Search in sources :

Example 1 with SuppressForbidden

use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.

the class InstallPluginCommand method downloadZip.

/**
 * Downloads a zip from the url, into a temp file under the given temp dir.
 */
// pkg private for tests
@SuppressForbidden(reason = "We use getInputStream to download plugins")
Path downloadZip(Terminal terminal, String urlString, Path tmpDir, boolean isBatch) throws IOException {
    terminal.println(VERBOSE, "Retrieving zip from " + urlString);
    URL url = new URL(urlString);
    Path zip = Files.createTempFile(tmpDir, null, ".zip");
    URLConnection urlConnection = url.openConnection();
    urlConnection.addRequestProperty("User-Agent", "opensearch-plugin-installer");
    try (InputStream in = isBatch ? urlConnection.getInputStream() : new TerminalProgressInputStream(urlConnection.getInputStream(), urlConnection.getContentLength(), terminal)) {
        // must overwrite since creating the temp file above actually created the file
        Files.copy(in, zip, StandardCopyOption.REPLACE_EXISTING);
    }
    return zip;
}
Also used : Path(java.nio.file.Path) ZipInputStream(java.util.zip.ZipInputStream) ArmoredInputStream(org.bouncycastle.bcpg.ArmoredInputStream) InputStream(java.io.InputStream) URL(java.net.URL) HttpURLConnection(java.net.HttpURLConnection) URLConnection(java.net.URLConnection) SuppressForbidden(org.opensearch.common.SuppressForbidden)

Example 2 with SuppressForbidden

use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.

the class InstallPluginCommand method urlExists.

/**
 * Returns {@code true} if the given url exists, and {@code false} otherwise.
 *
 * The given url must be {@code https} and existing means a {@code HEAD} request returns 200.
 */
// pkg private for tests to manipulate
@SuppressForbidden(reason = "Make HEAD request using URLConnection.connect()")
boolean urlExists(Terminal terminal, String urlString) throws IOException {
    terminal.println(VERBOSE, "Checking if url exists: " + urlString);
    URL url = new URL(urlString);
    assert "https".equals(url.getProtocol()) : "Use of https protocol is required";
    HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
    urlConnection.addRequestProperty("User-Agent", "opensearch-plugin-installer");
    urlConnection.setRequestMethod("HEAD");
    urlConnection.connect();
    return urlConnection.getResponseCode() == 200;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) URL(java.net.URL) SuppressForbidden(org.opensearch.common.SuppressForbidden)

Example 3 with SuppressForbidden

use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.

the class JarHell method checkJarHell.

/**
 * Checks the set of URLs for duplicate classes
 * @param urls A set of URLs from the classpath to be checked for conflicting jars
 * @param output A {@link String} {@link Consumer} to which debug output will be sent
 * @throws IllegalStateException if jar hell was found
 */
@SuppressForbidden(reason = "needs JarFile for speed, just reading entries")
public static void checkJarHell(Set<URL> urls, Consumer<String> output) throws URISyntaxException, IOException {
    // we don't try to be sneaky and use deprecated/internal/not portable stuff
    // like sun.boot.class.path, and with jigsaw we don't yet have a way to get
    // a "list" at all. So just exclude any elements underneath the java home
    String javaHome = System.getProperty("java.home");
    output.accept("java.home: " + javaHome);
    final Map<String, Path> clazzes = new HashMap<>(32768);
    Set<Path> seenJars = new HashSet<>();
    for (final URL url : urls) {
        final Path path = PathUtils.get(url.toURI());
        // exclude system resources
        if (path.startsWith(javaHome)) {
            output.accept("excluding system resource: " + path);
            continue;
        }
        if (path.toString().endsWith(".jar")) {
            if (!seenJars.add(path)) {
                throw new IllegalStateException("jar hell!" + System.lineSeparator() + "duplicate jar on classpath: " + path);
            }
            output.accept("examining jar: " + path);
            try (JarFile file = new JarFile(path.toString())) {
                Manifest manifest = file.getManifest();
                if (manifest != null) {
                    checkManifest(manifest, path);
                }
                // inspect entries
                Enumeration<JarEntry> elements = file.entries();
                while (elements.hasMoreElements()) {
                    String entry = elements.nextElement().getName();
                    if (entry.endsWith(".class")) {
                        // for jar format, the separator is defined as /
                        entry = entry.replace('/', '.').substring(0, entry.length() - 6);
                        checkClass(clazzes, entry, path);
                    }
                }
            }
        } else {
            output.accept("examining directory: " + path);
            // case for tests: where we have class files in the classpath
            final Path root = PathUtils.get(url.toURI());
            final String sep = root.getFileSystem().getSeparator();
            // gradle will add these to the classpath even if they never get created
            if (Files.exists(root)) {
                Files.walkFileTree(root, new SimpleFileVisitor<Path>() {

                    @Override
                    public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
                        String entry = root.relativize(file).toString();
                        if (entry.endsWith(".class")) {
                            // normalize with the os separator, remove '.class'
                            entry = entry.replace(sep, ".").substring(0, entry.length() - ".class".length());
                            checkClass(clazzes, entry, path);
                        }
                        return super.visitFile(file, attrs);
                    }
                });
            }
        }
    }
}
Also used : Path(java.nio.file.Path) HashMap(java.util.HashMap) FileVisitResult(java.nio.file.FileVisitResult) IOException(java.io.IOException) JarFile(java.util.jar.JarFile) Manifest(java.util.jar.Manifest) JarEntry(java.util.jar.JarEntry) URL(java.net.URL) BasicFileAttributes(java.nio.file.attribute.BasicFileAttributes) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) SuppressForbidden(org.opensearch.common.SuppressForbidden)

Example 4 with SuppressForbidden

use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.

the class JarHell method parseClassPath.

/**
 * Parses the classpath into a set of URLs. For testing.
 * @param classPath classpath to parse (typically the system property {@code java.class.path})
 * @return array of URLs
 * @throws IllegalStateException if the classpath contains empty elements
 */
@SuppressForbidden(reason = "resolves against CWD because that is how classpaths work")
static Set<URL> parseClassPath(String classPath) {
    String pathSeparator = System.getProperty("path.separator");
    String fileSeparator = System.getProperty("file.separator");
    String[] elements = classPath.split(pathSeparator);
    // order is already lost, but some filesystems have it
    Set<URL> urlElements = new LinkedHashSet<>();
    for (String element : elements) {
        // Instead we just throw an exception, and keep it clean.
        if (element.isEmpty()) {
            throw new IllegalStateException("Classpath should not contain empty elements! (outdated shell script from a previous" + " version?) classpath='" + classPath + "'");
        }
        // specification which java seems to allow, explicitly, right here...
        if (element.startsWith("/") && "\\".equals(fileSeparator)) {
            // "correct" the entry to become a normal entry
            // change to correct file separators
            element = element.replace("/", "\\");
            // if there is a drive letter, nuke the leading separator
            if (element.length() >= 3 && element.charAt(2) == ':') {
                element = element.substring(1);
            }
        }
        // now just parse as ordinary file
        try {
            if (element.equals("/")) {
                // Eclipse adds this to the classpath when running unit tests...
                continue;
            }
            URL url = PathUtils.get(element).toUri().toURL();
            // junit4.childvm.count
            if (urlElements.add(url) == false && element.endsWith(".jar")) {
                throw new IllegalStateException("jar hell!" + System.lineSeparator() + "duplicate jar [" + element + "] on classpath: " + classPath);
            }
        } catch (MalformedURLException e) {
            // should not happen, as we use the filesystem API
            throw new RuntimeException(e);
        }
    }
    return Collections.unmodifiableSet(urlElements);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) MalformedURLException(java.net.MalformedURLException) URL(java.net.URL) SuppressForbidden(org.opensearch.common.SuppressForbidden)

Example 5 with SuppressForbidden

use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.

the class DetectEsInstallationTask method fetchInfoFromUrl.

@SuppressForbidden(reason = "Retrieve information on the installation.")
private Map<?, ?> fetchInfoFromUrl(final String url) {
    try {
        final URL esUrl = new URL(url);
        final HttpURLConnection conn = (HttpURLConnection) esUrl.openConnection();
        conn.setRequestMethod("GET");
        conn.setConnectTimeout(1000);
        conn.connect();
        final StringBuilder json = new StringBuilder();
        final Scanner scanner = new Scanner(esUrl.openStream());
        while (scanner.hasNext()) {
            json.append(scanner.nextLine());
        }
        scanner.close();
        final ObjectMapper mapper = new ObjectMapper();
        return mapper.readValue(json.toString(), Map.class);
    } catch (IOException e) {
        throw new RuntimeException("Error retrieving elasticsearch cluster info, " + e);
    }
}
Also used : Scanner(java.util.Scanner) HttpURLConnection(java.net.HttpURLConnection) IOException(java.io.IOException) URL(java.net.URL) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SuppressForbidden(org.opensearch.common.SuppressForbidden)

Aggregations

SuppressForbidden (org.opensearch.common.SuppressForbidden)42 URL (java.net.URL)17 Path (java.nio.file.Path)13 IOException (java.io.IOException)12 FilePermission (java.io.FilePermission)8 HttpURLConnection (java.net.HttpURLConnection)6 Settings (org.opensearch.common.settings.Settings)6 File (java.io.File)5 Permissions (java.security.Permissions)5 HashMap (java.util.HashMap)5 URLConnection (java.net.URLConnection)4 ProtectionDomain (java.security.ProtectionDomain)4 ArrayList (java.util.ArrayList)4 LinkedHashSet (java.util.LinkedHashSet)4 Matchers.containsString (org.hamcrest.Matchers.containsString)4 InputStream (java.io.InputStream)3 CodeSource (java.security.CodeSource)3 PermissionCollection (java.security.PermissionCollection)3 Policy (java.security.Policy)3 HashSet (java.util.HashSet)3