Prevent cross-scope source files from being parsed as PlainText (#1123)

* Prevent cross-scope source files from being parsed as PlainText

processMainSources and processTestSources each iterate resource
directories via getResources()/getTestResources(). When a resource
directory points at ${project.basedir}, OmniParser walks the entire
project tree. Source files belonging to the other scope are not yet
in alreadyParsed, so they get claimed by PlainTextParser. The real
parse in the other scope then produces a duplicate entry, and the
PlainText version shadows the properly typed one — making type
information and annotations invisible to recipes.

Fix: before each scope's resource loop, pre-populate alreadyParsed
with the other scope's source file paths (Java, Kotlin, Groovy).

* Centralize cross-scope source exclusion in listSourceFiles

Move the alreadyParsed pre-population from each scope method into
listSourceFiles(), eliminating coupling between processMainSources
and processTestSources. Both scopes' source paths are now computed
once upfront before either scope method runs.

* Rename alreadyParsed to parsedPaths and remove redundant addAll calls

Rename the Set<Path> variable/parameter from alreadyParsed to
parsedPaths since it is now pre-populated before parsing begins.
Remove the redundant addAll calls in processMainSources and
processTestSources that re-added paths already present from the
upfront pre-population.

* Add integration test for basedir resource PlainText leak

Verify that source files in both main and test scopes are parsed as
Java (not PlainText) when resource directories point at project.basedir.
AutoFormat only operates on Java ASTs, so it will not modify files that
were incorrectly claimed by PlainTextParser.

---------

Co-authored-by: Tim te Beek <tim@moderne.io>

Author: pstreef

src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java

@@ -196,11 +196,11 @@ public Stream<SourceFile> listSourceFiles(MavenProject mavenProject, Xml.@Nullab
     public Stream<SourceFile> listSourceFiles(MavenProject mavenProject, Xml.@Nullable Document maven, List<Marker> projectProvenance, List<MavenScope> scopes,
                 List<NamedStyles> styles, ExecutionContext ctx) throws DependencyResolutionRequiredException, MojoExecutionException {
         Stream<SourceFile> sourceFiles = Stream.empty();
-        Set<Path> alreadyParsed = new HashSet<>();
+        Set<Path> parsedPaths = new HashSet<>();
 
         if (maven != null) {
             sourceFiles = Stream.of(maven);
-            alreadyParsed.add(baseDir.resolve(maven.getSourcePath()));
+            parsedPaths.add(baseDir.resolve(maven.getSourcePath()));
         }
 
         JavaParser.Builder<? extends JavaParser, ?> javaParserBuilder = JavaParser.fromJavaVersion()
@@ -211,11 +211,20 @@ public Stream<SourceFile> listSourceFiles(MavenProject mavenProject, Xml.@Nullab
         KotlinParser.Builder kotlinParserBuilder = KotlinParser.builder();
         GroovyParser.Builder groovyParserBuilder = GroovyParser.builder();
 
+        // Pre-populate parsedPaths with all source paths from both scopes
+        // to prevent resource parsers from claiming cross-scope sources as PlainText
+        parsedPaths.addAll(listJavaSources(mavenProject, mavenProject.getExecutionProject().getCompileSourceRoots()));
+        parsedPaths.addAll(listKotlinSources(mavenProject, "compile", mavenProject.getBuild().getSourceDirectory()));
+        parsedPaths.addAll(listGroovySources(mavenProject, mavenProject.getExecutionProject().getCompileSourceRoots()));
+        parsedPaths.addAll(listJavaSources(mavenProject, mavenProject.getExecutionProject().getTestCompileSourceRoots()));
+        parsedPaths.addAll(listKotlinSources(mavenProject, "test-compile", mavenProject.getBuild().getTestSourceDirectory()));
+        parsedPaths.addAll(listGroovySources(mavenProject, mavenProject.getExecutionProject().getTestCompileSourceRoots()));
+
         if (scopes.contains(MAIN)) {
-            sourceFiles = Stream.concat(sourceFiles, processMainSources(mavenProject, javaParserBuilder.clone(), kotlinParserBuilder.clone(), groovyParserBuilder.clone(), alreadyParsed, ctx));
+            sourceFiles = Stream.concat(sourceFiles, processMainSources(mavenProject, javaParserBuilder.clone(), kotlinParserBuilder.clone(), groovyParserBuilder.clone(), parsedPaths, ctx));
         }
         if (scopes.contains(TEST)) {
-            sourceFiles = Stream.concat(sourceFiles, processTestSources(mavenProject, javaParserBuilder.clone(), kotlinParserBuilder.clone(), groovyParserBuilder.clone(), alreadyParsed, ctx));
+            sourceFiles = Stream.concat(sourceFiles, processTestSources(mavenProject, javaParserBuilder.clone(), kotlinParserBuilder.clone(), groovyParserBuilder.clone(), parsedPaths, ctx));
         }
         Collection<PathMatcher> exclusionMatchers = exclusions.stream()
                 .map(pattern -> baseDir.getFileSystem().getPathMatcher("glob:" + pattern))
@@ -227,10 +236,10 @@ public Stream<SourceFile> listSourceFiles(MavenProject mavenProject, Xml.@Nullab
             return sourceFile;
         }).filter(Objects::nonNull);
 
-        Stream<SourceFile> mavenWrapperFiles = parseMavenWrapperFiles(mavenProject, exclusionMatchers, alreadyParsed, ctx);
+        Stream<SourceFile> mavenWrapperFiles = parseMavenWrapperFiles(mavenProject, exclusionMatchers, parsedPaths, ctx);
         sourceFiles = Stream.concat(sourceFiles, mavenWrapperFiles);
 
-        Stream<SourceFile> nonProjectResources = parseNonProjectResources(mavenProject, alreadyParsed, ctx);
+        Stream<SourceFile> nonProjectResources = parseNonProjectResources(mavenProject, parsedPaths, ctx);
         sourceFiles = Stream.concat(sourceFiles, nonProjectResources);
 
         return sourceFiles.map(addProvenance(projectProvenance))
@@ -474,22 +483,19 @@ private Stream<SourceFile> processMainSources(
             JavaParser.Builder<? extends JavaParser, ?> javaParserBuilder,
             KotlinParser.Builder kotlinParserBuilder,
             GroovyParser.Builder groovyParserBuilder,
-            Set<Path> alreadyParsed,
+            Set<Path> parsedPaths,
             ExecutionContext ctx) throws DependencyResolutionRequiredException, MojoExecutionException {
 
         Stream<SourceFile> sourceFiles = Stream.of();
 
         // scan Java files
         Collection<Path> mainJavaSources = listJavaSources(mavenProject, mavenProject.getExecutionProject().getCompileSourceRoots());
-        alreadyParsed.addAll(mainJavaSources);
 
         // scan Kotlin files
         List<Path> mainKotlinSources = listKotlinSources(mavenProject, "compile", mavenProject.getBuild().getSourceDirectory());
-        alreadyParsed.addAll(mainKotlinSources);
 
         // scan Groovy files
         List<Path> mainGroovySources = listGroovySources(mavenProject, mavenProject.getExecutionProject().getCompileSourceRoots());
-        alreadyParsed.addAll(mainGroovySources);
 
         logInfo(mavenProject, "Parsing source files");
         List<Path> dependencies = mavenProject.getCompileClasspathElements().stream()
@@ -531,25 +537,25 @@ private Stream<SourceFile> processMainSources(
             logDebug(mavenProject, "Scanned " + mainGroovySources.size() + " groovy source files in main scope.");
         }
 
-        OmniParser omniParser = omniParser(alreadyParsed, mavenProject);
+        OmniParser omniParser = omniParser(parsedPaths, mavenProject);
         for (Resource resource : mavenProject.getResources()) {
             Path resourcePath = mavenProject.getBasedir().toPath().resolve(resource.getDirectory());
-            if (Files.exists(resourcePath) && !alreadyParsed.contains(resourcePath)) {
+            if (Files.exists(resourcePath) && !parsedPaths.contains(resourcePath)) {
                 List<Path> accepted = omniParser.acceptedPaths(baseDir, resourcePath);
-                alreadyParsed.add(resourcePath);
+                parsedPaths.add(resourcePath);
                 sourceFiles = Stream.concat(sourceFiles, omniParser.parse(accepted, baseDir, ctx));
-                alreadyParsed.addAll(accepted);
+                parsedPaths.addAll(accepted);
             }
         }
 
         // Also parse webapp resources (e.g., web.xml) for WAR projects
         if ("war".equals(mavenProject.getPackaging())) {
             Path webappPath = mavenProject.getBasedir().toPath().resolve("src/main/webapp");
-            if (Files.exists(webappPath) && !alreadyParsed.contains(webappPath)) {
+            if (Files.exists(webappPath) && !parsedPaths.contains(webappPath)) {
                 List<Path> accepted = omniParser.acceptedPaths(baseDir, webappPath);
-                alreadyParsed.add(webappPath);
+                parsedPaths.add(webappPath);
                 sourceFiles = Stream.concat(sourceFiles, omniParser.parse(accepted, baseDir, ctx));
-                alreadyParsed.addAll(accepted);
+                parsedPaths.addAll(accepted);
             }
         }
 
@@ -570,22 +576,19 @@ private Stream<SourceFile> processTestSources(
             JavaParser.Builder<? extends JavaParser, ?> javaParserBuilder,
             KotlinParser.Builder kotlinParserBuilder,
             GroovyParser.Builder groovyParserBuilder,
-            Set<Path> alreadyParsed,
+            Set<Path> parsedPaths,
             ExecutionContext ctx) throws DependencyResolutionRequiredException, MojoExecutionException {
 
         Stream<SourceFile> sourceFiles = Stream.of();
 
         // scan Java files
         Collection<Path> testJavaSources = listJavaSources(mavenProject, mavenProject.getExecutionProject().getTestCompileSourceRoots());
-        alreadyParsed.addAll(testJavaSources);
 
         // scan Kotlin files
         List<Path> testKotlinSources = listKotlinSources(mavenProject, "test-compile", mavenProject.getBuild().getTestSourceDirectory());
-        alreadyParsed.addAll(testKotlinSources);
 
         // scan Groovy files
         List<Path> testGroovySources = listGroovySources(mavenProject, mavenProject.getExecutionProject().getTestCompileSourceRoots());
-        alreadyParsed.addAll(testGroovySources);
 
         List<Path> testDependencies = mavenProject.getTestClasspathElements().stream()
                 .distinct()
@@ -626,14 +629,14 @@ private Stream<SourceFile> processTestSources(
             logDebug(mavenProject, "Scanned " + testGroovySources.size() + " groovy source files in test scope.");
         }
 
-        OmniParser omniParser = omniParser(alreadyParsed, mavenProject);
+        OmniParser omniParser = omniParser(parsedPaths, mavenProject);
         for (Resource resource : mavenProject.getTestResources()) {
             Path resourcePath = mavenProject.getBasedir().toPath().resolve(resource.getDirectory());
-            if (Files.exists(resourcePath) && !alreadyParsed.contains(resourcePath)) {
+            if (Files.exists(resourcePath) && !parsedPaths.contains(resourcePath)) {
                 List<Path> accepted = omniParser.acceptedPaths(baseDir, resourcePath);
-                alreadyParsed.add(resourcePath);
+                parsedPaths.add(resourcePath);
                 sourceFiles = Stream.concat(sourceFiles, omniParser.parse(accepted, baseDir, ctx));
-                alreadyParsed.addAll(accepted);
+                parsedPaths.addAll(accepted);
             }
         }
 
@@ -1002,10 +1005,10 @@ public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
         }
     }
 
-    private Stream<SourceFile> parseMavenWrapperFiles(MavenProject mavenProject, Collection<PathMatcher> exclusions, Set<Path> alreadyParsed, ExecutionContext ctx) {
+    private Stream<SourceFile> parseMavenWrapperFiles(MavenProject mavenProject, Collection<PathMatcher> exclusions, Set<Path> parsedPaths, ExecutionContext ctx) {
         Stream<SourceFile> sourceFiles = Stream.empty();
         if (mavenProject.getParent() == null) {
-            OmniParser omniParser = omniParser(alreadyParsed, mavenProject);
+            OmniParser omniParser = omniParser(parsedPaths, mavenProject);
             List<Path> mavenWrapperFiles = Stream.of(
                             Paths.get(MVN_JVM_CONFIG),
                             Paths.get(MVN_MAVEN_CONFIG),
@@ -1023,17 +1026,17 @@ private Stream<SourceFile> parseMavenWrapperFiles(MavenProject mavenProject, Col
         return sourceFiles;
     }
 
-    protected Stream<SourceFile> parseNonProjectResources(MavenProject mavenProject, Set<Path> alreadyParsed, ExecutionContext ctx) {
+    protected Stream<SourceFile> parseNonProjectResources(MavenProject mavenProject, Set<Path> parsedPaths, ExecutionContext ctx) {
         if (!parseAdditionalResources) {
             return Stream.empty();
         }
         //Collect any additional yaml/properties/xml files that are NOT already in a source set.
-        OmniParser omniParser = omniParser(alreadyParsed, mavenProject);
+        OmniParser omniParser = omniParser(parsedPaths, mavenProject);
         List<Path> accepted = omniParser.acceptedPaths(baseDir, mavenProject.getBasedir().toPath());
         return omniParser.parse(accepted, baseDir, ctx);
     }
 
-    private OmniParser omniParser(Set<Path> alreadyParsed, MavenProject mavenProject) {
+    private OmniParser omniParser(Set<Path> parsedPaths, MavenProject mavenProject) {
         return OmniParser.builder(
                         OmniParser.defaultResourceParsers(),
                         PlainTextParser.builder()
@@ -1042,7 +1045,7 @@ private OmniParser omniParser(Set<Path> alreadyParsed, MavenProject mavenProject
                         QuarkParser.builder().build()
                 )
                 .exclusionMatchers(pathMatchers(baseDir, mergeExclusions(mavenProject)))
-                .exclusions(alreadyParsed)
+                .exclusions(parsedPaths)
                 .sizeThresholdMb(sizeThresholdMb)
                 .build();
     }

src/test/java/org/openrewrite/maven/RewriteRunIT.java

@@ -89,6 +89,18 @@ void multi_main_source_sets_project(MavenExecutionResult result) {
           .contains("Changes have been made to project/src/additional-main/java/sample/AdditionalMainClass.java by:");
     }
 
+    @MavenTest
+    void basedir_resource_no_plaintext_leak(MavenExecutionResult result) {
+        assertThat(result)
+          .isSuccessful()
+          .out()
+          .warn()
+          .contains(
+            "Changes have been made to %s by:".formatted(separatorsToSystem("project/src/main/java/sample/Main.java")),
+            "Changes have been made to %s by:".formatted(separatorsToSystem("project/src/test/java/sample/MainTest.java"))
+          );
+    }
+
     @MavenTest
     void single_project(MavenExecutionResult result) {
         assertThat(result)

src/test/resources-its/org/openrewrite/maven/RewriteRunIT/basedir_resource_no_plaintext_leak/pom.xml

@@ -0,0 +1,48 @@
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.openrewrite.maven</groupId>
+    <artifactId>basedir_resource_no_plaintext_leak</artifactId>
+    <version>1.0</version>
+    <packaging>jar</packaging>
+    <name>RewriteRunIT#basedir_resource_no_plaintext_leak</name>
+
+    <properties>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <resources>
+            <resource>
+                <directory>${project.basedir}</directory>
+                <excludes>
+                    <exclude>**/*</exclude>
+                </excludes>
+            </resource>
+        </resources>
+        <testResources>
+            <testResource>
+                <directory>${project.basedir}</directory>
+                <excludes>
+                    <exclude>**/*</exclude>
+                </excludes>
+            </testResource>
+        </testResources>
+        <plugins>
+            <plugin>
+                <groupId>@project.groupId@</groupId>
+                <artifactId>@project.artifactId@</artifactId>
+                <version>@project.version@</version>
+                <configuration>
+                    <activeRecipes>
+                        <recipe>org.openrewrite.java.format.AutoFormat</recipe>
+                    </activeRecipes>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

src/test/resources-its/org/openrewrite/maven/RewriteRunIT/basedir_resource_no_plaintext_leak/src/main/java/sample/Main.java

@@ -0,0 +1,7 @@
+package sample;
+
+public class Main {
+    public void hello() {
+        if(true) {}
+    }
+}

src/test/resources-its/org/openrewrite/maven/RewriteRunIT/basedir_resource_no_plaintext_leak/src/test/java/sample/MainTest.java

@@ -0,0 +1,7 @@
+package sample;
+
+public class MainTest {
+    public void test() {
+        if(true) {}
+    }
+}