Skip to content

Comments

fix: prevent rogue base suppression files#7544

Merged
aikebah merged 6 commits intomainfrom
scratch/ensureCorrectBase
Mar 27, 2025
Merged

fix: prevent rogue base suppression files#7544
aikebah merged 6 commits intomainfrom
scratch/ensureCorrectBase

Conversation

@jeremylong
Copy link
Collaborator

Description of Change

PR #7541 showed the maintainers that it was possible for a rogue library to add a suppression file

Have test cases been added to cover the new functionality?

No, existing test cases appropriately load the suppression file. A negative test case was not added.

@boring-cyborg boring-cyborg bot added core changes to core utils changes to utils labels Mar 22, 2025
@jeremylong jeremylong requested a review from aikebah March 22, 2025 11:44
aikebah
aikebah previously approved these changes Mar 22, 2025
Copy link
Collaborator

@aikebah aikebah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aikebah
Copy link
Collaborator

aikebah commented Mar 26, 2025

Looking once more at the code I was thinking... why are we even bothering to go through so many loopholes when the only thing we want to load in the end is the resource we expect to find.

Can you see any reason to not simply apply a KISS principle and try to load 'the resource-URL we expect based on the codesource' rather than validating the resource-URLs discovered by java and only load when the resource-URL matches what we expect to find?

@jeremylong
Copy link
Collaborator Author

Thanks for the suggestion. See the updated code.

@jeremylong jeremylong requested a review from aikebah March 27, 2025 11:32
Copy link
Collaborator

@aikebah aikebah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aikebah aikebah added this to the 12.1.1 milestone Mar 27, 2025
@aikebah aikebah merged commit c480822 into main Mar 27, 2025
8 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 27, 2025
@aikebah aikebah deleted the scratch/ensureCorrectBase branch May 4, 2025 20:50
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

core changes to core utils changes to utils

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants