Index: src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java =================================================================== --- src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java (revision 731981) +++ src/java/org/apache/ivy/plugins/resolver/packager/PackagerResolver.java (working copy) @@ -57,6 +57,7 @@ private boolean validate = true; private boolean preserve; + private boolean restricted = true; private boolean verbose; private boolean quiet; @@ -134,6 +135,13 @@ } /** + * Set whether to enable restricted mode. Default is true. + */ + public void setRestricted(boolean restricted) { + this.restricted = restricted; + } + + /** * Set whether to run ant with the -verbose flag. Default is false. */ public void setVerbose(boolean verbose) { @@ -216,7 +224,8 @@ return null; } entry = new PackagerCacheEntry(mr, this.buildRoot, this.resourceCache, - this.resourceURL, this.validate, this.preserve, this.verbose, this.quiet); + this.resourceURL, this.validate, this.preserve, this.restricted, + this.verbose, this.quiet); try { entry.build(packager.getResource(), properties); } catch (IOException e) { Index: src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl =================================================================== --- src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl (revision 731981) +++ src/java/org/apache/ivy/plugins/resolver/packager/packager.xsl (working copy) @@ -20,6 +20,7 @@ + @@ -59,7 +60,7 @@ - + @@ -72,6 +73,18 @@ + + + + + + + + build tag <> not allowed in restricted mode + + + + Index: src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java =================================================================== --- src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java (revision 731981) +++ src/java/org/apache/ivy/plugins/resolver/packager/PackagerCacheEntry.java (working copy) @@ -48,6 +48,7 @@ private final String resourceURL; private final boolean validate; private final boolean preserve; + private final boolean restricted; private final boolean verbose; private final boolean quiet; @@ -56,13 +57,14 @@ // CheckStyle:ParameterNumber OFF public PackagerCacheEntry(ModuleRevisionId mr, File rootDir, File resourceCache, String resourceURL, boolean validate, - boolean preserve, boolean verbose, boolean quiet) { + boolean preserve, boolean restricted, boolean verbose, boolean quiet) { this.mr = mr; this.dir = getSubdir(rootDir, this.mr); this.resourceCache = resourceCache; this.resourceURL = resourceURL; this.validate = validate; this.preserve = preserve; + this.restricted = restricted; this.verbose = verbose; this.quiet = quiet; } @@ -143,6 +145,7 @@ if (this.validate) { project.setUserProperty("ivy.packager.validate", "true"); } + project.setUserProperty("ivy.packager.restricted", "" + this.restricted); if (properties != null) { for (Iterator it = properties.entrySet().iterator(); it.hasNext();) { Entry entry = (Entry) it.next(); Index: src/java/org/apache/ivy/plugins/resolver/packager/build.xml =================================================================== --- src/java/org/apache/ivy/plugins/resolver/packager/build.xml (revision 731981) +++ src/java/org/apache/ivy/plugins/resolver/packager/build.xml (working copy) @@ -44,6 +44,7 @@ + Index: doc/resolver/packager.html =================================================================== --- doc/resolver/packager.html (revision 731981) +++ doc/resolver/packager.html (working copy) @@ -40,10 +40,6 @@

-The only packaging operations currently supported are downloading files, extracting files from archives, packaging files into archives, and moving and copying files. In the future more general operations may be supported, once appropriate security controls are in place. -

- -

Packager repositories allow the creation of Ivy repositories that require neither the participation of any of the modules' creators nor setting up a huge mirror site. One such repository on the web is Ivy RoundUp. Of course, private packager repositories are feasible as well.

@@ -52,11 +48,11 @@

-The packaging instructions are contained in "packager.xml" in a simple XML format. At resolve time this file gets converted into a "build.xml" file via XSLT and then executed using ant. Therefore, ant must be available as an executable on the platform. The ant task executes in a separate process and so is not affected by properties, etc. that may be set in any existing ant environment in which Ivy is running. However, Ivy will define a few properties for convenience; see the "Properties" listed below. +The packaging instructions are contained in "packager.xml" in a simple XML format. At resolve time this file gets converted into a "build.xml" file via XSLT and then executed using ant. Therefore, ant must be available as an executable on the platform. The ant task executes in a separate ant project and so is not affected by properties, etc. that may be set in any existing ant environment in which Ivy is running. However, Ivy will define a few properties for convenience; see the "Properties" listed below.

-For security reasons, the XSLT transform ensures that (a) all downloaded archives have verified SHA1 checksums (including cached resources); and (b) only a very limited set of ant tasks can be performed during the artifact "build" phase; currently these include move, copy, mkdir, zip, unzip, tar, and untar. +For security reasons, the XSLT transform ensures that (a) all downloaded archives have verified SHA1 checksums (including cached resources); and (b) only a very limited set of ant tasks can be performed during the artifact "build" phase; currently these include move, copy, mkdir, zip, unzip, tar, and untar (this restriction may be overridden however; see below).

@@ -64,11 +60,11 @@

-Because the downloading and packaging process is relatively slow, it is important to use Ivy's caching support to avoid repeated execution of the packaging instructions. +Because the packaging process is relatively slow, it is important to use Ivy's caching support to avoid repeated execution of the packaging instructions.

Attributes

-This resolver shares the common attributes of standard resolvers. +This resolver shares the common attributes of standard resolvers, plus the following: @@ -90,6 +86,11 @@ + + + + + @@ -255,12 +256,18 @@ - +
AttributeDescriptionRequired
No; defaults to none
restrictedTrue if this resolver should only allow "safe" ant tasks in the packaging instructionsNo; defaults to true
verbose True to run ant with the -verbose flag No; defaults to false
buildSpecify move, copy, and/or archiving ant tasks that ultimately result in each artifact being placed into artifacts/[type]s/[artifact].[ext]Specify ant tasks that ultimately result in each artifact being placed into artifacts/[type]s/[artifact].[ext] 0..1
+
+Which ant tasks are allowed within the build tag is controlled by the restricted configuration attribute. When true (the default), only the following ant tasks are allowed: copy, jar, mkdir, move, tar, unjar, untar, unwar, unzip, war, and zip. When false, all ant tasks are allowed. +

+Warning: setting restricted to false creates a security problem due to ant tasks like delete, exec, etc. Do not use this setting when your configuration points to an untrusted repository. +

+

Resource XML Elements

The resource XML tag supports the following attributes: