[jira] [Created] (MNG-8044) Able to circumvent private variables using @parameter in maven plugin

Wed, 07 Feb 2024 02:29:07 -0800 

Elango created MNG-8044:
---------------------------

             Summary: Able to circumvent private variables using @parameter in 
maven plugin
                 Key: MNG-8044
                 URL: https://issues.apache.org/jira/browse/MNG-8044
             Project: Maven
          Issue Type: Bug
          Components: Plugins and Lifecycle
            Reporter: Elango
         Attachments: test-plugin.zip, test.zip

This affects all released Maven versions so far.

*Problem description:*
By implementing a mojo in a certain way, able to circumvent private variables 
which is a violation of the language rule where private variables should not be 
accessible outside the class declared.

*Steps to Reproduce:*
1. Create an abstract Java class extending _AbstractMojo_ with a private 
variable annotated with @Parameter.
2. Create a derived class for this class variable and declare a variable with 
the same variable name as used in abstract class from step 1.
3. Package and use the plugin, to check the values injected into the derived 
class.

Expectation is value should be injected into the variable annotated with 
@Parameter in abstract class from step 1, rather it is injected into derived 
class from step 2. I couldn't track down the functionality in Maven that is 
responsible for this, but I guess it narrows down to how dependency injection 
is done for the annotated Parameter in Maven (either with sisu or plexus 
containers)

Please find the attachment for the sample project reproducing this scenario.

[INFO] --------------------------< com.example:test >--------------------------
[INFO] Building test 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ test ---
[INFO]
[INFO] --- test-plugin:0.0.1-SNAPSHOT:hello (hello) @ test ---
*[INFO] 0.0.1-SNAPSHOT*   --> Value injected in derived class
*[INFO] Password is null*     --> Value should be injected here, instead null
[INFO]

*Tested in:*
Maven version : 3.9.6
Java version : 11
Java distribution : OpenJDK 64-Bit Server VM (Red_Hat-11.0.18+10-1) (build 
11.0.18+10-LTS, mixed mode)
OS : Windows 10

 

Thank you for your time and dedication to maintaining open-source software.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to