Maven version scheme validates an invalid input as a valid version

Question

Maven version scheme validates an invalid input as a valid version

gastaldi opened this issue a year ago · comments

The following snippet passes as a valid version (when it shouldn't have):

VersionScheme.MAVEN.validate("%3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%29%3c%2f%73%63%72%69%70%74%3e%3c%2f%68%65%61%64%3e%3c%2f%68%74%6d%6c%3e")

David M. Lloyd · Answer 1 · Wed Apr 05 2023 00:58:44 GMT+0800 (China Standard Time)

Sadly this is in fact a valid Maven version under both old and new Maven version parsing schemes:

$ java -jar ~/local/apache-maven/lib/maven-artifact-3.9.0.jar '%3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%29%3c%2f%73%63%72%69%70%74%3e%3c%2f%68%65%61%64%3e%3c%2f%68%74%6d%6c%3e'
Display parameters as parsed by Maven (in canonical form and as a list of tokens) and comparison result:
1. %3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%29%3c%2f%73%63%72%69%70%74%3e%3c%2f%68%65%61%64%3e%3c%2f%68%74%6d%6c%3e -> %-3-c%-68-%-74-%-6-d%-6-c%-3-e%-3-c%-68-%-65-%-61-%-64-%-3-e%-3-c%-73-%-63-%-72-%-69-%-70-%-74-%-3-e%-61-%-6-c%-65-%-72-%-74-%-28-%-64-%-6-f%-63-%-75-%-6-d%-65-%-6-e%-74-%-2-e%-6-c%-6-f%-63-%-61-%-74-%-69-%-6-f%-6-e%-29-%-3-c%-2-f%-73-%-63-%-72-%-69-%-70-%-74-%-3-e%-3-c%-2-f%-68-%-65-%-61-%-64-%-3-e%-3-c%-2-f%-68-%-74-%-6-d%-6-c%-3-e; tokens: [%, [3, [c%, [68, [%, [74, [%, [6, [d%, [6, [c%, [3, [e%, [3, [c%, [68, [%, [65, [%, [61, [%, [64, [%, [3, [e%, [3, [c%, [73, [%, [63, [%, [72, [%, [69, [%, [70, [%, [74, [%, [3, [e%, [61, [%, [6, [c%, [65, [%, [72, [%, [74, [%, [28, [%, [64, [%, [6, [f%, [63, [%, [75, [%, [6, [d%, [65, [%, [6, [e%, [74, [%, [2, [e%, [6, [c%, [6, [f%, [63, [%, [61, [%, [74, [%, [69, [%, [6, [f%, [6, [e%, [29, [%, [3, [c%, [2, [f%, [73, [%, [63, [%, [72, [%, [69, [%, [70, [%, [74, [%, [3, [e%, [3, [c%, [2, [f%, [68, [%, [65, [%, [61, [%, [64, [%, [3, [e%, [3, [c%, [2, [f%, [68, [%, [74, [%, [6, [d%, [6, [c%, [3, [e]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

$ jbang --main=org.eclipse.aether.util.version.GenericVersionScheme org.apache.maven.resolver:maven-resolver-util:1.9.5 '%3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%29%3c%2f%73%63%72%69%70%74%3e%3c%2f%68%65%61%64%3e%3c%2f%68%74%6d%6c%3e'
[jbang] Resolving dependencies...
[jbang]     Resolving org.apache.maven.resolver:maven-resolver-util:1.9.5...Done
[jbang] Dependencies resolved
Display parameters as parsed by Maven Resolver (in canonical form and as a list of tokens) and comparison result:
1. %3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%29%3c%2f%73%63%72%69%70%74%3e%3c%2f%68%65%61%64%3e%3c%2f%68%74%6d%6c%3e -> %3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%29%3c%2f%73%63%72%69%70%74%3e%3c%2f%68%65%61%64%3e%3c%2f%68%74%6d%6c%3e; tokens: [%, 3, c%, 68, %, 74, %, 6, d%, 6, c%, 3, e%, 3, c%, 68, %, 65, %, 61, %, 64, %, 3, e%, 3, c%, 73, %, 63, %, 72, %, 69, %, 70, %, 74, %, 3, e%, 61, %, 6, c%, 65, %, 72, %, 74, %, 28, %, 64, %, 6, f%, 63, %, 75, %, 6, d%, 65, %, 6, e%, 74, %, 2, e%, 6, c%, 6, f%, 63, %, 61, %, 74, %, 69, %, 6, f%, 6, e%, 29, %, 3, c%, 2, f%, 73, %, 63, %, 72, %, 69, %, 70, %, 74, %, 3, e%, 3, c%, 2, f%, 68, %, 65, %, 61, %, 64, %, 3, e%, 3, c%, 2, f%, 68, %, 74, %, 6, d%, 6, c%, 3, e]

David M. Lloyd · Answer 2 · Thu Dec 07 2023 23:37:51 GMT+0800 (China Standard Time)

Closing as "not a bug", because the upstream spec/scheme allows this case (strange though it may be).