From 8d0e438bc3d39bed2a94e53d713d0dd9895cb344 Mon Sep 17 00:00:00 2001
From: Tamas Cservenak <tamas@cservenak.net>
Date: Thu, 11 Jul 2024 18:47:01 +0200
Subject: [PATCH] [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata
 found (#1611)

Resolver handles transparently the repository metadata, and in case of plugins it peeks into META-INF/maven/plugin.xml of given artifact JAR to figure out needed metadata bits (prefix, name, etc).

But, this was done "blindly", while it is expected that GA of JAR artifact without classifier (requirement for maven plugins) and GA in embedded plugin metadata must be same.

Decision here is to fail hard, prevent this being installed and deployed, as this is most probably wrong (unsure what maven-indexer or even Sonatype search would do in this case).

---

https://issues.apache.org/jira/browse/MNG-8180
---
 .../internal/PluginsMetadataGenerator.java    |  23 +++++++++++-
 .../internal/RepositorySystemTest.java        |  29 +++++++++++++++
 .../rogue-plugin/1.0/rogue-plugin-1.0.jar     | Bin 0 -> 7446 bytes
 .../rogue-plugin/1.0/rogue-plugin-1.0.pom     |  31 ++++++++++++++++
 .../ut/simple/rogue-plugin/maven-metadata.xml |  34 ++++++++++++++++++
 5 files changed, 116 insertions(+), 1 deletion(-)
 create mode 100644 maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar
 create mode 100644 maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
 create mode 100644 maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml

diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
index b3d68847ec..b37992df30 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
@@ -27,6 +27,7 @@ import java.util.Date;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.jar.JarFile;
 import java.util.zip.ZipEntry;
 
@@ -135,9 +136,23 @@ class PluginsMetadataGenerator implements MetadataGenerator {
                             String artifactId = root.getChild("artifactId").getValue();
                             String goalPrefix = root.getChild("goalPrefix").getValue();
                             String name = root.getChild("name").getValue();
-                            return new PluginInfo(groupId, artifactId, goalPrefix, name);
+                            // sanity check: plugin descriptor extracted from artifact must have same GA
+                            if (Objects.equals(artifact.getGroupId(), groupId)
+                                    && Objects.equals(artifact.getArtifactId(), artifactId)) {
+                                return new PluginInfo(groupId, artifactId, goalPrefix, name);
+                            } else {
+                                throw new InvalidArtifactPluginMetadataException(
+                                        "Artifact " + artifact.getGroupId() + ":"
+                                                + artifact.getArtifactId()
+                                                + " JAR (to be installed/deployed) contains Maven Plugin metadata for plugin "
+                                                + groupId + ":" + artifactId + "; coordinates are conflicting. "
+                                                + "Most probably your JAR contains rogue Maven Plugin metadata, "
+                                                + "possible causes may be: shaded in Maven Plugin or some rogue resource)");
+                            }
                         }
                     }
+                } catch (RuntimeException e) {
+                    throw e;
                 } catch (Exception e) {
                     // here we can have: IO. ZIP or Plexus Conf Ex: but we should not interfere with user intent
                 }
@@ -145,4 +160,10 @@ class PluginsMetadataGenerator implements MetadataGenerator {
         }
         return null;
     }
+
+    public static final class InvalidArtifactPluginMetadataException extends IllegalArgumentException {
+        InvalidArtifactPluginMetadataException(String s) {
+            super(s);
+        }
+    }
 }
diff --git a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
index 8031ca5083..c22db033eb 100644
--- a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
+++ b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
@@ -18,15 +18,19 @@
  */
 package org.apache.maven.repository.internal;
 
+import java.nio.file.Files;
 import java.util.Arrays;
 import java.util.List;
 
+import org.eclipse.aether.DefaultRepositorySystemSession;
 import org.eclipse.aether.artifact.Artifact;
 import org.eclipse.aether.artifact.DefaultArtifact;
 import org.eclipse.aether.collection.CollectRequest;
 import org.eclipse.aether.collection.CollectResult;
 import org.eclipse.aether.graph.Dependency;
 import org.eclipse.aether.graph.DependencyNode;
+import org.eclipse.aether.installation.InstallRequest;
+import org.eclipse.aether.repository.LocalRepository;
 import org.eclipse.aether.resolution.ArtifactDescriptorRequest;
 import org.eclipse.aether.resolution.ArtifactDescriptorResult;
 import org.eclipse.aether.resolution.ArtifactRequest;
@@ -193,4 +197,29 @@ public class RepositorySystemTest extends AbstractRepositoryTestCase {
     public void testNewSyncContext() throws Exception {
         // SyncContext newSyncContext( RepositorySystemSession session, boolean shared );
     }
+
+    public void testRoguePlugin() throws Exception {
+        Artifact artifact = new DefaultArtifact("ut.simple:rogue-plugin:1.0");
+
+        ArtifactRequest artifactRequest = new ArtifactRequest();
+        artifactRequest.setArtifact(artifact);
+        artifactRequest.addRepository(newTestRepository());
+
+        ArtifactResult artifactResult = system.resolveArtifact(session, artifactRequest);
+        checkArtifactResult(artifactResult, "rogue-plugin-1.0.jar");
+
+        InstallRequest installRequest = new InstallRequest();
+        installRequest.addArtifact(artifactResult.getArtifact());
+
+        DefaultRepositorySystemSession loc = new DefaultRepositorySystemSession(session);
+        loc.setLocalRepositoryManager(system.newLocalRepositoryManager(
+                session, new LocalRepository(Files.createTempDirectory("local").toFile())));
+        try {
+            system.install(loc, installRequest);
+            fail("install should fail");
+        } catch (Exception e) {
+            assertTrue(e instanceof PluginsMetadataGenerator.InvalidArtifactPluginMetadataException);
+            assertTrue(e.getMessage().contains("coordinates are conflicting"));
+        }
+    }
 }
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar
new file mode 100644
index 0000000000000000000000000000000000000000..8163c13626e640e4ab6cb1c253c8cdb017fdeced
GIT binary patch
literal 7446
zcmZ{pbx>SQx9)-9P8d8$AOsHtcNjFdySvUH!DS%0420koY!Y08yTd?m3GVJL!8u8t
zI^X-=d+uGkc6aZpXZ5rCueGaxstPZVF%b~Z5fCnn4s;Rz6&MJ}2ujkLKsGsL8TO|E
z1O(MTQUC%vI{N>T0{*1^N2&x=mXndz(0r#PbD=aesHnj9ZX8E}jd^5fv|63x7uV{R
z>pOWRRyn0{_u?9L4y34EG8Ws0w>y@^fC6Uz{7sTX%j9kQbJsIh#6Om3=#DNiJHS5%
z;(y-1CH!}_3;$QOc>gW|WaeQ7X8)(&Pg(Q-$I;0Cx7gXy-Np|5&I{ytWMuGh0Ui$-
ztw?nTHGX3zs5*3XUGEqC-op@Er8Y+|P%c>OPDNw-Ar{-z+4)P)(s{tjabw_%D9@lb
zAFd_Mow>PehraLJ`}p{bJU;<s4?o#7#{Fz2u~{x5fiir;mY(qay<Rce?*4SWenPV1
z@A*Xi75Bb_FzXftZ*D2D_vwX-pq=Km)CAKvsOvRc$aiwj6#UiijM8E!lKKM6*oV2j
zgU{vha8L2pfYpy7dqhP`o0affxL-;?P?4m4fIk_d8BWW3#gzqEzAeglp>WBmm#?$-
zi{xweyrFK_DCYQ8FcL%?iQg`@mwT|6<z&eBaq_n4vCNq9aaRN0yl$tvDA&zOn?g`G
zjq@9JlXoC1ASPDEQ0yp|ZG#jKA#2$&YKKNe)3UrjxDYdaf<89`$nc&|sUO&7@~W#Z
zCSCTxkg1?+Jf{}w7QSxI+IF*C-Q~eo*+bP3?iGImDM(fUWPE1D@NxVoNhR$=R3?%C
zNb#Yfhn}kSY&h%irU)MV@_X@5^yK#NXJEh^JkC=s)JZ7ev#5S2!z20RH&_v@(aDRs
znwHu>TB&aC(U^Thq&+Tec<&o@`u2UKRF`ZCcM<PJP_TGP<YYwOSn}OqAFe+a?=awW
z{n!1J2b{-^<(ElC&ot$&T*amD!#b7B<gMM+M@A>(8@bn-MGHu^5>C!v&Pxg9Zfh0Q
zPF(~Xy`Or5tFB4XkXwR@Hii4lydZbNpV^EqxsJo@At@Q!t}h*_REctwF>SFjHs9h-
zmPYO0(cYy#F!|D+!d6yg)6R0`i_eLJ6HOL@C9c#`n(d2X3m7~TOJ;0@c+zVt(%Lus
z1sQ!`0Tu=5n*x*<0+XWegUvFrNMXV3!WdS(dlx@OMGjr@^r?u0l>B#W#)u@z%(Nt4
z>%G=X`#2riXK-u-%wAgjAtZK#8DK5T{%ka`zJq}3ye)gzhcWs5R;A+VMQ|R3)AVJc
z8vKUP5@!{skE(f}ld7P1HRQ@WEwTk4I6@^2s1zD`;Eq9N^`H^gxisbH&{H1MQE-!?
z>UUd5F!+XMpI#P;8%QLtB$O}JGm0mjB_moBPmL@rjc~duOFv4++LvEh{c_u9=s*O&
zpPy*_gL&sgSN<ujZ8^|eO<ZFuVP4Z(WK`ub$H^VWwz{NEuj63FMM9oAsyyL*g<+Wo
zhl#2CWujWRKRz9Ysu{8C7V0F#?*H^;KfO0LeAs!8DcM}O-D|MinS!Nn%{j=TakmYW
zD>bH1Wu;9}U3c<1?)xN-EL=8Z-bRh9a7zMA%IpJE3ImqXhd+2}-yU{e9J-$pUlcg8
zD~D4G*8M)@@8;XC^(c!!=zb}9b{klCI(2X_M|y@GPpDhNbu#g==J^#;mXI5>)z5f@
zNfk=T6YzjxmB~8NPsy?yv~D0(*ii_yowR~F2+T0(g-X>p))VIrC6)~c)H~KnMR%x#
z<NLiLPuVlY#BT?NJ|PSU?hw=vGM>a0aC{Hk#?V~*5ha0hgI-JxXNT%q3yH}dncV1o
zCRCkC<3s<IYk&b;(ByG9U0u!>wxt7?Z3FaWq7Xh=<L2>(fg`eN@-pzkvkqUUXPx!Z
z-p(g_*rg`SZKdWy<tu*B1@o@Vk88?|k5@uOjZFcpJsi*{qgOuNr=o%~t04QEFr?yw
z;7#@eYqA?$u5^+U7Lj;>0;fBT8t3O8i-^9`gg!UZGX>Lm1YYB;3G9Oi)OYP?W^0K?
zi}4YWGmc3!e&s$9q_Il$VUpMdC`*3)*f!z3rkt&-T7}t>nXQ+(uws9bD+_{El}o41
z=*TC6N7xYyZL$<ANlNKb4=3w}8)k+dUchv${fy2`3X}nlHbG8!dVCB-u^txlQSuPe
zJcKvNR_*a3f_NN`*Qj<h!i#Ly_;Z~wnL;TOZ}93Nd_=epub2(V-?;}Dvz9V$ABK^`
zbI?b~i}G7$fRcGRxcpM|2G5Pg>_NhhVIwm7v@ULpUi>rS{nmy%q)RG=J~LeSk~C}l
zTyNye!I|&4dn+aL8fE)gDis67D}<_Uo%<oj0g>g6ybaQR%wte1G%9;Iw<)D{eW(7$
z*DC@y;Ys#8V%-*oa-LcIL=#eS6!zrP6?>Ac@~m0Z$KyaEGMx(H4+~<HZL=uTf%87^
z8e+*1Q#QnoXee|1wqL$F2U?v5q(~f=Gx@R#q@nqZ?14_Iv&1(s9M;^Z?}wZ7@SjT8
zRL-kCHR*xnpz`NVQktW~=SkPr2a<YE-}d<_lbN>1@}Ow#BWw0bkO)KiZbuaka&)+c
zDat$bfq<!P%1Q?&wp>KCD47ouHp{~C4euW%Bf9dbF!OSF+%Kc;l#B+`eK-!*&24}(
zygvHg=poaC<5%&@L5E}4qr0LiZ_bez2*K!UmJ*|hh@gi!B6H=3ACk=+Zb-qao8)V6
zK-5RG*J@ZCuKklAloz6XDmaBD;k0UZtjVDV)AIPbHp{HY(?(KbGx;x17q&UWeW!L^
z@=)o8c~Gs7ANQ0WC4AZ=Bb>S$_dX9&Oow{%-IU=$7z<#j0&VqsFR*1wx7+!WTo&4{
zCi@Po+tn(P`KHY0)Kl*q)%e0grEji5Y0^^4+BfEU)`;2QFLPZV_{`b3N<4cPTQNHW
z-EI8zCbe{N&&3690?IPAldA`d{fb+BT+tGsHp$__s>Dwxi4+A6+xCGjC{q|YJ3lk5
z<*gG(>~RzD1mYp~VYI{5o#4iaQW1}JCAM{?nmI_}gPknG+;Bu{NZ&PH_Thq0>!rSs
zN@5I1dNyaOy3R*E6-QQtav)tUx`*oCk*%cmHlaV-FMY=)8_ne74hJEsu-bQiMLl7>
zeL^PtaQ)}-eFgPHUaj!!h&&2dqJG|JMHBYh(@4xmLM+?FZ)h6A!MM2L3om(RRr2AC
zPxLlMu&ULwFS1|yM9o)oWWQVxdYEhrrlW9T3u}WGJ=94Pee%}lB-uo~ZI6D+7zH*p
zjt8G{@mBCIM%o`09T}$Oeg^CEo7v}LG^If+t<qsr8g+Gb6E7Pow3K#-d3&8f&%L9!
zCTX@APRz>DLijO{?jNmQwe0lLv+(py^;lUs0QDDfI!b<1HD9BV@{WWAss?X6&{7jp
zgueUqr?JGi$6Pftzq$(*fa8`BDcsO)8%a{s@f~JIUe#Zp)qGxbgp)*5?G|4npq815
zz1b?jD~$(r%X`4zUTEw0ESZ6uc!<qUaO1KwYD%`nr;h=sRmTtZ;ohdTBFAUGQ(Oy{
z<HHAOM6oNwRGl~<)8Vr6Q?z>NHI+_{KBD~AcZ3;?WmhC7p|zgIp%y0f;+Z4k5}*dU
zq2k8S<|gLihqU2pgR2nA=Q$$2BP1FLujXCli-a~#J?3lwt_Icj-Y2Mm^;^N>Hh~K(
z>_RpX38tuMR^OE2soV(41NULy)!#&wPQt@}w&-D{9?4aGn)@YLIf*a!b?jA-ijI@y
zdO>)fio0oG-5exIm4BA!TorY-1v;gKbia?F2*_&%NQ}nc9y6)x0WBYYaF)wr6H8B;
zwvK$^5+ge<DeC@Akh33AS5l8N?f#6fU0)O)G-c3QARkV>cS=VIace(2{UJtqy)YaT
zw<L5}KT~i*>%zC%aHHh$t~UR2ku*S&z~UCDGda%XC7Vjh+#}KwPxaz{Ey+)Ls2$@z
z4takDYyTPG`5c1#M%789jIh|RMd^Y2WH68I{(k03XJjbELSBLr|AJ+Pbq)_n?=8w;
z*<#FV%xJOp-2({NyXS0uFdz4f$G)^qb<R+!$Ca*BbRdPrOu3YqN+wicvj8fF{*+4H
z`_wuV8~gc+n%qGO6JJiV(F&2auXHWOoi{>s?p3?ea1k<{n8AGCH~*n6*<bMM_Xeb{
z*Vb9i)#Sp32ltF)hs6fX%7(YsWek#g%BOBy7ADC4#5r)HZC%~1z<l&`3u;Su`AP_x
zbWBVv=OgP%cgg&$y0|=*UYZBy97ZJ%jmQO84T^A7-e{n@w(QpQPQu}7)Az;rujlhz
zb8^lr+-aO_Z3ZG?nT&RC+h0g$Jm|=dbYokVa;&Z|RYU=;_Du=|&%JafHq08mCK`&t
zLa8;db`mO??y6lQwMS?BdVRmMCXig=oM<_icqE#McTMaJ|2|bU+4BWqh<LYMp<L9M
z_yG(Ly;Q8FmHWBn5owSXZR#wv_bHG`6O6-8<AxjaCO$~9=j}zlQja(A+APCIJef7M
zf(>R2KY_i7e|@07J+RZXd1FZhl6XtQiTDM>_Le}p{18@Fm2ym3XutDKFHVb#&5Oq4
z7bM_R3mu3isv^ZtDM-$y94!}y9<POx%9K-T_Evc=q}4v?`XKx|rOrfj5B$2&Ndpgc
z-=<2jqHEfl0lL(rUDY<q_P~((ek<A&)jAcCpL&cVjle#&@2ehn$&~S_-htJ~;!x?3
z_b!-Q`%Hwd)_Gcnqb$SQWy1}xER8qGa0wTcr)FYmI1^K&)j%UhNoHx$r2^1|=$(;*
z^f?dOx?s4nW)PHu;(3Q!Y=>rJscy+RFl?knDnUL?#U++)WGD^C|LR?xqr9Rltvd3j
zC&kV6xjVo~NFa4lPLSXqTXk_oB}AbZb?l%*zx)uCq?Mc^wB^Q8lXe#C?3h>iz1Ie`
zrS!y-$U)E3#R+?ywLdkr-cC+^kr5=93^(meHv`JQcPiFILTSdrv^CPzyJc?U4c%GV
zeI@X|$)gZFMe(f_#H_c2XZ2`b;0~Dpy1{gRU+S~M!s@)<PmAWIk(n%39oQd|&Yp+z
z{Q0q(D48iC4QGTkdM=qZ*26`Fm|(lRx?(2>^r9Y_HQVIb-NH0Y$qGImkFlgM;bi{y
z(zoT1@N&sk39%+8+hI0t)Ht`ru@_hgZTfyf=7EA2+N7&H#dHx^^P1~HJt&b_R5T=S
zc6iMDd*UKr6G~>yQuV~u_r!V5xF<GvYAg!vK!`63PLB+d%&=G9eRRufYJEcg!Rd?N
ziHtAz&A0WN!Ee0xpp4>VrKd#e>*2CsV#zgp?*ok4-N>{TrgH#PTZxaVq&ZUyaa{;U
zbU>2`Ykol=sv*&#C!7?)dl+R;umsYP-iI98jY*IG<!IrU2cT#RqJ75?^x_!72!@_=
zE+^v3fUq{27O;k$&7mrXuaGBP5&H$vI}<y(C?oL&F(o{IUBI#Bh*(KzGm*{f_p||>
z9Q9Gyw#b@Xfr`HYIh}3YWDU_2C11N}+AbWl5U{l(k4-U=pMuDGxL`aNzM>LzAScuM
zb`y^gD5Zfl63x8gJEd8#)>&Qm#lW#jC3?qMB*(%joX{T(3p{h>Db#9~%~YTycw56s
zcCD(f41#~2t?CPdv3tVq!txOgk3`zIPi@~(ef-dd${MBmpdThyvr%_(x`yU}(cx-O
zAOg(Lv6sX!pI|Sjl2)|F<I_koN2&q<Qw{Q|z90&j?H))o_|3GDsP?@hr>oL#tw~_)
zK)UNEaE)H+&z|KiA_u)%7PoRsflB$r$VFY~*FlZX?wCh$hk{sCo*ofncZuxFF$VFJ
zTh$ZvKR3X#9{Ui8K-ERxQr~fz+snNR#;->-T^tmpUPfuX#o&Blb)FovmB%Pz=uNJ?
zPf3;Ma(GK1v0p)5tl-HR{fV(m@951~r@%v%&I9zo&URUS7$slf<y)S#nNYdm7!xAi
zN6NdHxI!hZK`2!u8xT*&s20yxeV8=Us}SSz5tJ4Z#ynJp2@RGp<DVfn_*7X{m#Y#&
z$@ry~I1jpiL4A+ZwsPl?BXdq#W0FS0+RN5{D#b%h+&>2k>=Oc0B!|cFq>HyVt!qD=
zNTFjYn#0Pp;GTwhIv;i2On-FbnCZ)xEzmu6zz7}dIWa5M67{6Hy{;*e7P5u+h#r$`
z<POCm8=z~GYK)E)?dcYbhf!sf_(PNAHZEQTgZ`35r=8Ml{0!ScY;k7>l(>xF!Lp~-
z@;Mn<7?<P@<jJ>Tf-6tX_LQ-o8toq!SV}!~(TgdcbWsqc*TEf+j`Q>c5J2J=!J1+|
zCq;tlgx~?0g$ZnM{~SSnD5gKQk%Jn$WEF*<br1}&^s<gB!ywZqAgVb)Vuql<vgnAX
z-Uya7tjM$NG=A+dNSDgy$_I67B&ef`FfE;9yFRh<aPwQNncPN9T@eSg4Jc7MWH8A8
z2zDiQ7G{91Anb;5&Wse_^>Z~hnt4J_iJpdHFN;CEOjn-?De^b=YOh8RViK?~{i&g1
zK<!M8z9`@+KN~7T2jhU^W+-~tCgS5mXd9m9Cwv-utKb>fVO=<XM?uhHx6Y$E->KPs
z&8TV<p)L#u1#e7D5#W=IOsrrLmA^+*t`T=NSSS!Jod!uhSp$I_S*=nSCzW3dz2-&#
zX4BS0c%g>Cgw$iVu~Qmt2L?%YN^7zlG3ugoSzC1a_g#EN`CSp4X|SlT%JO^NKPL)!
z^r!VTeb2OKHJSMGR=C>QhhM<@W`@<%4RIy}lx^UwIocH?#){R27r<X@fKubNRQKkW
zBXvQ#K$sxbO8iWiM3SM73r*(*{e&{0;)KDhhwFo~IEhu(ck=dwONX!6-4e03E#<3f
zvqkTV#yORVWiw)k+<<2qpoP;!X*j81{vhd$Yq?5Q)P%zvm~ASX$sp+?c+NiZHq-h?
z%WeZ7*C?UxT&-1Q&Jd>;C6@>Sf}qqxMlv%Jpu@c0gVV2QD1+N?t2bs6(Gsz`DBQf7
zhEv575{v7lygMv2i=l7m9R)GMEZH0iml+2+eh!%Np^0;0&if)|h04Lyg5D3{_|pZq
zq`H-zV|ZUByj>O5^Fum@MP49!;+zQrH+Q`ENhXnMV*8FDp|exDlKCv9ot}u#TI@8t
z<(y8qO#$jE?eo_Rn_vw*l*WVH(-prlnSSuEUL8^K1hJ-7J9e{tLw~M6w{Ncn@7j7-
zJoLup%1@k#R58>Vi!@Rh&&b)E3JR235Bt%2Et54nzSEjb4Lks3`x<`YOKy4Ya++?%
z8}TX=|MHZkHjZT0t_~~@<W}=K<omLE`-@Px><Hq7+wSLAWbaNKSwW1C#y`S3LRq98
z`of|S+Bhf#7#%yIgUdocldcS*(!=X{;5ua=KB~1c^JyB25C*(?vTcvL+0dQi{YjnS
z89Z$~wjDv>Em|Ke9skUAD>e$og|!&Ga_cb50yiMKA~KLTa}LC*<@d^v2?~y->$&pR
z6^L*rDL$K@CoqWJ!m&XazY|QD)^Q87eG0#xz4w5l&Ae85#Gw%LTsX;ob@>yReON<L
zJ6XP8AQs+^*LYChtFNGZZ)ru#La3M4|4=o!P2&3adWQOc2KhNrc{`+QR>e0s{@j-5
z<p4EXnwR6!N#2ug<8FkNQW-vstOWO*iG(5=yboH|q?~j__Z#Q%<FOn*`LN_g@c~w3
z`_Sc(s9pbthl$L4j7n?s;Xx>c`7p?Q*!RP^wO{4#CmF}lb4#Mz@NW;7pR^`Gx@kLq
zuToa5x={fo1Y`rcp7nkXJGx}jvVC`roxESHh)?Uhm=|2kzv&MKwX<v!VEGU)EAyhP
z;cVNPIKInh@Tpc;!s7GQ0>lVjH)_{Tiz@K97p7IL<Q}M2jD0?)7%J5>bTh(tm{PH1
zp*0w{c9f=^X^$V0@ipVUGjxAR7U#%J7S|v6OArg;?_AS$D)8#X1a6}dsi8EO#PSPW
z^kRIBB(XqM{}*X+MQcv~v}~Pd)fK3JIvm+WUzm|hdcSUgtS?gYa&@2Ba9HT)L;<JM
z{KRjv^em_^@0BXl*K&x~Vw!U!460{2l*c7?Z!v@v;>_^zNw2f%yG{dY-zXbu8zbqq
z_Qe!BKg#Rln%6;&s0&qO{B!{>`$quOv#%ynosmIKfkB@5GsC^zk9ie=Ik6GsxG`&(
zs2LxIFhkE75ZD1zk~YhzSZMP2FA3|54xoZ9<v97ZA(U?&koD;L$$``8RWflrdDHop
zF|!H|J?dx1DbPdtWV|ZBxUFDT>SnWBj+8V-ET^dP_hv)^2=2jAOUnWAbd2RIQdWx8
zmM5xde4rDKPc2M7c1iQg3I*@>vWh^<TvO}GULM1V3si7hXY<^i*}?oFHVsQwItwzg
z!G2v2et4Bg&C%GSz{OH_bv(`SyukKy=9#(3Gu>REK6Q5(Hd8_`gXDnix?fl#O4r>!
zg@qYnX{_DYSN4qhWYwExmtBl7ONu=XTHPI0LhoSK-;n^X{ADVs#fS#A7OW^w;MqG5
zq2*8@8w)A5BF>6xM~w(Kgl(Mr8am7sr4CeM?r*CkyN5I9+WtHqr)@^-&8Eld-z`W$
z31OvSdvzUdfjF1@kqRJ@q$qExPMh#DEwTTbRCq|gt~8vPQ@a+fTWiazg_%9iOh|;H
zEFv|DokrUa0KR6p?)y8|DO^S*sI8*r@!u=DXn)p{TVtvpbY<k&;+hrz#1whNHrLm4
zoqULG?%Q)6aa1;Pjr*p9=DmV>au4h8Bt2eotT@Bg`hE^308J>;H-0aizE0Q$qGd8o
zbx&tHJ^1Z?mriW63<lFikdOVCgC`yi7Tag=%*d>(??HA8Asi)h-k_Eh|16tTl;C;1
z$EL?btZ4INN?wMaB#i(!&hCc}652g^cA`(%v@Q^P4VF5?-n-VqbACIbl1VHtZIkE`
z9C-W9^8NTdaIX2>-jRh(i?CRZNys}}R&9qW@-E{j0vasc8c^Kwwr?G&?acUjwbfX!
z>)op2QOC*B2IBc%*Z!+$to!-<Wg!E(X*=ThBF-Iu>YPzdiT3l6mKm|K#V#2$WX{-H
z0&rF7TNSkWI)vcu!4Lj*cMYUb1hni~3Z_XP$?QfUm&QD_WpN)Pqvn#yI&8#B`GZnk
zVMXXCPnbHjRG;WL>H`EmH?6FwWSgbJHVPE%QB$p*(sghuBOb|)G63SyDbv=^wNz;$
z)x$hm9#ku59GhmcNedGULwx+l!G(0xW4xu+V5<<}Zcx~&jfS+2o)E7CnzM0DX4L&p
z-_|?f(x2=!8<W^)Jns4)#!u+cCfzY@fn#AOz>U7DRmrCMR`y1;xI|^@J;A<sht>TL
z;HkQijqlp<sSFZr!3qW|_O8(Po5t+2=G@ZGU(Jf7AEt(+7jMgM5^!<?&Yu4QHK#n@
z>Lqdngzvmae}Eby5+=g`9{~OVW&eu*FuwoBfrv-|gnxkGzd7AsAox$P{8|1d^<Q}K
z-{$`>p7+lV<^SH{f9T#n_J8@_zfbj-@BI@Cf0qBT|L^2~XrHPA3hG}e@}CD05dq<u
I;_ugg0V-+y2><{9

literal 0
HcmV?d00001

diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
new file mode 100644
index 0000000000..84d007fc5f
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>ut.simple</groupId>
+  <artifactId>rogue-plugin</artifactId>
+  <version>1.0</version>
+
+  <name>Simple Unit Test Rogue Plugin</name>
+</project>
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
new file mode 100644
index 0000000000..8618d47389
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+-->
+
+<metadata xmlns="http://maven.apache.org/METADATA/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/METADATA/1.1.0 http://maven.apache.org/xsd/metadata-1.1.0.xsd">
+  <groupId>ut.simple</groupId>
+  <artifactId>rogue-plugin</artifactId>
+  <versioning>
+    <latest>1.0</latest>
+    <release>1.0</release>
+    <versions>
+      <version>1.0</version>
+    </versions>
+    <lastUpdated>20111123122038</lastUpdated>
+  </versioning>
+</metadata>
\ No newline at end of file