diff --git a/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java b/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java
index e9a9907af6..42404cf8f3 100644
--- a/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java
+++ b/maven-api-impl/src/main/java/org/apache/maven/internal/impl/resolver/PluginsMetadataGenerator.java
@@ -27,6 +27,7 @@
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
+import java.util.Objects;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
@@ -132,9 +133,23 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
String artifactId = root.getChild("artifactId").getValue();
String goalPrefix = root.getChild("goalPrefix").getValue();
String name = root.getChild("name").getValue();
- return new PluginInfo(groupId, artifactId, goalPrefix, name);
+ // sanity check: plugin descriptor extracted from artifact must have same GA
+ if (Objects.equals(artifact.getGroupId(), groupId)
+ && Objects.equals(artifact.getArtifactId(), artifactId)) {
+ return new PluginInfo(groupId, artifactId, goalPrefix, name);
+ } else {
+ throw new InvalidArtifactPluginMetadataException(
+ "Artifact " + artifact.getGroupId() + ":"
+ + artifact.getArtifactId()
+ + " JAR (to be installed/deployed) contains Maven Plugin metadata for plugin "
+ + groupId + ":" + artifactId + "; coordinates are conflicting. "
+ + "Most probably your JAR contains rogue Maven Plugin metadata, "
+ + "possible causes may be: shaded in Maven Plugin or some rogue resource)");
+ }
}
}
+ } catch (RuntimeException e) {
+ throw e;
} catch (Exception e) {
// here we can have: IO. ZIP or Plexus Conf Ex: but we should not interfere with user intent
}
@@ -142,4 +157,10 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
}
return null;
}
+
+ public static final class InvalidArtifactPluginMetadataException extends IllegalArgumentException {
+ InvalidArtifactPluginMetadataException(String s) {
+ super(s);
+ }
+ }
}
diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
index f02e1d1eb2..af3d6541c5 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
@@ -27,6 +27,7 @@
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
+import java.util.Objects;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
@@ -133,9 +134,23 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
String artifactId = root.getChild("artifactId").getValue();
String goalPrefix = root.getChild("goalPrefix").getValue();
String name = root.getChild("name").getValue();
- return new PluginInfo(groupId, artifactId, goalPrefix, name);
+ // sanity check: plugin descriptor extracted from artifact must have same GA
+ if (Objects.equals(artifact.getGroupId(), groupId)
+ && Objects.equals(artifact.getArtifactId(), artifactId)) {
+ return new PluginInfo(groupId, artifactId, goalPrefix, name);
+ } else {
+ throw new InvalidArtifactPluginMetadataException(
+ "Artifact " + artifact.getGroupId() + ":"
+ + artifact.getArtifactId()
+ + " JAR (to be installed/deployed) contains Maven Plugin metadata for plugin "
+ + groupId + ":" + artifactId + "; coordinates are conflicting. "
+ + "Most probably your JAR contains rogue Maven Plugin metadata, "
+ + "possible causes may be: shaded in Maven Plugin or some rogue resource)");
+ }
}
}
+ } catch (RuntimeException e) {
+ throw e;
} catch (Exception e) {
// here we can have: IO. ZIP or Plexus Conf Ex: but we should not interfere with user intent
}
@@ -143,4 +158,10 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
}
return null;
}
+
+ public static final class InvalidArtifactPluginMetadataException extends IllegalArgumentException {
+ InvalidArtifactPluginMetadataException(String s) {
+ super(s);
+ }
+ }
}
diff --git a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
index ce33186a73..8013fb4930 100644
--- a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
+++ b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
@@ -18,26 +18,26 @@
*/
package org.apache.maven.repository.internal;
+import java.nio.file.Files;
import java.util.Arrays;
import java.util.List;
+import org.eclipse.aether.DefaultRepositorySystemSession;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.artifact.DefaultArtifact;
import org.eclipse.aether.collection.CollectRequest;
import org.eclipse.aether.collection.CollectResult;
import org.eclipse.aether.graph.Dependency;
import org.eclipse.aether.graph.DependencyNode;
+import org.eclipse.aether.installation.InstallRequest;
+import org.eclipse.aether.repository.LocalRepository;
import org.eclipse.aether.resolution.ArtifactDescriptorRequest;
import org.eclipse.aether.resolution.ArtifactDescriptorResult;
import org.eclipse.aether.resolution.ArtifactRequest;
import org.eclipse.aether.resolution.ArtifactResult;
import org.junit.jupiter.api.Test;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
class RepositorySystemTest extends AbstractRepositoryTestCase {
@Test
@@ -211,4 +211,30 @@ void testNewLocalRepositoryManager() throws Exception {
void testNewSyncContext() throws Exception {
// SyncContext newSyncContext( RepositorySystemSession session, boolean shared );
}
+
+ @Test
+ void testRoguePlugin() throws Exception {
+ Artifact artifact = new DefaultArtifact("ut.simple:rogue-plugin:1.0");
+
+ ArtifactRequest artifactRequest = new ArtifactRequest();
+ artifactRequest.setArtifact(artifact);
+ artifactRequest.addRepository(newTestRepository());
+
+ ArtifactResult artifactResult = system.resolveArtifact(session, artifactRequest);
+ checkArtifactResult(artifactResult, "rogue-plugin-1.0.jar");
+
+ InstallRequest installRequest = new InstallRequest();
+ installRequest.addArtifact(artifactResult.getArtifact());
+
+ DefaultRepositorySystemSession loc = new DefaultRepositorySystemSession(session);
+ loc.setLocalRepositoryManager(
+ system.newLocalRepositoryManager(session, new LocalRepository(Files.createTempDirectory("local"))));
+ try {
+ system.install(loc, installRequest);
+ fail("install should fail");
+ } catch (Exception e) {
+ assertInstanceOf(PluginsMetadataGenerator.InvalidArtifactPluginMetadataException.class, e);
+ assertTrue(e.getMessage().contains("coordinates are conflicting"));
+ }
+ }
}
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar
new file mode 100644
index 0000000000..8163c13626
Binary files /dev/null and b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar differ
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
new file mode 100644
index 0000000000..84d007fc5f
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
@@ -0,0 +1,31 @@
+
+
+
+
+
+ 4.0.0
+
+ ut.simple
+ rogue-plugin
+ 1.0
+
+ Simple Unit Test Rogue Plugin
+
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
new file mode 100644
index 0000000000..8618d47389
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
@@ -0,0 +1,34 @@
+
+
+
+
+
+ ut.simple
+ rogue-plugin
+
+ 1.0
+ 1.0
+
+ 1.0
+
+ 20111123122038
+
+
\ No newline at end of file