diff --git a/maven/lib/dependabot/maven/file_parser/repositories_finder.rb b/maven/lib/dependabot/maven/file_parser/repositories_finder.rb index a953c640e63..4ee17e4fcdf 100644 --- a/maven/lib/dependabot/maven/file_parser/repositories_finder.rb +++ b/maven/lib/dependabot/maven/file_parser/repositories_finder.rb @@ -31,6 +31,9 @@ def initialize(pom_fetcher:, dependency_files: [], credentials: [], evaluate_pro # circular dependency between this class and the PropertyValueFinder # class @evaluate_properties = evaluate_properties + # Aggregates URLs seen in POMs to avoid short term memory loss. + # For instance a repository in a child POM might apply to the parent too. + @known_urls = [] end def central_repo_url @@ -42,12 +45,17 @@ def central_repo_url def repository_urls(pom:, exclude_inherited: false) entries = gather_repository_urls(pom: pom, exclude_inherited: exclude_inherited) ids = Set.new - urls_from_credentials + entries.map do |entry| + @known_urls += entries.map do |entry| next if entry[:id] && ids.include?(entry[:id]) ids.add(entry[:id]) unless entry[:id].nil? - entry[:url] - end.uniq.compact + entry + end + @known_urls = @known_urls.uniq.compact + + urls = urls_from_credentials + @known_urls.map { |entry| entry[:url] } + urls += [central_repo_url] unless @known_urls.any? { |entry| entry[:id] == super_pom[:id] } + urls.uniq end private @@ -69,11 +77,11 @@ def gather_repository_urls(pom:, exclude_inherited: false) select { |entry| entry[:url].start_with?("http") }. map { |entry| { url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""), id: entry[:id] } } - return repos_in_pom + [super_pom] if exclude_inherited + return repos_in_pom if exclude_inherited urls_in_pom = repos_in_pom.map { |repo| repo[:url] } unless (parent = parent_pom(pom, urls_in_pom)) - return repos_in_pom + [super_pom] + return repos_in_pom end repos_in_pom + gather_repository_urls(pom: parent) diff --git a/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb b/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb index b04890847b2..eec81e394b9 100644 --- a/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb +++ b/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb @@ -65,6 +65,45 @@ ) end + it "remembers what it's seen" do + custom_pom = Dependabot::DependencyFile.new( + name: "pom.xml", + content: fixture("poms", "custom_repositories_pom.xml") + ) + expect(finder.repository_urls(pom: custom_pom)).to eq( + %w( + http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 + http://plugin-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 + ) + ) + base_pom = Dependabot::DependencyFile.new( + name: "pom.xml", + content: fixture("poms", "basic_pom.xml") + ) + expect(finder.repository_urls(pom: base_pom)).to eq( + %w( + http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 + http://plugin-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 + ) + ) + overwrite_central_pom = Dependabot::DependencyFile.new( + name: "pom.xml", + content: fixture("poms", "overwrite_central_pom.xml") + ) + expect(finder.repository_urls(pom: overwrite_central_pom)).to eq( + %w( + http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 + http://plugin-repository.jboss.org/maven2 + https://example.com + ) + ) + end + context "that overwrites central" do let(:base_pom_fixture_name) { "overwrite_central_pom.xml" }