[MNG-7529] Maven resolver makes bad repository choices (#786)

Ensure that any versions resolved as part of a version range request only reference repositories that are actually enabled for the type of version (SNAPSHOT versions against snapshot repos, release versions against release repositories).
2022-08-24 21:26:19 -07:00 · 2022-08-24 21:26:19 -07:00 · ce4579108d
parent 750e1e3e71
commit ce4579108d
1 changed files with 18 additions and 2 deletions
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/DefaultVersionRangeResolver.java
@ -69,6 +69,8 @@ public class DefaultVersionRangeResolver

    private static final String MAVEN_METADATA_XML = "maven-metadata.xml";

+    private static final String SNAPSHOT = "SNAPSHOT";
+
    private final MetadataResolver metadataResolver;
    private final SyncContextFactory syncContextFactory;
    private final RepositoryEventDispatcher repositoryEventDispatcher;
@ -183,9 +185,11 @@ public class DefaultVersionRangeResolver
            }

            Versioning versioning = readVersions( session, trace, metadataResult.getMetadata(), repository, result );
+            RemoteRepository remoteRepository = metadataResult.getRequest().getRepository();
+
            for ( String version : versioning.getVersions() )
            {
-                if ( !versionIndex.containsKey( version ) )
+                if ( isEnabled( remoteRepository, version ) && !versionIndex.containsKey( version ) )
                {
                    versionIndex.put( version, repository );
                }
@ -195,6 +199,18 @@ public class DefaultVersionRangeResolver
        return versionIndex;
    }

+    private boolean isEnabled( RemoteRepository remoteRepository, String version )
+    {
+        if ( remoteRepository == null )
+        {
+            return true;
+        }
+
+        boolean snapshot = version != null && version.endsWith( SNAPSHOT );
+
+        return remoteRepository.getPolicy( snapshot ).isEnabled();
+    }
+
    private Versioning readVersions( RepositorySystemSession session, RequestTrace trace, Metadata metadata,
                                     ArtifactRepository repository, VersionRangeResult result )
    {
@ -238,4 +254,4 @@ public class DefaultVersionRangeResolver
        repositoryEventDispatcher.dispatch( event.build() );
    }

-}
+}