Skip to content

wagon-ssh-external: Use absolute-dir in case localFile.getParentFile returns null #817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sgothel wants to merge 1 commit into
base: wagon-3.x
Choose a base branch
from
Open

wagon-ssh-external: Use absolute-dir in case localFile.getParentFile returns null #817

sgothel wants to merge 1 commit into from

Conversation

@sgothel
Copy link

@sgothel sgothel commented Sep 6, 2025
edited
Loading

If using mvn gpg:sign-and-deploy-file as shown below, localFile becomes e.g. gluegen-2.6.0-sources.jar, i.e. relative and w/o parent-directory. Hence localFile.getParentFile() returns null and the previous code fails to transport the file.

mvn -e gpg:sign-and-deploy-file  \
  -DpomFile=pom.xml"             \
  -Dfile=gluegen.jar"            \
  -Dfiles=gluegen-2.6.0-sources.jar,gluegen-2.6.0-javadoc.jar" \
  -Dclassifiers=sources,javadoc" \
  -Dtypes=jar,jar"               \
  -Durl=scpexe://jordan/srv/www/jordan/deployment/maven/ \
  -DrepositoryId=jordan-mirror

This patch uses the localFile.getAbsoluteFile() in case localFile.getParentFile() returns null and renders wagon-ssh-external functional w/ above mvn gpg:sign-and-deploy-file

Tested via mvn install -Dmaven.test.skip and mvn install and JogAmp's maven install scripts at https://jogamp.org/cgit/jogamp-scripting.git/.

Following this checklist to help us incorporate your
contribution quickly and easily:

  • Your pull request should address just one issue, without pulling in other changes.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Each commit in the pull request should have a meaningful subject line and body.
    Note that commits might be squashed by a maintainer on merge.
  • Write unit tests that match behavioral changes, where the tests fail if the changes to the runtime are not applied.
    This may not always be possible but is a best-practice.
  • Run mvn verify to make sure basic checks pass.
    A more thorough check will be performed on your pull request automatically.
  • You have run the integration tests successfully (mvn -Prun-its verify).

If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.

To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

@sgothel
wagon-ssh-external: Use absolute-dir in case localFile.getParentFile(…
e8ffd15 
…) returns null

If using `mvn gpg:sign-and-deploy-file` as shown below,
localFile becomes e.g. `gluegen-2.6.0-sources.jar`, i.e. relative and w/o parent-directory.
Hence localFile.getParentFile() returns null and the previous code fails to transport the file.

```
mvn -e gpg:sign-and-deploy-file  \
  -DpomFile=pom.xml"             \
  -Dfile=gluegen.jar"            \
  -Dfiles=gluegen-2.6.0-sources.jar,gluegen-2.6.0-javadoc.jar" \
  -Dclassifiers=sources,javadoc" \
  -Dtypes=jar,jar"               \
  -Durl=scpexe://jordan/srv/www/jordan/deployment/maven/ \
  -DrepositoryId=jordan-mirror
```

This patch uses the localFile.getAbsoluteFile() in case localFile.getParentFile() returns null
and renders wagon-ssh-external functional w/ above `mvn gpg:sign-and-deploy-file`

Tested via `mvn install -Dmaven.test.skip` and `mvn install`
and JogAmp's maven install scripts at <https://jogamp.org/cgit/jogamp-scripting.git/>.
sgothel added a commit to JogAmp/jogamp-scripting that referenced this pull request Sep 6, 2025
@sgothel
Bump wagon-ssh-external 3.5.3 -> 3.5.4-SNAPSHOT (own patch)
82ae2c8 
Using patched `wagon-ssh-external` version `3.5.4-SNAPSHOT`,
as this version allows processing relative file names
- [patch](sgothel/maven-wagon@e8ffd15)
- [merge request](apache/maven-wagon#817)
@sgothel
Copy link
Author

sgothel commented Sep 10, 2025

bump, is this the right channel to ask for a merge? @olamy ?
I surely also like to see this MR cherry picked over to master.

@slachiewicz slachiewicz requested a review from Copilot December 29, 2025 20:31
Copilot AI reviewed Dec 29, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a bug where ScpExternalWagon fails when mvn gpg:sign-and-deploy-file is used with relative file paths. When a file is specified as a relative path (e.g., gluegen-2.6.0-sources.jar), the getParentFile() method returns null, causing the original code to fail with a NullPointerException.

Key changes:

  • Added null check for localFile.getParentFile() before setting the working directory
  • Falls back to using getAbsoluteFile().getParentFile() when the parent is null
  • Includes SecurityException handling for the absolute path resolution

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

...h-external/src/main/java/org/apache/maven/wagon/providers/ssh/external/ScpExternalWagon.java
fireTransferError(resource, e, put ? TransferEvent.REQUEST_PUT : TransferEvent.REQUEST_GET);

throw new TransferFailedException("Error accessing absolute path of " + localFile, e);
}
Copy link

Copilot AI Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After obtaining the absolute file, there's still no null check on the second call to getParentFile(). According to Java documentation, getAbsoluteFile().getParentFile() can still return null for filesystem roots (e.g., "/" on Unix or "C:" on Windows). This would cause a NullPointerException on line 243 when calling parentFile.getAbsolutePath(). Consider adding a null check after line 236 and throwing a TransferFailedException with a descriptive message if parentFile is still null.

Suggested change
}
}
if (parentFile == null) {
TransferFailedException e =
new TransferFailedException("Cannot determine parent directory of " + localFile);
fireTransferError(resource, e, put ? TransferEvent.REQUEST_PUT : TransferEvent.REQUEST_GET);
throw e;
}

Copilot uses AI. Check for mistakes.
...h-external/src/main/java/org/apache/maven/wagon/providers/ssh/external/ScpExternalWagon.java
Comment on lines +232 to +242
File parentFile = localFile.getParentFile();
if (null == parentFile) {
try {
File abs = localFile.getAbsoluteFile();
parentFile = abs.getParentFile();
} catch (SecurityException e) {
fireTransferError(resource, e, put ? TransferEvent.REQUEST_PUT : TransferEvent.REQUEST_GET);

throw new TransferFailedException("Error accessing absolute path of " + localFile, e);
}
}
Copy link

Copilot AI Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change introduces new behavior for handling relative file paths without test coverage. Since the repository already has test files for ScpExternalWagon, consider adding a test case that verifies the behavior when localFile.getParentFile() returns null (e.g., when using a relative path like "gluegen-2.6.0-sources.jar"). This would help ensure the fix works as intended and prevent regressions.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sgothel