Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7375

Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.8.4
    • None
    • None

    Description

      Currently the metadata at https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml contains an invalid entry without a prefix:

      <metadata>
        <plugins>
          <plugin>
            <name>Apache Jackrabbit FileVault - Package Maven Plugin</name>
            <prefix>filevault-package</prefix>
            <artifactId>filevault-package-maven-plugin</artifactId>
          </plugin>
          <plugin>
            <name>filevault-package-maven-plugin</name>
            <artifactId>filevault-package-maven-plugin</artifactId>
          </plugin>
        </plugins>
      </metadata>
      

      This leads to an NPE when trying to deploy a new version with org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...):

      Caused by: java.lang.NullPointerException
          at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:276)
          at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata (AbstractRepositoryMetadata.java:121)
          at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository (AbstractRepositoryMetadata.java:67)
          at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge (MetadataBridge.java:65)
          at org.eclipse.aether.internal.impl.DefaultDeployer.upload (DefaultDeployer.java:433)
          at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:321)
          at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:213)
          at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy (DefaultRepositorySystem.java:386)
          at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy (DefaultArtifactDeployer.java:142)
      

      Although this happened in the context of using "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8" (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to NEXUS-30749 - Broken groupId metadata and follow-up NPE during org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp - Sonatype JIRA.pdf ), the affected code is in Maven.

      The metadata is probably invalid but the Metadata class should be more robust when trying to do the merge in https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100 and just ignore all plugin entries without all mandatory elements.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: