DependencyDownloader: Upgrade (transitive) Log4J if needed

Juuxel · Juuxel · commit acd9ad739bc9 · 2024-01-24T13:22:35.000+02:00
diff --git a/src/main/java/net/fabricmc/loom/util/DependencyDownloader.java b/src/main/java/net/fabricmc/loom/util/DependencyDownloader.java
@@ -1,7 +1,7 @@
 /*
  * This file is part of fabric-loom, licensed under the MIT License (MIT).
  *
- * Copyright (c) 2021-2023 FabricMC
+ * Copyright (c) 2021-2024 FabricMC
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -35,17 +35,25 @@
 import org.gradle.api.Project;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.artifacts.Dependency;
+import org.gradle.api.artifacts.DependencyResolveDetails;
 import org.gradle.api.artifacts.ModuleDependency;
+import org.gradle.api.artifacts.ModuleVersionSelector;
 import org.gradle.api.artifacts.dsl.DependencyHandler;
 import org.gradle.api.attributes.Attribute;
 import org.gradle.api.file.FileCollection;
+import org.jetbrains.annotations.VisibleForTesting;
 
 /**
  * Simplified but powerful dependency downloading.
  *
  * @author Juuz
  */
 public final class DependencyDownloader {
+	private static final String LOG4J_GROUP = "org.apache.logging.log4j";
+	private static final String LOG4J_NAME = "log4j-core";
+	private static final String LOG4J_MINIMUM_VERSION = "2.17.1";
+	private static final int[] LOG4J_MINIMUM_VERSION_COMPONENTS = {2, 17, 1};
+
 	private final Project project;
 	private final List<DependencyEntry> dependencies = new ArrayList<>();
 	private final Map<Attribute<?>, Object> attributes = new HashMap<>();
@@ -133,6 +141,7 @@ public FileCollection download(boolean transitive, boolean resolve) {
 				attributes.attribute((Attribute<Object>) attribute, value);
 			});
 		});
+		config.getResolutionStrategy().eachDependency(DependencyDownloader::upgradeLog4j);
 		FileCollection files = config.fileCollection(dep -> true);
 
 		if (resolve) {
@@ -142,6 +151,49 @@ public FileCollection download(boolean transitive, boolean resolve) {
 		return files;
 	}
 
+	private static void upgradeLog4j(DependencyResolveDetails details) {
+		ModuleVersionSelector requested = details.getRequested();
+
+		if (LOG4J_GROUP.equals(requested.getGroup()) && LOG4J_NAME.equals(requested.getName())) {
+			final String requestedVersion = requested.getVersion();
+
+			if (requestedVersion != null && shouldUpgradeLog4jVersion(requestedVersion)) {
+				details.useVersion(LOG4J_MINIMUM_VERSION);
+			}
+		}
+	}
+
+	@VisibleForTesting
+	public static boolean shouldUpgradeLog4jVersion(String requestedVersion) {
+		final String[] splitVersion = requestedVersion.split("\\.");
+
+		for (int i = 0; i < LOG4J_MINIMUM_VERSION_COMPONENTS.length; i++) {
+			if (i >= splitVersion.length) {
+				// Not enough version components in the requested version, upgrade just to be sure.
+				return true;
+			}
+
+			final int minimumComponent = LOG4J_MINIMUM_VERSION_COMPONENTS[i];
+			final String givenComponentStr = splitVersion[i];
+			final int givenComponent;
+
+			try {
+				givenComponent = Integer.parseInt(givenComponentStr);
+			} catch (NumberFormatException e) {
+				// We can't read the version component for comparing, upgrade just to be sure.
+				return true;
+			}
+
+			if (givenComponent < minimumComponent) {
+				// Too old, upgrade.
+				return true;
+			}
+		}
+
+		// Seems to be new enough, let's not upgrade.
+		return false;
+	}
+
 	/**
 	 * Resolves a dependency as well as its transitive dependencies into a {@link FileCollection}.
 	 *
diff --git a/src/test/groovy/net/fabricmc/loom/test/unit/architectury/DependencyDownloaderTest.groovy b/src/test/groovy/net/fabricmc/loom/test/unit/architectury/DependencyDownloaderTest.groovy
@@ -0,0 +1,40 @@
+/*
+ * This file is part of fabric-loom, licensed under the MIT License (MIT).
+ *
+ * Copyright (c) 2024 FabricMC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package net.fabricmc.loom.test.unit.architectury
+
+import spock.lang.Specification
+
+class DependencyDownloaderTest extends Specification {
+	def "upgrading log4j (should upgrade: #shouldUpgrade, requested: #version)"() {
+		where:
+		version        | shouldUpgrade
+		'2.17.1'       | false
+		'2.hello.3'    | true
+		'world.1.0'    | true
+		'3.0.0-beta1'  | false
+		'3.0.0-alpha1' | false
+		'2.16.0'       | true
+	}
+}
