mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-20 20:08:56 +00:00
Merge branch 'master' into feature/multi_cluster_search
This commit is contained in:
Simon Willnauer
commit
3f784a4424
@ -85,12 +85,6 @@ import java.util.Map;
|
|||||||
* cleanups to the scripting apis). But still it can provide some defense for users
|
* cleanups to the scripting apis). But still it can provide some defense for users
|
||||||
* that enable dynamic scripting without being fully aware of the consequences.
|
* that enable dynamic scripting without being fully aware of the consequences.
|
||||||
* <br>
|
* <br>
|
||||||
* <h1>Disabling Security</h1>
|
|
||||||
* SecurityManager can be disabled completely with this setting:
|
|
||||||
* <pre>
|
|
||||||
* es.security.manager.enabled = false
|
|
||||||
* </pre>
|
|
||||||
* <br>
|
|
||||||
* <h1>Debugging Security</h1>
|
* <h1>Debugging Security</h1>
|
||||||
* A good place to start when there is a problem is to turn on security debugging:
|
* A good place to start when there is a problem is to turn on security debugging:
|
||||||
* <pre>
|
* <pre>
|
||||||
|
|||||||
@ -97,7 +97,7 @@ public class MetaDataDeleteIndexService extends AbstractComponent {
|
|||||||
final int previousGraveyardSize = graveyardBuilder.tombstones().size();
|
final int previousGraveyardSize = graveyardBuilder.tombstones().size();
|
||||||
for (final Index index : indices) {
|
for (final Index index : indices) {
|
||||||
String indexName = index.getName();
|
String indexName = index.getName();
|
||||||
logger.debug("[{}] deleting index", index);
|
logger.info("{} deleting index", index);
|
||||||
routingTableBuilder.remove(indexName);
|
routingTableBuilder.remove(indexName);
|
||||||
clusterBlocksBuilder.removeIndexBlocks(indexName);
|
clusterBlocksBuilder.removeIndexBlocks(indexName);
|
||||||
metaDataBuilder.remove(indexName);
|
metaDataBuilder.remove(indexName);
|
||||||
|
|||||||
@ -141,46 +141,6 @@ public class EvilLoggerTests extends ESTestCase {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public void testLog4jShutdownHack() {
|
|
||||||
final AtomicBoolean denied = new AtomicBoolean();
|
|
||||||
final SecurityManager sm = System.getSecurityManager();
|
|
||||||
try {
|
|
||||||
System.setSecurityManager(new SecurityManager() {
|
|
||||||
@Override
|
|
||||||
public void checkPermission(Permission perm) {
|
|
||||||
// just grant all permissions to Log4j, except we deny MBeanServerPermission
|
|
||||||
// "createMBeanServer" as this will trigger the Log4j bug
|
|
||||||
if (perm instanceof MBeanServerPermission && "createMBeanServer".equals(perm.getName())) {
|
|
||||||
// without the hack in place, Log4j will try to get an MBean server which we will deny
|
|
||||||
// with the hack in place, this permission should never be requested by Log4j
|
|
||||||
denied.set(true);
|
|
||||||
throw new AccessControlException("denied");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void checkPropertyAccess(String key) {
|
|
||||||
/*
|
|
||||||
* grant access to all properties; this is so that Log4j can check if its usage
|
|
||||||
* of JMX is disabled or not by reading log4j2.disable.jmx but there are other
|
|
||||||
* properties that Log4j will try to read as well and its simpler to just grant
|
|
||||||
* them all
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
// this will trigger the bug without the hack
|
|
||||||
LoggerContext context = (LoggerContext) LogManager.getContext(false);
|
|
||||||
Configurator.shutdown(context);
|
|
||||||
|
|
||||||
// Log4j should have never requested permissions to create an MBean server
|
|
||||||
assertFalse(denied.get());
|
|
||||||
} finally {
|
|
||||||
System.setSecurityManager(sm);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void setupLogging(final String config) throws IOException, UserException {
|
private void setupLogging(final String config) throws IOException, UserException {
|
||||||
final Path configDir = getDataPath(config);
|
final Path configDir = getDataPath(config);
|
||||||
// need to set custom path.conf so we can use a custom log4j2.properties file for the test
|
// need to set custom path.conf so we can use a custom log4j2.properties file for the test
|
||||||
|
|||||||
@ -1605,7 +1605,7 @@ public abstract class AbstractSimpleTransportTestCase extends ESTestCase {
|
|||||||
latch.await();
|
latch.await();
|
||||||
serviceA.removeConnectionListener(waitForConnection);
|
serviceA.removeConnectionListener(waitForConnection);
|
||||||
serviceB.removeConnectionListener(waitForConnection);
|
serviceB.removeConnectionListener(waitForConnection);
|
||||||
serviceB.removeConnectionListener(waitForConnection);
|
serviceC.removeConnectionListener(waitForConnection);
|
||||||
|
|
||||||
|
|
||||||
Map<TransportService, DiscoveryNode> toNodeMap = new HashMap<>();
|
Map<TransportService, DiscoveryNode> toNodeMap = new HashMap<>();
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user