[
https://issues.apache.org/jira/browse/MWRAPPER-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17477885#comment-17477885
]
Jorge Solórzano commented on MWRAPPER-51:
-----------------------------------------
Sure, that's definitely one of my goals, yet just to make a small note,
currently, the project uses Java 8 for the tests as some plugins/deps require
it, specifically mrm-maven-plugin and Mockito.
I can downgrade the dependencies to be able to build it successfully in Java 7
(with tests), but there is probably no benefit for it since right now Java 8 is
used with the target to Java 7.
> Improve MavenWrapperDownloader.java using Java Path API (NIO.2)
> ---------------------------------------------------------------
>
> Key: MWRAPPER-51
> URL: https://issues.apache.org/jira/browse/MWRAPPER-51
> Project: Maven Wrapper
> Issue Type: Improvement
> Components: Maven Wrapper Scripts
> Affects Versions: 3.1.0
> Reporter: Jorge Solórzano
> Priority: Normal
>
> MavenWrapperDownloader.java could be improved by using the Java Path API
> (NIO.2) available since Java 7 and also include some checks in paths.
> Also, Snyk reports a potential vulnerability of Unsanitized input from a
> command-line argument flows into java.io.File* where it is used as a path.
> This may result in a Path Traversal vulnerability and allow an attacker to
> read/write arbitrary files.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
