From a6ba351fb2f2a7b4d8fa14bdc9127bc3a2b0f95a Mon Sep 17 00:00:00 2001 From: Robert Muir Date: Tue, 8 Dec 2015 08:04:11 -0500 Subject: [PATCH] punch thru symlinks when loading plugins/modules this ensures the codebase URL matches the permission grant (see matching toRealPath in Security.java) in the case of symlinks or other shenanigans. this is best effort, if we really want to support symlinks in any way, we need e.g. qa or vagrant tests that configure a bunch of symlinks for things and ensure that in jenkins. this should be easier to do with gradle, as we can just create a symlink'd home if we want --- .../main/java/org/elasticsearch/plugins/PluginsService.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/plugins/PluginsService.java b/core/src/main/java/org/elasticsearch/plugins/PluginsService.java index 4cd5f114616..5ebd43d5026 100644 --- a/core/src/main/java/org/elasticsearch/plugins/PluginsService.java +++ b/core/src/main/java/org/elasticsearch/plugins/PluginsService.java @@ -316,7 +316,8 @@ public class PluginsService extends AbstractComponent { // gather urls for jar files try (DirectoryStream jarStream = Files.newDirectoryStream(module, "*.jar")) { for (Path jar : jarStream) { - bundle.urls.add(jar.toUri().toURL()); + // normalize with toRealPath to get symlinks out of our hair + bundle.urls.add(jar.toRealPath().toUri().toURL()); } } bundles.add(bundle); @@ -357,7 +358,8 @@ public class PluginsService extends AbstractComponent { // a jvm plugin: gather urls for jar files try (DirectoryStream jarStream = Files.newDirectoryStream(plugin, "*.jar")) { for (Path jar : jarStream) { - urls.add(jar.toUri().toURL()); + // normalize with toRealPath to get symlinks out of our hair + urls.add(jar.toRealPath().toUri().toURL()); } } }