Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uber-jar contains .env file when built after running quarkusDev (Gradle) #441

Closed
snowdrop-bot opened this issue Oct 27, 2021 · 0 comments
Closed

Uber-jar contains .env file when built after running quarkusDev (Gradle) #441

snowdrop-bot opened this issue Oct 27, 2021 · 0 comments
Assignees
@geoand
Labels
7 - Community development upstream/closed The issue has been closed in the upstream repository

Comments

@snowdrop-bot
Copy link
Collaborator

Describe the bug

When running quarkusDev, .env is copied to build/classes/java/main/ (or build/classes/kotlin/main/). If quarkusBuild is executed afterwards without running "clean" before, an uber-jar will contain that file.

Expected behavior

Uber-jar should not contain .env file.

Actual behavior

It does.

How to Reproduce?

  • Go to code.quarkus.io
  • Select Gradle as build tool.
  • Click "Generate your application" and download the zip.
  • Run the following commands:
unzip path/to/code-with-quarkus.zip 
cd code-with-quarkus/
touch .env
./gradlew quarkusDev
# Terminate quarkusDev
./gradlew -Dquarkus.package.type=uber-jar quarkusBuild
unzip -l build/code-with-quarkus-1.0.0-SNAPSHOT-runner.jar | grep env

Output of uname -a or ver

Linux ***** 5.14.14-arch1-1 #1 SMP PREEMPT Wed, 20 Oct 2021 21:35:18 +0000 x86_64 GNU/Linux

Output of java -version

openjdk version "11.0.13" 2021-10-19 OpenJDK Runtime Environment GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05) OpenJDK 64-Bit Server VM GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05, mixed mode, sharing)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.3.1.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Gradle 7.2

Additional information

This might leak potentially sensitive information like credentials used during development.

quarkusio#21024

$upstream:21024$
@snowdrop-bot snowdrop-bot added the upstream/closed The issue has been closed in the upstream repository label Oct 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@geoand geoand

Labels
7 - Community development upstream/closed The issue has been closed in the upstream repository
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@geoand @snowdrop-bot