New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[xml] ProjectVersionAsDependencyVersion false positive #715

Closed
adangel opened this Issue Nov 6, 2017 · 0 comments

Comments

Projects
None yet
2 participants
@adangel
Member

adangel commented Nov 6, 2017

Rule Set: POM / ProjectVersionAsDependencyVersion

Description:
The rule just looks for usages of ${project.version} and ignores valid usages.

Code Sample demonstrating the issue:

    <test-code>
        <description>Valid usage child modules</description>
        <expected-problems>0</expected-problems>
        <code><![CDATA[
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <artifactId>a-child</artifactId>

    <parent>
        <groupId>net.sourceforge.pmd</groupId>
        <artifactId>parent</artifactId>
        <version>1.0.0-SNAPSHOT</version>
    </parent>

    <dependencies>
        <dependency>
            <groupId>net.sourceforge.pmd</groupId>
            <artifactId>a-different-child</artifactId>
            <version>${project.version}</version>
        </dependency>
    </dependencies>
</project>
     ]]></code>
        <source-type>pom</source-type>
    </test-code>

The XPath could be improved to be this:

/project[version]/dependencies/dependency/version/text[contains(@Image,'{project.version}')]

which will require an own version tag. But we probably should somehow look at the groupId of this project (could be inherited from parent) and the groupId of the dependency, which uses "project.version".

@adangel adangel added this to the 6.1.0 milestone Nov 9, 2017

@adangel adangel added the a:bug label Nov 9, 2017

@adangel adangel modified the milestones: 6.1.0, 6.2.0 Feb 25, 2018

@adangel adangel modified the milestones: 6.2.0, 6.3.0 Mar 26, 2018

@jsotuyod jsotuyod added a:false-positive and removed a:bug labels Apr 3, 2018

@adangel adangel modified the milestones: 6.3.0, 6.4.0 Apr 28, 2018

@adangel adangel modified the milestones: 6.4.0, 6.5.0 May 29, 2018

@adangel adangel self-assigned this May 30, 2018

@adangel adangel added the has:pr label May 30, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment