Hi Aldrin, Maybe DefaultModelReader from maen-model-builder module but depends if you want the pom resolved or just the raw pom too.
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance> Le mer. 28 déc. 2022 à 22:10, Aldrin Leal <[email protected]> a écrit : > Tamas, > > Thanks for your idea. If I wanted to resolve from reading a pom file from > scratch, where you'd point me at (thinking MavenXpp3Reader and friends > perhaps?). > > -- > -- Aldrin Leal, <[email protected]> / https://aldrinleal.link > > > On Fri, Dec 16, 2022 at 4:17 PM Tamás Cservenák <[email protected]> > wrote: > > > You can write a simple app, using resolver. There are demo that perform > > fully functional things, for example > > > > > > > https://github.com/apache/maven-resolver/blob/master/maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/GetDependencyTree.java > > > > Hth > > T > > > > On Fri, Dec 16, 2022, 22:12 Aldrin Leal <[email protected]> wrote: > > > > > Thanks Michael, indeed this can be better worded What about? > > > > > > How to programatically list a poms dependencies (incl transitive) > without > > > the risk of running untrusted/unauthorized code? > > > > > > -- > > > -- Aldrin Leal, <[email protected]> / https://aldrinleal.link > > > > > > > > > On Fri, Dec 16, 2022 at 3:55 PM Michael Osipov <[email protected]> > > > wrote: > > > > > > > Am 2022-12-16 um 18:02 schrieb Aldrin Leal: > > > > > Hello, > > > > > > > > > > Just a question I'd like to confirm with you guys: How "safe" is to > > run > > > > > `dependency:tree` on a given arbitrary pom? > > > > > > > > > > I mean, whats the likelihood of that pom.xml triggering some > "unsafe" > > > > code? > > > > > > > > > > And how would you do this in (listing all the required runtime jar > > > files > > > > > for a given project) the most secure way if you were given this > task? > > > > > > > > Safety and security are two different things. What are you striving > > for? > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > >
