Skip to content

Windows support for Maven trust store config#112

Open
reiniercriel wants to merge 6 commits intomainfrom
feature/maven-windows
Open

Windows support for Maven trust store config#112
reiniercriel wants to merge 6 commits intomainfrom
feature/maven-windows

Conversation

@reiniercriel
Copy link
Copy Markdown
Contributor

@reiniercriel reiniercriel commented Feb 17, 2026
edited by aikido-pr-checks Bot
Loading

Summary by Aikido

⚠️ Security Issues: 2 Quality Issues: 0 ✅ Resolved Issues: 2

🚀 New Features

  • Implemented Windows Maven truststore support and mavenrc override functions.

⚡ Enhancements

  • Added shared helpers to install and remove mavenrc override blocks.
  • Introduced GetMavenHomeDir for non-Darwin platforms with config fallback.
  • Updated Maven setup step to resolve home dir and apply overrides.

🔧 Refactors

  • Refactored macOS Maven handling to use shared mavenrc helper functions.

More info

@reiniercriel reiniercriel marked this pull request as ready for review February 18, 2026 22:29
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed Feb 18, 2026
View reviewed changes
Comment thread internal/platform/platform_common_maven.go
func uninstallMavenRcOverride(mavenrcPath, startMarker, endMarker string, filePerm os.FileMode) error {
filename := filepath.Base(mavenrcPath)

data, err := os.ReadFile(mavenrcPath)
Copy link
Copy Markdown
Contributor

@aikido-pr-checks aikido-pr-checks Bot Feb 18, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential file inclusion attack via reading file - high severity
If an attacker can control the input leading into the ReadFile function, they might be able to read sensitive files and launch further attacks with that information.

Show Fix

Aikido AutoFix Patch Suggestion - medium confidence
This patch mitigates potential file inclusion attacks by implementing input validation for the ReadFile function.

This will fix the Potential file inclusion attack via reading file issue detected on line: 45.

Suggested change
data, err := os.ReadFile(mavenrcPath)
if strings.Contains(mavenrcPath, "../") || strings.Contains(mavenrcPath, "..\\") {
return fmt.Errorf("invalid file path")
}
data, err := os.ReadFile(mavenrcPath)

View details in Aikido Security

aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed Feb 18, 2026
View reviewed changes
Comment thread internal/platform/platform_common_maven.go
Comment on lines +15 to +16
content := ""
if data, err := os.ReadFile(mavenrcPath); err == nil {
Copy link
Copy Markdown
Contributor

@aikido-pr-checks aikido-pr-checks Bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential file inclusion attack via reading file - high severity
If an attacker can control the input leading into the ReadFile function, they might be able to read sensitive files and launch further attacks with that information.

Show Fix

Aikido AutoFix Patch Suggestion - medium confidence
This patch mitigates potential file inclusion attacks by implementing input validation for the ReadFile function.

This will fix the Potential file inclusion attack via reading file issue detected on line: 16.

Suggested change
content := ""
if data, err := os.ReadFile(mavenrcPath); err == nil {
if strings.Contains(mavenrcPath, "../") || strings.Contains(mavenrcPath, "..\\") {
return fmt.Errorf("invalid file path")
}
content := ""
if data, err := os.ReadFile(mavenrcPath); err == nil {

View details in Aikido Security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reiniercriel