GH-242: Delete original zip only if no errors

Fixes https://github.com/spring-projects/spring-integration-extensions/issues/242

The `UnZipTransformer` removes a source zip file unconditionally

* Fix `UnZipTransformer` to remove a source zip file only
if unzipping was successful
* More checks for traversal file names
* Upgrade dependencies including Gradle
* Move Maven publishing functionality to `maven-publish` plugin
This commit is contained in:
Artem Bilan
2021-02-23 10:10:45 -05:00
parent 8daf84e074
commit ad398071e2
8 changed files with 162 additions and 182 deletions

View File

@@ -1,5 +1,6 @@
buildscript {
repositories {
maven { url 'https://plugins.gradle.org/m2' }
maven { url 'https://repo.spring.io/plugins-release' }
}
dependencies {
@@ -22,6 +23,7 @@ description = 'Spring Integration SMB Support'
group = 'org.springframework.integration'
repositories {
mavenCentral()
if (version.endsWith('BUILD-SNAPSHOT')) {
maven { url 'https://repo.spring.io/libs-snapshot' }
}

View File

@@ -1,52 +1,27 @@
buildscript {
repositories {
maven { url 'https://repo.spring.io/plugins-release' }
}
dependencies {
classpath 'io.spring.gradle:dependency-management-plugin:1.0.2.RELEASE'
classpath 'io.spring.gradle:spring-io-plugin:0.0.8.RELEASE'
}
}
plugins {
id 'java'
id 'java-library'
id 'eclipse'
id 'idea'
id 'jacoco'
id "org.sonarqube" version "2.8"
id 'org.sonarqube' version '2.8'
id 'com.jfrog.artifactory' version '4.19.0'
}
description = 'Spring Integration Zip Adapter'
apply from: "${rootProject.projectDir}/publish-maven.gradle"
group = 'org.springframework.integration'
repositories {
if (version.endsWith('BUILD-SNAPSHOT') || project.hasProperty('platformVersion')) {
mavenCentral()
if (version.endsWith('BUILD-SNAPSHOT')) {
maven { url 'https://repo.spring.io/libs-snapshot' }
}
maven { url 'https://repo.spring.io/libs-milestone' }
}
if (project.hasProperty('platformVersion')) {
apply plugin: 'spring-io'
dependencyManagement {
springIoTestRuntime {
imports {
mavenBom "io.spring.platform:platform-bom:${platformVersion}"
}
}
}
springIoDependencyVersionMappingCheck {
configuration = configurations.testRuntime
failOnUnmappedDirectDependency = false
failOnUnmappedTransitiveDependency = true
}
java {
withJavadocJar()
withSourcesJar()
}
sourceCompatibility=1.6
@@ -61,8 +36,8 @@ ext {
linkScmConnection = 'https://github.com/spring-projects/spring-integration-extensions.git'
linkScmDevConnection = 'git@github.com:spring-projects/spring-integration-extensions.git'
slf4jVersion = "1.7.30"
springIntegrationVersion = '4.3.22.RELEASE'
slf4jVersion = '1.7.30'
springIntegrationVersion = '4.3.24.RELEASE'
ztZipVersion = '1.14'
idPrefix = 'zip'
@@ -83,16 +58,15 @@ sourceSets {
}
jacoco {
toolVersion = "0.7.8"
toolVersion = '0.8.6'
}
dependencies {
compile "org.springframework.integration:spring-integration-core:$springIntegrationVersion"
compile "org.springframework.integration:spring-integration-file:$springIntegrationVersion"
compile "org.zeroturnaround:zt-zip:$ztZipVersion"
api "org.springframework.integration:spring-integration-file:$springIntegrationVersion"
api "org.zeroturnaround:zt-zip:$ztZipVersion"
testCompile "org.springframework.integration:spring-integration-test:$springIntegrationVersion"
testRuntime "org.slf4j:slf4j-log4j12:$slf4jVersion"
testImplementation "org.springframework.integration:spring-integration-test:$springIntegrationVersion"
testRuntimeOnly "org.slf4j:slf4j-log4j12:$slf4jVersion"
}
@@ -103,47 +77,34 @@ ext.xLintArg = '-Xlint:all,-options'
test {
// suppress all console output during testing unless running `gradle -i`
logging.captureStandardOutput(LogLevel.INFO)
maxHeapSize = "1024m"
maxHeapSize = '1024m'
jacoco {
append = false
destinationFile = file("$buildDir/jacoco.exec")
}
if (System.properties['sonar.host.url']) {
finalizedBy jacocoTestReport
}
}
jacocoTestReport {
reports {
xml.enabled false
xml.enabled true
csv.enabled false
html.destination file("${buildDir}/reports/jacoco/html")
html.enabled false
xml.destination file("${buildDir}/reports/jacoco/test/jacocoTestReport.xml")
}
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allJava
}
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
artifacts {
archives sourcesJar
archives javadocJar
}
build.dependsOn jacocoTestReport
check.dependsOn javadoc
sonarqube {
properties {
property "sonar.jacoco.reportPath", "${buildDir.name}/jacoco.exec"
property "sonar.links.homepage", linkHomepage
property "sonar.links.ci", linkCi
property "sonar.links.issue", linkIssue
property "sonar.links.scm", linkScmUrl
property "sonar.links.scm_dev", linkScmDevConnection
property "sonar.java.coveragePlugin", "jacoco"
property 'sonar.links.homepage', linkHomepage
property 'sonar.links.ci', linkCi
property 'sonar.links.issue', linkIssue
property 'sonar.links.scm', linkScmUrl
property 'sonar.links.scm_dev', linkScmDevConnection
}
}
@@ -163,11 +124,11 @@ task api(type: Javadoc) {
task schemaZip(type: Zip) {
group = 'Distribution'
classifier = 'schema'
description = "Builds -${classifier} archive containing all " +
archiveClassifier = 'schema'
description = "Builds -${archiveClassifier} archive containing all " +
"XSDs for deployment at static.springframework.org/schema."
def Properties schemas = new Properties();
Properties schemas = new Properties();
def shortName = idPrefix.replaceFirst("${idPrefix}-", '')
project.sourceSets.main.resources.find {
@@ -187,8 +148,8 @@ task schemaZip(type: Zip) {
task docsZip(type: Zip) {
group = 'Distribution'
classifier = 'docs'
description = "Builds -${classifier} archive containing api docs " +
archiveClassifier = 'docs'
description = "Builds -${archiveClassifier} archive containing api docs " +
"for deployment at static.springframework.org/spring-integration/docs."
from('src/dist') {
@@ -203,8 +164,8 @@ task docsZip(type: Zip) {
task distZip(type: Zip, dependsOn: [docsZip, schemaZip]) {
group = 'Distribution'
classifier = 'dist'
description = "Builds -${classifier} archive, containing all jars and docs, " +
archiveClassifier = 'dist'
description = "Builds -${archiveClassifier} archive, containing all jars and docs, " +
"suitable for community download page."
ext.baseDir = "${project.name}-${project.version}";
@@ -235,9 +196,9 @@ task distZip(type: Zip, dependsOn: [docsZip, schemaZip]) {
// Not published by default; only for use when building from source.
task depsZip(type: Zip, dependsOn: distZip) { zipTask ->
group = 'Distribution'
classifier = 'dist-with-deps'
description = "Builds -${classifier} archive, containing everything " +
"in the -${distZip.classifier} archive plus all dependencies."
archiveClassifier = 'dist-with-deps'
description = "Builds -${archiveClassifier} archive, containing everything " +
"in the -${distZip.archiveClassifier} archive plus all dependencies."
from zipTree(distZip.archivePath)
@@ -260,13 +221,9 @@ task depsZip(type: Zip, dependsOn: distZip) { zipTask ->
}
}
artifacts {
archives distZip
archives docsZip
archives schemaZip
}
task dist(dependsOn: assemble) {
group = 'Distribution'
description = 'Builds -dist, -docs and -schema distribution archives.'
}
apply from: "${rootProject.projectDir}/publish-maven.gradle"

View File

@@ -1,5 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.2-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View File

@@ -1,5 +1,21 @@
#!/usr/bin/env sh
#
# Copyright 2015 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
##
## Gradle start up script for UN*X
@@ -28,7 +44,7 @@ APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
@@ -66,6 +82,7 @@ esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
@@ -109,10 +126,11 @@ if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin ; then
# For Cygwin or MSYS, switch paths to Windows format before running java
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
@@ -138,19 +156,19 @@ if $cygwin ; then
else
eval `echo args$i`="\"$arg\""
fi
i=$((i+1))
i=`expr $i + 1`
done
case $i in
(0) set -- ;;
(1) set -- "$args0" ;;
(2) set -- "$args0" "$args1" ;;
(3) set -- "$args0" "$args1" "$args2" ;;
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
0) set -- ;;
1) set -- "$args0" ;;
2) set -- "$args0" "$args1" ;;
3) set -- "$args0" "$args1" "$args2" ;;
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
@@ -159,14 +177,9 @@ save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=$(save "$@")
APP_ARGS=`save "$@"`
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
cd "$(dirname "$0")"
fi
exec "$JAVACMD" "$@"

View File

@@ -1,3 +1,19 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@@ -13,15 +29,18 @@ if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS=
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto init
if "%ERRORLEVEL%" == "0" goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -35,7 +54,7 @@ goto fail
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto init
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -45,28 +64,14 @@ echo location of your Java installation.
goto fail
:init
@rem Get command-line arguments, handling Windows variants
if not "%OS%" == "Windows_NT" goto win9xME_args
:win9xME_args
@rem Slurp the command line arguments.
set CMD_LINE_ARGS=
set _SKIP=2
:win9xME_args_slurp
if "x%~1" == "x" goto execute
set CMD_LINE_ARGS=%*
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell

View File

@@ -1,61 +1,60 @@
apply plugin: 'maven'
apply plugin: 'maven-publish'
ext.optionalDeps = []
ext.providedDeps = []
ext.optional = { optionalDeps << it }
ext.provided = { providedDeps << it }
install {
repositories.mavenInstaller {
customizePom(pom, project)
}
}
def customizePom(pom, gradleProject) {
pom.whenConfigured { generatedPom ->
// respect 'optional' and 'provided' dependencies
gradleProject.optionalDeps.each { dep ->
generatedPom.dependencies.find { it.artifactId == dep.name }?.optional = true
}
gradleProject.providedDeps.each { dep ->
generatedPom.dependencies.find { it.artifactId == dep.name }?.scope = 'provided'
}
// eliminate test-scoped dependencies (no need in maven central poms)
generatedPom.dependencies.removeAll { dep ->
dep.scope == 'test'
}
// add all items necessary for maven central publication
generatedPom.project {
name = gradleProject.description
description = gradleProject.description
url = 'https://github.com/spring-projects/spring-integration-extensions'
organization {
name = 'SpringIO'
url = 'https://spring.io'
}
licenses {
license {
name 'The Apache Software License, Version 2.0'
url 'https://www.apache.org/licenses/LICENSE-2.0.txt'
distribution 'repo'
publishing {
publications {
mavenJava(MavenPublication) {
suppressAllPomMetadataWarnings()
from components.java
artifact docsZip
artifact schemaZip
artifact distZip
pom {
afterEvaluate {
name = project.description
description = project.description
}
url = linkScmUrl
organization {
name = 'Spring IO'
url = 'https://spring.io/projects/spring-integration'
}
licenses {
license {
name = 'Apache License, Version 2.0'
url = 'https://www.apache.org/licenses/LICENSE-2.0'
distribution = 'repo'
}
}
scm {
url = linkScmUrl
connection = linkScmConnection
developerConnection = linkScmDevConnection
}
developers {
developer {
id = 'artembilan'
name = 'Artem Bilan'
email = 'abilan@vmware.com'
roles = ['project lead']
}
}
issueManagement {
system = 'GitHub'
url = linkIssue
}
}
scm {
url = 'https://github.com/spring-projects/spring-integration-extensions'
connection = 'scm:git:git://github.com/spring-projects/spring-integration-extensions'
developerConnection = 'scm:git:git://github.com/spring-projects/spring-integration-extensions'
}
developers {
developer {
id = 'ghiller'
name = 'Gunnar Hillert'
email = 'ghiller@pivotal.io'
versionMapping {
usage('java-api') {
fromResolutionResult()
}
usage('java-runtime') {
fromResolutionResult()
}
}
}
}
}
artifactoryPublish {
publications(publishing.publications.mavenJava)
}

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2015-2019 the original author or authors.
* Copyright 2015-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -144,7 +144,7 @@ public class UnZipTransformer extends AbstractZipTransformer {
}
}
else {
throw new IllegalStateException("Unsupported zipResultType " + zipResultType);
throw new IllegalStateException("Unsupported zipResultType: " + zipResultType);
}
}
@@ -156,7 +156,9 @@ public class UnZipTransformer extends AbstractZipTransformer {
/* If we see the relative traversal string of ".." we need to make sure
* that the outputdir + name doesn't leave the outputdir.
*/
if (!destinationFile.getCanonicalPath().startsWith(workDirectory.getCanonicalPath())) {
if (!destinationFile.getCanonicalPath()
.startsWith(tempDir.getCanonicalPath() + File.separator)) {
throw new ZipException("The file " + zipEntryName +
" is trying to leave the target output directory of " + workDirectory);
}
@@ -188,8 +190,7 @@ public class UnZipTransformer extends AbstractZipTransformer {
}
}
}
finally {
IOUtils.closeQuietly(inputStream);
if (payload instanceof File && this.deleteFiles) {
final File filePayload = (File) payload;
@@ -200,6 +201,9 @@ public class UnZipTransformer extends AbstractZipTransformer {
}
}
}
finally {
IOUtils.closeQuietly(inputStream);
}
return unzippedData;
}
catch (Exception e) {