honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix classpath security checks for external tests. (#33066) 

This commit checks that when we manually add a class to
the codebase map, that it does in-fact not exist on the classpath
in a jar.  This will only be true if we are using the test framework
externally such as when a user develops a plugin.
This commit is contained in:
Matt Weber 2018-08-29 12:19:58 -07:00 committed by Ryan Ernst
parent cfc003d485
commit 92bd7242a3
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
test/framework/src/main/java/org/elasticsearch/bootstrap/BootstrapForTesting.java
View File

@ -177,8 +177,11 @@ public class BootstrapForTesting {
private static void addClassCodebase(Map<String, URL> codebases, String name, String classname) {
try {
Class<?> clazz = BootstrapForTesting.class.getClassLoader().loadClass(classname);
if (codebases.put(name, clazz.getProtectionDomain().getCodeSource().getLocation()) != null) {
throw new IllegalStateException("Already added " + name + " codebase for testing");
URL location = clazz.getProtectionDomain().getCodeSource().getLocation();
if (location.toString().endsWith(".jar") == false) {
if (codebases.put(name, location) != null) {
throw new IllegalStateException("Already added " + name + " codebase for testing");
}
}
} catch (ClassNotFoundException e) {
// no class, fall through to not add. this can happen for any tests that do not include