From 9fe564cdc736bde1f799774913c84a020fef81f7 Mon Sep 17 00:00:00 2001
From: Henning Schmiedehausen <henning@schmiedehausen.org>
Date: Wed, 24 Aug 2022 21:26:02 -0700
Subject: [PATCH] [MNG-7529] Maven resolver makes bad repository choices (#787)

Ensure that any versions resolved as part of a version range request
only reference repositories that are actually enabled for the type of
version (SNAPSHOT versions against snapshot repos, release versions
against release repositories).
---
 .../internal/DefaultVersionRangeResolver.java | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
index d870fbb951..3e2330f980 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
@@ -72,6 +72,8 @@ public class DefaultVersionRangeResolver
 
     private static final String MAVEN_METADATA_XML = "maven-metadata.xml";
 
+    private static final String SNAPSHOT = "SNAPSHOT";
+
     private MetadataResolver metadataResolver;
 
     private SyncContextFactory syncContextFactory;
@@ -218,9 +220,11 @@ public class DefaultVersionRangeResolver
             }
 
             Versioning versioning = readVersions( session, trace, metadataResult.getMetadata(), repository, result );
+            RemoteRepository remoteRepository = metadataResult.getRequest().getRepository();
+
             for ( String version : versioning.getVersions() )
             {
-                if ( !versionIndex.containsKey( version ) )
+                if ( isEnabled( remoteRepository, version ) && !versionIndex.containsKey( version ) )
                 {
                     versionIndex.put( version, repository );
                 }
@@ -230,6 +234,19 @@ public class DefaultVersionRangeResolver
         return versionIndex;
     }
 
+    private boolean isEnabled( RemoteRepository remoteRepository, String version )
+    {
+        if ( remoteRepository == null )
+        {
+            return true;
+        }
+
+        boolean snapshot = version != null && version.endsWith( SNAPSHOT );
+
+        return remoteRepository.getPolicy( snapshot ).isEnabled();
+    }
+
+
     private Versioning readVersions( RepositorySystemSession session, RequestTrace trace, Metadata metadata,
                                      ArtifactRepository repository, VersionRangeResult result )
     {
@@ -273,4 +290,4 @@ public class DefaultVersionRangeResolver
         repositoryEventDispatcher.dispatch( event.build() );
     }
 
-}
\ No newline at end of file
+}