Affects PMD Version: any
Rule: InvalidDependencyTypes
Description:
The XPath expression won't find any invalid dependency type in valid POM files, since the tag dependency must be wrapped inside a dependencies. That means, that //dependencyManagement/dependency doesn't match. It should be //dependencyManagement/dependencies/dependency instead.
Also note, that maven supports new types via extensions (https://maven.apache.org/pom.html#Dependencies).
Current list of out-of-the box supported types: https://maven.apache.org/ref/3.9.0/maven-core/artifact-handlers.html
Code Sample demonstrating the issue:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>xml-pom</artifactId>
<version>1.0.0-SNAPSHOT</version>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.jboss.arquillian</groupId>
<artifactId>arquillian-bom</artifactId>
<version>${arquillian.version}</version>
<type>bom</type> <!-- expected violation: bom is not a valid type -->
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
</project>
Expected outcome:
PMD should report a violation at line 13, but doesn't. This is a false-negative.
Running PMD through: CLI
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4