maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <>
Subject [jira] [Updated] (MJAVADOC-585) Incorrect quoting and escaping of nonProxyHosts-information from settings.xml
Date Fri, 17 May 2019 10:17:00 GMT


Michael Osipov updated MJAVADOC-585:
    Fix Version/s:     (was: 3.1.1)

> Incorrect quoting and escaping of nonProxyHosts-information from settings.xml
> -----------------------------------------------------------------------------
>                 Key: MJAVADOC-585
>                 URL:
>             Project: Maven Javadoc Plugin
>          Issue Type: Bug
>          Components: jar, javadoc
>    Affects Versions: 3.1.0
>         Environment: Maven 3.6.0 on RHEL 7.6 using OpenJDK and Bash; Maven
3.6.0 on Windows 7 using Oracle JDK 8 Update 201 and Windows-CMD
>            Reporter: Paul Busch
>            Assignee: Michael Osipov
>            Priority: Major
>             Fix For: next-release
> At my development site, I am behind a proxy server. That proxy server is configured in
my {{settings.xml}} in a corresponding {{proxies/proxy}}-section.
> For site-deployments I use an internal server named {{my-site-host}}.
> To bypass the proxy for access to {{my-site-host}} and several other hosts in the local
network, there is a {{nonProxyHosts}}-element in the proxy-configuration-section of my {{settings.xml}} which
looks like this:
> {code:java}
> <nonProxyHosts>my-site-host|my-nexus-host</nonProxyHosts>
> {code}
> In an internal project {{linking-project,}} which uses a class {{LinkTarget}} from another
internal project {{link-target}} in its API, I would like to have the class {{LinkTarget}}
in the Javadocs of project {{linking-project}} to be displayed as links to the Javadocs of
project {{link-target}}. The Javadocs of project {{link-target}} are published on {{my-site-host}}
as part of a maven-site. To achieve the linking I have configured the {{maven-javadoc-plugin}}
in {{linking-project}} as follows:
> {code:java}
> <configuration>
>     <links>
>         <link>http://my-site-host/link-target/0.1.0-SNAPSHOT/apidocs</link>
>     </links>
> </configuration>
> {code}
> When the report {{javadoc:javadoc}} or the goal {{javadoc:jar}} is executed during the
build, I get the following warning:
> {code:java}
> [WARNING] javadoc: warning - Error fetching URL: http://my-site-host/link-target/0.1.0-SNAPSHOT/apidocs/
> {code}
> As a result, class {{LinkTarget}} in the generated Javadocs is displayed with its fully
qualified class name and not as a link. The expected behavior would be class {{LinkTarget}}
being displayed using its local name only and with an underlying link to the Javadocs of that
class. The problem occurs on both Linux and Windows.
> The problem also occurs when executing the {{javadoc.(sh|bat)}} script, which is generated
in {{target/site/apidocs}} when {{-Ddebug=true}} is used (on Linux using Bash; on Windows using
> The problem seems to be in the handling of the {{nonProxyHosts}}-information from the
{{settings.xml}} in {{AbstractJavadocMojo}}. In method {{addProxyArg(Commandline)}} this information
is (in two places) handled as follows:
> {code:java}
> cmd.createArg().setValue( "-J-Dhttp.nonProxyHosts=\""
>         + httpProxy.getNonProxyHosts().replace( "|", "^|" ) + "\"" );
> {code}
> When the report/goal is executed, the {{Commandline}}-object is delegated to {{CommandLineUtils.executeCommandLine(...)}}
which in the end delegates to the {{javadoc}}-program using {{Runtime.exec(...)}}. {{Runtime.exec(...)}} is
fed the command line parts as an array of Strings and apparently does not need any quoting
and escaping. When looking at it in a debugger the {{nonProxyHosts}}-information – escaped
with the code above – is passed to the {{javadoc}}-program as {{"-J-Dhttp.nonProxyHosts=\"my-site-host^|my-nexus-host\""}}.
I guess this value is split by the {{javadoc}}-program at the pipe symbol, resulting in {{"my-site-host^}}
and {{my-nexus-host"}} as the two host names. Thus the {{javadoc}}-program bypasses the proxy
for the nonexisting/nonsense host name {{"my-site-host^}} (with a leading quote and a trailing
caret) but uses the proxy for the actual host {{my-site-host}} causing the malfuntion and
the warning.
> For the sake of the report/goal-execution the above code could be fixed as follows:
> {code:java}
> cmd.createArg().setValue( "-J-Dhttp.nonProxyHosts=" + httpProxy.getNonProxyHosts() );
> {code}
> i.e. no quoting and no escaping of pipe symbols.
> This code change albeit completely breaks the generated {{javadoc.(sh|bat)}}-scripts
generated in {{target/site/apidocs}} with {{-Ddebug=true}}. While {{Runtime.exec(...)}} *must
not* have quoting and escaping, Windows-CMD and Bash, for which the scripts are generated,
*need* special handling. Otherwise the pipe symbols in {{nonProxyHosts}} will be interpreted
as redirection of output to the input of another program.
> The following aspects need to be observed regarding the generation of the debug scripts:
>  # The scripts may be based on the {{Commandline}}-object but must have the pipe symbol
>  # Quoting is not necessary when the pipe symbol is properly escaped and the host-names
do not contain whitespace – I would take no-whitespace-hostnames for granted.
>  # The pipe symbol must be escaped in the way that matches the platform – escaping
the pip symbol with a caret {{^}} is specific to Windows-CMD, for Linux/Bash the escaping
must be done with a backslash {{\}}.
> This could be achieved with a code change in addition to the one above. The additional
change could be in {{AbstractJavadocMojo.writeDebugJavadocScript(...)}} or – consistent
with the existing code – in all places where {{CommandLineUtils.toString( cmd.getCommandline()
).replaceAll( "'", "" )}} is called (three occurrences in {{AbstractJavadocMojo.executeJavadocCommandLine(...)}},
one for logging and two for generating the debug script). The latter variant could look like
this for the script generation, the logging code would be very similar:
> {code:java}
> String pipeSymbolEscape = "\\\\|";
> if ( SystemUtils.IS_OS_WINDOWS )
> {
>     pipeSymbolEscape = "^|";
> }
> cmdLine = CommandLineUtils.toString( cmd.getCommandline() ).replaceAll( "'", "" )
>         .replaceAll( "\\|", pipeSymbolEscape );
> writeDebugJavadocScript( cmdLine, javadocOutputDirectory );
> {code}

This message was sent by Atlassian JIRA

View raw message