clafren1 commented on issue #348: URL: https://github.com/apache/maven-antrun-plugin/issues/348#issuecomment-4758139858
This message can expose sensitive information, as properties defined in the user settings.xml file also become ANT properties and trigger the warning, with the property value being interpolated. To be fair, it could also occur with the previous log level if you ran Maven in debug mode. But a warning is much more visible. At the very least, the property value should not be logged. I'm still not convinced a message is even necessary, regardless of the log level. To expand on [my previous comment](https://github.com/apache/maven-antrun-plugin/issues/348#issuecomment-3712316830), consider this new sample POM: ``` <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>my.groupId</groupId> <artifactId>my-artifactId</artifactId> <version>1.0</version> <packaging>pom</packaging> <profiles> <profile> <id>nashorn</id> <activation> <jdk>[11,(</jdk> </activation> <build> <plugins> <plugin> <artifactId>maven-antrun-plugin</artifactId> <dependencies> <dependency> <groupId>org.openjdk.nashorn</groupId> <artifactId>nashorn-core</artifactId> <version>15.7</version> </dependency> </dependencies> </plugin> </plugins> </build> </profile> <profile> <id>maven</id> <properties> <my.property>maven</my.property> </properties> </profile> </profiles> <build> <plugins> <plugin> <artifactId>maven-antrun-plugin</artifactId> <version>3.2.0</version> <executions> <execution> <id>print-property</id> <phase>verify</phase> <goals> <goal>run</goal> </goals> <configuration> <target> <condition property="my.property" value="ant"> <not> <isset property="my.property"/> </not> </condition> <echo level="info">my.property (init): ${my.property}</echo> <available file="${basedir}/pom.xml" property="my.property" value="available"/> <echo level="info">my.property (available task): ${my.property}</echo> <script language="javascript">project.setProperty("my.property", "script");</script> <echo level="info">my.property (script task): ${my.property}</echo> <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy"/> <groovy>properties['my.property'] = 'groovy'</groovy> <echo level="info">my.property (groovy task): ${my.property}</echo> <local name="my.property"/> <property name="my.property" value="local"/> <echo level="info">my.property (local task): ${my.property}</echo> </target> </configuration> </execution> </executions> <dependencies> <dependency> <groupId>org.apache.groovy</groupId> <artifactId>groovy-ant</artifactId> <version>4.0.32</version> </dependency> </dependencies> </plugin> </plugins> </build> </project> ``` The [available](https://ant.apache.org/manual/Tasks/available.html) task is 1 of the very few [built-in ANT tasks](https://ant.apache.org/manual/tasksoverview.html) that can override an existing property. It uses `org.apache.tools.ant.Project#setProperty` instead of `org.apache.tools.ant.Project#setNewProperty`. I assume the [groovy](https://docs.groovy-lang.org/latest/html/documentation/groovy-ant-task.html) task also uses it internally with `properties['name'] = 'value'` statements. When you run `mvn clean verify`, which initializes the `my.property` property in the antrun plugin with the condition task, you get: ``` [INFO] [echo] my.property (init): ant [WARNING] [available] DEPRECATED - <available> used to override an existing property. [available] Build file should not reuse the same property name for different values. [INFO] [echo] my.property (available task): available [INFO] [echo] my.property (script task): script [INFO] [echo] my.property (groovy task): groovy [INFO] [echo] my.property (local task): local ``` However, when you run `mvn clean verify -Pmaven`, which initializes the `my.property` property in the maven profile, you get: ``` [INFO] [echo] my.property (init): maven [WARNING] [available] DEPRECATED - <available> used to override an existing property. [available] Build file should not reuse the same property name for different values. [INFO] [echo] my.property (available task): maven [INFO] [echo] my.property (script task): maven [INFO] [echo] my.property (groovy task): maven [INFO] [echo] my.property (local task): maven ``` You get a similar output if you run `mvn clean verify -Dmy.property=maven`. Or if `my.property` is defined in your settings.xml file and you run `mvn clean verify`. I can't think of other ways to override a property in ANT. If the maven-antrun-plugin maintainers can confirm/explain this immutable behavior, would it be okay to simply remove the message? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
