Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

protect against other types of erroneous versions #28

Merged
merged 2 commits into from
Feb 9, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions changelog/@unreleased/pr-28.v2.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
type: fix
fix:
description: protect against other types of erroneous versions
links:
- https://github.com/palantir/jakarta-package-alignment/pull/28
2 changes: 2 additions & 0 deletions jakarta-package-alignment-mappings/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@ apply plugin: "com.palantir.external-publish-jar"

dependencies {
implementation 'org.apache.maven:maven-artifact'

testImplementation 'org.junit.jupiter:junit-jupiter'
}

Original file line number Diff line number Diff line change
Expand Up @@ -24,26 +24,27 @@
public final class VersionMappings {

private static final Map<String, VersionMapping> mappings = createMappings();
private static final ComparableVersion MINIMUM_VERSION_BOUND = new ComparableVersion("0.0.1");

private VersionMappings() {}

public static Optional<MavenCoordinate> getReplacement(String group, String name, String version) {
// https://github.com/palantir/jakarta-package-alignment/issues/25
// we must have non-null, non-empty version, otherwise the version comparison below
// can return the incorrect result
// this can happen if getReplacement is called from a ModuleComponentSelector that only has the group/name set
if (version == null || version.isEmpty()) {
return Optional.empty();
}

String key = group + ":" + name;
VersionMapping mapping = mappings.get(key);

if (mapping != null) {
ComparableVersion requestedVersion = new ComparableVersion(version);
ComparableVersion maxJakartaVersionWithJavaxNamespace =
new ComparableVersion(mapping.getJakartaCoord().getVersion());
if (requestedVersion.compareTo(maxJakartaVersionWithJavaxNamespace) <= 0) {

// https://github.com/palantir/jakarta-package-alignment/issues/25
// In some cases, getReplacement may be called with a weird version like "." or an empty string
// ComparableVersion behaves a bit strangely in these cases, so to ensure we're checking a valid
// version range, also compare it with an arbitrary minimum bound which we know does not exist
// for any jakarta package. This ensures that we don't accidentally return an incorrect replacement
// rule in these cases which can hose up dependency resolution.
if (requestedVersion.compareTo(MINIMUM_VERSION_BOUND) > 0
&& requestedVersion.compareTo(maxJakartaVersionWithJavaxNamespace) <= 0) {
return Optional.of(mapping.getMappedJavaeeCoord());
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
* (c) Copyright 2023 Palantir Technologies Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.palantir.gradle.jakartapackagealignment;

import static org.junit.jupiter.api.Assertions.assertTrue;

import java.util.Optional;
import org.junit.jupiter.api.Test;

class VersionMappingsTest {
@Test
public void testBogusVersions() {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unnecessary public modifier, probably worth a new error-prone rule+excavator to handle this sort of thing more broadly when I have some cycles.

Suggested change
public void testBogusVersions() {
void testBogusVersions() {

Optional<MavenCoordinate> result = VersionMappings.getReplacement("jakarta.ws.rs", "jakarta.ws.rs-api", "");
assertTrue(result.isEmpty());

result = VersionMappings.getReplacement("jakarta.ws.rs", "jakarta.ws.rs-api", ".");
assertTrue(result.isEmpty());
}
}
12 changes: 8 additions & 4 deletions versions.lock
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,17 @@ org.codehaus.plexus:plexus-utils:3.4.2 (1 constraints: 8a0d6c2f)
cglib:cglib-nodep:3.2.2 (1 constraints: 490ded24)
com.netflix.nebula:nebula-test:10.0.0 (1 constraints: 3305273b)
junit:junit:4.13 (1 constraints: bb0d1930)
org.apiguardian:apiguardian-api:1.1.0 (2 constraints: 51238736)
org.apiguardian:apiguardian-api:1.1.2 (5 constraints: 105480ac)
org.codehaus.groovy:groovy:3.0.6 (2 constraints: 1e1b476d)
org.hamcrest:hamcrest:2.2 (1 constraints: d20cdc04)
org.hamcrest:hamcrest-core:1.3 (1 constraints: cc05fe3f)
org.junit.platform:junit-platform-commons:1.7.0 (1 constraints: 6c119ad9)
org.junit.platform:junit-platform-engine:1.7.0 (1 constraints: 340d161f)
org.junit.jupiter:junit-jupiter:5.9.2 (1 constraints: 12052136)
org.junit.jupiter:junit-jupiter-api:5.9.2 (3 constraints: 792f0dde)
org.junit.jupiter:junit-jupiter-engine:5.9.2 (1 constraints: 0d0ee23b)
org.junit.jupiter:junit-jupiter-params:5.9.2 (1 constraints: 0d0ee23b)
org.junit.platform:junit-platform-commons:1.9.2 (2 constraints: df20424b)
org.junit.platform:junit-platform-engine:1.9.2 (2 constraints: df1dcf4c)
org.objenesis:objenesis:2.4 (1 constraints: ea0c8c0a)
org.opentest4j:opentest4j:1.2.0 (1 constraints: 67118bd9)
org.opentest4j:opentest4j:1.2.0 (2 constraints: cd205b49)
org.spockframework:spock-core:2.0-M4-groovy-3.0 (2 constraints: e822d65a)
org.spockframework:spock-junit4:2.0-M4-groovy-3.0 (1 constraints: 25115ddf)
1 change: 1 addition & 0 deletions versions.props
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
com.netflix.nebula:nebula-test = 10.0.0
org.apache.maven:maven-artifact = 3.9.0
org.junit.jupiter:* = 5.9.2

# conflict resolution
com.google.code.findbugs:jsr305 = 3.0.2
Expand Down