LUCENE-4206: Allow check-forbidden-apis to also investigate calls to subclasses of forbidden APIs

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1359827 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Uwe Schindler 2012-07-10 18:32:31 +00:00
parent 3042e69056
commit 0446940b7d
2 changed files with 243 additions and 159 deletions

View File

@ -65,11 +65,11 @@ Build
* LUCENE-4115: JAR resolution/ cleanup should be done automatically for ant * LUCENE-4115: JAR resolution/ cleanup should be done automatically for ant
clean/ eclipse/ resolve (Dawid Weiss) clean/ eclipse/ resolve (Dawid Weiss)
* LUCENE-4199, LUCENE-4202: Add a new target "check-forbidden-apis", that * LUCENE-4199, LUCENE-4202, LUCENE-4206: Add a new target "check-forbidden-apis"
parses all generated .class files for use of APIs that use default charset, that parses all generated .class files for use of APIs that use default
default locale, or default timezone and fail build if violations found. This charset, default locale, or default timezone and fail build if violations
ensures, that Lucene / Solr is independent on local configuration options. found. This ensures, that Lucene / Solr is independent on local configuration
(Uwe Schindler, Robert Muir, Dawid Weiss) options. (Uwe Schindler, Robert Muir, Dawid Weiss)
Documentation Documentation

View File

@ -20,13 +20,11 @@ package org.apache.lucene.validation;
import org.objectweb.asm.ClassReader; import org.objectweb.asm.ClassReader;
import org.objectweb.asm.Label; import org.objectweb.asm.Label;
import org.objectweb.asm.ClassVisitor; import org.objectweb.asm.ClassVisitor;
import org.objectweb.asm.FieldVisitor;
import org.objectweb.asm.MethodVisitor; import org.objectweb.asm.MethodVisitor;
import org.objectweb.asm.Opcodes; import org.objectweb.asm.Opcodes;
import org.objectweb.asm.Type; import org.objectweb.asm.Type;
import org.objectweb.asm.commons.Method; import org.objectweb.asm.commons.Method;
import org.objectweb.asm.tree.ClassNode;
import org.objectweb.asm.tree.FieldNode;
import org.objectweb.asm.tree.MethodNode;
import org.apache.tools.ant.AntClassLoader; import org.apache.tools.ant.AntClassLoader;
import org.apache.tools.ant.BuildException; import org.apache.tools.ant.BuildException;
@ -50,12 +48,14 @@ import java.io.Reader;
import java.io.File; import java.io.File;
import java.io.StringReader; import java.io.StringReader;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections;
import java.util.Formatter; import java.util.Formatter;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.HashSet;
import java.util.Set;
/** /**
* Task to check if a set of class files contains calls to forbidden APIs * Task to check if a set of class files contains calls to forbidden APIs
@ -70,21 +70,26 @@ public class ForbiddenApisCheckTask extends Task {
private final Resources apiSignatures = new Resources(); private final Resources apiSignatures = new Resources();
private Path classpath = null; private Path classpath = null;
private final Map<String,ClassNode> classCache = new HashMap<String,ClassNode>(); ClassLoader loader = null;
private final Map<String,String> forbiddenFields = new HashMap<String,String>();
private final Map<String,String> forbiddenMethods = new HashMap<String,String>();
private final Map<String,String> forbiddenClasses = new HashMap<String,String>();
/** Reads a class (binary name) from the given {@link ClassLoader}. final Map<String,ClassSignatureLookup> classesToCheck = new HashMap<String,ClassSignatureLookup>();
*/ final Map<String,ClassSignatureLookup> classpathClassCache = new HashMap<String,ClassSignatureLookup>();
private ClassReader readClass(final ClassLoader loader, final String clazz) throws BuildException {
final Map<String,String> forbiddenFields = new HashMap<String,String>();
final Map<String,String> forbiddenMethods = new HashMap<String,String>();
final Map<String,String> forbiddenClasses = new HashMap<String,String>();
/** Reads a class (binary name) from the given {@link ClassLoader}. */
ClassSignatureLookup getClassFromClassLoader(final String clazz) throws BuildException {
ClassSignatureLookup c = classpathClassCache.get(clazz);
if (c == null) {
try { try {
final InputStream in = loader.getResourceAsStream(clazz.replace('.', '/') + ".class"); final InputStream in = loader.getResourceAsStream(clazz.replace('.', '/') + ".class");
if (in == null) { if (in == null) {
throw new BuildException("Loading of class " + clazz + " failed: Not found"); throw new BuildException("Loading of class " + clazz + " failed: Not found");
} }
try { try {
return new ClassReader(in); classpathClassCache.put(clazz, c = new ClassSignatureLookup(new ClassReader(in)));
} finally { } finally {
in.close(); in.close();
} }
@ -92,9 +97,11 @@ public class ForbiddenApisCheckTask extends Task {
throw new BuildException("Loading of class " + clazz + " failed.", ioe); throw new BuildException("Loading of class " + clazz + " failed.", ioe);
} }
} }
return c;
}
/** Adds the method signature to the list of disallowed methods. The Signature is checked against the given ClassLoader. */ /** Adds the method signature to the list of disallowed methods. The Signature is checked against the given ClassLoader. */
private void addSignature(final ClassLoader loader, final String signature) throws BuildException { private void addSignature(final String signature) throws BuildException {
final String clazz, field; final String clazz, field;
final Method method; final Method method;
int p = signature.indexOf('#'); int p = signature.indexOf('#');
@ -123,19 +130,15 @@ public class ForbiddenApisCheckTask extends Task {
field = null; field = null;
} }
// check class & method/field signature, if it is really existent (in classpath), but we don't really load the class into JVM: // check class & method/field signature, if it is really existent (in classpath), but we don't really load the class into JVM:
ClassNode c = classCache.get(clazz); final ClassSignatureLookup c = getClassFromClassLoader(clazz);
if (c == null) {
readClass(loader, clazz).accept(c = new ClassNode(Opcodes.ASM4), ClassReader.SKIP_CODE | ClassReader.SKIP_DEBUG | ClassReader.SKIP_FRAMES);
classCache.put(clazz, c);
}
if (method != null) { if (method != null) {
assert field == null; assert field == null;
// list all methods with this signature: // list all methods with this signature:
boolean found = false; boolean found = false;
for (final MethodNode mn : c.methods) { for (final Method m : c.methods) {
if (mn.name.equals(method.getName()) && Arrays.equals(Type.getArgumentTypes(mn.desc), method.getArgumentTypes())) { if (m.getName().equals(method.getName()) && Arrays.equals(m.getArgumentTypes(), method.getArgumentTypes())) {
found = true; found = true;
forbiddenMethods.put(c.name + '\000' + new Method(mn.name, mn.desc), signature); forbiddenMethods.put(c.reader.getClassName() + '\000' + m, signature);
// don't break when found, as there may be more covariant overrides! // don't break when found, as there may be more covariant overrides!
} }
} }
@ -144,27 +147,19 @@ public class ForbiddenApisCheckTask extends Task {
} }
} else if (field != null) { } else if (field != null) {
assert method == null; assert method == null;
// list all fields to find the right one: if (!c.fields.contains(field)) {
boolean found = false;
for (final FieldNode fld : c.fields) {
if (fld.name.equals(field)) {
found = true;
forbiddenFields.put(c.name + '\000' + fld.name, signature);
break;
}
}
if (!found) {
throw new BuildException("No field found with following name: " + signature); throw new BuildException("No field found with following name: " + signature);
} }
forbiddenFields.put(c.reader.getClassName() + '\000' + field, signature);
} else { } else {
assert field == null && method == null; assert field == null && method == null;
// only add the signature as class name // only add the signature as class name
forbiddenClasses.put(c.name, signature); forbiddenClasses.put(c.reader.getClassName(), signature);
} }
} }
/** Reads a list of API signatures. Closes the Reader when done (on Exception, too)! */ /** Reads a list of API signatures. Closes the Reader when done (on Exception, too)! */
private void parseApiFile(ClassLoader loader, Reader reader) throws IOException { private void parseApiFile(Reader reader) throws IOException {
final BufferedReader r = new BufferedReader(reader); final BufferedReader r = new BufferedReader(reader);
try { try {
String line; String line;
@ -172,26 +167,33 @@ public class ForbiddenApisCheckTask extends Task {
line = line.trim(); line = line.trim();
if (line.length() == 0 || line.startsWith("#")) if (line.length() == 0 || line.startsWith("#"))
continue; continue;
addSignature(loader, line); addSignature(line);
} }
} finally { } finally {
r.close(); r.close();
} }
} }
/** Parses a class given as Resource and checks for valid method invocations */ /** Parses a class given as (FileSet) Resource */
private int checkClass(final Resource res) throws IOException { private ClassReader loadClassFromResource(final Resource res) throws BuildException {
try {
final InputStream stream = res.getInputStream(); final InputStream stream = res.getInputStream();
try { try {
final int[] violations = new int[1]; return new ClassReader(stream);
new ClassReader(stream).accept(new ClassVisitor(Opcodes.ASM4) { } finally {
String className = null, source = null; stream.close();
@Override
public void visit(int version, int access, String name, String signature, String superName, String[] interfaces) {
// save class name in source code format:
this.className = Type.getObjectType(name).getClassName();
} }
} catch (IOException ioe) {
throw new BuildException("IO problem while reading class file " + res, ioe);
}
}
/** Parses a class given as Resource and checks for valid method invocations */
private int checkClass(final ClassReader reader) {
final int[] violations = new int[1];
reader.accept(new ClassVisitor(Opcodes.ASM4) {
final String className = Type.getObjectType(reader.getClassName()).getClassName();
String source = null;
@Override @Override
public void visitSource(String source, String debug) { public void visitSource(String source, String debug) {
@ -203,6 +205,17 @@ public class ForbiddenApisCheckTask extends Task {
return new MethodVisitor(Opcodes.ASM4) { return new MethodVisitor(Opcodes.ASM4) {
private int lineNo = -1; private int lineNo = -1;
private ClassSignatureLookup lookupRelatedClass(String internalName) {
ClassSignatureLookup c = classesToCheck.get(internalName);
if (c == null) try {
c = getClassFromClassLoader(internalName);
} catch (BuildException be) {
// we ignore lookup errors and simply ignore this related class
c = null;
}
return c;
}
private boolean checkClassUse(String owner) { private boolean checkClassUse(String owner) {
final String printout = forbiddenClasses.get(owner); final String printout = forbiddenClasses.get(owner);
if (printout != null) { if (printout != null) {
@ -212,6 +225,76 @@ public class ForbiddenApisCheckTask extends Task {
return false; return false;
} }
private boolean checkMethodAccess(String owner, Method method) {
if (checkClassUse(owner)) {
return true;
}
final String printout = forbiddenMethods.get(owner + '\000' + method);
if (printout != null) {
log("Forbidden method invocation: " + printout, Project.MSG_ERR);
return true;
}
final ClassSignatureLookup c = lookupRelatedClass(owner);
if (c != null && !c.methods.contains(method)) {
final String superName = c.reader.getSuperName();
if (superName != null && checkMethodAccess(superName, method)) {
return true;
}
final String[] interfaces = c.reader.getInterfaces();
if (interfaces != null) {
for (String intf : interfaces) {
if (intf != null && checkMethodAccess(intf, method)) {
return true;
}
}
}
}
return false;
}
private boolean checkFieldAccess(String owner, String field) {
if (checkClassUse(owner)) {
return true;
}
final String printout = forbiddenFields.get(owner + '\000' + field);
if (printout != null) {
log("Forbidden field access: " + printout, Project.MSG_ERR);
return true;
}
final ClassSignatureLookup c = lookupRelatedClass(owner);
if (c != null && !c.fields.contains(field)) {
final String superName = c.reader.getSuperName();
if (superName != null && checkFieldAccess(superName, field)) {
return true;
}
final String[] interfaces = c.reader.getInterfaces();
if (interfaces != null) {
for (String intf : interfaces) {
if (intf != null && checkFieldAccess(intf, field)) {
return true;
}
}
}
}
return false;
}
@Override
public void visitMethodInsn(int opcode, String owner, String name, String desc) {
if (checkMethodAccess(owner, new Method(name, desc))) {
violations[0]++;
reportSourceAndLine();
}
}
@Override
public void visitFieldInsn(int opcode, String owner, String name, String desc) {
if (checkFieldAccess(owner, name)) {
violations[0]++;
reportSourceAndLine();
}
}
private void reportSourceAndLine() { private void reportSourceAndLine() {
final StringBuilder sb = new StringBuilder(" in ").append(className); final StringBuilder sb = new StringBuilder(" in ").append(className);
if (source != null && lineNo >= 0) { if (source != null && lineNo >= 0) {
@ -220,38 +303,6 @@ public class ForbiddenApisCheckTask extends Task {
log(sb.toString(), Project.MSG_ERR); log(sb.toString(), Project.MSG_ERR);
} }
@Override
public void visitMethodInsn(int opcode, String owner, String name, String desc) {
boolean found = checkClassUse(owner);
if (!found) {
final String printout = forbiddenMethods.get(owner + '\000' + new Method(name, desc));
if (printout != null) {
found = true;
log("Forbidden method invocation: " + printout, Project.MSG_ERR);
}
}
if (found) {
violations[0]++;
reportSourceAndLine();
}
}
@Override
public void visitFieldInsn(int opcode, String owner, String name, String desc) {
boolean found = checkClassUse(owner);
if (!found) {
final String printout = forbiddenFields.get(owner + '\000' + name);
if (printout != null) {
found = true;
log("Forbidden field access: " + printout, Project.MSG_ERR);
}
}
if (found) {
violations[0]++;
reportSourceAndLine();
}
}
@Override @Override
public void visitLineNumber(int lineNo, Label start) { public void visitLineNumber(int lineNo, Label start) {
this.lineNo = lineNo; this.lineNo = lineNo;
@ -260,28 +311,26 @@ public class ForbiddenApisCheckTask extends Task {
} }
}, ClassReader.SKIP_FRAMES); }, ClassReader.SKIP_FRAMES);
return violations[0]; return violations[0];
} finally {
stream.close();
}
} }
@Override @Override
public void execute() throws BuildException { public void execute() throws BuildException {
AntClassLoader antLoader = null; AntClassLoader antLoader = null;
try { try {
final ClassLoader loader;
if (classpath != null) { if (classpath != null) {
classpath.setProject(getProject()); classpath.setProject(getProject());
loader = antLoader = getProject().createClassLoader(ClassLoader.getSystemClassLoader(), classpath); this.loader = antLoader = getProject().createClassLoader(ClassLoader.getSystemClassLoader(), classpath);
// force that loading from this class loader is done first, then parent is asked. // force that loading from this class loader is done first, then parent is asked.
// This violates spec, but prevents classes in any system classpath to be used if a local one is available: // This violates spec, but prevents classes in any system classpath to be used if a local one is available:
antLoader.setParentFirst(false); antLoader.setParentFirst(false);
} else { } else {
loader = ClassLoader.getSystemClassLoader(); this.loader = ClassLoader.getSystemClassLoader();
} }
classFiles.setProject(getProject()); classFiles.setProject(getProject());
apiSignatures.setProject(getProject()); apiSignatures.setProject(getProject());
final long start = System.currentTimeMillis();
try { try {
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
Iterator<Resource> iter = (Iterator<Resource>) apiSignatures.iterator(); Iterator<Resource> iter = (Iterator<Resource>) apiSignatures.iterator();
@ -295,10 +344,10 @@ public class ForbiddenApisCheckTask extends Task {
} }
if (r instanceof StringResource) { if (r instanceof StringResource) {
log("Reading inline API signatures...", Project.MSG_INFO); log("Reading inline API signatures...", Project.MSG_INFO);
parseApiFile(loader, new StringReader(((StringResource) r).getValue())); parseApiFile(new StringReader(((StringResource) r).getValue()));
} else { } else {
log("Reading API signatures: " + r, Project.MSG_INFO); log("Reading API signatures: " + r, Project.MSG_INFO);
parseApiFile(loader, new InputStreamReader(r.getInputStream(), "UTF-8")); parseApiFile(new InputStreamReader(r.getInputStream(), "UTF-8"));
} }
} }
} catch (IOException ioe) { } catch (IOException ioe) {
@ -307,15 +356,9 @@ public class ForbiddenApisCheckTask extends Task {
if (forbiddenMethods.isEmpty() && forbiddenClasses.isEmpty()) { if (forbiddenMethods.isEmpty() && forbiddenClasses.isEmpty()) {
throw new BuildException("No API signatures found; use apiFile=, <apiFileSet/>, or inner text to define those!"); throw new BuildException("No API signatures found; use apiFile=, <apiFileSet/>, or inner text to define those!");
} }
} finally {
if (antLoader != null) antLoader.cleanup();
antLoader = null;
}
long start = System.currentTimeMillis(); log("Loading classes to check...", Project.MSG_INFO);
int checked = 0;
int errors = 0;
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
Iterator<Resource> iter = (Iterator<Resource>) classFiles.iterator(); Iterator<Resource> iter = (Iterator<Resource>) classFiles.iterator();
if (!iter.hasNext()) { if (!iter.hasNext()) {
@ -327,22 +370,35 @@ public class ForbiddenApisCheckTask extends Task {
throw new BuildException("Class file does not exist: " + r); throw new BuildException("Class file does not exist: " + r);
} }
try { ClassReader reader = loadClassFromResource(r);
errors += checkClass(r); classesToCheck.put(reader.getClassName(), new ClassSignatureLookup(reader));
} catch (IOException ioe) {
throw new BuildException("IO problem while reading class file " + r, ioe);
} }
checked++;
log("Scanning for API signatures and dependencies...", Project.MSG_INFO);
int errors = 0;
for (final ClassSignatureLookup c : classesToCheck.values()) {
errors += checkClass(c.reader);
} }
log(String.format(Locale.ROOT, log(String.format(Locale.ROOT,
"Scanned %d class file(s) for forbidden API invocations (in %.2fs), %d error(s).", "Scanned %d (and %d related) class file(s) for forbidden API invocations (in %.2fs), %d error(s).",
checked, (System.currentTimeMillis() - start) / 1000.0, errors), classesToCheck.size(), classpathClassCache.size(), (System.currentTimeMillis() - start) / 1000.0, errors),
errors > 0 ? Project.MSG_ERR : Project.MSG_INFO); errors > 0 ? Project.MSG_ERR : Project.MSG_INFO);
if (errors > 0) { if (errors > 0) {
throw new BuildException("Check for forbidden API calls failed, see log."); throw new BuildException("Check for forbidden API calls failed, see log.");
} }
} finally {
this.loader = null;
if (antLoader != null) antLoader.cleanup();
antLoader = null;
classesToCheck.clear();
classpathClassCache.clear();
forbiddenFields.clear();
forbiddenMethods.clear();
forbiddenClasses.clear();
}
} }
/** Set of class files to check */ /** Set of class files to check */
@ -386,4 +442,32 @@ public class ForbiddenApisCheckTask extends Task {
return this.classpath.createPath(); return this.classpath.createPath();
} }
static final class ClassSignatureLookup {
public final ClassReader reader;
public final Set<Method> methods;
public final Set<String> fields;
public ClassSignatureLookup(final ClassReader reader) {
this.reader = reader;
final Set<Method> methods = new HashSet<Method>();
final Set<String> fields = new HashSet<String>();
reader.accept(new ClassVisitor(Opcodes.ASM4) {
@Override
public MethodVisitor visitMethod(int access, String name, String desc, String signature, String[] exceptions) {
final Method m = new Method(name, desc);
methods.add(m);
return null;
}
@Override
public FieldVisitor visitField(int access, String name, String desc, String signature, Object value) {
fields.add(name);
return null;
}
}, ClassReader.SKIP_CODE | ClassReader.SKIP_DEBUG | ClassReader.SKIP_FRAMES);
this.methods = Collections.unmodifiableSet(methods);
this.fields = Collections.unmodifiableSet(fields);
}
}
} }