[MNG-7529] Maven resolver makes bad repository choices (#787)

Ensure that any versions resolved as part of a version range request only reference repositories that are actually enabled for the type of version (SNAPSHOT versions against snapshot repos, release versions against release repositories).
2022-08-24 21:26:02 -07:00 · 2022-08-24 21:26:02 -07:00 · 9fe564cdc7
parent 20f539a3fd
commit 9fe564cdc7
1 changed files with 19 additions and 2 deletions
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
@ -72,6 +72,8 @@ public class DefaultVersionRangeResolver

    private static final String MAVEN_METADATA_XML = "maven-metadata.xml";

+    private static final String SNAPSHOT = "SNAPSHOT";
+
    private MetadataResolver metadataResolver;

    private SyncContextFactory syncContextFactory;
@ -218,9 +220,11 @@ public class DefaultVersionRangeResolver
            }

            Versioning versioning = readVersions( session, trace, metadataResult.getMetadata(), repository, result );
+            RemoteRepository remoteRepository = metadataResult.getRequest().getRepository();
+
            for ( String version : versioning.getVersions() )
            {
-                if ( !versionIndex.containsKey( version ) )
+                if ( isEnabled( remoteRepository, version ) && !versionIndex.containsKey( version ) )
                {
                    versionIndex.put( version, repository );
                }
@ -230,6 +234,19 @@ public class DefaultVersionRangeResolver
        return versionIndex;
    }

+    private boolean isEnabled( RemoteRepository remoteRepository, String version )
+    {
+        if ( remoteRepository == null )
+        {
+            return true;
+        }
+
+        boolean snapshot = version != null && version.endsWith( SNAPSHOT );
+
+        return remoteRepository.getPolicy( snapshot ).isEnabled();
+    }
+
+
    private Versioning readVersions( RepositorySystemSession session, RequestTrace trace, Metadata metadata,
                                     ArtifactRepository repository, VersionRangeResult result )
    {
@ -273,4 +290,4 @@ public class DefaultVersionRangeResolver
        repositoryEventDispatcher.dispatch( event.build() );
    }

-}
+}