[MBUILDCACHE-86] Bugfix and enhancements with the restoration of outputs on disk

[jira-importer]

Kevin Buntrock opened MBUILDCACHE-86 and commented

Fixes :

• Files containing an underscore in their name can't be restored in the cache directory correctly (not in the same directory location).
• The cache is able to extract/restore files in locations outside the project. I guess the extraction part is not a vulnerability since someone with commit permissions can guess other ways to extract data. But the possibility of restoring at any place on the disk looks pretty dangerous to me if a remote cache server is compromised.

Enhancements :

• Possibility to restore artefacts on disk, with a dedicated property : maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the project directory, as opposed to the cache directory.
  • IDE integration and use of the cache locally in developement is way easier. It is now possible to retrieve a cached jar in the "target" directory.
• Introduce "globs" to filter extra attached outputs by filenames.

---

Remote Links:

• GitHub Pull Request #104
  

1 votes, 3 watchers

[cowwoc]

PR #387 builds upon the restoration improvements from this issue (MBUILDCACHE-86) by adding timestamp preservation.

This issue introduced enhancements to file restoration, and PR #387 extends that work by ensuring that restored files maintain their original timestamps. This prevents Maven from issuing warnings about files being 'more recent than the packaged artifact'.

The implementation in PR #387 modifies the same CacheUtils.zip() and CacheUtils.unzip() methods that were improved in PR #104 for this issue, adding directory timestamp tracking and deferred timestamp setting to avoid overwriting.