Example 6 with SuppressForbidden
use of org.elasticsearch.common.SuppressForbidden in project elasticsearch by elastic.
the class RemoteClusterConnectionTests method testSlowNodeCanBeCanceled.
@SuppressForbidden(reason = "calls getLocalHost here but it's fine in this case")
public void testSlowNodeCanBeCanceled() throws IOException, InterruptedException {
try (ServerSocket socket = new MockServerSocket()) {
socket.bind(new InetSocketAddress(InetAddress.getLocalHost(), 0), 1);
socket.setReuseAddress(true);
DiscoveryNode seedNode = new DiscoveryNode("TEST", new TransportAddress(socket.getInetAddress(), socket.getLocalPort()), emptyMap(), emptySet(), Version.CURRENT);
CountDownLatch acceptedLatch = new CountDownLatch(1);
CountDownLatch closeRemote = new CountDownLatch(1);
Thread t = new Thread() {
@Override
public void run() {
try (Socket accept = socket.accept()) {
acceptedLatch.countDown();
closeRemote.await();
} catch (IOException e) {
// that's fine we might close
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
}
};
t.start();
try (MockTransportService service = MockTransportService.createNewService(Settings.EMPTY, Version.CURRENT, threadPool, null)) {
service.start();
service.acceptIncomingRequests();
CountDownLatch listenerCalled = new CountDownLatch(1);
AtomicReference<Exception> exceptionReference = new AtomicReference<>();
try (RemoteClusterConnection connection = new RemoteClusterConnection(Settings.EMPTY, "test-cluster", Arrays.asList(seedNode), service, Integer.MAX_VALUE, n -> true)) {
ActionListener<Void> listener = ActionListener.wrap(x -> {
listenerCalled.countDown();
fail("expected exception");
}, x -> {
exceptionReference.set(x);
listenerCalled.countDown();
});
connection.updateSeedNodes(Arrays.asList(seedNode), listener);
acceptedLatch.await();
// now close it, this should trigger an interrupt on the socket and we can move on
connection.close();
assertTrue(connection.assertNoRunningConnections());
}
closeRemote.countDown();
listenerCalled.await();
assertNotNull(exceptionReference.get());
expectThrows(CancellableThreads.ExecutionCancelledException.class, () -> {
throw exceptionReference.get();
});
}
}
}
Also used :
DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode)
CancellableThreads(org.elasticsearch.common.util.CancellableThreads)
MockTransportService(org.elasticsearch.test.transport.MockTransportService)
InetSocketAddress(java.net.InetSocketAddress)
TransportAddress(org.elasticsearch.common.transport.TransportAddress)
MockServerSocket(org.elasticsearch.mocksocket.MockServerSocket)
ServerSocket(java.net.ServerSocket)
MockServerSocket(org.elasticsearch.mocksocket.MockServerSocket)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
CountDownLatch(java.util.concurrent.CountDownLatch)
AlreadyClosedException(org.apache.lucene.store.AlreadyClosedException)
AlreadyConnectedException(java.nio.channels.AlreadyConnectedException)
RejectedExecutionException(java.util.concurrent.RejectedExecutionException)
IOException(java.io.IOException)
BrokenBarrierException(java.util.concurrent.BrokenBarrierException)
UnknownHostException(java.net.UnknownHostException)
UncheckedIOException(java.io.UncheckedIOException)
Socket(java.net.Socket)
ServerSocket(java.net.ServerSocket)
MockServerSocket(org.elasticsearch.mocksocket.MockServerSocket)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 7 with SuppressForbidden
use of org.elasticsearch.common.SuppressForbidden in project elasticsearch by elastic.
the class Security method addClasspathPermissions.
/** Adds access to classpath jars/classes for jar hell scan, etc */
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static void addClasspathPermissions(Permissions policy) throws IOException {
// really it should be covered by lib/, but there could be e.g. agents or similar configured)
for (URL url : JarHell.parseClassPath()) {
Path path;
try {
path = PathUtils.get(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
// resource itself
policy.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
if (Files.isDirectory(path)) {
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
}
}
}
Also used :
Path(java.nio.file.Path)
URISyntaxException(java.net.URISyntaxException)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 8 with SuppressForbidden
use of org.elasticsearch.common.SuppressForbidden in project elasticsearch by elastic.
the class Security method readPolicy.
/**
* Reads and returns the specified {@code policyFile}.
* <p>
* Resources (e.g. jar files and directories) listed in {@code codebases} location
* will be provided to the policy file via a system property of the short name:
* e.g. <code>${codebase.joda-convert-1.2.jar}</code> would map to full URL.
*/
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static Policy readPolicy(URL policyFile, URL[] codebases) {
try {
try {
// set codebase properties
for (URL url : codebases) {
String shortName = PathUtils.get(url.toURI()).getFileName().toString();
System.setProperty("codebase." + shortName, url.toString());
}
return Policy.getInstance("JavaPolicy", new URIParameter(policyFile.toURI()));
} finally {
// clear codebase properties
for (URL url : codebases) {
String shortName = PathUtils.get(url.toURI()).getFileName().toString();
System.clearProperty("codebase." + shortName);
}
}
} catch (NoSuchAlgorithmException | URISyntaxException e) {
throw new IllegalArgumentException("unable to parse policy file `" + policyFile + "`", e);
}
}
Also used :
URIParameter(java.security.URIParameter)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
URISyntaxException(java.net.URISyntaxException)
URL(java.net.URL)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 9 with SuppressForbidden
use of org.elasticsearch.common.SuppressForbidden in project elasticsearch by elastic.
the class ESPolicy method implies.
@Override
@SuppressForbidden(reason = "fast equals check is desired")
public boolean implies(ProtectionDomain domain, Permission permission) {
CodeSource codeSource = domain.getCodeSource();
// codesource can be null when reducing privileges via doPrivileged()
if (codeSource == null) {
return false;
}
URL location = codeSource.getLocation();
// https://bugs.openjdk.java.net/browse/JDK-8129972
if (location != null) {
// run scripts with limited permissions
if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) {
return untrusted.implies(domain, permission);
}
// check for an additional plugin permission: plugin policy is
// only consulted for its codesources.
Policy plugin = plugins.get(location.getFile());
if (plugin != null && plugin.implies(domain, permission)) {
return true;
}
}
// yeah right, REMOVE THIS when hadoop is fixed
if (permission instanceof FilePermission && "<<ALL FILES>>".equals(permission.getName())) {
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
if ("org.apache.hadoop.util.Shell".equals(element.getClassName()) && "runCommand".equals(element.getMethodName())) {
// we found the horrible method: the hack begins!
// force the hadoop code to back down, by throwing an exception that it catches.
rethrow(new IOException("no hadoop, you cannot do this."));
}
}
}
// otherwise defer to template + dynamic file permissions
return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);
}
Also used :
Policy(java.security.Policy)
IOException(java.io.IOException)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 10 with SuppressForbidden
use of org.elasticsearch.common.SuppressForbidden in project elasticsearch by elastic.
the class JarHell method checkJarHell.
/**
* Checks the set of URLs for duplicate classes
* @throws IllegalStateException if jar hell was found
*/
@SuppressForbidden(reason = "needs JarFile for speed, just reading entries")
public static void checkJarHell(URL[] urls) throws URISyntaxException, IOException {
Logger logger = Loggers.getLogger(JarHell.class);
// we don't try to be sneaky and use deprecated/internal/not portable stuff
// like sun.boot.class.path, and with jigsaw we don't yet have a way to get
// a "list" at all. So just exclude any elements underneath the java home
String javaHome = System.getProperty("java.home");
logger.debug("java.home: {}", javaHome);
final Map<String, Path> clazzes = new HashMap<>(32768);
Set<Path> seenJars = new HashSet<>();
for (final URL url : urls) {
final Path path = PathUtils.get(url.toURI());
// exclude system resources
if (path.startsWith(javaHome)) {
logger.debug("excluding system resource: {}", path);
continue;
}
if (path.toString().endsWith(".jar")) {
if (!seenJars.add(path)) {
logger.debug("excluding duplicate classpath element: {}", path);
continue;
}
logger.debug("examining jar: {}", path);
try (JarFile file = new JarFile(path.toString())) {
Manifest manifest = file.getManifest();
if (manifest != null) {
checkManifest(manifest, path);
}
// inspect entries
Enumeration<JarEntry> elements = file.entries();
while (elements.hasMoreElements()) {
String entry = elements.nextElement().getName();
if (entry.endsWith(".class")) {
// for jar format, the separator is defined as /
entry = entry.replace('/', '.').substring(0, entry.length() - 6);
checkClass(clazzes, entry, path);
}
}
}
} else {
logger.debug("examining directory: {}", path);
// case for tests: where we have class files in the classpath
final Path root = PathUtils.get(url.toURI());
final String sep = root.getFileSystem().getSeparator();
Files.walkFileTree(root, new SimpleFileVisitor<Path>() {
@Override
public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
String entry = root.relativize(file).toString();
if (entry.endsWith(".class")) {
// normalize with the os separator
entry = entry.replace(sep, ".").substring(0, entry.length() - 6);
checkClass(clazzes, entry, path);
}
return super.visitFile(file, attrs);
}
});
}
}
}
Also used :
Path(java.nio.file.Path)
HashMap(java.util.HashMap)
FileVisitResult(java.nio.file.FileVisitResult)
IOException(java.io.IOException)
Logger(org.apache.logging.log4j.Logger)
JarFile(java.util.jar.JarFile)
Manifest(java.util.jar.Manifest)
JarEntry(java.util.jar.JarEntry)
URL(java.net.URL)
BasicFileAttributes(java.nio.file.attribute.BasicFileAttributes)
HashSet(java.util.HashSet)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Aggregations
SuppressForbidden (org.elasticsearch.common.SuppressForbidden)23
URL (java.net.URL)12
IOException (java.io.IOException)9
Path (java.nio.file.Path)8
InputStream (java.io.InputStream)5
FilePermission (java.io.FilePermission)4
URISyntaxException (java.net.URISyntaxException)4
BufferedReader (java.io.BufferedReader)3
InputStreamReader (java.io.InputStreamReader)3
URLConnection (java.net.URLConnection)3
Policy (java.security.Policy)3
HashMap (java.util.HashMap)3
UncheckedIOException (java.io.UncheckedIOException)2
FileStore (java.nio.file.FileStore)2
FileSystemException (java.nio.file.FileSystemException)2
Principal (java.security.Principal)2
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
ZipInputStream (java.util.zip.ZipInputStream)2
Subject (javax.security.auth.Subject)2
