feat(maven/analyze): surface property source file in analysis output#97
Merged
dnegreira merged 1 commit intoJun 4, 2026
Merged
Conversation
dnegreira
force-pushed
the
parent-pom-property-resolution
branch
from
02eb93c to
cf83e13
Compare
dnegreira
force-pushed
the
parent-pom-property-resolution
branch
2 times, most recently
from
e61696b to
6a9c3e1
Compare
…sal boundary Maven projects commonly declare version properties in a parent POM referenced via <parent><relativePath>. Before this change the analyzer had no concept of where a property came from, showing properties in parent POMs as '(new)' with a warning, even though the update command found and patched them correctly. Additionally, parent chain traversal during analysis had no boundary and could read POM files outside the project tree. What changed: - Add PropertySources map[string]string to AnalysisResult, mapping each property name to the manifest file (project-relative path). - Introduce pomFileProperties struct so searchForProperties groups discovered properties by file rather than flattening to a single map. - Add resolveUnknownProperties, which looks up missing properties by following the <parent><relativePath> chain via resolvePropertyPomPath, keeping analyze and update consistent. - Add mergeProperty helper (first-definition-wins, warns on conflict). - Bound all parent POM traversal (findProjectRoot, resolveUnknownProperties, resolvePropertyPomPath, dependencyPropertyUpdates) to the analyzed project path using the existing validatePathWithinRoot helper, preventing reads outside the project tree. The update path was already bounded by cfg.RootDir for writes; analysis is now bounded consistently. - Text output shows [manifest: X] next to each property in Property Usage and manifest: above each property update in the Strategy section. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
dnegreira
force-pushed
the
parent-pom-property-resolution
branch
from
6a9c3e1 to
426fc03
Compare
kbsteere
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Maven projects commonly declare version properties in a parent POM referenced via
<parent><relativePath>rather than in the analysedpom.xml. Before this change the analyzer had no concept of where a property came from, so properties in parent POMs showed as(new)with a warning — even though the update command found and patched them correctly. Additionally, parent chain traversal during analysis had no boundary, meaning it could read POM files outside the project tree.What
pkg/analyzer/interface.goPropertySources map[string]stringtoAnalysisResult, mapping each property name to the manifest file (project-relative path) that declares it.pkg/languages/java/maven/analyzer.gopomFilePropertiesstruct (POM file path + property map) sosearchForPropertiesgroups discovered properties by file rather than flattening to a single map.resolveUnknownProperties: after the filesystem walk, looks up any property still missing by following the<parent><relativePath>chain via the sameresolvePropertyPomPaththe updater uses — keepinganalyzeandupdateconsistent.mergePropertyhelper (first-definition-wins, warns on conflicting values).findProjectRoot,resolveUnknownProperties, andsearchForPropertiesto the analyzed project path using the existingvalidatePathWithinRoothelper, preventing reads outside the project tree.pkg/languages/java/maven/updater.go/maven.gorootDirboundary parameter toresolvePropertyPomPathanddependencyPropertyUpdates. The update path was already bounded bycfg.RootDirfor writes; read traversal is now bounded consistently using the same helper.cmd/omnibump/analyze.go[manifest: X]next to each property in the Property Usage section and amanifest:line above each property update in the Strategy section.🤖 Generated with Claude Code