8 @@ public class DefaultVersionRangeResolver private static final String MAVEN_METADATA_XML = "maven-metadata.xml"; + private static final String SNAPSHOT = "SNAPSHOT"; + private final MetadataResolver metadataResolver; private final SyncContextFactory syncContextFactory; private final RepositoryEventDispatcher repositoryEventDispatcher; @@ -183,9 +185,11 @@ public class DefaultVersionRangeResolver } Versioning versioning = readVersions( session, trace, metadataResult.getMetadata(), repository, result ); + RemoteRepository remoteRepository = metadataResult.getRequest().getRepository(); + for ( String version : versioning.getVersions() ) { - if ( !versionIndex.containsKey( version ) ) + if ( isEnabled( remoteRepository, version ) && !versionIndex.containsKey( version ) ) { versionIndex.put( version, repository ); } @@ -195,6 +199,18 @@ public class DefaultVersionRangeResolver return versionIndex; } + private boolean isEnabled( RemoteRepository remoteRepository, String version ) + { + if ( remoteRepository == null ) + { + return true; + } + + boolean snapshot = version != null && version.endsWith( SNAPSHOT ); + + return remoteRepository.getPolicy( snapshot ).isEnabled(); + } + private Versioning readVersions( RepositorySystemSession session, RequestTrace trace, Metadata metadata, ArtifactRepository repository, VersionRangeResult result ) { @@ -238,4 +254,4 @@ public class DefaultVersionRangeResolver repositoryEventDispatcher.dispatch( event.build() ); } -} \ No newline at end of file +}