diff --git a/maven/lib/dependabot/maven/file_parser/property_value_finder.rb b/maven/lib/dependabot/maven/file_parser/property_value_finder.rb
index 7a0fea2ed0..03fb56f9e0 100644
--- a/maven/lib/dependabot/maven/file_parser/property_value_finder.rb
+++ b/maven/lib/dependabot/maven/file_parser/property_value_finder.rb
@@ -91,7 +91,8 @@ def parent_pom(pom)
def parent_repository_urls(pom)
repositories_finder.repository_urls(
pom: pom,
- exclude_inherited: true
+ exclude_inherited: true,
+ exclude_snapshots: false
)
end
diff --git a/maven/lib/dependabot/maven/file_parser/repositories_finder.rb b/maven/lib/dependabot/maven/file_parser/repositories_finder.rb
index f7354991bc..bede25dd77 100644
--- a/maven/lib/dependabot/maven/file_parser/repositories_finder.rb
+++ b/maven/lib/dependabot/maven/file_parser/repositories_finder.rb
@@ -43,7 +43,7 @@ def central_repo_url
end
# Collect all repository URLs from this POM and its parents
- def repository_urls(pom:, exclude_inherited: false)
+ def repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true)
entries = gather_repository_urls(pom: pom, exclude_inherited: exclude_inherited)
ids = Set.new
@known_urls += entries.map do |entry|
@@ -54,7 +54,8 @@ def repository_urls(pom:, exclude_inherited: false)
end
@known_urls = @known_urls.uniq.compact
- urls = urls_from_credentials + @known_urls.map { |entry| entry[:url] }
+ urls = urls_from_credentials + @known_urls.reject { |entry| exclude_snapshots && entry[:snapshots] }
+ .map { |entry| entry[:url] }
urls += [central_repo_url] unless @known_urls.any? { |entry| entry[:id] == super_pom[:id] }
urls.uniq
end
@@ -69,14 +70,35 @@ def super_pom
{ url: central_repo_url, id: "central" }
end
+ def serialize_mvn_repo(entry)
+ {
+ url: entry.at_css("url").content.strip,
+ id: entry.at_css("id").content.strip,
+ snapshots: entry.at_css("snapshots > enabled")&.content&.strip,
+ releases: entry.at_css("releases > enabled")&.content&.strip
+ }
+ end
+
+ def snapshot_repo(entry)
+ entry[:snapshots] == "true" && (entry[:releases].nil? || entry[:releases] == "false")
+ end
+
+ def serialize_urls(entry, pom)
+ {
+ url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""),
+ id: entry[:id],
+ snapshots: snapshot_repo(entry)
+ }
+ end
+
def gather_repository_urls(pom:, exclude_inherited: false)
repos_in_pom =
Nokogiri::XML(pom.content)
.css(REPOSITORY_SELECTOR)
- .map { |node| { url: node.at_css("url").content.strip, id: node.at_css("id").content.strip } }
+ .map { |node| serialize_mvn_repo(node) }
.reject { |entry| contains_property?(entry[:url]) && !evaluate_properties? }
.select { |entry| entry[:url].start_with?("http") }
- .map { |entry| { url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""), id: entry[:id] } }
+ .map { |entry| serialize_urls(entry, pom) }
return repos_in_pom if exclude_inherited
diff --git a/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb b/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb
index f26e406555..1c6ac22238 100644
--- a/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb
+++ b/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb
@@ -105,6 +105,25 @@
)
end
+ it "snapshots repositories are returned" do
+ custom_pom = Dependabot::DependencyFile.new(
+ name: "pom.xml",
+ content: fixture("poms", "custom_repositories_pom.xml")
+ )
+ expect(finder.repository_urls(pom: custom_pom, exclude_snapshots: false)).to eq(
+ %w(
+ http://scala-tools.org/repo-releases
+ http://repository.jboss.org/maven2
+ https://oss.sonatype.org/content/repositories/snapshots-only
+ https://oss.sonatype.org/content/repositories/snapshots-with-releases
+ http://plugin-repository.jboss.org/maven2
+ https://oss.sonatype.org/content/repositories/plugin-snapshots-only
+ https://oss.sonatype.org/content/repositories/plugin-snapshots-with-releases
+ https://repo.maven.apache.org/maven2
+ )
+ )
+ end
+
context "that overwrites central" do
let(:base_pom_fixture_name) { "overwrite_central_pom.xml" }
diff --git a/maven/spec/fixtures/poms/custom_repositories_pom.xml b/maven/spec/fixtures/poms/custom_repositories_pom.xml
index 37fc5ed630..ec2e1b9e00 100644
--- a/maven/spec/fixtures/poms/custom_repositories_pom.xml
+++ b/maven/spec/fixtures/poms/custom_repositories_pom.xml
@@ -91,6 +91,23 @@ url>http://github.com/davidB/${project.artifactId}false
+
+ snapshot-only-repository
+ https://oss.sonatype.org/content/repositories/snapshots-only
+
+ true
+
+
+
+ snapshot-with-releases-repository
+ https://oss.sonatype.org/content/repositories/snapshots-with-releases
+
+ false
+
+
+ true
+
+
@@ -105,6 +122,23 @@ url>http://github.com/davidB/${project.artifactId}false
+
+ plugin-snapshot-only-repository
+ https://oss.sonatype.org/content/repositories/plugin-snapshots-only
+
+ true
+
+
+
+ plugin-snapshot-with-releases-repository
+ https://oss.sonatype.org/content/repositories/plugin-snapshots-with-releases
+
+ false
+
+
+ true
+
+