Expanding yarn-v1.16.0/LICENSE would create file outside of c:\code\frontend-bug\target\node\yarn
See original GitHub issueDo you want to request a feature or report a bug?
Bug.
What is the current behavior?
The plugin believes that c:\code\frontend-bug\target\node\yarn-v1.16.0\LICENSE would fall outside of c:\code\frontend-bug\target and stops execution.
I believe the bug is found in com.github.eirslett.maven.plugins.frontend.lib.ArchiveExtractor
. The format of destPath.getCanonicalPath()
could be different from destinationDirectory
due to platform differences.
final File destPath = new File(destinationDirectory + File.separator + tarEntry.getName());
prepDestination(destPath, tarEntry.isDirectory());
if (!destPath.getCanonicalPath().startsWith(destinationDirectory)) {
throw new IOException(
"Expanding " + tarEntry.getName() + " would create file outside of " + destinationDirectory
);
}
If the current behavior is a bug, please provide the steps to reproduce.
The bug does not always occur. We have Windows 10 laptops with IBM corporate bloatware installed. Out of five people, three experienced this issue. Two were magically fixed by installing MinGW on their machines and putting it on PATH variable. One persists, so it could be a coincidence.
A simple c:\code\frontend-bug\pom.xml file that reproduces the issue on my machine:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>frigo</groupId>
<artifactId>frontend-bug</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<build>
<plugins>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<version>1.7.6</version>
<executions>
<execution>
<id>install node and yarn</id>
<goals>
<goal>install-node-and-yarn</goal>
</goals>
<phase>generate-resources</phase>
</execution>
</executions>
<configuration>
<nodeVersion>v12.2.0</nodeVersion>
<yarnVersion>v1.16.0</yarnVersion>
<installDirectory>target</installDirectory>
</configuration>
</plugin>
</plugins>
</build>
</project>
What is the expected behavior?
The plugin extracts the contents of yarn-v.1.16.0.tar.gz into c:\code\frontend-bug\target\node\ and continues execution.
Please mention your frontend-maven-plugin and operating system version.
frontend-maven-plugin: 1.7.6 windows: Windows 10 Enterprise 1809 17763.437
Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-24T20:49:05+01:00) Maven home: c:\Program Files\maven\bin.. Java version: 1.8.0_171, vendor: Oracle Corporation Java home: c:\Program Files\Java\jdk1.8.0_171\jre Default locale: en_US, platform encoding: Cp1252 OS name: “windows 10”, version: “10.0”, arch: “amd64”, family: “windows”
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:10 (3 by maintainers)
Top GitHub Comments
It is released now! Version 1.9.0.
I had a similar issues with symbolic links on Linux and
getCanonicalPath()
. I think my fix in #816 would also solve this issue.