[ https://issues.apache.org/jira/browse/SLING-10790?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Angela Schreiber updated SLING-10790: ------------------------------------- Summary: BundleEntryHandler.extractArtifactId may use wrong GAV (was: BundleEntryHandler.extractArtifactId may used wrong GAV) > BundleEntryHandler.extractArtifactId may use wrong GAV > ------------------------------------------------------ > > Key: SLING-10790 > URL: https://issues.apache.org/jira/browse/SLING-10790 > Project: Sling > Issue Type: Bug > Components: Content-Package to Feature Model Converter > Reporter: Angela Schreiber > Priority: Minor > > [~kpauls], if my reading of {{BundleEntryHandler.extractArtifactId}} is > correct it the method might be ending up using the wrong > groupId/artifactId/version. > the code will loop over jar-entries and stop if the extracted GAV matches the > bundle name. however, groupId/artifactId/version are not reset to {{null}} in > case they were successfully extracted but didn't end up matching the bundle > name i.e. {quote}it was the pom.properties we were looking for{quote}. > i can't tell how big of an issue that is (and how likely). but given the fact > that there is some extra effort to verify that the parsed pom is actually the > right one, it might actually be relevant. the relies on a compliant content > package that does contain a matching pom, which may or may not be the case... > logging a warning or throwing a ConverterException in case of violation might > help spotting troublesome content packages instead of getting some sort of > side effect if another pom was spotted. > a heavily simplified copy of the method: > {code} > String artifactId = null; > String version = null; > String groupId = null; > String classifier = null; > for (Enumeration<JarEntry> e = jarFile.entries(); > e.hasMoreElements();) { > [...] > // extract groupId/artifactId/version > [...] > > if (groupId != null && artifactId != null && version != null) { > // bundleName is now the bare name without extension > String synthesized = artifactId + "-" + version; > // it was the pom.properties we were looking for > if (bundleName.startsWith(synthesized) || > bundleName.equals(artifactId)) { > [...] > > // no need to iterate further > break; > } > } > } > > if (groupId == null) { > [...] > } > return new ArtifactId(groupId, artifactId, version, classifier, > JAR_TYPE); > {code} > feel free to resolve as not a problem in case my reading of the code is all > wrong. -- This message was sent by Atlassian Jira (v8.3.4#803005)