From e7f7e70992d361d8b7a3298ddcdf49dda2fdc842 Mon Sep 17 00:00:00 2001
From: Olivier Lamy <olamy@apache.org>
Date: Tue, 14 Mar 2023 12:33:58 +1000
Subject: [PATCH] fix tomcat:run with last log4j api and multi release jars

Signed-off-by: Olivier Lamy <olamy@apache.org>
---
 .../web/api/DefaultFileUploadService.java     |  17 ++-
 .../archiva/upload/UploadArtifactsTest.java   |   5 +-
 .../archiva-web/archiva-webapp/pom.xml        | 109 ++++++++++++++++++
 3 files changed, 124 insertions(+), 7 deletions(-)

diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
index 71199866c..83b3a3e6f 100644
--- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
+++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
@@ -50,6 +50,7 @@ import org.apache.archiva.xml.XMLException;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.BooleanUtils;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.SystemUtils;
 import org.apache.cxf.jaxrs.ext.multipart.Attachment;
@@ -279,11 +280,11 @@ public class DefaultFileUploadService
                          boolean generatePom )
         throws ArchivaRestServiceException
     {
-        repositoryId = StringUtils.trim( repositoryId );
-        groupId = StringUtils.trim( groupId );
-        artifactId = StringUtils.trim( artifactId );
-        version = StringUtils.trim( version );
-        packaging = StringUtils.trim( packaging );
+        repositoryId = StringEscapeUtils.escapeJavaScript( StringUtils.trim( repositoryId ) );
+        groupId = StringEscapeUtils.escapeJavaScript( StringUtils.trim( groupId ) );
+        artifactId = StringEscapeUtils.escapeJavaScript( StringUtils.trim( artifactId ) );
+        version = StringEscapeUtils.escapeJavaScript( StringUtils.trim( version ) );
+        packaging = StringEscapeUtils.escapeJavaScript( StringUtils.trim( packaging ) );
 
         checkParamChars("repositoryId", repositoryId);
         checkParamChars("groupId", groupId);
@@ -377,6 +378,12 @@ public class DefaultFileUploadService
 
             ManagedRepository repoConfig = managedRepositoryAdmin.getManagedRepository( repositoryId );
 
+            repositoryId = StringEscapeUtils.escapeJavaScript( StringUtils.trim( repositoryId ) );
+            groupId = StringEscapeUtils.escapeJavaScript( StringUtils.trim( groupId ) );
+            artifactId = StringEscapeUtils.escapeJavaScript( StringUtils.trim( artifactId ) );
+            version = StringEscapeUtils.escapeJavaScript( StringUtils.trim( version ) );
+            packaging = StringEscapeUtils.escapeJavaScript( StringUtils.trim( packaging ) );
+
             ArtifactReference artifactReference = new ArtifactReference();
             artifactReference.setArtifactId( artifactId );
             artifactReference.setGroupId( groupId );
diff --git a/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/upload/UploadArtifactsTest.java b/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/upload/UploadArtifactsTest.java
index f3d82cf97..e15cb6a7b 100644
--- a/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/upload/UploadArtifactsTest.java
+++ b/archiva-modules/archiva-web/archiva-web-common/src/test/java/org/apache/archiva/upload/UploadArtifactsTest.java
@@ -28,7 +28,6 @@ import org.apache.archiva.test.utils.ArchivaBlockJUnit4ClassRunner;
 import org.apache.archiva.web.api.FileUploadService;
 import org.apache.archiva.web.model.FileMetadata;
 import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
 import org.apache.catalina.deploy.ApplicationParameter;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.commons.io.FileUtils;
@@ -337,7 +336,9 @@ public class UploadArtifactsTest
             meta = service.post( body );
             log.debug( "Metadata {}", meta.toString( ) );
             try {
-                service.save("internal", "org", URLEncoder.encode("../../../test", "UTF-8"), URLEncoder.encode("testSave", "UTF-8"), "4", true);
+                service.save("internal", "org",
+                        URLEncoder.encode("../../../test", "UTF-8"),
+                        URLEncoder.encode("testSave", "UTF-8"), "4", true);
                 fail("Error expected, if the content contains bad characters.");
             } catch (ClientErrorException e) {
                 assertEquals(422, e.getResponse().getStatus());
diff --git a/archiva-modules/archiva-web/archiva-webapp/pom.xml b/archiva-modules/archiva-web/archiva-webapp/pom.xml
index effe7b9d8..da9b48c98 100644
--- a/archiva-modules/archiva-web/archiva-webapp/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/pom.xml
@@ -45,6 +45,7 @@
     <archiva.repositorySessionFactory.id>jcr</archiva.repositorySessionFactory.id>
     <cassandra.host>localhost</cassandra.host>
     <cassandra.port>9160</cassandra.port>
+    <tomcat7Version>7.0.76</tomcat7Version>
   </properties>
 
   <dependencies>
@@ -852,6 +853,7 @@
             <org.apache.sirona.configuration.sirona.properties>${archiva.sirona.configuration}</org.apache.sirona.configuration.sirona.properties>
             <AsyncLoggerConfig.WaitStrategy>Block</AsyncLoggerConfig.WaitStrategy>
             <AsyncLogger.WaitStrategy>Block</AsyncLogger.WaitStrategy>
+            <tomcat.util.scan.DefaultJarScanner.jarsToSkip>log4j-*.jar</tomcat.util.scan.DefaultJarScanner.jarsToSkip>
           </systemProperties>
           <additionalClasspathDirs>
             <additionalClasspathDir>${basedir}/src/test/tomcat</additionalClasspathDir>
@@ -868,6 +870,113 @@
             <artifactId>mail</artifactId>
             <version>${javaxMailVersion}</version>
           </dependency>
+          <!-- insane but needed because of this https://bz.apache.org/bugzilla/show_bug.cgi?id=60688 -->
+          <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-util</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-coyote</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-api</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jdbc</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-dbcp</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-servlet-api</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jsp-api</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jasper</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-jasper-el</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-el-api</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-catalina</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-tribes</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-catalina-ha</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-annotations-api</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <!-- tomcat i18n too ?? -->
+
+          <!-- not sure we need that -->
+          <dependency>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>tomcat-juli</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+
+          <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-logging-juli</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
+          <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-logging-log4j</artifactId>
+            <version>${tomcat7Version}</version>
+          </dependency>
         </dependencies>
       </plugin>
 
-- 
2.39.5