[
https://issues.apache.org/jira/browse/MINVOKER-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17847368#comment-17847368
]
Mikkel Kjeldsen commented on MINVOKER-351:
------------------------------------------
[~michael-o], curious output. This is the expected output:
{noformat}
~ $ cd $(mktemp -d)
/tmp/tmp.0HU4NpMJCX $ wget --quiet
https://issues.apache.org/jira/secure/attachment/13068809/minvoker-351.tar.gz
/tmp/tmp.0HU4NpMJCX $ tar vxf minvoker-351.tar.gz
minvoker-351/
minvoker-351/pom.xml
minvoker-351/src/
minvoker-351/src/it/
minvoker-351/src/it/minvoker-351/
minvoker-351/src/it/minvoker-351/pom.xml
minvoker-351/src/it/minvoker-351/src/
minvoker-351/src/it/minvoker-351/src/test/
minvoker-351/src/it/minvoker-351/src/test/java/
minvoker-351/src/it/minvoker-351/src/test/java/example/
minvoker-351/src/it/minvoker-351/src/test/java/example/minvoker351/
minvoker-351/src/it/minvoker-351/src/test/java/example/minvoker351/ExampleTest.java
minvoker-351/src/it/minvoker-351/src/main/
minvoker-351/src/it/minvoker-351/src/main/java/
minvoker-351/src/it/minvoker-351/src/main/java/example/
minvoker-351/src/it/minvoker-351/src/main/java/example/minvoker351/
minvoker-351/src/it/minvoker-351/src/main/java/example/minvoker351/Example.java
/tmp/tmp.0HU4NpMJCX $ cd minvoker-351/
/tmp/tmp.0HU4NpMJCX/minvoker-351 $ mvn --version
Apache Maven 3.9.6
Maven home: /usr/share/maven
Java version: 21.0.2, vendor: N/A, runtime: /usr/lib64/jvm/java-21-openjdk-21
Default locale: en_DK, platform encoding: UTF-8
OS name: "linux", version: "5.14.21-150500.55.52-default", arch: "amd64",
family: "unix"
/tmp/tmp.0HU4NpMJCX/minvoker-351 $ mvn verify site
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< example.minvoker351:minvoker-351 >------------------
[INFO] Building minvoker-351 1.0-SNAPSHOT
[INFO] from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- resources:3.3.1:resources (default-resources) @ minvoker-351 ---
[INFO] skip non existing resourceDirectory
/tmp/tmp.0HU4NpMJCX/minvoker-351/src/main/resources
[INFO]
[INFO] --- compiler:3.11.0:compile (default-compile) @ minvoker-351 ---
[INFO] No sources to compile
[INFO]
[INFO] --- resources:3.3.1:testResources (default-testResources) @ minvoker-351
---
[INFO] skip non existing resourceDirectory
/tmp/tmp.0HU4NpMJCX/minvoker-351/src/test/resources
[INFO]
[INFO] --- compiler:3.11.0:testCompile (default-testCompile) @ minvoker-351 ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.2.2:test (default-test) @ minvoker-351 ---
[INFO] No tests to run.
[INFO]
[INFO] --- jar:3.3.0:jar (default-jar) @ minvoker-351 ---
[WARNING] JAR will be empty - no content was marked for inclusion!
[INFO] Building jar:
/tmp/tmp.0HU4NpMJCX/minvoker-351/target/minvoker-351-1.0-SNAPSHOT.jar
[INFO]
[INFO] --- invoker:3.6.1:install (integration-test) @ minvoker-351 ---
[INFO] Installing
/tmp/tmp.0HU4NpMJCX/minvoker-351/target/minvoker-351-1.0-SNAPSHOT.jar to
/tmp/tmp.0HU4NpMJCX/minvoker-351/target/local-repo/example/minvoker351/minvoker-351/1.0-SNAPSHOT/minvoker-351-1.0-SNAPSHOT.jar
[INFO] Installing /tmp/tmp.0HU4NpMJCX/minvoker-351/pom.xml to
/tmp/tmp.0HU4NpMJCX/minvoker-351/target/local-repo/example/minvoker351/minvoker-351/1.0-SNAPSHOT/minvoker-351-1.0-SNAPSHOT.pom
[INFO]
[INFO] --- invoker:3.6.1:run (integration-test) @ minvoker-351 ---
[INFO] Building: minvoker-351/pom.xml
[INFO] minvoker-351/pom.xml ............................. SUCCESS
(6.021 s)
[INFO] -------------------------------------------------
[INFO] Build Summary:
[INFO] Passed: 1, Failed: 0, Errors: 0, Skipped: 0
[INFO] -------------------------------------------------
[INFO]
[INFO] --- site:3.12.1:site (default-site) @ minvoker-351 ---
[INFO] configuring report plugin
org.apache.maven.plugins:maven-project-info-reports-plugin:3.5.0
[INFO] 15 reports detected for maven-project-info-reports-plugin:3.5.0:
ci-management, dependencies, dependency-info, dependency-management,
distribution-management, index, issue-management, licenses, mailing-lists,
modules, plugin-management, plugins, scm, summary, team
[INFO] configuring report plugin
org.apache.maven.plugins:maven-surefire-report-plugin:3.2.5
[INFO] preparing maven-surefire-report-plugin:report report requires
'[surefire]test' forked phase execution
[INFO]
[INFO] >>> surefire-report:3.2.5:report > [surefire]test @ minvoker-351 >>>
[INFO]
[INFO] --- resources:3.3.1:resources (default-resources) @ minvoker-351 ---
[INFO] skip non existing resourceDirectory
/tmp/tmp.0HU4NpMJCX/minvoker-351/src/main/resources
[INFO]
[INFO] --- compiler:3.11.0:compile (default-compile) @ minvoker-351 ---
[INFO] No sources to compile
[INFO]
[INFO] --- resources:3.3.1:testResources (default-testResources) @ minvoker-351
---
[INFO] skip non existing resourceDirectory
/tmp/tmp.0HU4NpMJCX/minvoker-351/src/test/resources
[INFO]
[INFO] --- compiler:3.11.0:testCompile (default-testCompile) @ minvoker-351 ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.2.2:test (default-test) @ minvoker-351 ---
[INFO] No tests to run.
[INFO] Skipping execution of surefire because it has already been run for this
configuration
[INFO]
[INFO] <<< surefire-report:3.2.5:report < [surefire]test @ minvoker-351 <<<
[INFO]
[INFO] '[surefire]test' forked phase execution for
maven-surefire-report-plugin:report report preparation done
[INFO] 3 reports detected for maven-surefire-report-plugin:3.2.5:
failsafe-report-only, report, report-only
[INFO] Rendering site with default locale English (en)
[WARNING] No project URL defined - decoration links will not be relativized!
[INFO] Rendering content with org.apache.maven.skins:maven-default-skin:jar:1.3
skin.
[INFO] Skipped "Surefire" report
(maven-surefire-report-plugin:3.2.5:report-only), file "surefire-report.html"
already exists.
[INFO] Generating "Dependency Information" report ---
maven-project-info-reports-plugin:3.5.0:dependency-info
[INFO] Generating "About" report ---
maven-project-info-reports-plugin:3.5.0:index
[INFO] Generating "Plugin Management" report ---
maven-project-info-reports-plugin:3.5.0:plugin-management
[INFO] Generating "Plugins" report ---
maven-project-info-reports-plugin:3.5.0:plugins
[INFO] Generating "Summary" report ---
maven-project-info-reports-plugin:3.5.0:summary
[INFO] Generating "Failsafe" report ---
maven-surefire-report-plugin:3.2.5:failsafe-report-only
[WARNING] Unable to locate Test Source XRef to link to - DISABLED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.077 s
[INFO] Finished at: 2024-05-17T18:18:13+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-site-plugin:3.12.1:site (default-site) on
project minvoker-351: Error generating
maven-surefire-report-plugin:3.2.5:failsafe-report-only report: Error parsing
JUnit XML report
/tmp/tmp.0HU4NpMJCX/minvoker-351/target/invoker-reports/TEST-minvoker-351.xml:
An invalid XML character (Unicode: 0x1) was found in the element content of the
document. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
/tmp/tmp.0HU4NpMJCX/minvoker-351 $ wc target/it/minvoker-351/build.log
597 3484 64172 target/it/minvoker-351/build.log
{noformat}
> Prevent XML-prohibited characters from entering JUnit report
> ------------------------------------------------------------
>
> Key: MINVOKER-351
> URL: https://issues.apache.org/jira/browse/MINVOKER-351
> Project: Maven Invoker Plugin
> Issue Type: Bug
> Reporter: Mikkel Kjeldsen
> Assignee: Slawomir Jaranowski
> Priority: Major
> Fix For: 3.7.0
>
> Attachments: minvoker-351.tar.gz
>
>
> Neither the Maven Invoker plugin's implementation of {{<writeJunitReport>}}
> nor the underlying XML infrastructure directly protect against the presence
> of character literals prohibited by the XML specification, meaning such
> literals can appear in the JUnit report and render it unreadable. *I would
> appreciate if the Maven Invoker plugin could learn to strip prohibited
> literals to protect its users from creative plugins.* I argue that this is a
> safe and expected transformation that is not materially lossy.
> ----
> h2. Background
> MINVOKER-196 added the {{<writeJunitReport>}} option [back in
> maven-invoker-plugin-3.2.1|https://github.com/apache/maven-invoker-plugin/blob/maven-invoker-plugin-3.2.1/src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java#L1878-L1946].
> As of [maven-invoker-plugin-3.6.0 the effective implementation of the JUnit
> report remains effectively
> unchanged|https://github.com/apache/maven-invoker-plugin/blob/maven-invoker-plugin-3.6.0/src/main/java/org/apache/maven/plugins/invoker/AbstractInvokerMojo.java#L1695-L1754].
> The JUnit report includes a {{<system-out>}} element ([example
> documentation|https://github.com/testmoapp/junitxml]) whose value Maven
> Invoker populates with the raw build log contents. I've observed that this
> value is XML-escaped, which I imagine is well understood in the
> implementation, although I can't immediately find documentation to support
> that.
> However, escaping notwithstanding, a number of character literals are
> outright prohibited by the XML specifications. These literals cannot be
> escaped, and their presence renders an XML document not well formed. The
> exact set of prohibited characters varies by XML version; the report produced
> by the Maven Invoker plugin is XML version 1.0. When the Maven Invoker plugin
> reads in the build log it does not strip these character literals and neither
> does the XML writer the Maven Invoker plugin relies on. Consequently, if a
> build log ends up including a prohibited character the resulting JUnit report
> will not be well formed.
> The set of prohibited characters is the complement of [the XML
> specification's definition of {{Char}}|https://www.w3.org/TR/xml/#NT-Char].
> h2. Example
> Among the literals prohibited by XML version 1.0 is {{^H}} (backspace). When
> [pitest runs via Maven|https://pitest.org/quickstart/maven/] it prints a
> spinner to standard out, and the implementation uses backspace to render the
> spinner in place. I have used the Maven Invoker plugin with
> {{<writeJunitReport>}} to verify a pitest configuration, whereby I discovered
> this limitation.
> h2. Remediation
> h3. Blame plugins
> Perhaps pitest should not behave this way but we can't change pitest, and
> even if pitest could be changed that offers no protection against any other
> plugin, so blaming plugins is an ineffective course of action.
> h3. Work-arounds
> The user can manually clean the build log in-place via
> {{<postBuildHookScript>}}. This is technically fairly easy to do, and makes
> the transformation very explicit, but it requires considerable local work to
> address an issue many would find obscure and the transformation is
> permanently lossy unless the user also backs up the raw log to another file
> name.
> h3. Strip prohibited literals inside Maven Invoker plugin
> If the Maven Invoker plugin learns to strip offending character literals
> in-between reading the build log and writing to the {{<system-out>}} value
> then {{<writeJunitReport>}} will Just Workâ˘, which I assert is what a user
> will typically expect. Although the {{<system-out>}} value will no longer
> exactly match the build log contents, this lossy translation is acceptable:
> the prohibited characters are overwhelmingly unprintable to begin with and
> therefore cannot be meaningfully rendered in a static context, and the raw
> build log remains unchanged in the event that the user needs to investigate
> or assert against the raw output.
> This change would be backwards compatible, because any existing user that
> would be affected by it would already have unparseable JUnit reports.
> * I _believe_ that Java's {{j.u.r.Pattern}} can trivially express the
> complement of allowed characters but there may exist more efficient solutions.
> * Consider also applying this transformation to the 2 uses of
> {{buildJob.getFailureMessage()}}.
> h4. Replace prohibited literals inside Maven Invoker plugin
> As a variation of stripping prohibited character literals, the Maven Invoker
> plugin could substitute sentinel values for prohibited character literals.
> This approach has the downside that it requires additional decision making
> for determining suitable substitution(s) but is otherwise comparable.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
