Third party audit improovements (#36167)
- fix up to date checks to ignore elasticsearch jars. We were not scanning them but these still triggered a rebuild. - add tests to assert correct behavior and up to date checks. - make the task less verbose with `-i` and include the output only on errors.
This commit is contained in:
parent
c00d0fc814
commit
09a9e2236c
|
@ -24,13 +24,16 @@ import org.gradle.api.DefaultTask;
|
||||||
import org.gradle.api.GradleException;
|
import org.gradle.api.GradleException;
|
||||||
import org.gradle.api.JavaVersion;
|
import org.gradle.api.JavaVersion;
|
||||||
import org.gradle.api.artifacts.Configuration;
|
import org.gradle.api.artifacts.Configuration;
|
||||||
import org.gradle.api.file.FileCollection;
|
import org.gradle.api.artifacts.Dependency;
|
||||||
import org.gradle.api.file.FileTree;
|
import org.gradle.api.file.FileTree;
|
||||||
|
import org.gradle.api.specs.Spec;
|
||||||
|
import org.gradle.api.tasks.CacheableTask;
|
||||||
import org.gradle.api.tasks.Input;
|
import org.gradle.api.tasks.Input;
|
||||||
import org.gradle.api.tasks.InputFile;
|
import org.gradle.api.tasks.InputFile;
|
||||||
import org.gradle.api.tasks.InputFiles;
|
import org.gradle.api.tasks.InputFiles;
|
||||||
|
import org.gradle.api.tasks.Optional;
|
||||||
import org.gradle.api.tasks.OutputDirectory;
|
import org.gradle.api.tasks.OutputDirectory;
|
||||||
import org.gradle.api.tasks.StopExecutionException;
|
import org.gradle.api.tasks.SkipWhenEmpty;
|
||||||
import org.gradle.api.tasks.TaskAction;
|
import org.gradle.api.tasks.TaskAction;
|
||||||
import org.gradle.process.ExecResult;
|
import org.gradle.process.ExecResult;
|
||||||
|
|
||||||
|
@ -49,6 +52,7 @@ import java.util.regex.Pattern;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import java.util.stream.IntStream;
|
import java.util.stream.IntStream;
|
||||||
|
|
||||||
|
@CacheableTask
|
||||||
public class ThirdPartyAuditTask extends DefaultTask {
|
public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
|
|
||||||
private static final Pattern MISSING_CLASS_PATTERN = Pattern.compile(
|
private static final Pattern MISSING_CLASS_PATTERN = Pattern.compile(
|
||||||
|
@ -93,16 +97,8 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
this.signatureFile = signatureFile;
|
this.signatureFile = signatureFile;
|
||||||
}
|
}
|
||||||
|
|
||||||
@InputFiles
|
|
||||||
public Configuration getRuntimeConfiguration() {
|
|
||||||
Configuration runtime = getProject().getConfigurations().findByName("runtime");
|
|
||||||
if (runtime == null) {
|
|
||||||
return getProject().getConfigurations().getByName("testCompile");
|
|
||||||
}
|
|
||||||
return runtime;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Input
|
@Input
|
||||||
|
@Optional
|
||||||
public String getJavaHome() {
|
public String getJavaHome() {
|
||||||
return javaHome;
|
return javaHome;
|
||||||
}
|
}
|
||||||
|
@ -111,11 +107,6 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
this.javaHome = javaHome;
|
this.javaHome = javaHome;
|
||||||
}
|
}
|
||||||
|
|
||||||
@InputFiles
|
|
||||||
public Configuration getCompileOnlyConfiguration() {
|
|
||||||
return getProject().getConfigurations().getByName("compileOnly");
|
|
||||||
}
|
|
||||||
|
|
||||||
@OutputDirectory
|
@OutputDirectory
|
||||||
public File getJarExpandDir() {
|
public File getJarExpandDir() {
|
||||||
return new File(
|
return new File(
|
||||||
|
@ -139,9 +130,29 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
return Collections.unmodifiableSet(excludes);
|
return Collections.unmodifiableSet(excludes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@InputFiles
|
||||||
|
@SkipWhenEmpty
|
||||||
|
public Set<File> getJarsToScan() {
|
||||||
|
// These are SelfResolvingDependency, and some of them backed by file collections, like the Gradle API files,
|
||||||
|
// or dependencies added as `files(...)`, we can't be sure if those are third party or not.
|
||||||
|
// err on the side of scanning these to make sure we don't miss anything
|
||||||
|
Spec<Dependency> reallyThirdParty = dep -> dep.getGroup() != null &&
|
||||||
|
dep.getGroup().startsWith("org.elasticsearch") == false;
|
||||||
|
Set<File> jars = getRuntimeConfiguration()
|
||||||
|
.getResolvedConfiguration()
|
||||||
|
.getFiles(reallyThirdParty);
|
||||||
|
Set<File> compileOnlyConfiguration = getProject().getConfigurations().getByName("compileOnly").getResolvedConfiguration()
|
||||||
|
.getFiles(reallyThirdParty);
|
||||||
|
// don't scan provided dependencies that we already scanned, e.x. don't scan cores dependencies for every plugin
|
||||||
|
if (compileOnlyConfiguration != null) {
|
||||||
|
jars.removeAll(compileOnlyConfiguration);
|
||||||
|
}
|
||||||
|
return jars;
|
||||||
|
}
|
||||||
|
|
||||||
@TaskAction
|
@TaskAction
|
||||||
public void runThirdPartyAudit() throws IOException {
|
public void runThirdPartyAudit() throws IOException {
|
||||||
FileCollection jars = getJarsToScan();
|
Set<File> jars = getJarsToScan();
|
||||||
|
|
||||||
extractJars(jars);
|
extractJars(jars);
|
||||||
|
|
||||||
|
@ -161,14 +172,17 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
|
|
||||||
Set<String> jdkJarHellClasses = runJdkJarHellCheck();
|
Set<String> jdkJarHellClasses = runJdkJarHellCheck();
|
||||||
|
|
||||||
assertNoPointlessExclusions(missingClasses, violationsClasses, jdkJarHellClasses);
|
try {
|
||||||
|
assertNoPointlessExclusions(missingClasses, violationsClasses, jdkJarHellClasses);
|
||||||
assertNoMissingAndViolations(missingClasses, violationsClasses);
|
assertNoMissingAndViolations(missingClasses, violationsClasses);
|
||||||
|
assertNoJarHell(jdkJarHellClasses);
|
||||||
assertNoJarHell(jdkJarHellClasses);
|
} catch (IllegalStateException e) {
|
||||||
|
getLogger().error(forbiddenApisOutput);
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void extractJars(FileCollection jars) {
|
private void extractJars(Set<File> jars) {
|
||||||
File jarExpandDir = getJarExpandDir();
|
File jarExpandDir = getJarExpandDir();
|
||||||
// We need to clean up to make sure old dependencies don't linger
|
// We need to clean up to make sure old dependencies don't linger
|
||||||
getProject().delete(jarExpandDir);
|
getProject().delete(jarExpandDir);
|
||||||
|
@ -209,7 +223,10 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
private void assertNoJarHell(Set<String> jdkJarHellClasses) {
|
private void assertNoJarHell(Set<String> jdkJarHellClasses) {
|
||||||
jdkJarHellClasses.removeAll(excludes);
|
jdkJarHellClasses.removeAll(excludes);
|
||||||
if (jdkJarHellClasses.isEmpty() == false) {
|
if (jdkJarHellClasses.isEmpty() == false) {
|
||||||
throw new IllegalStateException("Jar Hell with the JDK:" + formatClassList(jdkJarHellClasses));
|
throw new IllegalStateException(
|
||||||
|
"Audit of third party dependencies failed:\n" +
|
||||||
|
" Jar Hell with the JDK:\n" + formatClassList(jdkJarHellClasses)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,11 +262,13 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
private String runForbiddenAPIsCli() throws IOException {
|
private String runForbiddenAPIsCli() throws IOException {
|
||||||
ByteArrayOutputStream errorOut = new ByteArrayOutputStream();
|
ByteArrayOutputStream errorOut = new ByteArrayOutputStream();
|
||||||
getProject().javaexec(spec -> {
|
getProject().javaexec(spec -> {
|
||||||
spec.setExecutable(javaHome + "/bin/java");
|
if (javaHome != null) {
|
||||||
|
spec.setExecutable(javaHome + "/bin/java");
|
||||||
|
}
|
||||||
spec.classpath(
|
spec.classpath(
|
||||||
getForbiddenAPIsConfiguration(),
|
getForbiddenAPIsConfiguration(),
|
||||||
getRuntimeConfiguration(),
|
getRuntimeConfiguration(),
|
||||||
getCompileOnlyConfiguration()
|
getProject().getConfigurations().getByName("compileOnly")
|
||||||
);
|
);
|
||||||
spec.setMain("de.thetaphi.forbiddenapis.cli.CliMain");
|
spec.setMain("de.thetaphi.forbiddenapis.cli.CliMain");
|
||||||
spec.args(
|
spec.args(
|
||||||
|
@ -267,26 +286,9 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
try (ByteArrayOutputStream outputStream = errorOut) {
|
try (ByteArrayOutputStream outputStream = errorOut) {
|
||||||
forbiddenApisOutput = outputStream.toString(StandardCharsets.UTF_8.name());
|
forbiddenApisOutput = outputStream.toString(StandardCharsets.UTF_8.name());
|
||||||
}
|
}
|
||||||
if (getLogger().isInfoEnabled()) {
|
|
||||||
getLogger().info(forbiddenApisOutput);
|
|
||||||
}
|
|
||||||
return forbiddenApisOutput;
|
return forbiddenApisOutput;
|
||||||
}
|
}
|
||||||
|
|
||||||
private FileCollection getJarsToScan() {
|
|
||||||
FileCollection jars = getRuntimeConfiguration()
|
|
||||||
.fileCollection(dep -> dep.getGroup().startsWith("org.elasticsearch") == false);
|
|
||||||
Configuration compileOnlyConfiguration = getCompileOnlyConfiguration();
|
|
||||||
// don't scan provided dependencies that we already scanned, e.x. don't scan cores dependencies for every plugin
|
|
||||||
if (compileOnlyConfiguration != null) {
|
|
||||||
jars.minus(compileOnlyConfiguration);
|
|
||||||
}
|
|
||||||
if (jars.isEmpty()) {
|
|
||||||
throw new StopExecutionException("No jars to scan");
|
|
||||||
}
|
|
||||||
return jars;
|
|
||||||
}
|
|
||||||
|
|
||||||
private String formatClassList(Set<String> classList) {
|
private String formatClassList(Set<String> classList) {
|
||||||
return classList.stream()
|
return classList.stream()
|
||||||
.map(name -> " * " + name)
|
.map(name -> " * " + name)
|
||||||
|
@ -304,7 +306,7 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
spec.classpath(
|
spec.classpath(
|
||||||
location.toURI().getPath(),
|
location.toURI().getPath(),
|
||||||
getRuntimeConfiguration(),
|
getRuntimeConfiguration(),
|
||||||
getCompileOnlyConfiguration()
|
getProject().getConfigurations().getByName("compileOnly")
|
||||||
);
|
);
|
||||||
} catch (URISyntaxException e) {
|
} catch (URISyntaxException e) {
|
||||||
throw new AssertionError(e);
|
throw new AssertionError(e);
|
||||||
|
@ -312,7 +314,9 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
spec.setMain(JdkJarHellCheck.class.getName());
|
spec.setMain(JdkJarHellCheck.class.getName());
|
||||||
spec.args(getJarExpandDir());
|
spec.args(getJarExpandDir());
|
||||||
spec.setIgnoreExitValue(true);
|
spec.setIgnoreExitValue(true);
|
||||||
spec.setExecutable(javaHome + "/bin/java");
|
if (javaHome != null) {
|
||||||
|
spec.setExecutable(javaHome + "/bin/java");
|
||||||
|
}
|
||||||
spec.setStandardOutput(standardOut);
|
spec.setStandardOutput(standardOut);
|
||||||
});
|
});
|
||||||
if (execResult.getExitValue() == 0) {
|
if (execResult.getExitValue() == 0) {
|
||||||
|
@ -325,5 +329,11 @@ public class ThirdPartyAuditTask extends DefaultTask {
|
||||||
return new TreeSet<>(Arrays.asList(jdkJarHellCheckList.split("\\r?\\n")));
|
return new TreeSet<>(Arrays.asList(jdkJarHellCheckList.split("\\r?\\n")));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Configuration getRuntimeConfiguration() {
|
||||||
|
Configuration runtime = getProject().getConfigurations().findByName("runtime");
|
||||||
|
if (runtime == null) {
|
||||||
|
return getProject().getConfigurations().getByName("testCompile");
|
||||||
|
}
|
||||||
|
return runtime;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,135 @@
|
||||||
|
package org.elasticsearch.gradle.precommit;
|
||||||
|
|
||||||
|
import org.elasticsearch.gradle.test.GradleIntegrationTestCase;
|
||||||
|
import org.gradle.testkit.runner.BuildResult;
|
||||||
|
import org.junit.Before;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Licensed to Elasticsearch under one or more contributor
|
||||||
|
* license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright
|
||||||
|
* ownership. Elasticsearch licenses this file to you under
|
||||||
|
* the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
public class ThirdPartyAuditTaskIT extends GradleIntegrationTestCase {
|
||||||
|
|
||||||
|
@Before
|
||||||
|
public void setUp() throws Exception {
|
||||||
|
// Build the sample jars
|
||||||
|
getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("build", "-s")
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testElasticsearchIgnored() {
|
||||||
|
BuildResult result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("clean", "empty", "-s",
|
||||||
|
"-PcompileOnlyGroup=elasticsearch.gradle:broken-log4j", "-PcompileOnlyVersion=0.0.1",
|
||||||
|
"-PcompileGroup=elasticsearch.gradle:dummy-io", "-PcompileVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.build();
|
||||||
|
assertTaskNoSource(result, ":empty");
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testWithEmptyRules() {
|
||||||
|
BuildResult result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("clean", "empty", "-s",
|
||||||
|
"-PcompileOnlyGroup=other.gradle:broken-log4j", "-PcompileOnlyVersion=0.0.1",
|
||||||
|
"-PcompileGroup=other.gradle:dummy-io", "-PcompileVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
assertTaskSuccessful(result, ":empty");
|
||||||
|
|
||||||
|
result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("empty", "-s",
|
||||||
|
"-PcompileOnlyGroup=other.gradle:broken-log4j", "-PcompileOnlyVersion=0.0.1",
|
||||||
|
"-PcompileGroup=other.gradle:dummy-io", "-PcompileVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
assertTaskUpToDate(result, ":empty");
|
||||||
|
|
||||||
|
result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("empty", "-s",
|
||||||
|
"-PcompileOnlyGroup=other.gradle:broken-log4j", "-PcompileOnlyVersion=0.0.1",
|
||||||
|
"-PcompileGroup=other.gradle:dummy-io", "-PcompileVersion=0.0.2"
|
||||||
|
)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
assertTaskSuccessful(result, ":empty");
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testViolationFoundAndCompileOnlyIgnored() {
|
||||||
|
BuildResult result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("clean", "absurd", "-s",
|
||||||
|
"-PcompileOnlyGroup=other.gradle:broken-log4j", "-PcompileOnlyVersion=0.0.1",
|
||||||
|
"-PcompileGroup=other.gradle:dummy-io", "-PcompileVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.buildAndFail();
|
||||||
|
|
||||||
|
assertTaskFailed(result, ":absurd");
|
||||||
|
assertOutputContains(result.getOutput(),
|
||||||
|
"> Audit of third party dependencies failed:",
|
||||||
|
" Classes with violations:",
|
||||||
|
" * TestingIO"
|
||||||
|
);
|
||||||
|
assertOutputDoesNotContain(result.getOutput(),"Missing classes:");
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testClassNotFoundAndCompileOnlyIgnored() {
|
||||||
|
BuildResult result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("clean", "absurd", "-s",
|
||||||
|
"-PcompileGroup=other.gradle:broken-log4j", "-PcompileVersion=0.0.1",
|
||||||
|
"-PcompileOnlyGroup=other.gradle:dummy-io", "-PcompileOnlyVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.buildAndFail();
|
||||||
|
assertTaskFailed(result, ":absurd");
|
||||||
|
|
||||||
|
assertOutputContains(result.getOutput(),
|
||||||
|
"> Audit of third party dependencies failed:",
|
||||||
|
" Missing classes:",
|
||||||
|
" * org.apache.logging.log4j.LogManager"
|
||||||
|
);
|
||||||
|
assertOutputDoesNotContain(result.getOutput(), "Classes with violations:");
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testJarHellWithJDK() {
|
||||||
|
BuildResult result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("clean", "absurd", "-s",
|
||||||
|
"-PcompileGroup=other.gradle:jarhellJdk", "-PcompileVersion=0.0.1",
|
||||||
|
"-PcompileOnlyGroup=other.gradle:dummy-io", "-PcompileOnlyVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.buildAndFail();
|
||||||
|
assertTaskFailed(result, ":absurd");
|
||||||
|
|
||||||
|
assertOutputContains(result.getOutput(),
|
||||||
|
"> Audit of third party dependencies failed:",
|
||||||
|
" Jar Hell with the JDK:",
|
||||||
|
" * java.lang.String"
|
||||||
|
);
|
||||||
|
assertOutputDoesNotContain(result.getOutput(), "Classes with violations:");
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testElasticsearchIgnoredWithViolations() {
|
||||||
|
BuildResult result = getGradleRunner("thirdPartyAudit")
|
||||||
|
.withArguments("clean", "absurd", "-s",
|
||||||
|
"-PcompileOnlyGroup=elasticsearch.gradle:broken-log4j", "-PcompileOnlyVersion=0.0.1",
|
||||||
|
"-PcompileGroup=elasticsearch.gradle:dummy-io", "-PcompileVersion=0.0.1"
|
||||||
|
)
|
||||||
|
.build();
|
||||||
|
assertTaskNoSource(result, ":absurd");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -90,6 +90,12 @@ public abstract class GradleIntegrationTestCase extends GradleUnitTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void assertTaskNoSource(BuildResult result, String... taskNames) {
|
||||||
|
for (String taskName : taskNames) {
|
||||||
|
assertTaskOutcome(result, taskName, TaskOutcome.NO_SOURCE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private void assertTaskOutcome(BuildResult result, String taskName, TaskOutcome taskOutcome) {
|
private void assertTaskOutcome(BuildResult result, String taskName, TaskOutcome taskOutcome) {
|
||||||
BuildTask task = result.task(taskName);
|
BuildTask task = result.task(taskName);
|
||||||
if (task == null) {
|
if (task == null) {
|
||||||
|
@ -97,8 +103,8 @@ public abstract class GradleIntegrationTestCase extends GradleUnitTestCase {
|
||||||
"\n\nOutput is:\n" + result.getOutput());
|
"\n\nOutput is:\n" + result.getOutput());
|
||||||
}
|
}
|
||||||
assertEquals(
|
assertEquals(
|
||||||
"Expected task `" + taskName +"` to be successful but it was: " + task.getOutcome() +
|
"Expected task `" + taskName +"` to be " + taskOutcome + " but it was: " + task.getOutcome() +
|
||||||
taskOutcome + "\n\nOutput is:\n" + result.getOutput() ,
|
"\n\nOutput is:\n" + result.getOutput() ,
|
||||||
taskOutcome,
|
taskOutcome,
|
||||||
task.getOutcome()
|
task.getOutcome()
|
||||||
);
|
);
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
import org.elasticsearch.gradle.precommit.ThirdPartyAuditTask
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
id 'java'
|
||||||
|
//just to get build-tools
|
||||||
|
id 'elasticsearch.testclusters'
|
||||||
|
}
|
||||||
|
|
||||||
|
repositories {
|
||||||
|
/**
|
||||||
|
* Local test repo contains dummy jars with different group names and versions.
|
||||||
|
* - broken-log4j creates a log4j logger but has no pom, so the class will be missing
|
||||||
|
* - dummy-io has a class that creates a new java.io.File ( something which third-party-audit-absurd.txt forbids )
|
||||||
|
* - version 0.0.2 has the same class and one extra file just to make the jar different
|
||||||
|
*/
|
||||||
|
maven {
|
||||||
|
url = file("sample_jars/build/testrepo")
|
||||||
|
}
|
||||||
|
jcenter()
|
||||||
|
}
|
||||||
|
|
||||||
|
configurations.create("forbiddenApisCliJar")
|
||||||
|
|
||||||
|
dependencies {
|
||||||
|
forbiddenApisCliJar 'de.thetaphi:forbiddenapis:2.6'
|
||||||
|
compileOnly "org.${project.properties.compileOnlyGroup}:${project.properties.compileOnlyVersion}"
|
||||||
|
compile "org.${project.properties.compileGroup}:${project.properties.compileVersion}"
|
||||||
|
}
|
||||||
|
|
||||||
|
task empty(type: ThirdPartyAuditTask) {
|
||||||
|
targetCompatibility = JavaVersion.VERSION_11
|
||||||
|
signatureFile = file('third-party-audit-empty.txt')
|
||||||
|
}
|
||||||
|
|
||||||
|
task absurd(type: ThirdPartyAuditTask) {
|
||||||
|
targetCompatibility = JavaVersion.VERSION_11
|
||||||
|
signatureFile = file('third-party-audit-absurd.txt')
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
plugins {
|
||||||
|
id 'java'
|
||||||
|
}
|
||||||
|
repositories {
|
||||||
|
mavenCentral()
|
||||||
|
}
|
||||||
|
dependencies {
|
||||||
|
compile 'org.apache.logging.log4j:log4j-core:2.11.1'
|
||||||
|
}
|
||||||
|
|
||||||
|
// Tests have to clean mid-test but we don't want the sample jars to go away
|
||||||
|
clean.enabled = false
|
||||||
|
|
||||||
|
["0.0.1", "0.0.2"].forEach { v ->
|
||||||
|
["elasticsearch", "other"].forEach { p ->
|
||||||
|
task "dummy-${p}-${v}"(type: Jar) {
|
||||||
|
destinationDir = file("${buildDir}/testrepo/org/${p}/gradle/dummy-io/${v}/")
|
||||||
|
archiveName = "dummy-io-${v}.jar"
|
||||||
|
from sourceSets.main.output
|
||||||
|
include "**/TestingIO.class"
|
||||||
|
if (v == "0.0.2") {
|
||||||
|
manifest {
|
||||||
|
attributes(
|
||||||
|
"X-Different": "Different manifest, different jar"
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
build.dependsOn("dummy-${p}-${v}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
["0.0.1"].forEach { v ->
|
||||||
|
["elasticsearch", "other"].forEach { p ->
|
||||||
|
task "broken-log4j-${p}-${v}"(type: Jar) {
|
||||||
|
destinationDir = file("${buildDir}/testrepo/org/${p}/gradle/broken-log4j/${v}/")
|
||||||
|
archiveName = "broken-log4j-${v}.jar"
|
||||||
|
from sourceSets.main.output
|
||||||
|
include "**/TestingLog4j.class"
|
||||||
|
}
|
||||||
|
build.dependsOn("broken-log4j-${p}-${v}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task jarhellJdk(type: Jar) {
|
||||||
|
destinationDir = file("${buildDir}/testrepo/org/other/gradle/jarhellJdk/0.0.1/")
|
||||||
|
archiveName = "jarhellJdk-0.0.1.jar"
|
||||||
|
from sourceSets.main.output
|
||||||
|
include "**/String.class"
|
||||||
|
into "java/lang"
|
||||||
|
build.dependsOn("jarhellJdk")
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
class String {
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
import java.io.File;
|
||||||
|
|
||||||
|
public class TestingIO {
|
||||||
|
public TestingIO() {
|
||||||
|
new File("foo");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
import org.apache.logging.log4j.LogManager;
|
||||||
|
|
||||||
|
public class TestingLog4j {
|
||||||
|
public TestingLog4j() {
|
||||||
|
LogManager.getLogger();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
include 'sample_jars'
|
|
@ -0,0 +1,2 @@
|
||||||
|
@defaultMessage non-public internal runtime class
|
||||||
|
java.io.**
|
|
@ -0,0 +1 @@
|
||||||
|
@defaultMessage non-public internal runtime class
|
Loading…
Reference in New Issue