diff --git a/plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt b/plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt index 5d203a9882c10..2e5a3dbf8817a 100644 --- a/plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt +++ b/plugins/package-managers/gradle-inspector/src/main/kotlin/GradleInspector.kt @@ -87,6 +87,11 @@ private val GRADLE_USER_HOME = Os.env["GRADLE_USER_HOME"]?.let { File(it) } ?: O */ const val OPTION_GRADLE_VERSION = "gradleVersion" +/** + * The sha1 sum for a zero by size file. + */ +private const val ZERO_BYTES_FILE_SHA1 = "da39a3ee5e6b4b0d3255bfef95601890afd80709" + /** * The [Gradle](https://gradle.org/) package manager for Java. * @@ -350,15 +355,15 @@ private fun Collection.toPackageRefs( } /** - * Create a [RemoteArtifact] based on the given [pomUrl], [classifier], [extension] and hash [algorithm]. The hash value - * is retrieved remotely. + * Create a [RemoteArtifact] based on the given [pomUrl], [classifier] and [extension]. The hash value is retrieved + * remotely. */ -private fun createRemoteArtifact( +private fun GradleInspector.createRemoteArtifact( pomUrl: String?, classifier: String? = null, - extension: String? = null, - algorithm: String = "sha1" + extension: String? = null ): RemoteArtifact { + val algorithm = "sha1" val artifactBaseUrl = pomUrl?.removeSuffix(".pom") ?: return RemoteArtifact.EMPTY val artifactUrl = buildString { @@ -371,7 +376,14 @@ private fun createRemoteArtifact( val checksum = okHttpClient.downloadText("$artifactUrl.$algorithm") .getOrElse { return RemoteArtifact.EMPTY } - return RemoteArtifact(artifactUrl, parseChecksum(checksum, algorithm)) + // Ignore file with zero byte size, because it cannot be a valid archive. + val hash = parseChecksum(checksum, algorithm).takeUnless { it.value == ZERO_BYTES_FILE_SHA1 } + ?: run { + logger.info("Ignoring zero byte size artifact: $artifactUrl.") + return RemoteArtifact.EMPTY + } + + return RemoteArtifact(artifactUrl, hash) } /**