diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
index b3d68847ec86..b37992df30ef 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/PluginsMetadataGenerator.java
@@ -27,6 +27,7 @@
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
+import java.util.Objects;
import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
@@ -135,9 +136,23 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
String artifactId = root.getChild("artifactId").getValue();
String goalPrefix = root.getChild("goalPrefix").getValue();
String name = root.getChild("name").getValue();
- return new PluginInfo(groupId, artifactId, goalPrefix, name);
+ // sanity check: plugin descriptor extracted from artifact must have same GA
+ if (Objects.equals(artifact.getGroupId(), groupId)
+ && Objects.equals(artifact.getArtifactId(), artifactId)) {
+ return new PluginInfo(groupId, artifactId, goalPrefix, name);
+ } else {
+ throw new InvalidArtifactPluginMetadataException(
+ "Artifact " + artifact.getGroupId() + ":"
+ + artifact.getArtifactId()
+ + " JAR (to be installed/deployed) contains Maven Plugin metadata for plugin "
+ + groupId + ":" + artifactId + "; coordinates are conflicting. "
+ + "Most probably your JAR contains rogue Maven Plugin metadata, "
+ + "possible causes may be: shaded in Maven Plugin or some rogue resource)");
+ }
}
}
+ } catch (RuntimeException e) {
+ throw e;
} catch (Exception e) {
// here we can have: IO. ZIP or Plexus Conf Ex: but we should not interfere with user intent
}
@@ -145,4 +160,10 @@ private PluginInfo extractPluginInfo(Artifact artifact) {
}
return null;
}
+
+ public static final class InvalidArtifactPluginMetadataException extends IllegalArgumentException {
+ InvalidArtifactPluginMetadataException(String s) {
+ super(s);
+ }
+ }
}
diff --git a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
index 8031ca508310..c22db033eb51 100644
--- a/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
+++ b/maven-resolver-provider/src/test/java/org/apache/maven/repository/internal/RepositorySystemTest.java
@@ -18,15 +18,19 @@
*/
package org.apache.maven.repository.internal;
+import java.nio.file.Files;
import java.util.Arrays;
import java.util.List;
+import org.eclipse.aether.DefaultRepositorySystemSession;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.artifact.DefaultArtifact;
import org.eclipse.aether.collection.CollectRequest;
import org.eclipse.aether.collection.CollectResult;
import org.eclipse.aether.graph.Dependency;
import org.eclipse.aether.graph.DependencyNode;
+import org.eclipse.aether.installation.InstallRequest;
+import org.eclipse.aether.repository.LocalRepository;
import org.eclipse.aether.resolution.ArtifactDescriptorRequest;
import org.eclipse.aether.resolution.ArtifactDescriptorResult;
import org.eclipse.aether.resolution.ArtifactRequest;
@@ -193,4 +197,29 @@ public void testNewLocalRepositoryManager() throws Exception {
public void testNewSyncContext() throws Exception {
// SyncContext newSyncContext( RepositorySystemSession session, boolean shared );
}
+
+ public void testRoguePlugin() throws Exception {
+ Artifact artifact = new DefaultArtifact("ut.simple:rogue-plugin:1.0");
+
+ ArtifactRequest artifactRequest = new ArtifactRequest();
+ artifactRequest.setArtifact(artifact);
+ artifactRequest.addRepository(newTestRepository());
+
+ ArtifactResult artifactResult = system.resolveArtifact(session, artifactRequest);
+ checkArtifactResult(artifactResult, "rogue-plugin-1.0.jar");
+
+ InstallRequest installRequest = new InstallRequest();
+ installRequest.addArtifact(artifactResult.getArtifact());
+
+ DefaultRepositorySystemSession loc = new DefaultRepositorySystemSession(session);
+ loc.setLocalRepositoryManager(system.newLocalRepositoryManager(
+ session, new LocalRepository(Files.createTempDirectory("local").toFile())));
+ try {
+ system.install(loc, installRequest);
+ fail("install should fail");
+ } catch (Exception e) {
+ assertTrue(e instanceof PluginsMetadataGenerator.InvalidArtifactPluginMetadataException);
+ assertTrue(e.getMessage().contains("coordinates are conflicting"));
+ }
+ }
}
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar
new file mode 100644
index 000000000000..8163c13626e6
Binary files /dev/null and b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.jar differ
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
new file mode 100644
index 000000000000..84d007fc5f08
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/1.0/rogue-plugin-1.0.pom
@@ -0,0 +1,31 @@
+
+
+
+
+
+ 4.0.0
+
+ ut.simple
+ rogue-plugin
+ 1.0
+
+ Simple Unit Test Rogue Plugin
+
diff --git a/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
new file mode 100644
index 000000000000..8618d47389f4
--- /dev/null
+++ b/maven-resolver-provider/src/test/resources/repo/ut/simple/rogue-plugin/maven-metadata.xml
@@ -0,0 +1,34 @@
+
+
+
+
+
+ ut.simple
+ rogue-plugin
+
+ 1.0
+ 1.0
+
+ 1.0
+
+ 20111123122038
+
+
\ No newline at end of file