use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.
the class JarHell method checkJarHell.
/**
* Checks the set of URLs for duplicate classes
* @param urls A set of URLs from the classpath to be checked for conflicting jars
* @param output A {@link String} {@link Consumer} to which debug output will be sent
* @throws IllegalStateException if jar hell was found
*/
@SuppressForbidden(reason = "needs JarFile for speed, just reading entries")
public static void checkJarHell(Set<URL> urls, Consumer<String> output) throws URISyntaxException, IOException {
// we don't try to be sneaky and use deprecated/internal/not portable stuff
// like sun.boot.class.path, and with jigsaw we don't yet have a way to get
// a "list" at all. So just exclude any elements underneath the java home
String javaHome = System.getProperty("java.home");
output.accept("java.home: " + javaHome);
final Map<String, Path> clazzes = new HashMap<>(32768);
Set<Path> seenJars = new HashSet<>();
for (final URL url : urls) {
final Path path = PathUtils.get(url.toURI());
// exclude system resources
if (path.startsWith(javaHome)) {
output.accept("excluding system resource: " + path);
continue;
}
if (path.toString().endsWith(".jar")) {
if (!seenJars.add(path)) {
throw new IllegalStateException("jar hell!" + System.lineSeparator() + "duplicate jar on classpath: " + path);
}
output.accept("examining jar: " + path);
try (JarFile file = new JarFile(path.toString())) {
Manifest manifest = file.getManifest();
if (manifest != null) {
checkManifest(manifest, path);
}
// inspect entries
Enumeration<JarEntry> elements = file.entries();
while (elements.hasMoreElements()) {
String entry = elements.nextElement().getName();
if (entry.endsWith(".class")) {
// for jar format, the separator is defined as /
entry = entry.replace('/', '.').substring(0, entry.length() - 6);
checkClass(clazzes, entry, path);
}
}
}
} else {
output.accept("examining directory: " + path);
// case for tests: where we have class files in the classpath
final Path root = PathUtils.get(url.toURI());
final String sep = root.getFileSystem().getSeparator();
// gradle will add these to the classpath even if they never get created
if (Files.exists(root)) {
Files.walkFileTree(root, new SimpleFileVisitor<Path>() {
@Override
public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
String entry = root.relativize(file).toString();
if (entry.endsWith(".class")) {
// normalize with the os separator, remove '.class'
entry = entry.replace(sep, ".").substring(0, entry.length() - ".class".length());
checkClass(clazzes, entry, path);
}
return super.visitFile(file, attrs);
}
});
}
}
}
}
use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.
the class JdkJarHellCheck method main.
@SuppressForbidden(reason = "command line tool")
public static void main(String[] argv) throws IOException {
JdkJarHellCheck checker = new JdkJarHellCheck();
for (String location : argv) {
Path path = Paths.get(location);
if (Files.exists(path) == false) {
throw new IllegalArgumentException("Path does not exist: " + path);
}
checker.scanForJDKJarHell(path);
}
if (checker.getDetected().isEmpty()) {
System.exit(0);
} else {
checker.getDetected().forEach(System.out::println);
System.exit(1);
}
}
use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.
the class ContextDocGenerator method resetRootDir.
@SuppressForbidden(reason = "resolve api docs directory with environment")
private static Path resetRootDir() throws IOException {
Path rootDir = PathUtils.get("../../docs/painless/painless-api-reference");
IOUtils.rm(rootDir);
Files.createDirectories(rootDir);
return rootDir;
}
use of org.opensearch.common.SuppressForbidden in project job-scheduler by opensearch-project.
the class IntervalSchedule method runningOnTime.
@SuppressForbidden(reason = "Ignore forbidden api Math.abs()")
@Override
public Boolean runningOnTime(Instant lastExecutionTime) {
if (lastExecutionTime == null) {
return true;
}
long enabledTimeEpochMillis = this.startTimeWithDelay.toEpochMilli();
Instant now = this.clock.instant();
long expectedMillisSinceLastExecution = (now.toEpochMilli() - enabledTimeEpochMillis) % this.intervalInMillis;
if (expectedMillisSinceLastExecution < 1000) {
expectedMillisSinceLastExecution = this.intervalInMillis + expectedMillisSinceLastExecution;
}
long expectedLastExecutionTime = now.toEpochMilli() - expectedMillisSinceLastExecution;
long expectedCurrentExecutionTime = expectedLastExecutionTime + this.intervalInMillis;
return Math.abs(lastExecutionTime.toEpochMilli() - expectedLastExecutionTime) < 1000 || Math.abs(lastExecutionTime.toEpochMilli() - expectedCurrentExecutionTime) < 1000;
}
use of org.opensearch.common.SuppressForbidden in project OpenSearch by opensearch-project.
the class EvilSecurityTests method assertExactPermissions.
/**
* checks exact file permissions, meaning those and only those for that path.
*/
@SuppressForbidden(reason = "to create FilePermission object")
static void assertExactPermissions(FilePermission expected, PermissionCollection actual) {
// see javadocs
String target = expected.getName();
Set<String> permissionSet = asSet(expected.getActions().split(","));
boolean read = permissionSet.remove("read");
boolean readlink = permissionSet.remove("readlink");
boolean write = permissionSet.remove("write");
boolean delete = permissionSet.remove("delete");
boolean execute = permissionSet.remove("execute");
assertTrue("unrecognized permission: " + permissionSet, permissionSet.isEmpty());
assertEquals(read, actual.implies(new FilePermission(target, "read")));
assertEquals(readlink, actual.implies(new FilePermission(target, "readlink")));
assertEquals(write, actual.implies(new FilePermission(target, "write")));
assertEquals(delete, actual.implies(new FilePermission(target, "delete")));
assertEquals(execute, actual.implies(new FilePermission(target, "execute")));
}
Aggregations