From cd0aebefa419e92d869b0536dbd9e6a6d71e75fd Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 21 Feb 2025 18:23:55 +0000
Subject: [PATCH 1/4] Add integration test for failure to download a particular
 Maven version

---
 .../diagnostics.expected                      |  84 +++++++++++
 .../java/maven-download-failure/mvn           |  10 ++
 .../java/maven-download-failure/pom.xml       | 133 ++++++++++++++++++
 .../source_archive.expected                   |   7 +
 .../src/main/java/com/example/App.java        |  30 ++++
 .../src/main/resources/my-app.properties      |   1 +
 .../src/main/resources/page.xml               |   8 ++
 .../src/main/resources/struts.xml             |   4 +
 .../src/test/java/com/example/AppTest.java    |  20 +++
 .../java/maven-download-failure/test.py       |  10 ++
 10 files changed, 307 insertions(+)
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/diagnostics.expected
 create mode 100755 java/ql/integration-tests/java/maven-download-failure/mvn
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/pom.xml
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/source_archive.expected
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/test.py

diff --git a/java/ql/integration-tests/java/maven-download-failure/diagnostics.expected b/java/ql/integration-tests/java/maven-download-failure/diagnostics.expected
new file mode 100644
index 000000000000..daabe47a9e9f
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/diagnostics.expected
@@ -0,0 +1,84 @@
+{
+  "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-maven",
+    "name": "Java analysis extracted precise dependency graph information from tool Maven"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "The maven-enforcer-plugin recommended a specific Maven version be used. Trying to download it failed; extraction will continue, but retrieving dependency information from Maven may fail if the system default version is incompatible with project build scripts. Consider checking if a firewall configuration or similar is preventing downloading the required version.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/maven-download-failed",
+    "name": "Java analysis failed to download a Maven version recommended by the maven-enforcer-plugin"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
diff --git a/java/ql/integration-tests/java/maven-download-failure/mvn b/java/ql/integration-tests/java/maven-download-failure/mvn
new file mode 100755
index 000000000000..53df501df2b6
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/mvn
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+>&2 echo "Running mvn wrapper script"
+
+if [ "$1" == "dependency:copy" ]; then
+  >&2 echo "Arguments ($@) look like a dependency:copy command; failing"
+  exit 1
+fi
+
+${REAL_MVN_PATH} "$@"
diff --git a/java/ql/integration-tests/java/maven-download-failure/pom.xml b/java/ql/integration-tests/java/maven-download-failure/pom.xml
new file mode 100644
index 000000000000..ca376ad5ba9d
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/pom.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.example</groupId>
+  <artifactId>maven-sample</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>maven-sample</name>
+  <!-- FIXME change it to the project's website -->
+  <url>http://www.example.com</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.11</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>exec-maven-plugin</artifactId>
+        <groupId>org.codehaus.mojo</groupId>
+        <version>1.1.1</version>
+        <executions>
+          <execution>
+            <id>check-maven-version</id>
+            <phase>package</phase>
+            <goals>
+              <goal>java</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <mainClass>com.example.App</mainClass>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>com.diffplug.spotless</groupId>
+        <artifactId>spotless-maven-plugin</artifactId>
+        <version>2.19.1</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+            <phase>compile</phase>
+          </execution>
+        </executions>
+        <configuration>
+          <java>
+            <licenseHeader>
+              <content>/* FAIL ME */</content>
+            </licenseHeader>
+          </java>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>enforce-maven</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <requireMavenVersion>
+                  <version>[3.1.1,)</version>
+                </requireMavenVersion>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+    <pluginManagement>
+      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+      <plugins>
+        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
+        <plugin>
+          <artifactId>maven-clean-plugin</artifactId>
+          <version>3.1.0</version>
+        </plugin>
+        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
+        <plugin>
+          <artifactId>maven-resources-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-compiler-plugin</artifactId>
+          <version>3.8.0</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-surefire-plugin</artifactId>
+          <version>2.22.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-jar-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-install-plugin</artifactId>
+          <version>2.5.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-deploy-plugin</artifactId>
+          <version>2.8.2</version>
+        </plugin>
+        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
+        <plugin>
+          <artifactId>maven-site-plugin</artifactId>
+          <version>3.7.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-project-info-reports-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>
diff --git a/java/ql/integration-tests/java/maven-download-failure/source_archive.expected b/java/ql/integration-tests/java/maven-download-failure/source_archive.expected
new file mode 100644
index 000000000000..0a86ff54645c
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/source_archive.expected
@@ -0,0 +1,7 @@
+pom.xml
+src/main/java/com/example/App.java
+src/main/resources/my-app.properties
+src/main/resources/page.xml
+src/main/resources/struts.xml
+src/test/java/com/example/AppTest.java
+test-db/working/settings.xml
diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java b/java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java
new file mode 100644
index 000000000000..c9eec918587c
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/src/main/java/com/example/App.java
@@ -0,0 +1,30 @@
+package com.example;
+
+import java.util.regex.Pattern;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+    public static void main( String[] args )
+    {
+        System.out.println( "Hello World!" );
+        String expectedVersion = System.getenv("EXPECT_MAVEN");
+        Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
+        String observedVersion = mavenHome.getFileName().toString();
+        if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
+                System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
+                System.exit(1);
+        }
+        String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
+        String command = System.getProperty("sun.java.command");
+        if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
+                System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
+                System.exit(1);
+        }
+    }
+}
diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties
new file mode 100644
index 000000000000..e566b49a29a8
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/my-app.properties
@@ -0,0 +1 @@
+version=1.0
diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml
new file mode 100644
index 000000000000..2bab459cb031
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/page.xml
@@ -0,0 +1,8 @@
+<html>
+<head>
+<title>A sample</title>
+</head>
+<body>
+<p>Hello world!</p>
+</body>
+</html>
diff --git a/java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml
new file mode 100644
index 000000000000..73fc0c6b9cb6
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/src/main/resources/struts.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<struts>
+This is a sample file
+</struts>
diff --git a/java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java b/java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java
new file mode 100644
index 000000000000..22a94ca6f01c
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/src/test/java/com/example/AppTest.java
@@ -0,0 +1,20 @@
+package com.example;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+{
+    /**
+     * Rigorous Test :-)
+     */
+    @Test
+    public void shouldAnswerWithTrue()
+    {
+        assertTrue( true );
+    }
+}
diff --git a/java/ql/integration-tests/java/maven-download-failure/test.py b/java/ql/integration-tests/java/maven-download-failure/test.py
new file mode 100644
index 000000000000..4f3d8b11fb59
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/test.py
@@ -0,0 +1,10 @@
+import os
+import os.path
+import shutil
+
+def test(codeql, java, check_diagnostics):
+    runenv = {
+        "PATH": os.path.realpath(os.path.dirname(__file__)) + os.pathsep + os.getenv("PATH"),
+        "REAL_MVN_PATH": shutil.which("mvn"),
+    }
+    codeql.database.create(build_mode = "none", _env = runenv)

From 0c99ae28001462d9b95eff9b541baa59d4404e7d Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Wed, 26 Feb 2025 16:02:31 +0000
Subject: [PATCH 2/4] Add Win32 Maven command

---
 .../java/maven-download-failure/.gitattributes              | 6 ++++++
 .../integration-tests/java/maven-download-failure/mvn.cmd   | 1 +
 2 files changed, 7 insertions(+)
 create mode 100644 java/ql/integration-tests/java/maven-download-failure/.gitattributes
 create mode 100755 java/ql/integration-tests/java/maven-download-failure/mvn.cmd

diff --git a/java/ql/integration-tests/java/maven-download-failure/.gitattributes b/java/ql/integration-tests/java/maven-download-failure/.gitattributes
new file mode 100644
index 000000000000..36e4b9d7df91
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/.gitattributes
@@ -0,0 +1,6 @@
+#
+# https://help.github.com/articles/dealing-with-line-endings/
+#
+# These are explicitly windows files and should use crlf
+*.bat           text eol=crlf
+*.cmd           text eol=crlf
diff --git a/java/ql/integration-tests/java/maven-download-failure/mvn.cmd b/java/ql/integration-tests/java/maven-download-failure/mvn.cmd
new file mode 100755
index 000000000000..740817413368
--- /dev/null
+++ b/java/ql/integration-tests/java/maven-download-failure/mvn.cmd
@@ -0,0 +1 @@
+@bash mvn %*

From c43b2b167f07dba4f9fd118ee4f72a7b442175d9 Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Fri, 28 Feb 2025 14:09:58 +0000
Subject: [PATCH 3/4] Fix test on Windows

---
 java/ql/integration-tests/java/maven-download-failure/test.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/ql/integration-tests/java/maven-download-failure/test.py b/java/ql/integration-tests/java/maven-download-failure/test.py
index 4f3d8b11fb59..a86d970e3fe0 100644
--- a/java/ql/integration-tests/java/maven-download-failure/test.py
+++ b/java/ql/integration-tests/java/maven-download-failure/test.py
@@ -3,8 +3,12 @@
 import shutil
 
 def test(codeql, java, check_diagnostics):
+
+    # Avoid shutil resolving mvn to the wrapper script in the test dir:
+    os.environ["NoDefaultCurrentDirectoryInExePath"] = "0"
     runenv = {
         "PATH": os.path.realpath(os.path.dirname(__file__)) + os.pathsep + os.getenv("PATH"),
         "REAL_MVN_PATH": shutil.which("mvn"),
     }
+    del os.environ["NoDefaultCurrentDirectoryInExePath"]
     codeql.database.create(build_mode = "none", _env = runenv)

From 4205d5eceaccff280918287687250774b6c6f7cc Mon Sep 17 00:00:00 2001
From: Chris Smowton <chris@smowton.net>
Date: Mon, 3 Mar 2025 16:19:02 +0000
Subject: [PATCH 4/4] Change note

---
 java/ql/lib/change-notes/2025-03-03-maven-fixes.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 java/ql/lib/change-notes/2025-03-03-maven-fixes.md

diff --git a/java/ql/lib/change-notes/2025-03-03-maven-fixes.md b/java/ql/lib/change-notes/2025-03-03-maven-fixes.md
new file mode 100644
index 000000000000..0ec0c40dc175
--- /dev/null
+++ b/java/ql/lib/change-notes/2025-03-03-maven-fixes.md
@@ -0,0 +1,5 @@
+---
+category: fix
+---
+* Java build-mode `none` no longer fails when a required version of Maven cannot be downloaded, such as due to a firewall. It will now attempt to use the system version of Maven if present, or otherwise proceed without detailed dependency information.
+* Java build-mode `none` now correctly uses Maven dependency information on Windows platforms.