[jira] [Updated] (FELIX-3541) Make repository creation safer by forbidding the use of resources without URI

[JIRA]

     [ 
https://issues.apache.org/jira/browse/FELIX-3541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matías San Martín updated FELIX-3541:
-------------------------------------

    Attachment: badrepo_1.0.0.jar

The attached Bundle reproduces the creation of an invalid Repository as 
described by the issue
                
> Make repository creation safer by forbidding the use of resources without URI
> -----------------------------------------------------------------------------
>
>                 Key: FELIX-3541
>                 URL: https://issues.apache.org/jira/browse/FELIX-3541
>             Project: Felix
>          Issue Type: Improvement
>          Components: Bundle Repository (OBR)
>    Affects Versions: bundlerepository-1.6.6
>         Environment: Felix Framework 4.0.2
>            Reporter: Matías San Martín
>            Priority: Minor
>              Labels: repository, validation
>         Attachments: badrepo_1.0.0.jar
>
>
> Make the API safer by generating an error if someone tries to create an 
> invalid repository.
> In current implementation, somebody could create an invalid bundle repository 
> (particularly, a repository in which the resources have no URI associated)  
> through the bundlerepository API. 
> This can be accomplished throught the use of the methods:
> 1- DataModelHelper#createResource(Bundle)
> For creating a Resource from a Bundle (note that, then, the Resources won't 
> have an associated URI)
> 2- DataModelHelper#repository(Resource[])
> For creating a (invalid) Repository from the Resources just created
> 3- DataModelHelper#writeRepository(..) //any of the writeRepository variants 
> will work
> For writing the just created Repository
> ------------
> It may be useful if the DataModelHelper could "prevent" the writing of such 
> an invalid Repository by validating it has all the "mandatory" fields. 
> However, because the use of the Repository created (in memory) from Bundles 
> may be useful, the validation may/should be done only when trying to generate 
> an "external" representation of it (i.e. when trying to write it as XML).
> The afore mentioned "validation" may simply be a check followed by an 
> exception if the mandatory fields are not present. This way, the execution 
> will fail and not silently ignore the invalid repository just created 
> (possibly leading to a worse inconsistency).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira