Uploaded image for project: 'Maven Shared Components'
  1. Maven Shared Components
  2. MSHARED-431

# (Hash-Sign) should trigger quoting in BourneShell.java

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • maven-shared-utils-0.8
    • maven-shared-utils-3.3.3
    • maven-shared-utils
    • None
    • Unix (Linux)

    Description

      When trying to use the latest maven-jarsign-plugin using a keystore-password which started with a hash (#), signing failed. After enabling debug output with -X, I got a strange debug message:

      [DEBUG] Option lacks argument

      Since signtool is invoked using /bin/sh -c ..., of course, any # must be quoted, because otherwise it acts as a comment-start and thus effectively cuts-off the rest of the cmdline.
      After single-quoting the password in the pom.xml, the jar signing was ok.

      =>
      Adding '#' to BASH_QUOTING_TRIGGER_CHARS in org.apache.maven.shared.utils.cli.shell.BourneShell.java should fix the problem.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. MSHARED-851 & must trigger quoting in Windows

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. MSHARED-297 Commandline class shell injection vulnerabilities

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              slachiewicz Sylwester Lachiewicz
              felfert2 Fritz Elfert
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: