Split third party audit exclusions by type (#36763)

benchmarks/build.gradle

@@ -53,7 +53,7 @@ forbiddenApisMain.enabled = false
 dependencyLicenses.enabled = false
 dependenciesInfo.enabled = false
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreViolations (
         // these classes intentionally use JDK internal API (and this is ok since the project is maintained by Oracle employees)
         'org.openjdk.jmh.profile.AbstractHotspotProfiler',
         'org.openjdk.jmh.profile.HotspotThreadProfiler',
@@ -62,4 +62,4 @@ thirdPartyAudit.excludes = [
         'org.openjdk.jmh.profile.HotspotMemoryProfiler',
         'org.openjdk.jmh.profile.HotspotRuntimeProfiler',
         'org.openjdk.jmh.util.Utils'
-]
+)

buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java

@@ -51,6 +51,7 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
+import java.util.stream.Stream;
 
 @CacheableTask
 public class ThirdPartyAuditTask extends DefaultTask {
@@ -63,10 +64,11 @@ public class ThirdPartyAuditTask extends DefaultTask {
         "\\s\\sin ([a-zA-Z0-9$.]+) \\(.*\\)"
     );
 
-    /**
+    private Set<String> missingClassExcludes = new TreeSet<>();
-     * patterns for classes to exclude, because we understand their issues
+
-     */
+    private Set<String> violationsExcludes = new TreeSet<>();
-    private Set<String> excludes = new TreeSet<>();
+
+    private Set<String> jdkJarHellExcludes = new TreeSet<>();
 
     private File signatureFile;
 
@@ -115,19 +117,40 @@ public class ThirdPartyAuditTask extends DefaultTask {
         );
     }
 
-    public void setExcludes(String... classes) {
+    public void ignoreMissingClasses(String... classesOrPackages) {
-        excludes.clear();
+        if (classesOrPackages.length == 0) {
+            missingClassExcludes = null;
+            return;
+        }
+        if (missingClassExcludes == null) {
+            missingClassExcludes = new TreeSet<>();
+        }
+        for (String each : classesOrPackages) {
+            missingClassExcludes.add(each);
+        }
+    }
+
+    public void ignoreViolations(String... violatingClasses) {
+        for (String each : violatingClasses) {
+            violationsExcludes.add(each);
+        }
+    }
+
+    public void ignoreJarHellWithJDK(String ...classes) {
         for (String each : classes) {
-            if (each.indexOf('*') != -1) {
+            jdkJarHellExcludes.add(each);
-                throw new IllegalArgumentException("illegal third party audit exclusion: '" + each + "', wildcards are not permitted!");
-            }
-            excludes.add(each);
         }
     }
 
     @Input
-    public Set<String> getExcludes() {
+    public Set<String> getJdkJarHellExcludes() {
-        return Collections.unmodifiableSet(excludes);
+        return jdkJarHellExcludes;
+    }
+
+    @Input
+    @Optional
+    public Set<String> getMissingClassExcludes() {
+        return missingClassExcludes;
     }
 
     @InputFiles
@@ -172,14 +195,55 @@ public class ThirdPartyAuditTask extends DefaultTask {
 
         Set<String> jdkJarHellClasses = runJdkJarHellCheck();
 
-        try {
+        if (missingClassExcludes != null) {
-            assertNoPointlessExclusions(missingClasses, violationsClasses, jdkJarHellClasses);
+            long bogousExcludesCount = Stream.concat(missingClassExcludes.stream(), violationsExcludes.stream())
-            assertNoMissingAndViolations(missingClasses, violationsClasses);
+                .filter(each -> missingClasses.contains(each) == false)
-            assertNoJarHell(jdkJarHellClasses);
+                .filter(each -> violationsClasses.contains(each) == false)
-        } catch (IllegalStateException e) {
+                .count();
-            getLogger().error(forbiddenApisOutput);
+            if (bogousExcludesCount != 0 && bogousExcludesCount == missingClassExcludes.size() + violationsExcludes.size()) {
-            throw e;
+                logForbiddenAPIsOutput(forbiddenApisOutput);
+                throw new IllegalStateException(
+                    "All excluded classes seem to have no issues. " +
+                        "This is sometimes an indication that the check silently failed"
+                );
+            }
+            assertNoPointlessExclusions("are not missing", missingClassExcludes, missingClasses);
+            missingClasses.removeAll(missingClassExcludes);
         }
+        assertNoPointlessExclusions("have no violations", violationsExcludes, violationsClasses);
+        assertNoPointlessExclusions("do not generate jar hell with the JDK", jdkJarHellExcludes, jdkJarHellClasses);
+
+        if (missingClassExcludes == null && (missingClasses.isEmpty() == false)) {
+            getLogger().info(
+                "Found missing classes, but task is configured to ignore all of them:\n {}",
+                formatClassList(missingClasses)
+            );
+            missingClasses.clear();
+        }
+
+        violationsClasses.removeAll(violationsExcludes);
+        if (missingClasses.isEmpty() && violationsClasses.isEmpty()) {
+            getLogger().info("Third party audit passed successfully");
+        } else {
+            logForbiddenAPIsOutput(forbiddenApisOutput);
+            if (missingClasses.isEmpty() == false) {
+                getLogger().error("Missing classes:\n{}", formatClassList(missingClasses));
+            }
+            if(violationsClasses.isEmpty() == false) {
+                getLogger().error("Classes with violations:\n{}", formatClassList(violationsClasses));
+            }
+            throw new IllegalStateException("Audit of third party dependencies failed");
+        }
+
+        assertNoJarHell(jdkJarHellClasses);
+    }
+
+    private void logForbiddenAPIsOutput(String forbiddenApisOutput) {
+        getLogger().error("Forbidden APIs output:\n{}==end of forbidden APIs==", forbiddenApisOutput);
+    }
+
+    private void throwNotConfiguredCorrectlyException() {
+        throw new IllegalArgumentException("Audit of third party dependencies is not configured correctly");
     }
 
     private void extractJars(Set<File> jars) {
@@ -221,7 +285,7 @@ public class ThirdPartyAuditTask extends DefaultTask {
     }
 
     private void assertNoJarHell(Set<String> jdkJarHellClasses) {
-        jdkJarHellClasses.removeAll(excludes);
+        jdkJarHellClasses.removeAll(jdkJarHellExcludes);
         if (jdkJarHellClasses.isEmpty() == false) {
             throw new IllegalStateException(
                 "Audit of third party dependencies failed:\n" +
@@ -230,33 +294,22 @@ public class ThirdPartyAuditTask extends DefaultTask {
         }
     }
 
-    private void assertNoMissingAndViolations(Set<String> missingClasses, Set<String> violationsClasses) {
+    private void assertNoPointlessExclusions(String specifics, Set<String> excludes, Set<String> problematic) {
-        missingClasses.removeAll(excludes);
+        String notMissing = excludes.stream()
-        violationsClasses.removeAll(excludes);
+            .filter(each -> problematic.contains(each) == false)
-        String missingText = formatClassList(missingClasses);
+            .map(each -> "  * " + each)
-        String violationsText = formatClassList(violationsClasses);
+            .collect(Collectors.joining("\n"));
-        if (missingText.isEmpty() && violationsText.isEmpty()) {
+        if (notMissing.isEmpty() == false) {
-            getLogger().info("Third party audit passed successfully");
+            getLogger().error("Unnecessary exclusions, following classes " + specifics + ":\n {}", notMissing);
-        } else {
+            throw new IllegalStateException("Third party audit task is not configured correctly");
-            throw new IllegalStateException(
-                "Audit of third party dependencies failed:\n" +
-                    (missingText.isEmpty() ?  "" : "Missing classes:\n" + missingText) +
-                    (violationsText.isEmpty() ? "" : "Classes with violations:\n" + violationsText)
-            );
         }
     }
 
-    private void assertNoPointlessExclusions(Set<String> missingClasses, Set<String> violationsClasses, Set<String> jdkJarHellClasses) {
+    private String formatClassList(Set<String> classList) {
-        // keep our whitelist up to date
+        return classList.stream()
-        Set<String> bogusExclusions = new TreeSet<>(excludes);
+            .map(name -> "  * " + name)
-        bogusExclusions.removeAll(missingClasses);
+            .sorted()
-        bogusExclusions.removeAll(jdkJarHellClasses);
+            .collect(Collectors.joining("\n"));
-        bogusExclusions.removeAll(violationsClasses);
-        if (bogusExclusions.isEmpty() == false) {
-            throw new IllegalStateException(
-                "Invalid exclusions, nothing is wrong with these classes: " + formatClassList(bogusExclusions)
-            );
-        }
     }
 
     private String runForbiddenAPIsCli() throws IOException {
@@ -289,12 +342,6 @@ public class ThirdPartyAuditTask extends DefaultTask {
         return forbiddenApisOutput;
     }
 
-    private String formatClassList(Set<String> classList) {
-        return classList.stream()
-            .map(name -> "  * " + name)
-            .collect(Collectors.joining("\n"));
-    }
-
     private Set<String> runJdkJarHellCheck() throws IOException {
         ByteArrayOutputStream standardOut = new ByteArrayOutputStream();
         ExecResult execResult = getProject().javaexec(spec -> {

buildSrc/src/test/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTaskIT.java

@@ -81,9 +81,9 @@ public class ThirdPartyAuditTaskIT extends GradleIntegrationTestCase {
 
         assertTaskFailed(result, ":absurd");
         assertOutputContains(result.getOutput(),
-            "> Audit of third party dependencies failed:",
+            "Classes with violations:",
-            "  Classes with violations:",
+            "  * TestingIO",
-            "    * TestingIO"
+            "> Audit of third party dependencies failed"
         );
         assertOutputDoesNotContain(result.getOutput(),"Missing classes:");
     }
@@ -98,9 +98,9 @@ public class ThirdPartyAuditTaskIT extends GradleIntegrationTestCase {
         assertTaskFailed(result, ":absurd");
 
         assertOutputContains(result.getOutput(),
-            "> Audit of third party dependencies failed:",
+            "Missing classes:",
-            "  Missing classes:",
+            "  * org.apache.logging.log4j.LogManager",
-            "    * org.apache.logging.log4j.LogManager"
+            "> Audit of third party dependencies failed"
         );
         assertOutputDoesNotContain(result.getOutput(), "Classes with violations:");
     }

client/rest/build.gradle

@@ -77,7 +77,7 @@ namingConventions {
   skipIntegTestInDisguise = true
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   //commons-logging optional dependencies
   'org.apache.avalon.framework.logger.Logger',
   'org.apache.log.Hierarchy',
@@ -89,4 +89,4 @@ thirdPartyAudit.excludes = [
   //commons-logging provided dependencies
   'javax.servlet.ServletContextEvent',
   'javax.servlet.ServletContextListener'
-]
+)

client/sniffer/build.gradle

@@ -84,7 +84,7 @@ dependencyLicenses {
   }
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   //commons-logging optional dependencies
   'org.apache.avalon.framework.logger.Logger',
   'org.apache.log.Hierarchy',
@@ -96,4 +96,4 @@ thirdPartyAudit.excludes = [
   //commons-logging provided dependencies
   'javax.servlet.ServletContextEvent',
   'javax.servlet.ServletContextListener'
-]
+)

libs/core/build.gradle

@@ -105,7 +105,7 @@ if (isEclipse) {
     }
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
     // from log4j
     'org/osgi/framework/AdaptPermission',
     'org/osgi/framework/AdminPermission',
@@ -116,4 +116,4 @@ thirdPartyAudit.excludes = [
     'org/osgi/framework/SynchronousBundleListener',
     'org/osgi/framework/wiring/BundleWire',
     'org/osgi/framework/wiring/BundleWiring'
-]
+)

libs/grok/build.gradle

@@ -48,9 +48,9 @@ if (isEclipse) {
     }
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
         // joni has AsmCompilerSupport, but that isn't being used:
         'org.objectweb.asm.ClassWriter',
         'org.objectweb.asm.MethodVisitor',
-        'org.objectweb.asm.Opcodes',
+        'org.objectweb.asm.Opcodes'
-]
+)

libs/x-content/build.gradle

@@ -71,10 +71,10 @@ if (isEclipse) {
     }
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
     // from com.fasterxml.jackson.dataformat.yaml.YAMLMapper (jackson-dataformat-yaml)
     'com.fasterxml.jackson.databind.ObjectMapper',
-]
+)
 
 dependencyLicenses {
   mapping from: /jackson-.*/, to: 'jackson'

modules/ingest-geoip/build.gradle

@@ -50,7 +50,7 @@ bundlePlugin {
   }
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // geoip WebServiceClient needs apache http client, but we're not using WebServiceClient:
   'org.apache.http.HttpEntity',
   'org.apache.http.HttpHost',
@@ -66,4 +66,4 @@ thirdPartyAudit.excludes = [
   'org.apache.http.impl.client.CloseableHttpClient',
   'org.apache.http.impl.client.HttpClientBuilder',
   'org.apache.http.util.EntityUtils'
-]
+)

modules/reindex/build.gradle

@@ -62,14 +62,14 @@ dependencies {
   testCompile project(path: ':modules:parent-join', configuration: 'runtime')
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // Commons logging
   'javax.servlet.ServletContextEvent',
   'javax.servlet.ServletContextListener',
   'org.apache.avalon.framework.logger.Logger',
   'org.apache.log.Hierarchy',
   'org.apache.log.Logger',
-]
+)
 
 // Support for testing reindex-from-remote against old Elaticsearch versions
 configurations {

modules/transport-netty4/build.gradle

@@ -63,7 +63,8 @@ integTestRunner {
     systemProperty 'es.set.netty.runtime.available.processors', 'false'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
+    ignoreMissingClasses (
         // classes are missing
 
         // from io.netty.handler.codec.protobuf.ProtobufDecoder (netty)
@@ -143,7 +144,14 @@ thirdPartyAudit.excludes = [
         'org.eclipse.jetty.alpn.ALPN$ServerProvider',
         'org.eclipse.jetty.alpn.ALPN',
 
-        'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator',
+
+        'org.conscrypt.AllocatedBuffer',
+        'org.conscrypt.BufferAllocator',
+        'org.conscrypt.Conscrypt',
+        'org.conscrypt.HandshakeListener'
+   )
+
+   ignoreViolations ( 
         'io.netty.util.internal.PlatformDependent0',
         'io.netty.util.internal.PlatformDependent0$1',
         'io.netty.util.internal.PlatformDependent0$2',
@@ -160,17 +168,14 @@ thirdPartyAudit.excludes = [
         'io.netty.util.internal.shaded.org.jctools.queues.MpscArrayQueueProducerLimitField',
         'io.netty.util.internal.shaded.org.jctools.util.UnsafeAccess',
         'io.netty.util.internal.shaded.org.jctools.util.UnsafeRefArrayAccess',
-
+        'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator'
-        'org.conscrypt.AllocatedBuffer',
+    )
-        'org.conscrypt.BufferAllocator',
+}
-        'org.conscrypt.Conscrypt',
-        'org.conscrypt.HandshakeListener'
-]
 
 if (project.inFipsJvm == false) {
     // BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
     // a FIPS JVM with BouncyCastleFIPS Provider
-    thirdPartyAudit.excludes += [
+    thirdPartyAudit.ignoreMissingClasses (
             'org.bouncycastle.asn1.x500.X500Name'
-    ]
+    )
 }

plugins/analysis-ukrainian/build.gradle

@@ -34,7 +34,7 @@ dependencyLicenses {
   mapping from: /morfologik-.*/, to: 'lucene'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // we don't use the morfologik-fsa polish stemmer
   'morfologik.stemming.polish.PolishStemmer'
-]
+)

plugins/discovery-azure-classic/build.gradle

@@ -91,8 +91,7 @@ dependencyLicenses {
   mapping from: /jaxb-.*/, to: 'jaxb'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
-  // classes are missing
   'javax.servlet.ServletContextEvent', 
   'javax.servlet.ServletContextListener', 
   'org.apache.avalon.framework.logger.Logger', 
@@ -124,12 +123,12 @@ thirdPartyAudit.excludes = [
   'org.osgi.framework.BundleEvent', 
   'org.osgi.framework.SynchronousBundleListener',
   'com.sun.xml.fastinfoset.stax.StAXDocumentParser', 
-  'com.sun.xml.fastinfoset.stax.StAXDocumentSerializer',
+  'com.sun.xml.fastinfoset.stax.StAXDocumentSerializer'
-]
+)
 
 // jarhell with jdk (intentionally, because jaxb was removed from default modules in java 9)
 if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
+  thirdPartyAudit.ignoreJarHellWithJDK (
     'javax.xml.bind.Binder',
     'javax.xml.bind.ContextFinder$1',
     'javax.xml.bind.ContextFinder',
@@ -231,10 +230,9 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
     'javax.xml.bind.util.JAXBSource',
     'javax.xml.bind.util.Messages',
     'javax.xml.bind.util.ValidationEventCollector'
-  ]
+  )
 } else {
-  // jarhell with jdk (intentionally, because we still expect to run again JDK 8)
+  thirdPartyAudit.ignoreMissingClasses (
-  thirdPartyAudit.excludes += [
     'javax.activation.ActivationDataFlavor',
     'javax.activation.DataContentHandler',
     'javax.activation.DataHandler',
@@ -243,5 +241,5 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
     'javax.activation.FileTypeMap',
     'javax.activation.MimeType',
     'javax.activation.MimeTypeParseException',
-  ]
+  )
 }

plugins/discovery-ec2/build.gradle

@@ -79,7 +79,7 @@ check {
   dependsOn 'qa:amazon-ec2:check'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // classes are missing
   'com.amazonaws.jmespath.JmesPathEvaluationVisitor',
   'com.amazonaws.jmespath.JmesPathExpression',
@@ -105,12 +105,12 @@ thirdPartyAudit.excludes = [
   'javax.servlet.ServletContextListener', 
   'org.apache.avalon.framework.logger.Logger', 
   'org.apache.log.Hierarchy', 
-  'org.apache.log.Logger',
+  'org.apache.log.Logger'
-]
+)
 
 if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
+  thirdPartyAudit.ignoreMissingClasses (
     'javax.xml.bind.DatatypeConverter',
     'javax.xml.bind.JAXBContext'
-  ]
+  )
 }

plugins/discovery-gce/build.gradle

@@ -34,7 +34,7 @@ unitTest {
   systemProperty 'tests.artifact', project.name 
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // classes are missing
   'com.google.common.base.Splitter', 
   'com.google.common.collect.Lists', 
@@ -42,5 +42,5 @@ thirdPartyAudit.excludes = [
   'javax.servlet.ServletContextListener', 
   'org.apache.avalon.framework.logger.Logger', 
   'org.apache.log.Hierarchy', 
-  'org.apache.log.Logger',
+  'org.apache.log.Logger'
-]
+)

plugins/repository-azure/build.gradle

@@ -37,23 +37,28 @@ dependencyLicenses {
   mapping from: /stax-.*/, to: 'stax'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
-  // Optional and not enabled by Elasticsearch
+    ignoreMissingClasses (
-  'org.slf4j.Logger',
+      // Optional and not enabled by Elasticsearch
-  'org.slf4j.LoggerFactory',
+      'org.slf4j.Logger',
-  // uses internal java api: sun.misc.Unsafe
+      'org.slf4j.LoggerFactory'
-  'com.google.common.cache.Striped64',
+    )
-  'com.google.common.cache.Striped64$1',
+
-  'com.google.common.cache.Striped64$Cell',
+    ignoreViolations (
-  'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1',
+      // uses internal java api: sun.misc.Unsafe
-  'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2',
+      'com.google.common.cache.Striped64',
-  'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3',
+      'com.google.common.cache.Striped64$1',
-  'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
+      'com.google.common.cache.Striped64$Cell',
-  'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
+      'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$1',
-  'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray',
+      'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$2',
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
+      'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray$3',
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
+      'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
-]
+      'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
+      'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1'
+   )
+}
 
 check {
   // also execute the QA tests when testing the plugin

plugins/repository-gcs/build.gradle

@@ -68,7 +68,8 @@ dependencyLicenses {
   mapping from: /proto-google.*/, to: 'proto-google'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
+    ignoreViolations (
         // uses internal java api: sun.misc.Unsafe
         'com.google.protobuf.UnsafeUtil',
         'com.google.protobuf.UnsafeUtil$1',
@@ -85,7 +86,9 @@ thirdPartyAudit.excludes = [
         'com.google.common.hash.LittleEndianByteArray$UnsafeByteArray',
         'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
         'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
-        // classes are missing
+    )
+
+    ignoreMissingClasses (
         'com.google.appengine.api.datastore.Blob',
         'com.google.appengine.api.datastore.DatastoreService',
         'com.google.appengine.api.datastore.DatastoreServiceFactory',
@@ -112,7 +115,8 @@ thirdPartyAudit.excludes = [
         // commons-logging provided dependencies
         'javax.servlet.ServletContextEvent',
         'javax.servlet.ServletContextListener'
-]
+    )
+}
 
 check {
   // also execute the QA tests when testing the plugin

plugins/repository-hdfs/build.gradle

@@ -304,304 +304,28 @@ if (secureFixtureSupported) {
   testingConventions.enabled = false
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
-  // classes are missing, because we added hadoop jars one by one until tests pass.
+    ignoreMissingClasses()
-  'com.google.gson.stream.JsonReader', 
+    ignoreViolations (
-  'com.google.gson.stream.JsonWriter',
+      // internal java api: sun.net.dns.ResolverConfiguration
-  'com.jcraft.jsch.ChannelExec',
+      // internal java api: sun.net.util.IPAddressUtil
-  'com.jcraft.jsch.ChannelSftp',
+      'org.apache.hadoop.security.SecurityUtil$QualifiedHostResolver',
-  'com.jcraft.jsch.ChannelSftp$LsEntry',
-  'com.jcraft.jsch.JSch',
-  'com.jcraft.jsch.Logger',
-  'com.jcraft.jsch.Session',
-  'com.jcraft.jsch.SftpATTRS',
-  'com.sun.jersey.api.ParamException',
-  'com.sun.jersey.api.core.HttpContext', 
-  'com.sun.jersey.core.spi.component.ComponentContext', 
-  'com.sun.jersey.core.spi.component.ComponentScope', 
-  'com.sun.jersey.server.impl.inject.AbstractHttpContextInjectable', 
-  'com.sun.jersey.spi.container.ContainerRequest', 
-  'com.sun.jersey.spi.container.ContainerRequestFilter', 
-  'com.sun.jersey.spi.container.ContainerResponseFilter', 
-  'com.sun.jersey.spi.container.ResourceFilter', 
-  'com.sun.jersey.spi.container.servlet.ServletContainer', 
-  'com.sun.jersey.spi.inject.Injectable', 
-  'com.sun.jersey.spi.inject.InjectableProvider',
-  'io.netty.bootstrap.Bootstrap',
-  'io.netty.bootstrap.ChannelFactory',
-  'io.netty.bootstrap.ServerBootstrap',
-  'io.netty.buffer.ByteBuf',
-  'io.netty.buffer.Unpooled',
-  'io.netty.channel.Channel',
-  'io.netty.channel.ChannelFuture',
-  'io.netty.channel.ChannelFutureListener',
-  'io.netty.channel.ChannelHandler',
-  'io.netty.channel.ChannelHandlerContext',
-  'io.netty.channel.ChannelInboundHandlerAdapter',
-  'io.netty.channel.ChannelInitializer',
-  'io.netty.channel.ChannelOption',
-  'io.netty.channel.ChannelPipeline',
-  'io.netty.channel.EventLoopGroup',
-  'io.netty.channel.SimpleChannelInboundHandler',
-  'io.netty.channel.group.ChannelGroup',
-  'io.netty.channel.group.ChannelGroupFuture',
-  'io.netty.channel.group.DefaultChannelGroup',
-  'io.netty.channel.nio.NioEventLoopGroup',
-  'io.netty.channel.socket.SocketChannel',
-  'io.netty.channel.socket.nio.NioServerSocketChannel',
-  'io.netty.channel.socket.nio.NioSocketChannel',
-  'io.netty.handler.codec.http.DefaultFullHttpRequest',
-  'io.netty.handler.codec.http.DefaultFullHttpResponse',
-  'io.netty.handler.codec.http.DefaultHttpResponse',
-  'io.netty.handler.codec.http.HttpContent',
-  'io.netty.handler.codec.http.HttpHeaders',
-  'io.netty.handler.codec.http.HttpMethod',
-  'io.netty.handler.codec.http.HttpRequest',
-  'io.netty.handler.codec.http.HttpRequestDecoder',
-  'io.netty.handler.codec.http.HttpRequestEncoder',
-  'io.netty.handler.codec.http.HttpResponseEncoder',
-  'io.netty.handler.codec.http.HttpResponseStatus',
-  'io.netty.handler.codec.http.HttpVersion',
-  'io.netty.handler.codec.http.QueryStringDecoder',
-  'io.netty.handler.codec.string.StringEncoder',
-  'io.netty.handler.ssl.SslHandler',
-  'io.netty.handler.stream.ChunkedStream',
-  'io.netty.handler.stream.ChunkedWriteHandler',
-  'io.netty.util.concurrent.GlobalEventExecutor',
-  'io.netty.util.ReferenceCountUtil',
-  'javax.ws.rs.core.Context',
-  'javax.ws.rs.core.MediaType', 
-  'javax.ws.rs.core.MultivaluedMap', 
-  'javax.ws.rs.core.Response$ResponseBuilder', 
-  'javax.ws.rs.core.Response$Status', 
-  'javax.ws.rs.core.Response', 
-  'javax.ws.rs.core.StreamingOutput', 
-  'javax.ws.rs.core.UriBuilder', 
-  'javax.ws.rs.ext.ExceptionMapper', 
-  'jdiff.JDiff', 
-  'org.apache.avalon.framework.logger.Logger', 
-  'org.apache.avro.Schema', 
-  'org.apache.avro.file.DataFileReader', 
-  'org.apache.avro.file.FileReader', 
-  'org.apache.avro.file.SeekableInput', 
-  'org.apache.avro.generic.GenericDatumReader', 
-  'org.apache.avro.generic.GenericDatumWriter', 
-  'org.apache.avro.io.BinaryDecoder', 
-  'org.apache.avro.io.BinaryEncoder', 
-  'org.apache.avro.io.DatumReader', 
-  'org.apache.avro.io.DatumWriter', 
-  'org.apache.avro.io.DecoderFactory', 
-  'org.apache.avro.io.EncoderFactory', 
-  'org.apache.avro.io.JsonEncoder', 
-  'org.apache.avro.reflect.ReflectData', 
-  'org.apache.avro.reflect.ReflectDatumReader', 
-  'org.apache.avro.reflect.ReflectDatumWriter', 
-  'org.apache.avro.specific.SpecificDatumReader', 
-  'org.apache.avro.specific.SpecificDatumWriter', 
-  'org.apache.avro.specific.SpecificRecord', 
-  'org.apache.commons.beanutils.BeanUtils', 
-  'org.apache.commons.beanutils.DynaBean', 
-  'org.apache.commons.beanutils.DynaClass', 
-  'org.apache.commons.beanutils.DynaProperty', 
-  'org.apache.commons.beanutils.PropertyUtils', 
-  'org.apache.commons.compress.archivers.tar.TarArchiveEntry', 
-  'org.apache.commons.compress.archivers.tar.TarArchiveInputStream', 
-  'org.apache.commons.daemon.Daemon', 
-  'org.apache.commons.daemon.DaemonContext', 
-  'org.apache.commons.digester.AbstractObjectCreationFactory', 
-  'org.apache.commons.digester.CallMethodRule', 
-  'org.apache.commons.digester.Digester', 
-  'org.apache.commons.digester.ObjectCreationFactory', 
-  'org.apache.commons.digester.substitution.MultiVariableExpander', 
-  'org.apache.commons.digester.substitution.VariableSubstitutor', 
-  'org.apache.commons.digester.xmlrules.DigesterLoader', 
-  'org.apache.commons.jxpath.JXPathContext',
-  'org.apache.commons.jxpath.ri.JXPathContextReferenceImpl', 
-  'org.apache.commons.jxpath.ri.QName', 
-  'org.apache.commons.jxpath.ri.compiler.NodeNameTest', 
-  'org.apache.commons.jxpath.ri.compiler.NodeTest', 
-  'org.apache.commons.jxpath.ri.compiler.NodeTypeTest', 
-  'org.apache.commons.jxpath.ri.model.NodeIterator', 
-  'org.apache.commons.jxpath.ri.model.NodePointer', 
-  'org.apache.commons.jxpath.ri.model.NodePointerFactory', 
-  'org.apache.commons.math3.util.ArithmeticUtils', 
-  'org.apache.commons.net.ftp.FTPClient', 
-  'org.apache.commons.net.ftp.FTPFile', 
-  'org.apache.commons.net.ftp.FTPReply', 
-  'org.apache.commons.net.util.SubnetUtils$SubnetInfo', 
-  'org.apache.commons.net.util.SubnetUtils', 
-  'org.apache.curator.ensemble.fixed.FixedEnsembleProvider', 
-  'org.apache.curator.framework.CuratorFramework', 
-  'org.apache.curator.framework.CuratorFrameworkFactory$Builder', 
-  'org.apache.curator.framework.CuratorFrameworkFactory', 
-  'org.apache.curator.framework.api.ACLBackgroundPathAndBytesable', 
-  'org.apache.curator.framework.api.ACLProvider', 
-  'org.apache.curator.framework.api.BackgroundPathAndBytesable', 
-  'org.apache.curator.framework.api.ChildrenDeletable', 
-  'org.apache.curator.framework.api.CreateBuilder', 
-  'org.apache.curator.framework.api.DeleteBuilder', 
-  'org.apache.curator.framework.api.ExistsBuilder', 
-  'org.apache.curator.framework.api.GetChildrenBuilder', 
-  'org.apache.curator.framework.api.GetDataBuilder', 
-  'org.apache.curator.framework.api.ProtectACLCreateModePathAndBytesable', 
-  'org.apache.curator.framework.api.SetDataBuilder', 
-  'org.apache.curator.framework.api.WatchPathable', 
-  'org.apache.curator.framework.imps.DefaultACLProvider', 
-  'org.apache.curator.framework.listen.ListenerContainer', 
-  'org.apache.curator.framework.recipes.cache.ChildData', 
-  'org.apache.curator.framework.recipes.cache.PathChildrenCache$StartMode', 
-  'org.apache.curator.framework.recipes.cache.PathChildrenCache', 
-  'org.apache.curator.framework.recipes.cache.PathChildrenCacheEvent$Type', 
-  'org.apache.curator.framework.recipes.cache.PathChildrenCacheEvent', 
-  'org.apache.curator.framework.recipes.cache.PathChildrenCacheListener', 
-  'org.apache.curator.framework.recipes.locks.Reaper$Mode', 
-  'org.apache.curator.framework.recipes.locks.Reaper', 
-  'org.apache.curator.framework.recipes.shared.SharedCount', 
-  'org.apache.curator.framework.recipes.shared.VersionedValue', 
-  'org.apache.curator.retry.ExponentialBackoffRetry', 
-  'org.apache.curator.retry.RetryNTimes', 
-  'org.apache.curator.utils.CloseableScheduledExecutorService', 
-  'org.apache.curator.utils.CloseableUtils', 
-  'org.apache.curator.utils.EnsurePath', 
-  'org.apache.curator.utils.PathUtils', 
-  'org.apache.curator.utils.ThreadUtils', 
-  'org.apache.curator.utils.ZKPaths',
-  'org.apache.directory.shared.kerberos.components.EncryptionKey',
-  'org.apache.directory.server.kerberos.shared.keytab.Keytab', 
-  'org.apache.directory.server.kerberos.shared.keytab.KeytabEntry', 
-  'org.apache.http.NameValuePair', 
-  'org.apache.http.client.utils.URIBuilder', 
-  'org.apache.http.client.utils.URLEncodedUtils',
-  'org.apache.log.Hierarchy', 
-  'org.apache.log.Logger', 
-  'org.apache.tools.ant.BuildException', 
-  'org.apache.tools.ant.DirectoryScanner', 
-  'org.apache.tools.ant.Task', 
-  'org.apache.tools.ant.taskdefs.Execute', 
-  'org.apache.tools.ant.types.FileSet', 
-  'org.apache.xml.serialize.OutputFormat', 
-  'org.apache.xml.serialize.XMLSerializer', 
-  'org.apache.zookeeper.AsyncCallback$StatCallback', 
-  'org.apache.zookeeper.AsyncCallback$StringCallback', 
-  'org.apache.zookeeper.CreateMode', 
-  'org.apache.zookeeper.KeeperException$Code', 
-  'org.apache.zookeeper.KeeperException', 
-  'org.apache.zookeeper.WatchedEvent', 
-  'org.apache.zookeeper.Watcher$Event$EventType', 
-  'org.apache.zookeeper.Watcher$Event$KeeperState', 
-  'org.apache.zookeeper.Watcher', 
-  'org.apache.zookeeper.ZKUtil', 
-  'org.apache.zookeeper.ZooDefs$Ids', 
-  'org.apache.zookeeper.ZooKeeper', 
-  'org.apache.zookeeper.data.ACL', 
-  'org.apache.zookeeper.data.Id', 
-  'org.apache.zookeeper.data.Stat', 
-  'org.codehaus.jackson.JsonEncoding', 
-  'org.codehaus.jackson.JsonFactory', 
-  'org.codehaus.jackson.JsonGenerator', 
-  'org.codehaus.jackson.JsonGenerator$Feature', 
-  'org.codehaus.jackson.map.MappingJsonFactory',
-  'org.codehaus.jackson.map.ObjectMapper', 
-  'org.codehaus.jackson.map.ObjectReader', 
-  'org.codehaus.jackson.map.ObjectWriter', 
-  'org.codehaus.jackson.node.ContainerNode', 
-  'org.codehaus.jackson.util.MinimalPrettyPrinter',
-  'org.fusesource.leveldbjni.JniDBFactory', 
-  'org.iq80.leveldb.DB', 
-  'org.iq80.leveldb.Options', 
-  'org.iq80.leveldb.WriteBatch',
-  'org.mortbay.jetty.Connector',
-  'org.mortbay.jetty.Handler',
-  'org.mortbay.jetty.InclusiveByteRange',
-  'org.mortbay.jetty.MimeTypes',
-  'org.mortbay.jetty.NCSARequestLog',
-  'org.mortbay.jetty.RequestLog',
-  'org.mortbay.jetty.Server',
-  'org.mortbay.jetty.handler.ContextHandler$SContext',
-  'org.mortbay.jetty.handler.ContextHandler',
-  'org.mortbay.jetty.handler.ContextHandlerCollection',
-  'org.mortbay.jetty.handler.HandlerCollection',
-  'org.mortbay.jetty.handler.RequestLogHandler',
-  'org.mortbay.jetty.nio.SelectChannelConnector',
-  'org.mortbay.jetty.security.SslSelectChannelConnector',
-  'org.mortbay.jetty.security.SslSocketConnector',
-  'org.mortbay.jetty.servlet.AbstractSessionManager',
-  'org.mortbay.jetty.servlet.Context', 
-  'org.mortbay.jetty.servlet.DefaultServlet', 
-  'org.mortbay.jetty.servlet.FilterHolder', 
-  'org.mortbay.jetty.servlet.FilterMapping', 
-  'org.mortbay.jetty.servlet.ServletHandler', 
-  'org.mortbay.jetty.servlet.ServletHolder', 
-  'org.mortbay.jetty.servlet.SessionHandler', 
-  'org.mortbay.jetty.webapp.WebAppContext', 
-  'org.mortbay.thread.QueuedThreadPool',
-  'org.mortbay.util.MultiException', 
-  'org.mortbay.util.ajax.JSON$Convertible', 
-  'org.mortbay.util.ajax.JSON$Output', 
-  'org.mortbay.util.ajax.JSON', 
-  'org.znerd.xmlenc.XMLOutputter',
 
-  // internal java api: sun.net.dns.ResolverConfiguration
+      // internal java api: sun.misc.Unsafe
-  // internal java api: sun.net.util.IPAddressUtil
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 
-  'org.apache.hadoop.security.SecurityUtil$QualifiedHostResolver',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
+      'org.apache.hadoop.io.FastByteComparisons$LexicographicalComparerHolder$UnsafeComparer',
+      'org.apache.hadoop.io.FastByteComparisons$LexicographicalComparerHolder$UnsafeComparer$1',
+      'org.apache.hadoop.io.nativeio.NativeIO',
+      'org.apache.hadoop.hdfs.shortcircuit.ShortCircuitShm',
+      'org.apache.hadoop.hdfs.shortcircuit.ShortCircuitShm$Slot',
 
-  // internal java api: sun.misc.Unsafe
+      // internal java api: sun.nio.ch.DirectBuffer
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 
+      // internal java api: sun.misc.Cleaner
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
+      'org.apache.hadoop.io.nativeio.NativeIO$POSIX',
-  'org.apache.hadoop.io.FastByteComparisons$LexicographicalComparerHolder$UnsafeComparer',
+      'org.apache.hadoop.crypto.CryptoStreamUtils',
-  'org.apache.hadoop.io.FastByteComparisons$LexicographicalComparerHolder$UnsafeComparer$1',
+     
-  'org.apache.hadoop.io.nativeio.NativeIO',
+      // internal java api: sun.misc.SignalHandler
-  'org.apache.hadoop.hdfs.shortcircuit.ShortCircuitShm',
+      'org.apache.hadoop.util.SignalLogger$Handler',
-  'org.apache.hadoop.hdfs.shortcircuit.ShortCircuitShm$Slot',
+    )
-
-  // internal java api: sun.nio.ch.DirectBuffer
-  // internal java api: sun.misc.Cleaner
-  'org.apache.hadoop.io.nativeio.NativeIO$POSIX',
-  'org.apache.hadoop.crypto.CryptoStreamUtils',
- 
-  // internal java api: sun.misc.SignalHandler
-  'org.apache.hadoop.util.SignalLogger$Handler',
-
-  // we are not pulling in slf4j-ext, this is okay, Log4j will fallback gracefully
-  'org.slf4j.ext.EventData',
-
-  'org.apache.log4j.AsyncAppender',
-  'org.apache.log4j.helpers.ISO8601DateFormat',
-  'org.apache.log4j.spi.ThrowableInformation',
-
-  // New optional dependencies in 2.8
-  'com.nimbusds.jose.JWSObject$State',
-  'com.nimbusds.jose.crypto.RSASSAVerifier',
-  'com.nimbusds.jwt.ReadOnlyJWTClaimsSet',
-  'com.nimbusds.jwt.SignedJWT',
-  'com.squareup.okhttp.Call',
-  'com.squareup.okhttp.MediaType',
-  'com.squareup.okhttp.OkHttpClient',
-  'com.squareup.okhttp.Request$Builder',
-  'com.squareup.okhttp.RequestBody',
-  'com.squareup.okhttp.Response',
-  'com.squareup.okhttp.ResponseBody'
-]
-
-if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += ['javax.xml.bind.annotation.adapters.HexBinaryAdapter']
-}
-
-if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
-          // TODO: Why is this needed ?
-          'com.sun.javadoc.AnnotationDesc',
-          'com.sun.javadoc.AnnotationTypeDoc',
-          'com.sun.javadoc.ClassDoc',
-          'com.sun.javadoc.ConstructorDoc',
-          'com.sun.javadoc.Doc',
-          'com.sun.javadoc.DocErrorReporter',
-          'com.sun.javadoc.FieldDoc',
-          'com.sun.javadoc.LanguageVersion',
-          'com.sun.javadoc.MethodDoc',
-          'com.sun.javadoc.PackageDoc',
-          'com.sun.javadoc.ProgramElementDoc',
-          'com.sun.javadoc.RootDoc',
-          'com.sun.tools.doclets.standard.Standard'
-  ]
 }

plugins/repository-s3/build.gradle

@@ -436,7 +436,7 @@ if (useFixture) {
   project.check.dependsOn(integTestECS)
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // classes are missing
   'javax.servlet.ServletContextEvent', 
   'javax.servlet.ServletContextListener', 
@@ -451,12 +451,12 @@ thirdPartyAudit.excludes = [
   'software.amazon.ion.system.IonBinaryWriterBuilder',
   'software.amazon.ion.system.IonSystemBuilder',
   'software.amazon.ion.system.IonTextWriterBuilder',
-  'software.amazon.ion.system.IonWriterBuilder',
+  'software.amazon.ion.system.IonWriterBuilder'
-]
+)
 
 // jarhell with jdk (intentionally, because jaxb was removed from default modules in java 9)
 if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
+  thirdPartyAudit.ignoreJarHellWithJDK (
     'javax.xml.bind.Binder',
     'javax.xml.bind.ContextFinder$1',
     'javax.xml.bind.ContextFinder',
@@ -558,9 +558,9 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
     'javax.xml.bind.util.JAXBSource',
     'javax.xml.bind.util.Messages',
     'javax.xml.bind.util.ValidationEventCollector'
-  ]
+  )
 } else {
-  thirdPartyAudit.excludes += ['javax.activation.DataHandler']
+  thirdPartyAudit.ignoreMissingClasses 'javax.activation.DataHandler'
 }
 
 // AWS SDK is exposing some deprecated methods which we call using a delegate:

plugins/transport-nio/build.gradle

@@ -42,9 +42,8 @@ dependencyLicenses {
     mapping from: /netty-.*/, to: 'netty'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
-        // classes are missing
+   ignoreMissingClasses (
-
         // from io.netty.handler.codec.protobuf.ProtobufDecoder (netty)
         'com.google.protobuf.ExtensionRegistry',
         'com.google.protobuf.MessageLite$Builder',
@@ -55,12 +54,6 @@ thirdPartyAudit.excludes = [
         'org.apache.commons.logging.Log',
         'org.apache.commons.logging.LogFactory',
 
-        // from io.netty.handler.ssl.OpenSslEngine (netty)
-        'io.netty.internal.tcnative.Buffer',
-        'io.netty.internal.tcnative.Library',
-        'io.netty.internal.tcnative.SSL',
-        'io.netty.internal.tcnative.SSLContext',
-
         // from io.netty.handler.ssl.util.BouncyCastleSelfSignedCertGenerator (netty)
         'org.bouncycastle.cert.X509v3CertificateBuilder',
         'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
@@ -114,15 +107,28 @@ thirdPartyAudit.excludes = [
         'net.jpountz.lz4.LZ4FastDecompressor',
         'net.jpountz.xxhash.StreamingXXHash32',
         'net.jpountz.xxhash.XXHashFactory',
-        'io.netty.internal.tcnative.CertificateCallback',
-        'io.netty.internal.tcnative.CertificateVerifier',
-        'io.netty.internal.tcnative.SessionTicketKey',
-        'io.netty.internal.tcnative.SniHostNameMatcher',
         'org.eclipse.jetty.alpn.ALPN$ClientProvider',
         'org.eclipse.jetty.alpn.ALPN$ServerProvider',
         'org.eclipse.jetty.alpn.ALPN',
 
-        'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator',
+        'org.conscrypt.AllocatedBuffer',
+        'org.conscrypt.BufferAllocator',
+        'org.conscrypt.Conscrypt',
+        'org.conscrypt.HandshakeListener',
+
+        // from io.netty.handler.ssl.OpenSslEngine (netty)
+        'io.netty.internal.tcnative.Buffer',
+        'io.netty.internal.tcnative.Library',
+        'io.netty.internal.tcnative.SSL',
+        'io.netty.internal.tcnative.SSLContext',
+        'io.netty.internal.tcnative.CertificateCallback',
+        'io.netty.internal.tcnative.CertificateVerifier',
+        'io.netty.internal.tcnative.SessionTicketKey',
+        'io.netty.internal.tcnative.SniHostNameMatcher',
+    )    
+
+    ignoreViolations (
+
         'io.netty.util.internal.PlatformDependent0',
         'io.netty.util.internal.PlatformDependent0$1',
         'io.netty.util.internal.PlatformDependent0$2',
@@ -140,15 +146,13 @@ thirdPartyAudit.excludes = [
         'io.netty.util.internal.shaded.org.jctools.util.UnsafeAccess',
         'io.netty.util.internal.shaded.org.jctools.util.UnsafeRefArrayAccess',
 
-        'org.conscrypt.AllocatedBuffer',
+        'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator'
-        'org.conscrypt.BufferAllocator',
+    )
-        'org.conscrypt.Conscrypt',
+}
-        'org.conscrypt.HandshakeListener'
-]
 if (project.inFipsJvm == false) {
     // BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
     // a FIPS JVM with BouncyCastleFIPS Provider
-    thirdPartyAudit.excludes += [
+    thirdPartyAudit.ignoreMissingClasses (
             'org.bouncycastle.asn1.x500.X500Name'
-    ]
+    )
-}
+}

qa/evil-tests/build.gradle

@@ -35,14 +35,17 @@ unitTest {
   systemProperty 'tests.security.manager', 'false'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
-  // uses internal java api: sun.misc.Unsafe
+    ignoreMissingClasses (
-  'com.google.common.cache.Striped64',
+        'com.ibm.icu.lang.UCharacter'
-  'com.google.common.cache.Striped64$1',
+    )
-  'com.google.common.cache.Striped64$Cell',
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
 
-  // missing class
+    ignoreViolations (
-  'com.ibm.icu.lang.UCharacter',
+      // uses internal java api: sun.misc.Unsafe
-]
+      'com.google.common.cache.Striped64',
+      'com.google.common.cache.Striped64$1',
+      'com.google.common.cache.Striped64$Cell',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1'
+    )
+}

qa/vagrant/build.gradle

@@ -77,7 +77,7 @@ tasks.unitTest.enabled = false
 tasks.dependencyLicenses.enabled = false
 tasks.dependenciesInfo.enabled = false
 
-tasks.thirdPartyAudit.excludes = [
+tasks.thirdPartyAudit.ignoreMissingClasses (
         // commons-logging optional dependencies
         'org.apache.avalon.framework.logger.Logger',
         'org.apache.log.Hierarchy',
@@ -89,4 +89,4 @@ tasks.thirdPartyAudit.excludes = [
         // commons-logging provided dependencies
         'javax.servlet.ServletContextEvent',
         'javax.servlet.ServletContextListener'
-]
+)

server/build.gradle

@@ -192,9 +192,7 @@ processResources {
   dependsOn generateModulesList, generatePluginsList
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
-  // classes are missing!
-
   // from com.fasterxml.jackson.dataformat.yaml.YAMLMapper (jackson-dataformat-yaml)
   'com.fasterxml.jackson.databind.ObjectMapper',
 
@@ -301,11 +299,11 @@ thirdPartyAudit.excludes = [
   'com.google.common.geometry.S2Projections',
   'com.google.common.geometry.S2Point',
   'com.google.common.geometry.S2$Metric',
-  'com.google.common.geometry.S2LatLng',
+  'com.google.common.geometry.S2LatLng'
-]
+)
 
 if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += ['javax.xml.bind.DatatypeConverter']
+  thirdPartyAudit.ignoreMissingClasses 'javax.xml.bind.DatatypeConverter'
 }
 
 dependencyLicenses {

test/framework/build.gradle

@@ -47,7 +47,7 @@ forbiddenApisMain {
 dependencyLicenses.enabled = false
 dependenciesInfo.enabled = false
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // classes are missing
   'javax.servlet.ServletContextEvent',
   'javax.servlet.ServletContextListener',
@@ -61,8 +61,8 @@ thirdPartyAudit.excludes = [
   'org.apache.tools.ant.types.FileSet',
   'org.easymock.EasyMock',
   'org.easymock.IArgumentMatcher',
-  'org.jmock.core.Constraint',
+  'org.jmock.core.Constraint'
-]
+)
 
 task namingConventionsMain(type: org.elasticsearch.gradle.precommit.NamingConventionsTask) {
   checkForTestsInMain = true

test/logger-usage/build.gradle

@@ -31,7 +31,7 @@ forbiddenApisMain {
 }
 jarHell.enabled = true // disabled by parent project
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   // log4j
   'org.osgi.framework.AdaptPermission',
   'org.osgi.framework.AdminPermission',
@@ -42,4 +42,4 @@ thirdPartyAudit.excludes = [
   'org.osgi.framework.SynchronousBundleListener',
   'org.osgi.framework.wiring.BundleWire',
   'org.osgi.framework.wiring.BundleWiring'
-]
+)

x-pack/plugin/core/build.gradle

@@ -123,7 +123,7 @@ artifacts {
     testArtifacts testJar
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
   //commons-logging optional dependencies
   'org.apache.avalon.framework.logger.Logger',
   'org.apache.log.Hierarchy',
@@ -131,7 +131,7 @@ thirdPartyAudit.excludes = [
   //commons-logging provided dependencies
   'javax.servlet.ServletContextEvent',
   'javax.servlet.ServletContextListener'
-]
+)
 
 // xpack modules are installed in real clusters as the meta plugin, so
 // installing them as individual plugins for integ tests doesn't make sense,

x-pack/plugin/security/build.gradle

@@ -164,7 +164,8 @@ forbiddenApisMain {
 }
 
 // classes are missing, e.g. com.ibm.icu.lang.UCharacter
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
+    ignoreMissingClasses (
         // SAML dependencies
         // [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
         'com.beust.jcommander.JCommander',
@@ -256,7 +257,10 @@ thirdPartyAudit.excludes = [
         'net.sf.ehcache.Ehcache',
         'net.sf.ehcache.Element',
         // [missing classes] SLF4j includes an optional class that depends on an extension class (!)
-        'org.slf4j.ext.EventData',
+        'org.slf4j.ext.EventData'
+    )
+
+    ignoreViolations (
         // Guava uses internal java api: sun.misc.Unsafe
         'com.google.common.cache.Striped64',
         'com.google.common.cache.Striped64$1',
@@ -265,16 +269,17 @@ thirdPartyAudit.excludes = [
         'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
         'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
         'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
-]
+    )
+}
 
 if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
-    thirdPartyAudit.excludes += [
+    thirdPartyAudit.ignoreMissingClasses(
         'javax.xml.bind.JAXBContext',
         'javax.xml.bind.JAXBElement',
         'javax.xml.bind.JAXBException',
         'javax.xml.bind.Unmarshaller',
-        'javax.xml.bind.UnmarshallerHandler',
+        'javax.xml.bind.UnmarshallerHandler'
-    ];
+    )
 }
 
 run {

x-pack/plugin/sql/qa/build.gradle

@@ -31,7 +31,7 @@ forbiddenApisMain {
   replaceSignatureFiles 'es-all-signatures', 'es-test-signatures'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
     // jLine's optional dependencies
     'org.apache.sshd.client.SshClient',
     'org.apache.sshd.client.auth.keyboard.UserInteraction',
@@ -72,7 +72,7 @@ thirdPartyAudit.excludes = [
     'org.fusesource.jansi.internal.Kernel32',
     'org.fusesource.jansi.internal.WindowsSupport',
     'org.mozilla.universalchardet.UniversalDetector',
-]
+)
 
 subprojects {
   apply plugin: 'elasticsearch.standalone-rest-test'

x-pack/plugin/sql/sql-action/build.gradle

@@ -42,7 +42,7 @@ dependencyLicenses {
     ignoreSha 'elasticsearch-core'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
         'com.fasterxml.jackson.dataformat.yaml.YAMLFactory',
         'com.fasterxml.jackson.dataformat.yaml.YAMLMapper',
 
@@ -138,4 +138,4 @@ thirdPartyAudit.excludes = [
         'org.zeromq.ZMQ$Context',
         'org.zeromq.ZMQ$Socket',
         'org.zeromq.ZMQ'
-]
+)

x-pack/plugin/sql/sql-cli/build.gradle

@@ -78,7 +78,7 @@ forbiddenApisMain {
     signaturesFiles += files('src/forbidden/cli-signatures.txt')
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit.ignoreMissingClasses (
     // jLine's optional dependencies
     'org.apache.sshd.client.SshClient',
     'org.apache.sshd.client.auth.keyboard.UserInteraction',
@@ -107,7 +107,7 @@ thirdPartyAudit.excludes = [
     'org.mozilla.universalchardet.UniversalDetector',
     'org.fusesource.jansi.internal.Kernel32$FOCUS_EVENT_RECORD',
     'org.fusesource.jansi.internal.Kernel32$MOUSE_EVENT_RECORD',
-]
+)
 
 task runcli {
     description = 'Run the CLI and connect to elasticsearch running on 9200'

x-pack/plugin/watcher/build.gradle

@@ -48,28 +48,41 @@ dependencies {
 }
 
 // classes are missing, e.g. com.ibm.icu.lang.UCharacter
-thirdPartyAudit.excludes = [
+thirdPartyAudit { 
-    // uses internal java api: sun.misc.Unsafe
+    ignoreViolations (
-    'com.google.common.cache.Striped64',
+        // uses internal java api: sun.misc.Unsafe
-    'com.google.common.cache.Striped64$1',
+        'com.google.common.cache.Striped64',
-    'com.google.common.cache.Striped64$Cell',
+        'com.google.common.cache.Striped64$1',
-    'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
+        'com.google.common.cache.Striped64$Cell',
-    'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
+        'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
+        'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1'
+    )
 
-    // pulled in as external dependency to work on java 9
+    ignoreViolations(
-    'com.sun.activation.registries.LineTokenizer',
+      'com.sun.activation.registries.LineTokenizer',
-    'com.sun.activation.registries.LogSupport',
+      'com.sun.activation.registries.LogSupport',
-    'com.sun.activation.registries.MailcapFile',
+      'com.sun.activation.registries.MailcapFile',
-    'com.sun.activation.registries.MailcapTokenizer',
+      'com.sun.activation.registries.MailcapTokenizer',
-    'com.sun.activation.registries.MimeTypeEntry',
+      'com.sun.activation.registries.MimeTypeEntry',
-    'com.sun.activation.registries.MimeTypeFile',
+      'com.sun.activation.registries.MimeTypeFile',
-    'javax.activation.MailcapCommandMap',
+      'javax.activation.MailcapCommandMap',
-    'javax.activation.MimetypesFileTypeMap',
+      'javax.activation.MimetypesFileTypeMap'
-]
+    )
+}
 
 // pulled in as external dependency to work on java 9
 if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-    thirdPartyAudit.excludes += [
+    thirdPartyAudit.ignoreJarHellWithJDK (
+        // pulled in as external dependency to work on java 9
+        'com.sun.activation.registries.LineTokenizer',
+        'com.sun.activation.registries.LogSupport',
+        'com.sun.activation.registries.MailcapFile',
+        'com.sun.activation.registries.MailcapTokenizer',
+        'com.sun.activation.registries.MimeTypeEntry',
+        'com.sun.activation.registries.MimeTypeFile',
+        'javax.activation.MailcapCommandMap',
+        'javax.activation.MimetypesFileTypeMap',
+
         'com.sun.activation.registries.MailcapParseException',
         'javax.activation.ActivationDataFlavor',
         'javax.activation.CommandInfo',
@@ -96,7 +109,7 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
         'javax.activation.SecuritySupport',
         'javax.activation.URLDataSource',
         'javax.activation.UnsupportedDataTypeException'
-    ]
+    )
 }
 
 run {

x-pack/qa/saml-idp-tests/build.gradle

@@ -83,15 +83,19 @@ forbiddenPatterns {
   exclude '**/*.key'
 }
 
-thirdPartyAudit.excludes = [
+thirdPartyAudit {
-  // uses internal java api: sun.misc.Unsafe
+    ignoreViolations (
-  'com.google.common.cache.Striped64',
+      // uses internal java api: sun.misc.Unsafe
-  'com.google.common.cache.Striped64$1',
+      'com.google.common.cache.Striped64',
-  'com.google.common.cache.Striped64$Cell',
+      'com.google.common.cache.Striped64$1',
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
+      'com.google.common.cache.Striped64$Cell',
-  'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
-  'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
+      'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
-  'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
+      'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
-  // missing
+      'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1'
-  'com.ibm.icu.lang.UCharacter'
+   )
-]
+
+   ignoreMissingClasses ( 
+       'com.ibm.icu.lang.UCharacter'
+   )
+}