Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-8044

Able to circumvent private variables using @parameter in maven plugin

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Plugins and Lifecycle
    • None

    Description

      This affects all released Maven versions so far.

      Problem description:
      By implementing a mojo in a certain way, able to circumvent private variables in a derived class which is a violation of the language rule where private variables should not be accessible outside the class declared.

      Steps to Reproduce:
      1. Create an abstract Java class extending AbstractMojo with a private variable annotated with @Parameter.
      2. Create a derived class for this class variable and declare a variable with the same variable name as used in abstract class from step 1.
      3. Package and use the plugin, to check the values injected into the derived class.

      Expectation is value should be injected into the variable annotated with @Parameter in abstract class from step 1, rather it is injected into derived class from step 2. I couldn't track down the functionality in Maven that is responsible for this, but I guess it narrows down to how dependency injection is done for the annotated Parameter in Maven (either with sisu or plexus containers)

      Please find the attachment for the sample project reproducing this scenario.

      [INFO] — maven-clean-plugin:2.5:clean (default-clean) @ test —
      [INFO]
      [INFO] — test-plugin:0.0.1-SNAPSHOT:hello (hello) @ test —
      [INFO] 0.0.1-SNAPSHOT   --> Value injected in derived class
      [INFO] Password is null     --> Value should be injected here, instead null
      [INFO]

      Tested in:
      Maven version : 3.9.6
      Java version : 11
      Java distribution : OpenJDK 64-Bit Server VM (Red_Hat-11.0.18+10-1) (build 11.0.18+10-LTS, mixed mode)
      OS : Windows 10

       

      Thank you for your time and dedication to maintaining open-source software.

      Attachments

        1. test-plugin.zip
          5 kB
          Elango
        2. test.zip
          3 kB
          Elango

        Activity

          People

            Unassigned Unassigned
            elangoravi Elango
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: