Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Expanding yarn-v1.16.0/LICENSE would create file outside of c:\code\frontend-bug\target\node\yarn

See original GitHub issue

Do you want to request a feature or report a bug?

Bug.

What is the current behavior?

The plugin believes that c:\code\frontend-bug\target\node\yarn-v1.16.0\LICENSE would fall outside of c:\code\frontend-bug\target and stops execution.

I believe the bug is found in com.github.eirslett.maven.plugins.frontend.lib.ArchiveExtractor. The format of destPath.getCanonicalPath() could be different from destinationDirectory due to platform differences.

final File destPath = new File(destinationDirectory + File.separator + tarEntry.getName());
prepDestination(destPath, tarEntry.isDirectory());
if (!destPath.getCanonicalPath().startsWith(destinationDirectory)) {
    throw new IOException(
            "Expanding " + tarEntry.getName() + " would create file outside of " + destinationDirectory
    );
}

If the current behavior is a bug, please provide the steps to reproduce.

The bug does not always occur. We have Windows 10 laptops with IBM corporate bloatware installed. Out of five people, three experienced this issue. Two were magically fixed by installing MinGW on their machines and putting it on PATH variable. One persists, so it could be a coincidence.

A simple c:\code\frontend-bug\pom.xml file that reproduces the issue on my machine:

<project xmlns="http://maven.apache.org/POM/4.0.0" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>frigo</groupId>
    <artifactId>frontend-bug</artifactId>
    <version>1.0.0-SNAPSHOT</version>
    <packaging>jar</packaging>

    <build>
        <plugins>
            <plugin>
                <groupId>com.github.eirslett</groupId>
                <artifactId>frontend-maven-plugin</artifactId>
                <version>1.7.6</version>
                <executions>
                    <execution>
                        <id>install node and yarn</id>
                        <goals>
                            <goal>install-node-and-yarn</goal>
                        </goals>
                        <phase>generate-resources</phase>
                    </execution>
                </executions>
                <configuration>
                    <nodeVersion>v12.2.0</nodeVersion>
                    <yarnVersion>v1.16.0</yarnVersion>
                    <installDirectory>target</installDirectory>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

What is the expected behavior?

The plugin extracts the contents of yarn-v.1.16.0.tar.gz into c:\code\frontend-bug\target\node\ and continues execution.

Please mention your frontend-maven-plugin and operating system version.

frontend-maven-plugin: 1.7.6 windows: Windows 10 Enterprise 1809 17763.437

Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-24T20:49:05+01:00) Maven home: c:\Program Files\maven\bin.. Java version: 1.8.0_171, vendor: Oracle Corporation Java home: c:\Program Files\Java\jdk1.8.0_171\jre Default locale: en_US, platform encoding: Cp1252 OS name: “windows 10”, version: “10.0”, arch: “amd64”, family: “windows”