diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java index d7d4100b4d7..b3da5bc308a 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommand.java @@ -14,6 +14,7 @@ import org.elasticsearch.cli.ExitCodes; import org.elasticsearch.cli.EnvironmentAwareCommand; import org.elasticsearch.cli.Terminal; import org.elasticsearch.cli.UserException; +import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.io.FileSystemUtils; import org.elasticsearch.env.Environment; @@ -101,6 +102,7 @@ final class InstallXPackExtensionCommand extends EnvironmentAwareCommand { } /** Downloads the extension and returns the file it was downloaded to. */ + @SuppressForbidden(reason = "We use openStream to download extensions") private Path download(Terminal terminal, String extensionURL, Path tmpDir) throws Exception { terminal.println("-> Downloading " + URLDecoder.decode(extensionURL, "UTF-8")); URL url = new URL(extensionURL); diff --git a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index 93659d108ec..e4590440579 100644 --- a/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/elasticsearch/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -25,6 +25,7 @@ import org.elasticsearch.cli.Terminal; import org.elasticsearch.cli.Terminal.Verbosity; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.logging.ESLoggerFactory; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; @@ -134,6 +135,7 @@ public class ESNativeRealmMigrateTool extends MultiCommand { terminal.println("users and roles imported."); } + @SuppressForbidden(reason = "We call connect in doPrivileged and provide SocketPermission") private String postURL(Settings settings, Environment env, String method, String urlString, OptionSet options, @Nullable String bodyString) throws Exception { URI uri = new URI(urlString); diff --git a/elasticsearch/src/test/java/org/elasticsearch/transport/KnownActionsTests.java b/elasticsearch/src/test/java/org/elasticsearch/transport/KnownActionsTests.java index 6b1e96f41df..ae6421bbfa9 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/transport/KnownActionsTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/transport/KnownActionsTests.java @@ -7,6 +7,7 @@ package org.elasticsearch.transport; import org.apache.lucene.util.IOUtils; import org.elasticsearch.action.Action; +import org.elasticsearch.common.io.FileSystemUtils; import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.Settings; @@ -172,7 +173,7 @@ public class KnownActionsTests extends SecurityIntegTestCase { // its checkWritable was incorrect and it won't work without write permissions. // if we add the permission, it will open jars r/w, which is too scary! so copy to a safe r-w location. Path tmp = createTempFile(null, ".jar"); - try (InputStream in = codeLocation.openStream()) { + try (InputStream in = FileSystemUtils.openFileURLStream(codeLocation)) { Files.copy(in, tmp, StandardCopyOption.REPLACE_EXISTING); } fileSystem = FileSystems.newFileSystem(new URI("jar:" + tmp.toUri()), Collections.emptyMap()); diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java index 10646506304..4533cedf0cb 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/extensions/InstallXPackExtensionCommandTests.java @@ -9,6 +9,7 @@ import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.Version; import org.elasticsearch.cli.MockTerminal; import org.elasticsearch.cli.UserException; +import org.elasticsearch.common.io.FileSystemUtils; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; @@ -122,7 +123,7 @@ public class InstallXPackExtensionCommandTests extends ESTestCase { Path extDir = createTempDir(); String extZip = createExtension("fake", extDir); Path extZipWithSpaces = createTempFile("foo bar", ".zip"); - try (InputStream in = new URL(extZip).openStream()) { + try (InputStream in = FileSystemUtils.openFileURLStream(new URL(extZip))) { Files.copy(in, extZipWithSpaces, StandardCopyOption.REPLACE_EXISTING); } installExtension(extZipWithSpaces.toUri().toURL().toString(), home); diff --git a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java index 89ce5887600..30510aed3b9 100644 --- a/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java +++ b/elasticsearch/src/test/java/org/elasticsearch/xpack/security/transport/filter/IpFilteringIntegrationTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security.transport.filter; import org.elasticsearch.client.Client; +import org.elasticsearch.common.SuppressForbidden; import org.elasticsearch.common.network.NetworkModule; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.TransportAddress; @@ -70,6 +71,7 @@ public class IpFilteringIntegrationTests extends SecurityIntegTestCase { } } + @SuppressForbidden(reason = "Allow opening socket for test") private void trySocketConnection(Socket socket, InetSocketAddress address) throws IOException { logger.info("connecting to {}", address); SocketAccess.doPrivileged(() -> socket.connect(address, 500));