View Javadoc
1   package org.apache.maven.plugins.enforcer;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import java.util.HashSet;
23  import java.util.List;
24  import java.util.Set;
25  
26  import org.apache.commons.lang3.StringUtils;
27  import org.apache.maven.artifact.Artifact;
28  import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
29  import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
30  import org.apache.maven.plugin.logging.Log;
31  import org.apache.maven.plugins.enforcer.utils.ArtifactMatcher;
32  import org.apache.maven.plugins.enforcer.utils.ArtifactMatcher.Pattern;
33  
34  /**
35   * This rule checks that lists of dependencies are not included.
36   * 
37   * @author <a href="mailto:brianf@apache.org">Brian Fox</a>
38   * @version $Id: BannedDependencies.java 1802595 2017-07-21 13:39:48Z rfscholte $
39   */
40  public class BannedDependencies
41      extends AbstractBanDependencies
42  {
43  
44      /**
45       * Specify the banned dependencies. This can be a list of artifacts in the format
46       * <code>groupId[:artifactId][:version]</code>. Any of the sections can be a wildcard 
47       * by using '*' (ie group:*:1.0) <br>
48       * The rule will fail if any dependency matches any exclude, unless it also matches 
49       * an include rule.
50       * 
51       * @see {@link #setExcludes(List)}
52       * @see {@link #getExcludes()}
53       */
54      private List<String> excludes = null;
55  
56      /**
57       * Specify the allowed dependencies. This can be a list of artifacts in the format
58       * <code>groupId[:artifactId][:version]</code>. Any of the sections can be a wildcard 
59       * by using '*' (ie group:*:1.0) <br>
60       * Includes override the exclude rules. It is meant to allow wide exclusion rules 
61       * with wildcards and still allow a
62       * smaller set of includes. <br>
63       * For example, to ban all xerces except xerces-api -> exclude "xerces", include "xerces:xerces-api"
64       * 
65       * @see {@link #setIncludes(List)}
66       * @see {@link #getIncludes()}
67       */
68      private List<String> includes = null;
69  
70      @Override
71      protected Set<Artifact> checkDependencies( Set<Artifact> theDependencies, Log log )
72          throws EnforcerRuleException
73      {
74  
75          Set<Artifact> excluded = checkDependencies( theDependencies, excludes );
76  
77          // anything specifically included should be removed
78          // from the ban list.
79          if ( excluded != null )
80          {
81              Set<Artifact> included = checkDependencies( theDependencies, includes );
82  
83              if ( included != null )
84              {
85                  excluded.removeAll( included );
86              }
87          }
88          return excluded;
89  
90      }
91  
92      /**
93       * Checks the set of dependencies against the list of patterns.
94       * 
95       * @param thePatterns the patterns
96       * @param dependencies the dependencies
97       * @return a set containing artifacts matching one of the patterns or <code>null</code>
98       * @throws EnforcerRuleException the enforcer rule exception
99       */
100     private Set<Artifact> checkDependencies( Set<Artifact> dependencies, List<String> thePatterns )
101         throws EnforcerRuleException
102     {
103         Set<Artifact> foundMatches = null;
104 
105         if ( thePatterns != null && thePatterns.size() > 0 )
106         {
107 
108             for ( String pattern : thePatterns )
109             {
110                 String[] subStrings = pattern.split( ":" );
111                 subStrings = StringUtils.stripAll( subStrings );
112                 String resultPattern = StringUtils.join( subStrings, ":" );
113 
114                 for ( Artifact artifact : dependencies )
115                 {
116                     if ( compareDependency( resultPattern, artifact ) )
117                     {
118                         // only create if needed
119                         if ( foundMatches == null )
120                         {
121                             foundMatches = new HashSet<Artifact>();
122                         }
123                         foundMatches.add( artifact );
124                     }
125                 }
126             }
127         }
128         return foundMatches;
129     }
130 
131     /**
132      * Compares the given pattern against the given artifact. The pattern should follow the format
133      * <code>groupId:artifactId:version:type:scope:classifier</code>.
134      * 
135      * @param pattern The pattern to compare the artifact with.
136      * @param artifact the artifact
137      * @return <code>true</code> if the artifact matches one of the patterns
138      * @throws EnforcerRuleException the enforcer rule exception
139      */
140     protected boolean compareDependency( String pattern, Artifact artifact )
141         throws EnforcerRuleException
142     {
143 
144         ArtifactMatcher.Pattern am = new Pattern( pattern );
145         boolean result;
146         try
147         {
148             result = am.match( artifact );
149         }
150         catch ( InvalidVersionSpecificationException e )
151         {
152             throw new EnforcerRuleException( "Invalid Version Range: ", e );
153         }
154 
155         return result;
156     }
157 
158     /**
159      * Gets the excludes.
160      * 
161      * @return the excludes
162      */
163     public List<String> getExcludes()
164     {
165         return this.excludes;
166     }
167 
168     /**
169      * Specify the banned dependencies. This can be a list of artifacts in the format
170      * <code>groupId[:artifactId][:version]</code>. Any of the sections can be a wildcard 
171      * by using '*' (ie group:*:1.0) <br>
172      * The rule will fail if any dependency matches any exclude, unless it also matches an 
173      * include rule.
174      * 
175      * @see #getExcludes()
176      * @param theExcludes the excludes to set
177      */
178     public void setExcludes( List<String> theExcludes )
179     {
180         this.excludes = theExcludes;
181     }
182 
183     /**
184      * Gets the includes.
185      * 
186      * @return the includes
187      */
188     public List<String> getIncludes()
189     {
190         return this.includes;
191     }
192 
193     /**
194      * Specify the allowed dependencies. This can be a list of artifacts in the format
195      * <code>groupId[:artifactId][:version]</code>. Any of the sections can be a wildcard 
196      * by using '*' (ie group:*:1.0) <br>
197      * Includes override the exclude rules. It is meant to allow wide exclusion rules with 
198      * wildcards and still allow a
199      * smaller set of includes. <br>
200      * For example, to ban all xerces except xerces-api → exclude "xerces",
201      * include "xerces:xerces-api"
202      * 
203      * @see #setIncludes(List)
204      * @param theIncludes the includes to set
205      */
206     public void setIncludes( List<String> theIncludes )
207     {
208         this.includes = theIncludes;
209     }
210 
211 }