Replace exclusionary words whitelist and blacklist in the places that won't impact backwards compatibility (#2178)
* Replace the exclusionary word whitelist with allowlist, and blacklist with denylist, in code commet and internal variable/method/class/package name. Signed-off-by: Andreas <apre@gmx.at>
This commit is contained in:
parent
ae52008463
commit
be64af2f90
|
@ -245,7 +245,7 @@ The YAML REST tests support all the options provided by the randomized runner, p
|
|||
|
||||
- `tests.rest.suite`: comma separated paths of the test suites to be run (by default loaded from /rest-api-spec/test). It is possible to run only a subset of the tests providing a sub-folder or even a single yaml file (the default /rest-api-spec/test prefix is optional when files are loaded from classpath) e.g. `-Dtests.rest.suite=index,get,create/10_with_id`
|
||||
|
||||
- `tests.rest.blacklist`: comma separated globs that identify tests that are blacklisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**`
|
||||
- `tests.rest.blacklist`: comma separated globs that identify tests that are denylisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**`
|
||||
|
||||
Java REST tests can be run with the "javaRestTest" task.
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ public interface NodeSelector {
|
|||
* iterate the nodes as many times as they need.
|
||||
* <p>
|
||||
* This may be called twice per request: first for "living" nodes that
|
||||
* have not been blacklisted by previous errors. If the selector removes
|
||||
* have not been denylisted by previous errors. If the selector removes
|
||||
* all nodes from the list or if there aren't any living nodes then the
|
||||
* {@link RestClient} will call this method with a list of "dead" nodes.
|
||||
* <p>
|
||||
|
|
|
@ -125,7 +125,7 @@ public class RestClient implements Closeable {
|
|||
final List<Header> defaultHeaders;
|
||||
private final String pathPrefix;
|
||||
private final AtomicInteger lastNodeIndex = new AtomicInteger(0);
|
||||
private final ConcurrentMap<HttpHost, DeadHostState> blacklist = new ConcurrentHashMap<>();
|
||||
private final ConcurrentMap<HttpHost, DeadHostState> denylist = new ConcurrentHashMap<>();
|
||||
private final FailureListener failureListener;
|
||||
private final NodeSelector nodeSelector;
|
||||
private volatile NodeTuple<List<Node>> nodeTuple;
|
||||
|
@ -246,7 +246,7 @@ public class RestClient implements Closeable {
|
|||
authCache.put(node.getHost(), new BasicScheme());
|
||||
}
|
||||
this.nodeTuple = new NodeTuple<>(Collections.unmodifiableList(new ArrayList<>(nodesByHost.values())), authCache);
|
||||
this.blacklist.clear();
|
||||
this.denylist.clear();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -448,7 +448,7 @@ public class RestClient implements Closeable {
|
|||
*/
|
||||
private NodeTuple<Iterator<Node>> nextNodes() throws IOException {
|
||||
NodeTuple<List<Node>> nodeTuple = this.nodeTuple;
|
||||
Iterable<Node> hosts = selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector);
|
||||
Iterable<Node> hosts = selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector);
|
||||
return new NodeTuple<>(hosts.iterator(), nodeTuple.authCache);
|
||||
}
|
||||
|
||||
|
@ -458,17 +458,17 @@ public class RestClient implements Closeable {
|
|||
*/
|
||||
static Iterable<Node> selectNodes(
|
||||
NodeTuple<List<Node>> nodeTuple,
|
||||
Map<HttpHost, DeadHostState> blacklist,
|
||||
Map<HttpHost, DeadHostState> denylist,
|
||||
AtomicInteger lastNodeIndex,
|
||||
NodeSelector nodeSelector
|
||||
) throws IOException {
|
||||
/*
|
||||
* Sort the nodes into living and dead lists.
|
||||
*/
|
||||
List<Node> livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - blacklist.size()));
|
||||
List<DeadNode> deadNodes = new ArrayList<>(blacklist.size());
|
||||
List<Node> livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - denylist.size()));
|
||||
List<DeadNode> deadNodes = new ArrayList<>(denylist.size());
|
||||
for (Node node : nodeTuple.nodes) {
|
||||
DeadHostState deadness = blacklist.get(node.getHost());
|
||||
DeadHostState deadness = denylist.get(node.getHost());
|
||||
if (deadness == null || deadness.shallBeRetried()) {
|
||||
livingNodes.add(node);
|
||||
} else {
|
||||
|
@ -526,9 +526,9 @@ public class RestClient implements Closeable {
|
|||
* Receives as an argument the host that was used for the successful request.
|
||||
*/
|
||||
private void onResponse(Node node) {
|
||||
DeadHostState removedHost = this.blacklist.remove(node.getHost());
|
||||
DeadHostState removedHost = this.denylist.remove(node.getHost());
|
||||
if (logger.isDebugEnabled() && removedHost != null) {
|
||||
logger.debug("removed [" + node + "] from blacklist");
|
||||
logger.debug("removed [" + node + "] from denylist");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -538,19 +538,19 @@ public class RestClient implements Closeable {
|
|||
*/
|
||||
private void onFailure(Node node) {
|
||||
while (true) {
|
||||
DeadHostState previousDeadHostState = blacklist.putIfAbsent(
|
||||
DeadHostState previousDeadHostState = denylist.putIfAbsent(
|
||||
node.getHost(),
|
||||
new DeadHostState(DeadHostState.DEFAULT_TIME_SUPPLIER)
|
||||
);
|
||||
if (previousDeadHostState == null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("added [" + node + "] to blacklist");
|
||||
logger.debug("added [" + node + "] to denylist");
|
||||
}
|
||||
break;
|
||||
}
|
||||
if (blacklist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) {
|
||||
if (denylist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("updated [" + node + "] already in blacklist");
|
||||
logger.debug("updated [" + node + "] already in denylist");
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -718,8 +718,8 @@ public class RestClient implements Closeable {
|
|||
}
|
||||
|
||||
/**
|
||||
* Contains a reference to a blacklisted node and the time until it is
|
||||
* revived. We use this so we can do a single pass over the blacklist.
|
||||
* Contains a reference to a denylisted node and the time until it is
|
||||
* revived. We use this so we can do a single pass over the denylist.
|
||||
*/
|
||||
private static class DeadNode implements Comparable<DeadNode> {
|
||||
final Node node;
|
||||
|
|
|
@ -62,7 +62,7 @@ import static org.junit.Assert.assertTrue;
|
|||
import static org.junit.Assert.fail;
|
||||
|
||||
/**
|
||||
* Tests for {@link RestClient} behaviour against multiple hosts: fail-over, blacklisting etc.
|
||||
* Tests for {@link RestClient} behaviour against multiple hosts: fail-over, denylisting etc.
|
||||
* Relies on a mock http client to intercept requests and return desired responses based on request path.
|
||||
*/
|
||||
public class RestClientMultipleHostsTests extends RestClientTestCase {
|
||||
|
@ -154,7 +154,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
|
|||
fail("request should have failed");
|
||||
} catch (ResponseException e) {
|
||||
Set<HttpHost> hostsSet = hostsSet();
|
||||
// first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each
|
||||
// first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each
|
||||
failureListener.assertCalled(nodes);
|
||||
do {
|
||||
Response response = e.getResponse();
|
||||
|
@ -175,7 +175,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
|
|||
assertEquals("every host should have been used but some weren't: " + hostsSet, 0, hostsSet.size());
|
||||
} catch (IOException e) {
|
||||
Set<HttpHost> hostsSet = hostsSet();
|
||||
// first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each
|
||||
// first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each
|
||||
failureListener.assertCalled(nodes);
|
||||
do {
|
||||
HttpHost httpHost = HttpHost.create(e.getMessage());
|
||||
|
@ -211,13 +211,13 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
|
|||
"host [" + response.getHost() + "] not found, most likely used multiple times",
|
||||
hostsSet.remove(response.getHost())
|
||||
);
|
||||
// after the first request, all hosts are blacklisted, a single one gets resurrected each time
|
||||
// after the first request, all hosts are denylisted, a single one gets resurrected each time
|
||||
failureListener.assertCalled(response.getHost());
|
||||
assertEquals(0, e.getSuppressed().length);
|
||||
} catch (IOException e) {
|
||||
HttpHost httpHost = HttpHost.create(e.getMessage());
|
||||
assertTrue("host [" + httpHost + "] not found, most likely used multiple times", hostsSet.remove(httpHost));
|
||||
// after the first request, all hosts are blacklisted, a single one gets resurrected each time
|
||||
// after the first request, all hosts are denylisted, a single one gets resurrected each time
|
||||
failureListener.assertCalled(httpHost);
|
||||
assertEquals(0, e.getSuppressed().length);
|
||||
}
|
||||
|
|
|
@ -260,11 +260,11 @@ public class RestClientTests extends RestClientTestCase {
|
|||
|
||||
NodeTuple<List<Node>> nodeTuple = new NodeTuple<>(Arrays.asList(n1, n2, n3), null);
|
||||
|
||||
Map<HttpHost, DeadHostState> emptyBlacklist = Collections.emptyMap();
|
||||
Map<HttpHost, DeadHostState> emptyDenylist = Collections.emptyMap();
|
||||
|
||||
// Normal cases where the node selector doesn't reject all living nodes
|
||||
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyBlacklist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyBlacklist, not1);
|
||||
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyDenylist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyDenylist, not1);
|
||||
|
||||
/*
|
||||
* Try a NodeSelector that excludes all nodes. This should
|
||||
|
@ -274,83 +274,83 @@ public class RestClientTests extends RestClientTestCase {
|
|||
String message = "NodeSelector [NONE] rejected all nodes, living ["
|
||||
+ "[host=http://1, version=1], [host=http://2, version=2], "
|
||||
+ "[host=http://3, version=3]] and dead []";
|
||||
assertEquals(message, assertSelectAllRejected(nodeTuple, emptyBlacklist, noNodes));
|
||||
assertEquals(message, assertSelectAllRejected(nodeTuple, emptyDenylist, noNodes));
|
||||
}
|
||||
|
||||
// Mark all the nodes dead for a few test cases
|
||||
{
|
||||
final AtomicLong time = new AtomicLong(0L);
|
||||
Supplier<Long> timeSupplier = time::get;
|
||||
Map<HttpHost, DeadHostState> blacklist = new HashMap<>();
|
||||
blacklist.put(n1.getHost(), new DeadHostState(timeSupplier));
|
||||
blacklist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier)));
|
||||
blacklist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier))));
|
||||
Map<HttpHost, DeadHostState> denylist = new HashMap<>();
|
||||
denylist.put(n1.getHost(), new DeadHostState(timeSupplier));
|
||||
denylist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier)));
|
||||
denylist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier))));
|
||||
|
||||
/*
|
||||
* case when fewer nodeTuple than blacklist, won't result in any IllegalCapacityException
|
||||
* case when fewer nodeTuple than denylist, won't result in any IllegalCapacityException
|
||||
*/
|
||||
{
|
||||
NodeTuple<List<Node>> fewerNodeTuple = new NodeTuple<>(Arrays.asList(n1, n2), null);
|
||||
assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, blacklist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, blacklist, not1);
|
||||
assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, denylist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, denylist, not1);
|
||||
}
|
||||
|
||||
/*
|
||||
* selectHosts will revive a single host regardless of
|
||||
* blacklist time. It'll revive the node that is closest
|
||||
* denylist time. It'll revive the node that is closest
|
||||
* to being revived that the NodeSelector is ok with.
|
||||
*/
|
||||
assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), NodeSelector.ANY));
|
||||
assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), not1));
|
||||
assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), NodeSelector.ANY));
|
||||
assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), not1));
|
||||
|
||||
/*
|
||||
* Try a NodeSelector that excludes all nodes. This should
|
||||
* return a failure, but a different failure than when the
|
||||
* blacklist is empty so that the caller knows that all of
|
||||
* their nodes are blacklisted AND blocked.
|
||||
* denylist is empty so that the caller knows that all of
|
||||
* their nodes are denylisted AND blocked.
|
||||
*/
|
||||
String message = "NodeSelector [NONE] rejected all nodes, living [] and dead ["
|
||||
+ "[host=http://1, version=1], [host=http://2, version=2], "
|
||||
+ "[host=http://3, version=3]]";
|
||||
assertEquals(message, assertSelectAllRejected(nodeTuple, blacklist, noNodes));
|
||||
assertEquals(message, assertSelectAllRejected(nodeTuple, denylist, noNodes));
|
||||
|
||||
/*
|
||||
* Now lets wind the clock forward, past the timeout for one of
|
||||
* the dead nodes. We should return it.
|
||||
*/
|
||||
time.set(new DeadHostState(timeSupplier).getDeadUntilNanos());
|
||||
assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, blacklist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, denylist, NodeSelector.ANY);
|
||||
|
||||
/*
|
||||
* But if the NodeSelector rejects that node then we'll pick the
|
||||
* first on that the NodeSelector doesn't reject.
|
||||
*/
|
||||
assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, blacklist, not1);
|
||||
assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, denylist, not1);
|
||||
|
||||
/*
|
||||
* If we wind the clock way into the future, past any of the
|
||||
* blacklist timeouts then we function as though the nodes aren't
|
||||
* in the blacklist at all.
|
||||
* denylist timeouts then we function as though the nodes aren't
|
||||
* in the denylist at all.
|
||||
*/
|
||||
time.addAndGet(DeadHostState.MAX_CONNECTION_TIMEOUT_NANOS);
|
||||
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, blacklist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, blacklist, not1);
|
||||
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, denylist, NodeSelector.ANY);
|
||||
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, denylist, not1);
|
||||
}
|
||||
}
|
||||
|
||||
private void assertSelectLivingHosts(
|
||||
List<Node> expectedNodes,
|
||||
NodeTuple<List<Node>> nodeTuple,
|
||||
Map<HttpHost, DeadHostState> blacklist,
|
||||
Map<HttpHost, DeadHostState> denylist,
|
||||
NodeSelector nodeSelector
|
||||
) throws IOException {
|
||||
int iterations = 1000;
|
||||
AtomicInteger lastNodeIndex = new AtomicInteger(0);
|
||||
assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector));
|
||||
assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector));
|
||||
// Calling it again rotates the set of results
|
||||
for (int i = 1; i < iterations; i++) {
|
||||
Collections.rotate(expectedNodes, 1);
|
||||
assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector));
|
||||
assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -360,11 +360,11 @@ public class RestClientTests extends RestClientTestCase {
|
|||
*/
|
||||
private static String assertSelectAllRejected(
|
||||
NodeTuple<List<Node>> nodeTuple,
|
||||
Map<HttpHost, DeadHostState> blacklist,
|
||||
Map<HttpHost, DeadHostState> denylist,
|
||||
NodeSelector nodeSelector
|
||||
) {
|
||||
try {
|
||||
RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(0), nodeSelector);
|
||||
RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(0), nodeSelector);
|
||||
throw new AssertionError("expected selectHosts to fail");
|
||||
} catch (IOException e) {
|
||||
return e.getMessage();
|
||||
|
|
|
@ -54,7 +54,7 @@ import java.util.Set;
|
|||
* a thread must have {@code modifyThread} to even terminate its own pool, leaving
|
||||
* system threads unprotected.
|
||||
* </ul>
|
||||
* This class throws exception on {@code exitVM} calls, and provides a whitelist where calls
|
||||
* This class throws exception on {@code exitVM} calls, and provides an allowlist where calls
|
||||
* from exit are allowed.
|
||||
* <p>
|
||||
* Additionally it enforces threadgroup security with the following rules:
|
||||
|
|
|
@ -43,13 +43,13 @@ import java.util.Map;
|
|||
|
||||
public class AnalysisPainlessExtension implements PainlessExtension {
|
||||
|
||||
private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles(
|
||||
private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles(
|
||||
AnalysisPainlessExtension.class,
|
||||
"painless_whitelist.txt"
|
||||
);
|
||||
|
||||
@Override
|
||||
public Map<ScriptContext<?>, List<Whitelist>> getContextWhitelists() {
|
||||
return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(WHITELIST));
|
||||
return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(ALLOWLIST));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -44,13 +44,13 @@ import java.util.Map;
|
|||
|
||||
public class ProcessorsWhitelistExtension implements PainlessExtension {
|
||||
|
||||
private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles(
|
||||
private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles(
|
||||
ProcessorsWhitelistExtension.class,
|
||||
"processors_whitelist.txt"
|
||||
);
|
||||
|
||||
@Override
|
||||
public Map<ScriptContext<?>, List<Whitelist>> getContextWhitelists() {
|
||||
return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(WHITELIST));
|
||||
return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(ALLOWLIST));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# under the License.
|
||||
#
|
||||
|
||||
# This file contains a whitelist of static processor methods that can be accessed from painless
|
||||
# This file contains a allowlist of static processor methods that can be accessed from painless
|
||||
|
||||
class org.opensearch.ingest.common.Processors {
|
||||
long bytes(String)
|
||||
|
|
|
@ -39,18 +39,18 @@ import java.util.List;
|
|||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* Whitelist contains data structures designed to be used to generate a whitelist of Java classes,
|
||||
* Allowlist contains data structures designed to be used to generate an allowlist of Java classes,
|
||||
* constructors, methods, and fields that can be used within a Painless script at both compile-time
|
||||
* and run-time.
|
||||
*
|
||||
* A whitelist consists of several pieces with {@link WhitelistClass}s as the top level. Each
|
||||
* A Allowlist consists of several pieces with {@link WhitelistClass}s as the top level. Each
|
||||
* {@link WhitelistClass} will contain zero-to-many {@link WhitelistConstructor}s, {@link WhitelistMethod}s, and
|
||||
* {@link WhitelistField}s which are what will be available with a Painless script. See each individual
|
||||
* whitelist object for more detail.
|
||||
* allowlist object for more detail.
|
||||
*/
|
||||
public final class Whitelist {
|
||||
|
||||
private static final String[] BASE_WHITELIST_FILES = new String[] {
|
||||
private static final String[] BASE_ALLOWLIST_FILES = new String[] {
|
||||
"org.opensearch.txt",
|
||||
"java.lang.txt",
|
||||
"java.math.txt",
|
||||
|
@ -66,37 +66,37 @@ public final class Whitelist {
|
|||
"java.util.stream.txt" };
|
||||
|
||||
public static final List<Whitelist> BASE_WHITELISTS = Collections.singletonList(
|
||||
WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_WHITELIST_FILES)
|
||||
WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_ALLOWLIST_FILES)
|
||||
);
|
||||
|
||||
/** The {@link ClassLoader} used to look up the whitelisted Java classes, constructors, methods, and fields. */
|
||||
/** The {@link ClassLoader} used to look up the allowlisted Java classes, constructors, methods, and fields. */
|
||||
public final ClassLoader classLoader;
|
||||
|
||||
/** The {@link List} of all the whitelisted Painless classes. */
|
||||
/** The {@link List} of all the allowlisted Painless classes. */
|
||||
public final List<WhitelistClass> whitelistClasses;
|
||||
|
||||
/** The {@link List} of all the whitelisted static Painless methods. */
|
||||
/** The {@link List} of all the allowlisted static Painless methods. */
|
||||
public final List<WhitelistMethod> whitelistImportedMethods;
|
||||
|
||||
/** The {@link List} of all the whitelisted Painless class bindings. */
|
||||
/** The {@link List} of all the allowlisted Painless class bindings. */
|
||||
public final List<WhitelistClassBinding> whitelistClassBindings;
|
||||
|
||||
/** The {@link List} of all the whitelisted Painless instance bindings. */
|
||||
/** The {@link List} of all the allowlisted Painless instance bindings. */
|
||||
public final List<WhitelistInstanceBinding> whitelistInstanceBindings;
|
||||
|
||||
/** Standard constructor. All values must be not {@code null}. */
|
||||
public Whitelist(
|
||||
ClassLoader classLoader,
|
||||
List<WhitelistClass> whitelistClasses,
|
||||
List<WhitelistMethod> whitelistImportedMethods,
|
||||
List<WhitelistClassBinding> whitelistClassBindings,
|
||||
List<WhitelistInstanceBinding> whitelistInstanceBindings
|
||||
List<WhitelistClass> allowlistClasses,
|
||||
List<WhitelistMethod> allowlistImportedMethods,
|
||||
List<WhitelistClassBinding> allowlistClassBindings,
|
||||
List<WhitelistInstanceBinding> allowlistInstanceBindings
|
||||
) {
|
||||
|
||||
this.classLoader = Objects.requireNonNull(classLoader);
|
||||
this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(whitelistClasses));
|
||||
this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistImportedMethods));
|
||||
this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistClassBindings));
|
||||
this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistInstanceBindings));
|
||||
this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(allowlistClasses));
|
||||
this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistImportedMethods));
|
||||
this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistClassBindings));
|
||||
this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistInstanceBindings));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,7 +42,7 @@ import java.util.stream.Collectors;
|
|||
/**
|
||||
* Class represents the equivalent of a Java class in Painless complete with super classes,
|
||||
* constructors, methods, and fields. There must be a one-to-one mapping of class names to Java
|
||||
* classes. Though, since multiple whitelists may be combined into a single whitelist for a
|
||||
* classes. Though, since multiple allowlists may be combined into a single allowlist for a
|
||||
* specific context, as long as multiple classes representing the same Java class have the same
|
||||
* class name and have legal constructor/method overloading they can be merged together.
|
||||
*
|
||||
|
@ -51,7 +51,7 @@ import java.util.stream.Collectors;
|
|||
* number of parameters, and multiples methods with the same name are allowed for a single class
|
||||
* as long as they have the same return type and a different number of parameters.
|
||||
*
|
||||
* Classes will automatically extend other whitelisted classes if the Java class they represent is a
|
||||
* Classes will automatically extend other allowlisted classes if the Java class they represent is a
|
||||
* subclass of other classes including Java interfaces.
|
||||
*/
|
||||
public final class WhitelistClass {
|
||||
|
@ -62,13 +62,13 @@ public final class WhitelistClass {
|
|||
/** The Java class name this class represents. */
|
||||
public final String javaClassName;
|
||||
|
||||
/** The {@link List} of whitelisted ({@link WhitelistConstructor}s) available to this class. */
|
||||
/** The {@link List} of allowlisted ({@link WhitelistConstructor}s) available to this class. */
|
||||
public final List<WhitelistConstructor> whitelistConstructors;
|
||||
|
||||
/** The {@link List} of whitelisted ({@link WhitelistMethod}s) available to this class. */
|
||||
/** The {@link List} of allowlisted ({@link WhitelistMethod}s) available to this class. */
|
||||
public final List<WhitelistMethod> whitelistMethods;
|
||||
|
||||
/** The {@link List} of whitelisted ({@link WhitelistField}s) available to this class. */
|
||||
/** The {@link List} of allowlisted ({@link WhitelistField}s) available to this class. */
|
||||
public final List<WhitelistField> whitelistFields;
|
||||
|
||||
/** The {@link Map} of annotations for this class. */
|
||||
|
@ -78,18 +78,18 @@ public final class WhitelistClass {
|
|||
public WhitelistClass(
|
||||
String origin,
|
||||
String javaClassName,
|
||||
List<WhitelistConstructor> whitelistConstructors,
|
||||
List<WhitelistMethod> whitelistMethods,
|
||||
List<WhitelistField> whitelistFields,
|
||||
List<WhitelistConstructor> allowlistConstructors,
|
||||
List<WhitelistMethod> allowlistMethods,
|
||||
List<WhitelistField> allowlistFields,
|
||||
List<Object> painlessAnnotations
|
||||
) {
|
||||
|
||||
this.origin = Objects.requireNonNull(origin);
|
||||
this.javaClassName = Objects.requireNonNull(javaClassName);
|
||||
|
||||
this.whitelistConstructors = Collections.unmodifiableList(Objects.requireNonNull(whitelistConstructors));
|
||||
this.whitelistMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistMethods));
|
||||
this.whitelistFields = Collections.unmodifiableList(Objects.requireNonNull(whitelistFields));
|
||||
this.whitelistConstructors = Collections.unmodifiableList(Objects.requireNonNull(allowlistConstructors));
|
||||
this.whitelistMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistMethods));
|
||||
this.whitelistFields = Collections.unmodifiableList(Objects.requireNonNull(allowlistFields));
|
||||
|
||||
if (painlessAnnotations.isEmpty()) {
|
||||
this.painlessAnnotations = Collections.emptyMap();
|
||||
|
|
|
@ -50,7 +50,7 @@ import java.util.stream.Collectors;
|
|||
*/
|
||||
public class WhitelistClassBinding {
|
||||
|
||||
/** Information about where this constructor was whitelisted from. */
|
||||
/** Information about where this constructor was allowlisted from. */
|
||||
public final String origin;
|
||||
|
||||
/** The Java class name this class binding targets. */
|
||||
|
|
|
@ -40,14 +40,14 @@ import java.util.Objects;
|
|||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* Constructor represents the equivalent of a Java constructor available as a whitelisted class
|
||||
* Constructor represents the equivalent of a Java constructor available as a allowlisted class
|
||||
* constructor within Painless. Constructors for Painless classes may be accessed exactly as
|
||||
* constructors for Java classes are using the 'new' keyword. Painless classes may have multiple
|
||||
* constructors as long as they comply with arity overloading described for {@link WhitelistClass}.
|
||||
*/
|
||||
public final class WhitelistConstructor {
|
||||
|
||||
/** Information about where this constructor was whitelisted from. */
|
||||
/** Information about where this constructor was allowlisted from. */
|
||||
public final String origin;
|
||||
|
||||
/**
|
||||
|
|
|
@ -40,13 +40,13 @@ import java.util.Objects;
|
|||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* Field represents the equivalent of a Java field available as a whitelisted class field
|
||||
* Field represents the equivalent of a Java field available as an allowlisted class field
|
||||
* within Painless. Fields for Painless classes may be accessed exactly as fields for Java classes
|
||||
* are using the '.' operator on an existing class variable/field.
|
||||
*/
|
||||
public class WhitelistField {
|
||||
|
||||
/** Information about where this method was whitelisted from. */
|
||||
/** Information about where this method was allowlisted from. */
|
||||
public final String origin;
|
||||
|
||||
/** The field name used to look up the field reflection object. */
|
||||
|
|
|
@ -46,7 +46,7 @@ import java.util.stream.Collectors;
|
|||
*/
|
||||
public class WhitelistInstanceBinding {
|
||||
|
||||
/** Information about where this constructor was whitelisted from. */
|
||||
/** Information about where this constructor was allowlisted from. */
|
||||
public final String origin;
|
||||
|
||||
/** The Java instance this instance binding targets. */
|
||||
|
|
|
@ -54,7 +54,7 @@ public final class WhitelistLoader {
|
|||
|
||||
/**
|
||||
* Loads and creates a {@link Whitelist} from one to many text files using only the base annotation parsers.
|
||||
* See {@link #loadFromResourceFiles(Class, Map, String...)} for information on how to structure a whitelist
|
||||
* See {@link #loadFromResourceFiles(Class, Map, String...)} for information on how to structure an allowlist
|
||||
* text file.
|
||||
*/
|
||||
public static Whitelist loadFromResourceFiles(Class<?> resource, String... filepaths) {
|
||||
|
@ -66,17 +66,17 @@ public final class WhitelistLoader {
|
|||
* {@link String}s with a single {@link Class} to be be used to load the resources where each {@link String}
|
||||
* is the path of a single text file. The {@link Class}'s {@link ClassLoader} will be used to lookup the Java
|
||||
* reflection objects for each individual {@link Class}, {@link Constructor}, {@link Method}, and {@link Field}
|
||||
* specified as part of the whitelist in the text file.
|
||||
* specified as part of the allowlist in the text file.
|
||||
*
|
||||
* A single pass is made through each file to collect all the information about each class, constructor, method,
|
||||
* and field. Most validation will be done at a later point after all whitelists have been gathered and their
|
||||
* and field. Most validation will be done at a later point after all allowlists have been gathered and their
|
||||
* merging takes place.
|
||||
*
|
||||
* A painless type name is one of the following:
|
||||
* <ul>
|
||||
* <li> def - The Painless dynamic type which is automatically included without a need to be
|
||||
* whitelisted. </li>
|
||||
* <li> fully-qualified Java type name - Any whitelisted Java class will have the equivalent name as
|
||||
* allowlisted. </li>
|
||||
* <li> fully-qualified Java type name - Any allowlisted Java class will have the equivalent name as
|
||||
* a Painless type name with the exception that any dollar symbols used as part of inner classes will
|
||||
* be replaced with dot symbols. </li>
|
||||
* <li> short Java type name - The text after the final dot symbol of any specified Java class. A
|
||||
|
@ -84,7 +84,7 @@ public final class WhitelistLoader {
|
|||
* as described later. </li>
|
||||
* </ul>
|
||||
*
|
||||
* The following can be parsed from each whitelist text file:
|
||||
* The following can be parsed from each allowlist text file:
|
||||
* <ul>
|
||||
* <li> Blank lines will be ignored by the parser. </li>
|
||||
* <li> Comments may be created starting with a pound '#' symbol and end with a newline. These will
|
||||
|
@ -98,19 +98,19 @@ public final class WhitelistLoader {
|
|||
* <ul>
|
||||
* <li> A constructor may be specified starting with an opening parenthesis, followed by a
|
||||
* comma-delimited list of Painless type names corresponding to the type/class names for
|
||||
* the equivalent Java parameter types (these must be whitelisted as well), a closing
|
||||
* the equivalent Java parameter types (these must be allowlisted as well), a closing
|
||||
* parenthesis, and a newline. </li>
|
||||
* <li> A method may be specified starting with a Painless type name for the return type,
|
||||
* followed by the Java name of the method (which will also be the Painless name for the
|
||||
* method), an opening parenthesis, a comma-delimited list of Painless type names
|
||||
* corresponding to the type/class names for the equivalent Java parameter types
|
||||
* (these must be whitelisted as well), a closing parenthesis, and a newline. </li>
|
||||
* (these must be allowlisted as well), a closing parenthesis, and a newline. </li>
|
||||
* <li> An augmented method may be specified starting with a Painless type name for the return
|
||||
* type, followed by the fully qualified Java name of the class the augmented method is
|
||||
* part of (this class does not need to be whitelisted), the Java name of the method
|
||||
* part of (this class does not need to be allowlisted), the Java name of the method
|
||||
* (which will also be the Painless name for the method), an opening parenthesis, a
|
||||
* comma-delimited list of Painless type names corresponding to the type/class names
|
||||
* for the equivalent Java parameter types (these must be whitelisted as well), a closing
|
||||
* for the equivalent Java parameter types (these must be allowlisted as well), a closing
|
||||
* parenthesis, and a newline. </li>
|
||||
* <li>A field may be specified starting with a Painless type name for the equivalent Java type
|
||||
* of the field, followed by the Java name of the field (which all be the Painless name
|
||||
|
@ -130,7 +130,7 @@ public final class WhitelistLoader {
|
|||
* fully-qualified Java class name. Method argument types, method return types, and field types
|
||||
* must be specified with Painless type names (def, fully-qualified, or short) as described earlier.
|
||||
*
|
||||
* The following example is used to create a single whitelist text file:
|
||||
* The following example is used to create a single allowlist text file:
|
||||
*
|
||||
* {@code
|
||||
* # primitive types
|
||||
|
@ -164,12 +164,12 @@ public final class WhitelistLoader {
|
|||
* }
|
||||
*/
|
||||
public static Whitelist loadFromResourceFiles(Class<?> resource, Map<String, WhitelistAnnotationParser> parsers, String... filepaths) {
|
||||
List<WhitelistClass> whitelistClasses = new ArrayList<>();
|
||||
List<WhitelistMethod> whitelistStatics = new ArrayList<>();
|
||||
List<WhitelistClassBinding> whitelistClassBindings = new ArrayList<>();
|
||||
List<WhitelistClass> allowlistClasses = new ArrayList<>();
|
||||
List<WhitelistMethod> allowlistStatics = new ArrayList<>();
|
||||
List<WhitelistClassBinding> allowlistClassBindings = new ArrayList<>();
|
||||
|
||||
// Execute a single pass through the whitelist text files. This will gather all the
|
||||
// constructors, methods, augmented methods, and fields for each whitelisted class.
|
||||
// Execute a single pass through the allowlist text files. This will gather all the
|
||||
// constructors, methods, augmented methods, and fields for each allowlisted class.
|
||||
for (String filepath : filepaths) {
|
||||
String line;
|
||||
int number = -1;
|
||||
|
@ -181,11 +181,11 @@ public final class WhitelistLoader {
|
|||
) {
|
||||
|
||||
String parseType = null;
|
||||
String whitelistClassOrigin = null;
|
||||
String allowlistClassOrigin = null;
|
||||
String javaClassName = null;
|
||||
List<WhitelistConstructor> whitelistConstructors = null;
|
||||
List<WhitelistMethod> whitelistMethods = null;
|
||||
List<WhitelistField> whitelistFields = null;
|
||||
List<WhitelistConstructor> allowlistConstructors = null;
|
||||
List<WhitelistMethod> allowlistMethods = null;
|
||||
List<WhitelistField> allowlistFields = null;
|
||||
List<Object> classAnnotations = null;
|
||||
|
||||
while ((line = reader.readLine()) != null) {
|
||||
|
@ -197,7 +197,7 @@ public final class WhitelistLoader {
|
|||
continue;
|
||||
}
|
||||
|
||||
// Handle a new class by resetting all the variables necessary to construct a new WhitelistClass for the whitelist.
|
||||
// Handle a new class by resetting all the variables necessary to construct a new AllowlistClass for the allowlist.
|
||||
// Expects the following format: 'class' ID annotations? '{' '\n'
|
||||
if (line.startsWith("class ")) {
|
||||
// Ensure the final token of the line is '{'.
|
||||
|
@ -218,17 +218,17 @@ public final class WhitelistLoader {
|
|||
annotationIndex = line.length() - 1;
|
||||
classAnnotations = Collections.emptyList();
|
||||
} else {
|
||||
classAnnotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex, line.length() - 1));
|
||||
classAnnotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex, line.length() - 1));
|
||||
}
|
||||
|
||||
parseType = "class";
|
||||
whitelistClassOrigin = "[" + filepath + "]:[" + number + "]";
|
||||
allowlistClassOrigin = "[" + filepath + "]:[" + number + "]";
|
||||
javaClassName = line.substring(5, annotationIndex).trim();
|
||||
|
||||
// Reset all the constructors, methods, and fields to support a new class.
|
||||
whitelistConstructors = new ArrayList<>();
|
||||
whitelistMethods = new ArrayList<>();
|
||||
whitelistFields = new ArrayList<>();
|
||||
allowlistConstructors = new ArrayList<>();
|
||||
allowlistMethods = new ArrayList<>();
|
||||
allowlistFields = new ArrayList<>();
|
||||
} else if (line.startsWith("static_import ")) {
|
||||
// Ensure the final token of the line is '{'.
|
||||
if (line.endsWith("{") == false) {
|
||||
|
@ -250,25 +250,25 @@ public final class WhitelistLoader {
|
|||
throw new IllegalArgumentException("invalid definition: extraneous closing bracket");
|
||||
}
|
||||
|
||||
// Create a new WhitelistClass with all the previously gathered constructors, methods,
|
||||
// augmented methods, and fields, and add it to the list of whitelisted classes.
|
||||
// Create a new AllowlistClass with all the previously gathered constructors, methods,
|
||||
// augmented methods, and fields, and add it to the list of allowlisted classes.
|
||||
if ("class".equals(parseType)) {
|
||||
whitelistClasses.add(
|
||||
allowlistClasses.add(
|
||||
new WhitelistClass(
|
||||
whitelistClassOrigin,
|
||||
allowlistClassOrigin,
|
||||
javaClassName,
|
||||
whitelistConstructors,
|
||||
whitelistMethods,
|
||||
whitelistFields,
|
||||
allowlistConstructors,
|
||||
allowlistMethods,
|
||||
allowlistFields,
|
||||
classAnnotations
|
||||
)
|
||||
);
|
||||
|
||||
whitelistClassOrigin = null;
|
||||
allowlistClassOrigin = null;
|
||||
javaClassName = null;
|
||||
whitelistConstructors = null;
|
||||
whitelistMethods = null;
|
||||
whitelistFields = null;
|
||||
allowlistConstructors = null;
|
||||
allowlistMethods = null;
|
||||
allowlistFields = null;
|
||||
classAnnotations = null;
|
||||
}
|
||||
|
||||
|
@ -330,7 +330,7 @@ public final class WhitelistLoader {
|
|||
annotationIndex = line.length();
|
||||
annotations = Collections.emptyList();
|
||||
} else {
|
||||
annotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
|
||||
annotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
|
||||
}
|
||||
|
||||
// Parse the static import type and class.
|
||||
|
@ -349,7 +349,7 @@ public final class WhitelistLoader {
|
|||
|
||||
// Add a static import method or binding depending on the static import type.
|
||||
if ("from_class".equals(staticImportType)) {
|
||||
whitelistStatics.add(
|
||||
allowlistStatics.add(
|
||||
new WhitelistMethod(
|
||||
origin,
|
||||
targetJavaClassName,
|
||||
|
@ -360,7 +360,7 @@ public final class WhitelistLoader {
|
|||
)
|
||||
);
|
||||
} else if ("bound_to".equals(staticImportType)) {
|
||||
whitelistClassBindings.add(
|
||||
allowlistClassBindings.add(
|
||||
new WhitelistClassBinding(
|
||||
origin,
|
||||
targetJavaClassName,
|
||||
|
@ -410,9 +410,9 @@ public final class WhitelistLoader {
|
|||
int annotationIndex = line.indexOf('@');
|
||||
annotations = annotationIndex == -1
|
||||
? Collections.emptyList()
|
||||
: parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
|
||||
: parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
|
||||
|
||||
whitelistConstructors.add(
|
||||
allowlistConstructors.add(
|
||||
new WhitelistConstructor(origin, Arrays.asList(canonicalTypeNameParameters), annotations)
|
||||
);
|
||||
|
||||
|
@ -462,9 +462,9 @@ public final class WhitelistLoader {
|
|||
int annotationIndex = line.indexOf('@');
|
||||
annotations = annotationIndex == -1
|
||||
? Collections.emptyList()
|
||||
: parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
|
||||
: parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
|
||||
|
||||
whitelistMethods.add(
|
||||
allowlistMethods.add(
|
||||
new WhitelistMethod(
|
||||
origin,
|
||||
javaAugmentedClassName,
|
||||
|
@ -486,7 +486,7 @@ public final class WhitelistLoader {
|
|||
annotationIndex = line.length();
|
||||
annotations = Collections.emptyList();
|
||||
} else {
|
||||
annotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
|
||||
annotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
|
||||
}
|
||||
|
||||
// Parse the field tokens.
|
||||
|
@ -497,7 +497,7 @@ public final class WhitelistLoader {
|
|||
throw new IllegalArgumentException("invalid field definition: unexpected format [" + line + "]");
|
||||
}
|
||||
|
||||
whitelistFields.add(new WhitelistField(origin, tokens[1], tokens[0], annotations));
|
||||
allowlistFields.add(new WhitelistField(origin, tokens[1], tokens[0], annotations));
|
||||
}
|
||||
} else {
|
||||
throw new IllegalArgumentException("invalid definition: unable to parse line [" + line + "]");
|
||||
|
@ -515,10 +515,10 @@ public final class WhitelistLoader {
|
|||
|
||||
ClassLoader loader = AccessController.doPrivileged((PrivilegedAction<ClassLoader>) resource::getClassLoader);
|
||||
|
||||
return new Whitelist(loader, whitelistClasses, whitelistStatics, whitelistClassBindings, Collections.emptyList());
|
||||
return new Whitelist(loader, allowlistClasses, allowlistStatics, allowlistClassBindings, Collections.emptyList());
|
||||
}
|
||||
|
||||
private static List<Object> parseWhitelistAnnotations(Map<String, WhitelistAnnotationParser> parsers, String line) {
|
||||
private static List<Object> parseAllowlistAnnotations(Map<String, WhitelistAnnotationParser> parsers, String line) {
|
||||
|
||||
List<Object> annotations;
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ import java.util.Objects;
|
|||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* Method represents the equivalent of a Java method available as a whitelisted class method
|
||||
* Method represents the equivalent of a Java method available as an allowlisted class method
|
||||
* within Painless. Methods for Painless classes may be accessed exactly as methods for Java classes
|
||||
* are using the '.' operator on an existing class variable/field. Painless classes may have multiple
|
||||
* methods with the same name as long as they comply with arity overloading described in
|
||||
|
@ -50,11 +50,11 @@ import java.util.stream.Collectors;
|
|||
* these are known as augmented methods. An augmented method can be added to a class as a part of any
|
||||
* Java class as long as the method is static and the first parameter of the method is the Java class
|
||||
* represented by the class. Note that the augmented method's parent Java class does not need to be
|
||||
* whitelisted.
|
||||
* allowlisted.
|
||||
*/
|
||||
public class WhitelistMethod {
|
||||
|
||||
/** Information about where this method was whitelisted from. */
|
||||
/** Information about where this method was allowlisted from. */
|
||||
public final String origin;
|
||||
|
||||
/**
|
||||
|
|
|
@ -39,8 +39,8 @@ import java.util.stream.Collectors;
|
|||
import java.util.stream.Stream;
|
||||
|
||||
/**
|
||||
* WhitelistAnnotationParser is an interface used to define how to
|
||||
* parse an annotation against any whitelist object while loading.
|
||||
* AllowlistAnnotationParser is an interface used to define how to
|
||||
* parse an annotation against any allowlist object while loading.
|
||||
*/
|
||||
public interface WhitelistAnnotationParser {
|
||||
|
||||
|
|
|
@ -168,7 +168,7 @@ final class Compiler {
|
|||
private final Class<?> scriptClass;
|
||||
|
||||
/**
|
||||
* The whitelist the script will use.
|
||||
* The allowlist the script will use.
|
||||
*/
|
||||
private final PainlessLookup painlessLookup;
|
||||
|
||||
|
@ -182,7 +182,7 @@ final class Compiler {
|
|||
* @param scriptClass The class/interface the script will implement.
|
||||
* @param factoryClass An optional class/interface to create the {@code scriptClass} instance.
|
||||
* @param statefulFactoryClass An optional class/interface to create the {@code factoryClass} instance.
|
||||
* @param painlessLookup The whitelist the script will use.
|
||||
* @param painlessLookup The allowlist the script will use.
|
||||
*/
|
||||
Compiler(Class<?> scriptClass, Class<?> factoryClass, Class<?> statefulFactoryClass, PainlessLookup painlessLookup) {
|
||||
this.scriptClass = scriptClass;
|
||||
|
|
|
@ -237,10 +237,10 @@ public final class Def {
|
|||
* </p>
|
||||
* <p>
|
||||
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
|
||||
* until it finds a matching whitelisted method. If one is not found, it throws an exception.
|
||||
* until it finds a matching allowlisted method. If one is not found, it throws an exception.
|
||||
* Otherwise it returns a handle to the matching method.
|
||||
* </p>
|
||||
* @param painlessLookup the whitelist
|
||||
* @param painlessLookup the allowlist
|
||||
* @param functions user defined functions and lambdas
|
||||
* @param constants available constants to be used if the method has the {@code InjectConstantAnnotation}
|
||||
* @param methodHandlesLookup caller's lookup
|
||||
|
@ -249,7 +249,7 @@ public final class Def {
|
|||
* @param name Name of the method.
|
||||
* @param args bootstrap args passed to callsite
|
||||
* @return pointer to matching method to invoke. never returns null.
|
||||
* @throws IllegalArgumentException if no matching whitelisted method was found.
|
||||
* @throws IllegalArgumentException if no matching allowlisted method was found.
|
||||
* @throws Throwable if a method reference cannot be converted to an functional interface
|
||||
*/
|
||||
static MethodHandle lookupMethod(
|
||||
|
@ -473,26 +473,26 @@ public final class Def {
|
|||
* <p>
|
||||
* The following field loads are allowed:
|
||||
* <ul>
|
||||
* <li>Whitelisted {@code field} from receiver's class or any superclasses.
|
||||
* <li>Whitelisted method named {@code getField()} from receiver's class/superclasses/interfaces.
|
||||
* <li>Whitelisted method named {@code isField()} from receiver's class/superclasses/interfaces.
|
||||
* <li>Allowlisted {@code field} from receiver's class or any superclasses.
|
||||
* <li>Allowlisted method named {@code getField()} from receiver's class/superclasses/interfaces.
|
||||
* <li>Allowlisted method named {@code isField()} from receiver's class/superclasses/interfaces.
|
||||
* <li>The {@code length} field of an array.
|
||||
* <li>The value corresponding to a map key named {@code field} when the receiver is a Map.
|
||||
* <li>The value in a list at element {@code field} (integer) when the receiver is a List.
|
||||
* </ul>
|
||||
* <p>
|
||||
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
|
||||
* until it finds a matching whitelisted getter. If one is not found, it throws an exception.
|
||||
* until it finds a matching allowlisted getter. If one is not found, it throws an exception.
|
||||
* Otherwise it returns a handle to the matching getter.
|
||||
* </p>
|
||||
* @param painlessLookup the whitelist
|
||||
* @param painlessLookup the allowlist
|
||||
* @param receiverClass Class of the object to retrieve the field from.
|
||||
* @param name Name of the field.
|
||||
* @return pointer to matching field. never returns null.
|
||||
* @throws IllegalArgumentException if no matching whitelisted field was found.
|
||||
* @throws IllegalArgumentException if no matching allowlisted field was found.
|
||||
*/
|
||||
static MethodHandle lookupGetter(PainlessLookup painlessLookup, Class<?> receiverClass, String name) {
|
||||
// first try whitelist
|
||||
// first try allowlist
|
||||
MethodHandle getter = painlessLookup.lookupRuntimeGetterMethodHandle(receiverClass, name);
|
||||
|
||||
if (getter != null) {
|
||||
|
@ -530,24 +530,24 @@ public final class Def {
|
|||
* <p>
|
||||
* The following field stores are allowed:
|
||||
* <ul>
|
||||
* <li>Whitelisted {@code field} from receiver's class or any superclasses.
|
||||
* <li>Whitelisted method named {@code setField()} from receiver's class/superclasses/interfaces.
|
||||
* <li>Allowlisted {@code field} from receiver's class or any superclasses.
|
||||
* <li>Allowlisted method named {@code setField()} from receiver's class/superclasses/interfaces.
|
||||
* <li>The value corresponding to a map key named {@code field} when the receiver is a Map.
|
||||
* <li>The value in a list at element {@code field} (integer) when the receiver is a List.
|
||||
* </ul>
|
||||
* <p>
|
||||
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
|
||||
* until it finds a matching whitelisted setter. If one is not found, it throws an exception.
|
||||
* until it finds a matching allowlisted setter. If one is not found, it throws an exception.
|
||||
* Otherwise it returns a handle to the matching setter.
|
||||
* </p>
|
||||
* @param painlessLookup the whitelist
|
||||
* @param painlessLookup the allowlist
|
||||
* @param receiverClass Class of the object to retrieve the field from.
|
||||
* @param name Name of the field.
|
||||
* @return pointer to matching field. never returns null.
|
||||
* @throws IllegalArgumentException if no matching whitelisted field was found.
|
||||
* @throws IllegalArgumentException if no matching allowlisted field was found.
|
||||
*/
|
||||
static MethodHandle lookupSetter(PainlessLookup painlessLookup, Class<?> receiverClass, String name) {
|
||||
// first try whitelist
|
||||
// first try allowlist
|
||||
MethodHandle setter = painlessLookup.lookupRuntimeSetterMethodHandle(receiverClass, name);
|
||||
|
||||
if (setter != null) {
|
||||
|
|
|
@ -53,7 +53,7 @@ import java.util.Map;
|
|||
* shift operator, and dynamic array index normalize.
|
||||
* <p>
|
||||
* When a new type is encountered at the call site, we lookup from the appropriate
|
||||
* whitelist, and cache with a guard. If we encounter too many types, we stop caching.
|
||||
* allowlist, and cache with a guard. If we encounter too many types, we stop caching.
|
||||
* <p>
|
||||
* Based on the cascaded inlining cache from the JSR 292 cookbook
|
||||
* (https://code.google.com/archive/p/jsr292-cookbook/, BSD license)
|
||||
|
@ -166,7 +166,7 @@ public final class DefBootstrap {
|
|||
}
|
||||
|
||||
/**
|
||||
* Does a slow lookup against the whitelist.
|
||||
* Does a slow lookup against the allowlist.
|
||||
*/
|
||||
private MethodHandle lookup(int flavor, String name, Class<?> receiver) throws Throwable {
|
||||
switch (flavor) {
|
||||
|
@ -470,10 +470,10 @@ public final class DefBootstrap {
|
|||
* In addition to ordinary parameters, we also take some parameters defined at the call site:
|
||||
* <ul>
|
||||
* <li>{@code initialDepth}: initial call site depth. this is used to exercise megamorphic fallback.
|
||||
* <li>{@code flavor}: type of dynamic call it is (and which part of whitelist to look at).
|
||||
* <li>{@code flavor}: type of dynamic call it is (and which part of allowlist to look at).
|
||||
* <li>{@code args}: flavor-specific args.
|
||||
* </ul>
|
||||
* And we take the {@link PainlessLookup} used to compile the script for whitelist checking.
|
||||
* And we take the {@link PainlessLookup} used to compile the script for allowlist checking.
|
||||
* <p>
|
||||
* see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html#jvms-6.5.invokedynamic
|
||||
*/
|
||||
|
|
|
@ -59,8 +59,8 @@ import static org.objectweb.asm.Opcodes.H_NEWINVOKESPECIAL;
|
|||
*/
|
||||
public class FunctionRef {
|
||||
/**
|
||||
* Creates a new FunctionRef which will resolve {@code type::call} from the whitelist.
|
||||
* @param painlessLookup the whitelist against which this script is being compiled
|
||||
* Creates a new FunctionRef which will resolve {@code type::call} from the allowlist.
|
||||
* @param painlessLookup the allowlist against which this script is being compiled
|
||||
* @param functionTable user-defined and synthetic methods generated directly on the script class
|
||||
* @param location the character number within the script at compile-time
|
||||
* @param targetClass functional interface type to implement.
|
||||
|
|
|
@ -83,11 +83,11 @@ import java.util.function.Supplier;
|
|||
*/
|
||||
public final class PainlessPlugin extends Plugin implements ScriptPlugin, ExtensiblePlugin, ActionPlugin {
|
||||
|
||||
private static final Map<ScriptContext<?>, List<Whitelist>> whitelists;
|
||||
private static final Map<ScriptContext<?>, List<Whitelist>> allowlists;
|
||||
|
||||
/*
|
||||
* Contexts from Core that need custom whitelists can add them to the map below.
|
||||
* Whitelist resources should be added as appropriately named, separate files
|
||||
* Contexts from Core that need custom allowlists can add them to the map below.
|
||||
* Allowlist resources should be added as appropriately named, separate files
|
||||
* under Painless' resources
|
||||
*/
|
||||
static {
|
||||
|
@ -108,23 +108,23 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
|
|||
ingest.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
|
||||
map.put(IngestScript.CONTEXT, ingest);
|
||||
|
||||
whitelists = map;
|
||||
allowlists = map;
|
||||
}
|
||||
|
||||
private final SetOnce<PainlessScriptEngine> painlessScriptEngine = new SetOnce<>();
|
||||
|
||||
@Override
|
||||
public ScriptEngine getScriptEngine(Settings settings, Collection<ScriptContext<?>> contexts) {
|
||||
Map<ScriptContext<?>, List<Whitelist>> contextsWithWhitelists = new HashMap<>();
|
||||
Map<ScriptContext<?>, List<Whitelist>> contextsWithAllowlists = new HashMap<>();
|
||||
for (ScriptContext<?> context : contexts) {
|
||||
// we might have a context that only uses the base whitelists, so would not have been filled in by reloadSPI
|
||||
List<Whitelist> contextWhitelists = whitelists.get(context);
|
||||
if (contextWhitelists == null) {
|
||||
contextWhitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
// we might have a context that only uses the base allowlists, so would not have been filled in by reloadSPI
|
||||
List<Whitelist> contextAllowlists = allowlists.get(context);
|
||||
if (contextAllowlists == null) {
|
||||
contextAllowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
}
|
||||
contextsWithWhitelists.put(context, contextWhitelists);
|
||||
contextsWithAllowlists.put(context, contextAllowlists);
|
||||
}
|
||||
painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithWhitelists));
|
||||
painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithAllowlists));
|
||||
return painlessScriptEngine.get();
|
||||
}
|
||||
|
||||
|
@ -158,7 +158,7 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
|
|||
.stream()
|
||||
.flatMap(extension -> extension.getContextWhitelists().entrySet().stream())
|
||||
.forEach(entry -> {
|
||||
List<Whitelist> existing = whitelists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS));
|
||||
List<Whitelist> existing = allowlists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS));
|
||||
existing.addAll(entry.getValue());
|
||||
});
|
||||
}
|
||||
|
|
|
@ -68,7 +68,7 @@ import static java.util.Collections.singletonList;
|
|||
import static org.opensearch.rest.RestRequest.Method.GET;
|
||||
|
||||
/**
|
||||
* Internal REST API for querying context information about Painless whitelists.
|
||||
* Internal REST API for querying context information about Painless allowlists.
|
||||
* Commands include the following:
|
||||
* <ul>
|
||||
* <li> GET /_scripts/painless/_context -- retrieves a list of contexts </li>
|
||||
|
|
|
@ -126,107 +126,107 @@ public final class PainlessLookupBuilder {
|
|||
}
|
||||
}
|
||||
|
||||
public static PainlessLookup buildFromWhitelists(List<Whitelist> whitelists) {
|
||||
public static PainlessLookup buildFromWhitelists(List<Whitelist> allowlists) {
|
||||
PainlessLookupBuilder painlessLookupBuilder = new PainlessLookupBuilder();
|
||||
String origin = "internal error";
|
||||
|
||||
try {
|
||||
for (Whitelist whitelist : whitelists) {
|
||||
for (WhitelistClass whitelistClass : whitelist.whitelistClasses) {
|
||||
origin = whitelistClass.origin;
|
||||
for (Whitelist allowlist : allowlists) {
|
||||
for (WhitelistClass allowlistClass : allowlist.whitelistClasses) {
|
||||
origin = allowlistClass.origin;
|
||||
painlessLookupBuilder.addPainlessClass(
|
||||
whitelist.classLoader,
|
||||
whitelistClass.javaClassName,
|
||||
whitelistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false
|
||||
allowlist.classLoader,
|
||||
allowlistClass.javaClassName,
|
||||
allowlistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
for (Whitelist whitelist : whitelists) {
|
||||
for (WhitelistClass whitelistClass : whitelist.whitelistClasses) {
|
||||
String targetCanonicalClassName = whitelistClass.javaClassName.replace('$', '.');
|
||||
for (Whitelist allowlist : allowlists) {
|
||||
for (WhitelistClass allowlistClass : allowlist.whitelistClasses) {
|
||||
String targetCanonicalClassName = allowlistClass.javaClassName.replace('$', '.');
|
||||
|
||||
for (WhitelistConstructor whitelistConstructor : whitelistClass.whitelistConstructors) {
|
||||
origin = whitelistConstructor.origin;
|
||||
for (WhitelistConstructor allowlistConstructor : allowlistClass.whitelistConstructors) {
|
||||
origin = allowlistConstructor.origin;
|
||||
painlessLookupBuilder.addPainlessConstructor(
|
||||
targetCanonicalClassName,
|
||||
whitelistConstructor.canonicalTypeNameParameters,
|
||||
whitelistConstructor.painlessAnnotations
|
||||
allowlistConstructor.canonicalTypeNameParameters,
|
||||
allowlistConstructor.painlessAnnotations
|
||||
);
|
||||
}
|
||||
|
||||
for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) {
|
||||
origin = whitelistMethod.origin;
|
||||
for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) {
|
||||
origin = allowlistMethod.origin;
|
||||
painlessLookupBuilder.addPainlessMethod(
|
||||
whitelist.classLoader,
|
||||
allowlist.classLoader,
|
||||
targetCanonicalClassName,
|
||||
whitelistMethod.augmentedCanonicalClassName,
|
||||
whitelistMethod.methodName,
|
||||
whitelistMethod.returnCanonicalTypeName,
|
||||
whitelistMethod.canonicalTypeNameParameters,
|
||||
whitelistMethod.painlessAnnotations
|
||||
allowlistMethod.augmentedCanonicalClassName,
|
||||
allowlistMethod.methodName,
|
||||
allowlistMethod.returnCanonicalTypeName,
|
||||
allowlistMethod.canonicalTypeNameParameters,
|
||||
allowlistMethod.painlessAnnotations
|
||||
);
|
||||
}
|
||||
|
||||
for (WhitelistField whitelistField : whitelistClass.whitelistFields) {
|
||||
origin = whitelistField.origin;
|
||||
for (WhitelistField allowlistField : allowlistClass.whitelistFields) {
|
||||
origin = allowlistField.origin;
|
||||
painlessLookupBuilder.addPainlessField(
|
||||
targetCanonicalClassName,
|
||||
whitelistField.fieldName,
|
||||
whitelistField.canonicalTypeNameParameter
|
||||
allowlistField.fieldName,
|
||||
allowlistField.canonicalTypeNameParameter
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
for (WhitelistMethod whitelistStatic : whitelist.whitelistImportedMethods) {
|
||||
origin = whitelistStatic.origin;
|
||||
for (WhitelistMethod allowlistStatic : allowlist.whitelistImportedMethods) {
|
||||
origin = allowlistStatic.origin;
|
||||
painlessLookupBuilder.addImportedPainlessMethod(
|
||||
whitelist.classLoader,
|
||||
whitelistStatic.augmentedCanonicalClassName,
|
||||
whitelistStatic.methodName,
|
||||
whitelistStatic.returnCanonicalTypeName,
|
||||
whitelistStatic.canonicalTypeNameParameters,
|
||||
whitelistStatic.painlessAnnotations
|
||||
allowlist.classLoader,
|
||||
allowlistStatic.augmentedCanonicalClassName,
|
||||
allowlistStatic.methodName,
|
||||
allowlistStatic.returnCanonicalTypeName,
|
||||
allowlistStatic.canonicalTypeNameParameters,
|
||||
allowlistStatic.painlessAnnotations
|
||||
);
|
||||
}
|
||||
|
||||
for (WhitelistClassBinding whitelistClassBinding : whitelist.whitelistClassBindings) {
|
||||
origin = whitelistClassBinding.origin;
|
||||
for (WhitelistClassBinding allowlistClassBinding : allowlist.whitelistClassBindings) {
|
||||
origin = allowlistClassBinding.origin;
|
||||
painlessLookupBuilder.addPainlessClassBinding(
|
||||
whitelist.classLoader,
|
||||
whitelistClassBinding.targetJavaClassName,
|
||||
whitelistClassBinding.methodName,
|
||||
whitelistClassBinding.returnCanonicalTypeName,
|
||||
whitelistClassBinding.canonicalTypeNameParameters,
|
||||
whitelistClassBinding.painlessAnnotations
|
||||
allowlist.classLoader,
|
||||
allowlistClassBinding.targetJavaClassName,
|
||||
allowlistClassBinding.methodName,
|
||||
allowlistClassBinding.returnCanonicalTypeName,
|
||||
allowlistClassBinding.canonicalTypeNameParameters,
|
||||
allowlistClassBinding.painlessAnnotations
|
||||
);
|
||||
}
|
||||
|
||||
for (WhitelistInstanceBinding whitelistInstanceBinding : whitelist.whitelistInstanceBindings) {
|
||||
origin = whitelistInstanceBinding.origin;
|
||||
for (WhitelistInstanceBinding allowlistInstanceBinding : allowlist.whitelistInstanceBindings) {
|
||||
origin = allowlistInstanceBinding.origin;
|
||||
painlessLookupBuilder.addPainlessInstanceBinding(
|
||||
whitelistInstanceBinding.targetInstance,
|
||||
whitelistInstanceBinding.methodName,
|
||||
whitelistInstanceBinding.returnCanonicalTypeName,
|
||||
whitelistInstanceBinding.canonicalTypeNameParameters
|
||||
allowlistInstanceBinding.targetInstance,
|
||||
allowlistInstanceBinding.methodName,
|
||||
allowlistInstanceBinding.returnCanonicalTypeName,
|
||||
allowlistInstanceBinding.canonicalTypeNameParameters
|
||||
);
|
||||
}
|
||||
}
|
||||
} catch (Exception exception) {
|
||||
throw new IllegalArgumentException("error loading whitelist(s) " + origin, exception);
|
||||
throw new IllegalArgumentException("error loading allowlist(s) " + origin, exception);
|
||||
}
|
||||
|
||||
return painlessLookupBuilder.build();
|
||||
}
|
||||
|
||||
// javaClassNamesToClasses is all the classes that need to be available to the custom classloader
|
||||
// including classes used as part of imported methods and class bindings but not necessarily whitelisted
|
||||
// including classes used as part of imported methods and class bindings but not necessarily allowlisted
|
||||
// individually. The values of javaClassNamesToClasses are a superset of the values of
|
||||
// canonicalClassNamesToClasses.
|
||||
private final Map<String, Class<?>> javaClassNamesToClasses;
|
||||
// canonicalClassNamesToClasses is all the whitelisted classes available in a Painless script including
|
||||
// canonicalClassNamesToClasses is all the allowlisted classes available in a Painless script including
|
||||
// classes with imported canonical names but does not include classes from imported methods or class
|
||||
// bindings unless also whitelisted separately. The values of canonicalClassNamesToClasses are a subset
|
||||
// bindings unless also allowlisted separately. The values of canonicalClassNamesToClasses are a subset
|
||||
// of the values of javaClassNamesToClasses.
|
||||
private final Map<String, Class<?>> canonicalClassNamesToClasses;
|
||||
private final Map<Class<?>, PainlessClassBuilder> classesToPainlessClassBuilders;
|
||||
|
@ -2060,7 +2060,7 @@ public final class PainlessLookupBuilder {
|
|||
/**
|
||||
* Creates a {@link Map} of PainlessMethodKeys to {@link PainlessMethod}s per {@link PainlessClass} stored as
|
||||
* {@link PainlessClass#runtimeMethods} identical to {@link PainlessClass#methods} with the exception of generated
|
||||
* bridge methods. A generated bridge method is created for each whitelisted method that has at least one parameter
|
||||
* bridge methods. A generated bridge method is created for each allowlisted method that has at least one parameter
|
||||
* with a boxed type to cast from other numeric primitive/boxed types in a symmetric was not handled by
|
||||
* {@link MethodHandle#asType(MethodType)}. As an example {@link MethodHandle#asType(MethodType)} legally casts
|
||||
* from {@link Integer} to long but not from int to {@link Long}. Generated bridge methods cover the latter case.
|
||||
|
|
|
@ -34,6 +34,6 @@ grant {
|
|||
// needed to generate runtime classes
|
||||
permission java.lang.RuntimePermission "createClassLoader";
|
||||
|
||||
// needed to find the classloader to load whitelisted classes from
|
||||
// needed to find the classloader to load allowlisted classes from
|
||||
permission java.lang.RuntimePermission "getClassLoader";
|
||||
};
|
||||
|
|
|
@ -58,7 +58,7 @@ class java.util.regex.Matcher {
|
|||
String replaceFirst(String)
|
||||
boolean requireEnd()
|
||||
Matcher reset()
|
||||
# Note: Do not whitelist Matcher.reset(String), it subverts regex limiting
|
||||
# Note: Do not allowlist Matcher.reset(String), it subverts regex limiting
|
||||
int start()
|
||||
int start(int)
|
||||
Matcher useAnchoringBounds(boolean)
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# under the License.
|
||||
#
|
||||
|
||||
# This file contains a whitelist for the Moving Function pipeline aggregator in core
|
||||
# This file contains an allowlist for the Moving Function pipeline aggregator in core
|
||||
|
||||
class org.opensearch.search.aggregations.pipeline.MovingFunctions {
|
||||
double max(double[])
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# under the License.
|
||||
#
|
||||
|
||||
# This file contains a whitelist for the ingest scripts
|
||||
# This file contains an allowlist for the ingest scripts
|
||||
|
||||
class java.lang.String {
|
||||
String org.opensearch.painless.api.Augmentation sha1()
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# under the License.
|
||||
#
|
||||
|
||||
# This file contains a whitelist for functions to be used in Score context
|
||||
# This file contains an allowlist for functions to be used in Score context
|
||||
|
||||
class org.opensearch.script.ScoreScript @no_import {
|
||||
}
|
||||
|
|
|
@ -53,9 +53,9 @@ public class AugmentationTests extends ScriptTestCase {
|
|||
@BeforeClass
|
||||
public static void beforeClass() {
|
||||
Map<ScriptContext<?>, List<Whitelist>> contexts = newDefaultContexts();
|
||||
List<Whitelist> digestWhitelist = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
digestWhitelist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
|
||||
contexts.put(DigestTestScript.CONTEXT, digestWhitelist);
|
||||
List<Whitelist> digestAllowlist = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
digestAllowlist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
|
||||
contexts.put(DigestTestScript.CONTEXT, digestAllowlist);
|
||||
SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts);
|
||||
}
|
||||
|
||||
|
|
|
@ -51,8 +51,8 @@ public class BindingsTests extends ScriptTestCase {
|
|||
@BeforeClass
|
||||
public static void beforeClass() {
|
||||
Map<ScriptContext<?>, List<Whitelist>> contexts = newDefaultContexts();
|
||||
List<Whitelist> whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
|
||||
List<Whitelist> allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
|
||||
|
||||
InstanceBindingTestClass instanceBindingTestClass = new InstanceBindingTestClass(1);
|
||||
WhitelistInstanceBinding getter = new WhitelistInstanceBinding(
|
||||
|
@ -74,16 +74,16 @@ public class BindingsTests extends ScriptTestCase {
|
|||
List<WhitelistInstanceBinding> instanceBindingsList = new ArrayList<>();
|
||||
instanceBindingsList.add(getter);
|
||||
instanceBindingsList.add(setter);
|
||||
Whitelist instanceBindingsWhitelist = new Whitelist(
|
||||
Whitelist instanceBindingsAllowlist = new Whitelist(
|
||||
instanceBindingTestClass.getClass().getClassLoader(),
|
||||
Collections.emptyList(),
|
||||
Collections.emptyList(),
|
||||
Collections.emptyList(),
|
||||
instanceBindingsList
|
||||
);
|
||||
whitelists.add(instanceBindingsWhitelist);
|
||||
allowlists.add(instanceBindingsAllowlist);
|
||||
|
||||
contexts.put(BindingsTestScript.CONTEXT, whitelists);
|
||||
contexts.put(BindingsTestScript.CONTEXT, allowlists);
|
||||
SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts);
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ package org.opensearch.painless;
|
|||
import java.util.List;
|
||||
import java.util.function.Function;
|
||||
|
||||
/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */
|
||||
/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */
|
||||
public class FeatureTestObject {
|
||||
/** static method that returns true */
|
||||
public static boolean overloadedStatic() {
|
||||
|
@ -47,7 +47,7 @@ public class FeatureTestObject {
|
|||
return whatToReturn;
|
||||
}
|
||||
|
||||
/** static method only whitelisted as a static */
|
||||
/** static method only allowlisted as a static */
|
||||
public static float staticAddFloatsTest(float x, float y) {
|
||||
return x + y;
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
package org.opensearch.painless;
|
||||
|
||||
/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */
|
||||
/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */
|
||||
public class FeatureTestObject2 {
|
||||
public FeatureTestObject2() {
|
||||
super();
|
||||
|
|
|
@ -172,7 +172,7 @@ public class RegexTests extends ScriptTestCase {
|
|||
assertEquals("o", exec("Matcher m = /(?<first>f)(?<second>o)o/.matcher('foo'); m.find(); return m.namedGroup('second')"));
|
||||
}
|
||||
|
||||
// Make sure some methods on Pattern are whitelisted
|
||||
// Make sure some methods on Pattern are allowlisted
|
||||
public void testSplit() {
|
||||
assertArrayEquals(new String[] { "cat", "dog" }, (String[]) exec("/,/.split('cat,dog')"));
|
||||
}
|
||||
|
|
|
@ -62,9 +62,9 @@ public abstract class ScriptTestCase extends OpenSearchTestCase {
|
|||
/** Creates a new contexts map with PainlessTextScript = org.opensearch.painless.test */
|
||||
protected static Map<ScriptContext<?>, List<Whitelist>> newDefaultContexts() {
|
||||
Map<ScriptContext<?>, List<Whitelist>> contexts = new HashMap<>();
|
||||
List<Whitelist> whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
|
||||
contexts.put(PainlessTestScript.CONTEXT, whitelists);
|
||||
List<Whitelist> allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
|
||||
allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
|
||||
contexts.put(PainlessTestScript.CONTEXT, allowlists);
|
||||
return contexts;
|
||||
}
|
||||
|
||||
|
|
|
@ -70,51 +70,51 @@ public class WhitelistLoaderTests extends ScriptTestCase {
|
|||
public void testAnnotations() {
|
||||
Map<String, WhitelistAnnotationParser> parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS);
|
||||
parsers.put(AnnotationTestObject.TestAnnotation.NAME, AnnotationTestObject.TestAnnotationParser.INSTANCE);
|
||||
Whitelist whitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation");
|
||||
Whitelist allowlist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation");
|
||||
|
||||
assertEquals(1, whitelist.whitelistClasses.size());
|
||||
assertEquals(1, allowlist.whitelistClasses.size());
|
||||
|
||||
WhitelistClass whitelistClass = whitelist.whitelistClasses.get(0);
|
||||
WhitelistClass allowlistClass = allowlist.whitelistClasses.get(0);
|
||||
|
||||
assertNotNull(whitelistClass.painlessAnnotations.get(NoImportAnnotation.class));
|
||||
assertEquals(1, whitelistClass.painlessAnnotations.size());
|
||||
assertEquals(3, whitelistClass.whitelistMethods.size());
|
||||
assertNotNull(allowlistClass.painlessAnnotations.get(NoImportAnnotation.class));
|
||||
assertEquals(1, allowlistClass.painlessAnnotations.size());
|
||||
assertEquals(3, allowlistClass.whitelistMethods.size());
|
||||
|
||||
int count = 0;
|
||||
|
||||
for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) {
|
||||
if ("deprecatedMethod".equals(whitelistMethod.methodName)) {
|
||||
for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) {
|
||||
if ("deprecatedMethod".equals(allowlistMethod.methodName)) {
|
||||
assertEquals(
|
||||
"use another method",
|
||||
((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
|
||||
((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
|
||||
);
|
||||
assertEquals(1, whitelistMethod.painlessAnnotations.size());
|
||||
assertEquals(1, allowlistMethod.painlessAnnotations.size());
|
||||
++count;
|
||||
}
|
||||
|
||||
if ("annotatedTestMethod".equals(whitelistMethod.methodName)) {
|
||||
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get(
|
||||
if ("annotatedTestMethod".equals(allowlistMethod.methodName)) {
|
||||
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get(
|
||||
AnnotationTestObject.TestAnnotation.class
|
||||
));
|
||||
assertEquals("one", ta.getOne());
|
||||
assertEquals("two", ta.getTwo());
|
||||
assertEquals("three", ta.getThree());
|
||||
assertEquals(1, whitelistMethod.painlessAnnotations.size());
|
||||
assertEquals(1, allowlistMethod.painlessAnnotations.size());
|
||||
++count;
|
||||
}
|
||||
|
||||
if ("annotatedMultipleMethod".equals(whitelistMethod.methodName)) {
|
||||
if ("annotatedMultipleMethod".equals(allowlistMethod.methodName)) {
|
||||
assertEquals(
|
||||
"test",
|
||||
((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
|
||||
((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
|
||||
);
|
||||
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get(
|
||||
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get(
|
||||
AnnotationTestObject.TestAnnotation.class
|
||||
));
|
||||
assertEquals("one", ta.getOne());
|
||||
assertEquals("two", ta.getTwo());
|
||||
assertEquals("three", ta.getThree());
|
||||
assertEquals(2, whitelistMethod.painlessAnnotations.size());
|
||||
assertEquals(2, allowlistMethod.painlessAnnotations.size());
|
||||
++count;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# whitelist for annotation tests
|
||||
# allowlist for annotation tests
|
||||
|
||||
class org.opensearch.painless.AnnotationTestObject @no_import {
|
||||
void deprecatedMethod() @deprecated[message="use another method"]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# whitelist for annotation tests with unknown annotation
|
||||
# allowlist for annotation tests with unknown annotation
|
||||
|
||||
class org.opensearch.painless.AnnotationTestObject @no_import {
|
||||
void unknownAnnotationMethod() @unknownAnnotation
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# whitelist for annotation tests with unknown annotation containing options
|
||||
# allowlist for annotation tests with unknown annotation containing options
|
||||
|
||||
class org.opensearch.painless.AnnotationTestObject @no_import {
|
||||
void unknownAnnotationMethod() @unknownAnootationWithMessage[arg="arg value"]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# whitelist for tests
|
||||
# allowlist for tests
|
||||
|
||||
# TODO: remove this when the transition from Joda to Java datetimes is completed
|
||||
class org.opensearch.script.JodaCompatibleZonedDateTime {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Sanity integration test to make sure the custom context and whitelist work for moving_fn pipeline agg
|
||||
# Sanity integration test to make sure the custom context and allowlist work for moving_fn pipeline agg
|
||||
#
|
||||
setup:
|
||||
- do:
|
||||
|
|
|
@ -49,7 +49,7 @@ testClusters.all {
|
|||
// Modules who's integration is explicitly tested in integration tests
|
||||
module ':modules:parent-join'
|
||||
module ':modules:lang-painless'
|
||||
// Whitelist reindexing from the local node so we can test reindex-from-remote.
|
||||
// Allowlist reindexing from the local node so we can test reindex-from-remote.
|
||||
setting 'reindex.remote.whitelist', '127.0.0.1:*'
|
||||
}
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ class ReindexValidator {
|
|||
static final String SORT_DEPRECATED_MESSAGE = "The sort option in reindex is deprecated. "
|
||||
+ "Instead consider using query filtering to find the desired subset of data.";
|
||||
|
||||
private final CharacterRunAutomaton remoteWhitelist;
|
||||
private final CharacterRunAutomaton remoteAllowlist;
|
||||
private final ClusterService clusterService;
|
||||
private final IndexNameExpressionResolver resolver;
|
||||
private final AutoCreateIndex autoCreateIndex;
|
||||
|
@ -70,14 +70,14 @@ class ReindexValidator {
|
|||
IndexNameExpressionResolver resolver,
|
||||
AutoCreateIndex autoCreateIndex
|
||||
) {
|
||||
this.remoteWhitelist = buildRemoteWhitelist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings));
|
||||
this.remoteAllowlist = buildRemoteAllowlist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings));
|
||||
this.clusterService = clusterService;
|
||||
this.resolver = resolver;
|
||||
this.autoCreateIndex = autoCreateIndex;
|
||||
}
|
||||
|
||||
void initialValidation(ReindexRequest request) {
|
||||
checkRemoteWhitelist(remoteWhitelist, request.getRemoteInfo());
|
||||
checkRemoteAllowlist(remoteAllowlist, request.getRemoteInfo());
|
||||
ClusterState state = clusterService.state();
|
||||
validateAgainstAliases(
|
||||
request.getSearchRequest(),
|
||||
|
@ -93,32 +93,32 @@ class ReindexValidator {
|
|||
}
|
||||
}
|
||||
|
||||
static void checkRemoteWhitelist(CharacterRunAutomaton whitelist, RemoteInfo remoteInfo) {
|
||||
static void checkRemoteAllowlist(CharacterRunAutomaton allowlist, RemoteInfo remoteInfo) {
|
||||
if (remoteInfo == null) {
|
||||
return;
|
||||
}
|
||||
String check = remoteInfo.getHost() + ':' + remoteInfo.getPort();
|
||||
if (whitelist.run(check)) {
|
||||
if (allowlist.run(check)) {
|
||||
return;
|
||||
}
|
||||
String whiteListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey();
|
||||
throw new IllegalArgumentException('[' + check + "] not whitelisted in " + whiteListKey);
|
||||
String allowListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey();
|
||||
throw new IllegalArgumentException('[' + check + "] not allowlisted in " + allowListKey);
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote whitelist and make sure that it doesn't whitelist
|
||||
* Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote allowlist and make sure that it doesn't allowlist
|
||||
* the world.
|
||||
*/
|
||||
static CharacterRunAutomaton buildRemoteWhitelist(List<String> whitelist) {
|
||||
if (whitelist.isEmpty()) {
|
||||
static CharacterRunAutomaton buildRemoteAllowlist(List<String> allowlist) {
|
||||
if (allowlist.isEmpty()) {
|
||||
return new CharacterRunAutomaton(Automata.makeEmpty());
|
||||
}
|
||||
Automaton automaton = Regex.simpleMatchToAutomaton(whitelist.toArray(Strings.EMPTY_ARRAY));
|
||||
Automaton automaton = Regex.simpleMatchToAutomaton(allowlist.toArray(Strings.EMPTY_ARRAY));
|
||||
automaton = MinimizationOperations.minimize(automaton, Operations.DEFAULT_DETERMINIZE_WORK_LIMIT);
|
||||
if (Operations.isTotal(automaton)) {
|
||||
throw new IllegalArgumentException(
|
||||
"Refusing to start because whitelist "
|
||||
+ whitelist
|
||||
"Refusing to start because allowlist "
|
||||
+ allowlist
|
||||
+ " accepts all addresses. "
|
||||
+ "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs "
|
||||
+ "for them."
|
||||
|
|
|
@ -44,22 +44,22 @@ import java.util.List;
|
|||
import static java.util.Collections.emptyList;
|
||||
import static java.util.Collections.emptyMap;
|
||||
import static java.util.Collections.singletonList;
|
||||
import static org.opensearch.index.reindex.ReindexValidator.buildRemoteWhitelist;
|
||||
import static org.opensearch.index.reindex.ReindexValidator.checkRemoteWhitelist;
|
||||
import static org.opensearch.index.reindex.ReindexValidator.buildRemoteAllowlist;
|
||||
import static org.opensearch.index.reindex.ReindexValidator.checkRemoteAllowlist;
|
||||
|
||||
/**
|
||||
* Tests the reindex-from-remote whitelist of remotes.
|
||||
* Tests the reindex-from-remote allowlist of remotes.
|
||||
*/
|
||||
public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
|
||||
|
||||
private final BytesReference query = new BytesArray("{ \"foo\" : \"bar\" }");
|
||||
|
||||
public void testLocalRequestWithoutWhitelist() {
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(emptyList()), null);
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(emptyList()), null);
|
||||
}
|
||||
|
||||
public void testLocalRequestWithWhitelist() {
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(randomWhitelist()), null);
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(randomAllowlist()), null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -81,16 +81,16 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
|
|||
}
|
||||
|
||||
public void testWhitelistedRemote() {
|
||||
List<String> whitelist = randomWhitelist();
|
||||
String[] inList = whitelist.iterator().next().split(":");
|
||||
List<String> allowlist = randomAllowlist();
|
||||
String[] inList = allowlist.iterator().next().split(":");
|
||||
String host = inList[0];
|
||||
int port = Integer.valueOf(inList[1]);
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo(host, port));
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo(host, port));
|
||||
}
|
||||
|
||||
public void testWhitelistedByPrefix() {
|
||||
checkRemoteWhitelist(
|
||||
buildRemoteWhitelist(singletonList("*.example.com:9200")),
|
||||
checkRemoteAllowlist(
|
||||
buildRemoteAllowlist(singletonList("*.example.com:9200")),
|
||||
new RemoteInfo(
|
||||
randomAlphaOfLength(5),
|
||||
"es.example.com",
|
||||
|
@ -104,34 +104,34 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
|
|||
RemoteInfo.DEFAULT_CONNECT_TIMEOUT
|
||||
)
|
||||
);
|
||||
checkRemoteWhitelist(
|
||||
buildRemoteWhitelist(singletonList("*.example.com:9200")),
|
||||
checkRemoteAllowlist(
|
||||
buildRemoteAllowlist(singletonList("*.example.com:9200")),
|
||||
newRemoteInfo("6e134134a1.us-east-1.aws.example.com", 9200)
|
||||
);
|
||||
}
|
||||
|
||||
public void testWhitelistedBySuffix() {
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200));
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200));
|
||||
}
|
||||
|
||||
public void testWhitelistedByInfix() {
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200));
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200));
|
||||
}
|
||||
|
||||
public void testLoopbackInWhitelistRemote() throws UnknownHostException {
|
||||
List<String> whitelist = randomWhitelist();
|
||||
whitelist.add("127.0.0.1:*");
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("127.0.0.1", 9200));
|
||||
List<String> allowlist = randomAllowlist();
|
||||
allowlist.add("127.0.0.1:*");
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("127.0.0.1", 9200));
|
||||
}
|
||||
|
||||
public void testUnwhitelistedRemote() {
|
||||
int port = between(1, Integer.MAX_VALUE);
|
||||
List<String> whitelist = randomBoolean() ? randomWhitelist() : emptyList();
|
||||
List<String> allowlist = randomBoolean() ? randomAllowlist() : emptyList();
|
||||
Exception e = expectThrows(
|
||||
IllegalArgumentException.class,
|
||||
() -> checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("not in list", port))
|
||||
() -> checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("not in list", port))
|
||||
);
|
||||
assertEquals("[not in list:" + port + "] not whitelisted in reindex.remote.whitelist", e.getMessage());
|
||||
assertEquals("[not in list:" + port + "] not allowlisted in reindex.remote.whitelist", e.getMessage());
|
||||
}
|
||||
|
||||
public void testRejectMatchAll() {
|
||||
|
@ -140,22 +140,22 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
|
|||
assertMatchesTooMuch(singletonList("***"));
|
||||
assertMatchesTooMuch(Arrays.asList("realstuff", "*"));
|
||||
assertMatchesTooMuch(Arrays.asList("*", "realstuff"));
|
||||
List<String> random = randomWhitelist();
|
||||
List<String> random = randomAllowlist();
|
||||
random.add("*");
|
||||
assertMatchesTooMuch(random);
|
||||
}
|
||||
|
||||
public void testIPv6Address() {
|
||||
List<String> whitelist = randomWhitelist();
|
||||
whitelist.add("[::1]:*");
|
||||
checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("[::1]", 9200));
|
||||
List<String> allowlist = randomAllowlist();
|
||||
allowlist.add("[::1]:*");
|
||||
checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("[::1]", 9200));
|
||||
}
|
||||
|
||||
private void assertMatchesTooMuch(List<String> whitelist) {
|
||||
Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteWhitelist(whitelist));
|
||||
private void assertMatchesTooMuch(List<String> allowlist) {
|
||||
Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteAllowlist(allowlist));
|
||||
assertEquals(
|
||||
"Refusing to start because whitelist "
|
||||
+ whitelist
|
||||
"Refusing to start because allowlist "
|
||||
+ allowlist
|
||||
+ " accepts all addresses. "
|
||||
+ "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs "
|
||||
+ "for them.",
|
||||
|
@ -163,12 +163,12 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
|
|||
);
|
||||
}
|
||||
|
||||
private List<String> randomWhitelist() {
|
||||
private List<String> randomAllowlist() {
|
||||
int size = between(1, 100);
|
||||
List<String> whitelist = new ArrayList<>(size);
|
||||
List<String> allowlist = new ArrayList<>(size);
|
||||
for (int i = 0; i < size; i++) {
|
||||
whitelist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE));
|
||||
allowlist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE));
|
||||
}
|
||||
return whitelist;
|
||||
return allowlist;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -98,7 +98,7 @@ public class ReindexFromRemoteWithAuthTests extends OpenSearchSingleNodeTestCase
|
|||
@Override
|
||||
protected Settings nodeSettings() {
|
||||
Settings.Builder settings = Settings.builder().put(super.nodeSettings());
|
||||
// Whitelist reindexing from the http host we're going to use
|
||||
// Allowlist reindexing from the http host we're going to use
|
||||
settings.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*");
|
||||
settings.put(NetworkModule.HTTP_TYPE_KEY, Netty4Plugin.NETTY_HTTP_TRANSPORT_NAME);
|
||||
return settings.build();
|
||||
|
|
|
@ -102,7 +102,7 @@ public class RetryTests extends OpenSearchIntegTestCase {
|
|||
|
||||
final Settings nodeSettings() {
|
||||
return Settings.builder()
|
||||
// whitelist reindexing from the HTTP host we're going to use
|
||||
// allowlist reindexing from the HTTP host we're going to use
|
||||
.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*")
|
||||
.build();
|
||||
}
|
||||
|
|
|
@ -308,7 +308,7 @@
|
|||
---
|
||||
"unwhitelisted remote host fails":
|
||||
- do:
|
||||
catch: /\[badremote:9200\] not whitelisted in reindex.remote.whitelist/
|
||||
catch: /\[badremote:9200\] not allowlisted in reindex.remote.whitelist/
|
||||
reindex:
|
||||
body:
|
||||
source:
|
||||
|
|
|
@ -95,7 +95,7 @@ public class URLRepository extends BlobStoreRepository {
|
|||
|
||||
private final List<String> supportedProtocols;
|
||||
|
||||
private final URIPattern[] urlWhiteList;
|
||||
private final URIPattern[] urlAllowList;
|
||||
|
||||
private final Environment environment;
|
||||
|
||||
|
@ -120,7 +120,7 @@ public class URLRepository extends BlobStoreRepository {
|
|||
}
|
||||
this.environment = environment;
|
||||
supportedProtocols = SUPPORTED_PROTOCOLS_SETTING.get(environment.settings());
|
||||
urlWhiteList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {});
|
||||
urlAllowList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {});
|
||||
basePath = BlobPath.cleanPath();
|
||||
url = URL_SETTING.exists(metadata.settings())
|
||||
? URL_SETTING.get(metadata.settings())
|
||||
|
@ -161,7 +161,7 @@ public class URLRepository extends BlobStoreRepository {
|
|||
for (String supportedProtocol : supportedProtocols) {
|
||||
if (supportedProtocol.equals(protocol)) {
|
||||
try {
|
||||
if (URIPattern.match(urlWhiteList, url.toURI())) {
|
||||
if (URIPattern.match(urlAllowList, url.toURI())) {
|
||||
// URL matches white list - no additional processing is needed
|
||||
return url;
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ dependencies {
|
|||
api 'com.sun.xml.bind:jaxb-impl:2.2.3-1'
|
||||
|
||||
// HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here,
|
||||
// and whitelist this hack in JarHell
|
||||
// and allowlist this hack in JarHell
|
||||
api 'javax.xml.bind:jaxb-api:2.3.1'
|
||||
}
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ apply plugin: 'opensearch.yaml-rest-test'
|
|||
|
||||
opensearchplugin {
|
||||
name 'painless-whitelist'
|
||||
description 'An example whitelisting additional classes and methods in painless'
|
||||
description 'An example allowlisting additional classes and methods in painless'
|
||||
classname 'org.opensearch.example.painlesswhitelist.MyWhitelistPlugin'
|
||||
extendedPlugins = ['lang-painless']
|
||||
licenseFile rootProject.file('licenses/APACHE-LICENSE-2.0.txt')
|
||||
|
|
|
@ -46,19 +46,19 @@ import java.util.HashMap;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/** An extension of painless which adds a whitelist. */
|
||||
/** An extension of painless which adds an allowlist. */
|
||||
public class ExampleWhitelistExtension implements PainlessExtension {
|
||||
|
||||
@Override
|
||||
public Map<ScriptContext<?>, List<Whitelist>> getContextWhitelists() {
|
||||
Map<String, WhitelistAnnotationParser> parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS);
|
||||
parsers.put(ExamplePainlessAnnotation.NAME, ExampleWhitelistAnnotationParser.INSTANCE);
|
||||
Whitelist classWhitelist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt");
|
||||
Whitelist classAllowlist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt");
|
||||
|
||||
ExampleWhitelistedInstance ewi = new ExampleWhitelistedInstance(1);
|
||||
ExampleWhitelistedInstance eai = new ExampleWhitelistedInstance(1);
|
||||
WhitelistInstanceBinding addValue = new WhitelistInstanceBinding(
|
||||
"example addValue",
|
||||
ewi,
|
||||
eai,
|
||||
"addValue",
|
||||
"int",
|
||||
Collections.singletonList("int"),
|
||||
|
@ -66,20 +66,20 @@ public class ExampleWhitelistExtension implements PainlessExtension {
|
|||
);
|
||||
WhitelistInstanceBinding getValue = new WhitelistInstanceBinding(
|
||||
"example getValue",
|
||||
ewi,
|
||||
eai,
|
||||
"getValue",
|
||||
"int",
|
||||
Collections.emptyList(),
|
||||
Collections.emptyList()
|
||||
);
|
||||
Whitelist instanceWhitelist = new Whitelist(
|
||||
ewi.getClass().getClassLoader(),
|
||||
Whitelist instanceAllowlist = new Whitelist(
|
||||
eai.getClass().getClassLoader(),
|
||||
Collections.emptyList(),
|
||||
Collections.emptyList(),
|
||||
Collections.emptyList(),
|
||||
Arrays.asList(addValue, getValue)
|
||||
);
|
||||
|
||||
return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classWhitelist, instanceWhitelist));
|
||||
return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classAllowlist, instanceAllowlist));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,9 +33,9 @@
|
|||
package org.opensearch.example.painlesswhitelist;
|
||||
|
||||
/**
|
||||
* An example of a class to be whitelisted for use by painless scripts
|
||||
* An example of a class to be allowlisted for use by painless scripts
|
||||
*
|
||||
* Each of the members and methods below are whitelisted for use in search scripts.
|
||||
* Each of the members and methods below are allowlisted for use in search scripts.
|
||||
* See <a href="file:example_whitelist.txt">example_whitelist.txt</a>.
|
||||
*/
|
||||
public class ExampleWhitelistedClass {
|
||||
|
@ -68,7 +68,7 @@ public class ExampleWhitelistedClass {
|
|||
return Integer.parseInt(x);
|
||||
}
|
||||
|
||||
// example method to attach annotations in whitelist
|
||||
// example method to attach annotations in allowlist
|
||||
public void annotate() {
|
||||
// some logic here
|
||||
}
|
||||
|
|
|
@ -35,5 +35,5 @@ package org.opensearch.example.painlesswhitelist;
|
|||
import org.opensearch.plugins.Plugin;
|
||||
|
||||
public class MyWhitelistPlugin extends Plugin {
|
||||
// we don't actually need anything here, since whitelists are extended through SPI
|
||||
// we don't actually need anything here, since allowlists are extended through SPI
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# under the License.
|
||||
#
|
||||
|
||||
# This file contains a whitelist for an example class which may be access from painless
|
||||
# This file contains an allowlist for an example class which may be access from painless
|
||||
|
||||
class org.opensearch.example.painlesswhitelist.ExampleWhitelistedClass {
|
||||
# constructor
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Integration tests for the painless whitelist example plugin
|
||||
# Integration tests for the painless allowlist example plugin
|
||||
#
|
||||
"Plugin loaded":
|
||||
- skip:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Example test using whitelisted members and methods
|
||||
# Example test using allowlisted members and methods
|
||||
|
||||
"Whitelisted custom class":
|
||||
- do:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Example test using whitelisted statically imported method
|
||||
# Example test using allowlisted statically imported method
|
||||
|
||||
"custom static imported method":
|
||||
- do:
|
||||
|
|
|
@ -64,7 +64,7 @@ dependencies {
|
|||
api "joda-time:joda-time:${versions.joda}"
|
||||
|
||||
// HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here,
|
||||
// and whitelist this hack in JarHell
|
||||
// and allowlist this hack in JarHell
|
||||
api 'javax.xml.bind:jaxb-api:2.3.1'
|
||||
|
||||
testImplementation project(':test:fixtures:s3-fixture')
|
||||
|
|
|
@ -79,7 +79,7 @@ public final class BootstrapInfo {
|
|||
|
||||
// create a view of sysprops map that does not allow modifications
|
||||
// this must be done this way (e.g. versus an actual typed map), because
|
||||
// some test methods still change properties, so whitelisted changes must
|
||||
// some test methods still change properties, so allowlisted changes must
|
||||
// be reflected in this view.
|
||||
private static final Dictionary<Object, Object> SYSTEM_PROPERTIES;
|
||||
static {
|
||||
|
|
|
@ -227,7 +227,7 @@ final class SystemCallFilter {
|
|||
static class Arch {
|
||||
/** AUDIT_ARCH_XXX constant from linux/audit.h */
|
||||
final int audit;
|
||||
/** syscall limit (necessary for blacklisting on amd64, to ban 32-bit syscalls) */
|
||||
/** syscall limit (necessary for denylisting on amd64, to ban 32-bit syscalls) */
|
||||
final int limit;
|
||||
/** __NR_fork */
|
||||
final int fork;
|
||||
|
|
|
@ -293,7 +293,7 @@ class BindingProcessor extends AbstractProcessor {
|
|||
return false;
|
||||
}
|
||||
|
||||
// It's unfortunate that we have to maintain a blacklist of specific
|
||||
// It's unfortunate that we have to maintain a denylist of specific
|
||||
// classes, but we can't easily block the whole package because of
|
||||
// all our unit tests.
|
||||
private static final Set<Class<?>> FORBIDDEN_TYPES = unmodifiableSet(
|
||||
|
|
|
@ -61,7 +61,7 @@ class InheritingState implements State {
|
|||
private final Map<Class<? extends Annotation>, Scope> scopes = new HashMap<>();
|
||||
private final List<MatcherAndConverter> converters = new ArrayList<>();
|
||||
private final List<TypeListenerBinding> listenerBindings = new ArrayList<>();
|
||||
private WeakKeySet blacklistedKeys = new WeakKeySet();
|
||||
private WeakKeySet denylistedKeys = new WeakKeySet();
|
||||
private final Object lock;
|
||||
|
||||
InheritingState(State parent) {
|
||||
|
@ -145,17 +145,17 @@ class InheritingState implements State {
|
|||
@Override
|
||||
public void blacklist(Key<?> key) {
|
||||
parent.blacklist(key);
|
||||
blacklistedKeys.add(key);
|
||||
denylistedKeys.add(key);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isBlacklisted(Key<?> key) {
|
||||
return blacklistedKeys.contains(key);
|
||||
return denylistedKeys.contains(key);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void clearBlacklisted() {
|
||||
blacklistedKeys = new WeakKeySet();
|
||||
denylistedKeys = new WeakKeySet();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -164,7 +164,7 @@ interface State {
|
|||
|
||||
/**
|
||||
* Forbids the corresponding injector from creating a binding to {@code key}. Child injectors
|
||||
* blacklist their bound keys on their parent injectors to prevent just-in-time bindings on the
|
||||
* denylist their bound keys on their parent injectors to prevent just-in-time bindings on the
|
||||
* parent injector that would conflict.
|
||||
*/
|
||||
void blacklist(Key<?> key);
|
||||
|
@ -177,11 +177,11 @@ interface State {
|
|||
|
||||
/**
|
||||
* Returns the shared lock for all injector data. This is a low-granularity, high-contention lock
|
||||
* to be used when reading mutable data (ie. just-in-time bindings, and binding blacklists).
|
||||
* to be used when reading mutable data (ie. just-in-time bindings, and binding denylists).
|
||||
*/
|
||||
Object lock();
|
||||
|
||||
// ES_GUICE: clean blacklist keys
|
||||
// ES_GUICE: clean denylist keys
|
||||
void clearBlacklisted();
|
||||
|
||||
void makeAllBindingsToEagerSingletons(Injector injector);
|
||||
|
|
|
@ -126,7 +126,7 @@ public class ScriptedMetricAggContexts {
|
|||
return state;
|
||||
}
|
||||
|
||||
// Return the doc as a map (instead of LeafDocLookup) in order to abide by type whitelisting rules for
|
||||
// Return the doc as a map (instead of LeafDocLookup) in order to abide by type allowlisting rules for
|
||||
// Painless scripts.
|
||||
public Map<String, ScriptDocValues<?>> getDoc() {
|
||||
return leafLookup == null ? null : leafLookup.doc();
|
||||
|
|
|
@ -192,7 +192,7 @@ public class MovingFunctions {
|
|||
}
|
||||
|
||||
/**
|
||||
* Version of holt that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but
|
||||
* Version of holt that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but
|
||||
* here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone.
|
||||
*/
|
||||
public static double[] holtForecast(double[] values, double alpha, double beta, int numForecasts) {
|
||||
|
@ -268,7 +268,7 @@ public class MovingFunctions {
|
|||
}
|
||||
|
||||
/**
|
||||
* Version of holt-winters that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but
|
||||
* Version of holt-winters that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but
|
||||
* here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone.
|
||||
*/
|
||||
public static double[] holtWintersForecast(
|
||||
|
|
|
@ -254,29 +254,29 @@ public class ClusterModuleTests extends ModuleTestCase {
|
|||
}
|
||||
|
||||
public void testPre63CustomsFiltering() {
|
||||
final String whiteListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST);
|
||||
final String whiteListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST);
|
||||
final String allowListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST);
|
||||
final String allowListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST);
|
||||
final ClusterState clusterState = ClusterState.builder(ClusterName.DEFAULT)
|
||||
.putCustom(whiteListedClusterCustom, new RestoreInProgress.Builder().build())
|
||||
.putCustom(allowListedClusterCustom, new RestoreInProgress.Builder().build())
|
||||
.putCustom("other", new RestoreInProgress.Builder().build())
|
||||
.metadata(
|
||||
Metadata.builder()
|
||||
.putCustom(whiteListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList()))
|
||||
.putCustom(allowListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList()))
|
||||
.putCustom("other", new RepositoriesMetadata(Collections.emptyList()))
|
||||
.build()
|
||||
)
|
||||
.build();
|
||||
|
||||
assertNotNull(clusterState.custom(whiteListedClusterCustom));
|
||||
assertNotNull(clusterState.custom(allowListedClusterCustom));
|
||||
assertNotNull(clusterState.custom("other"));
|
||||
assertNotNull(clusterState.metadata().custom(whiteListedMetadataCustom));
|
||||
assertNotNull(clusterState.metadata().custom(allowListedMetadataCustom));
|
||||
assertNotNull(clusterState.metadata().custom("other"));
|
||||
|
||||
final ClusterState fixedClusterState = ClusterModule.filterCustomsForPre63Clients(clusterState);
|
||||
|
||||
assertNotNull(fixedClusterState.custom(whiteListedClusterCustom));
|
||||
assertNotNull(fixedClusterState.custom(allowListedClusterCustom));
|
||||
assertNull(fixedClusterState.custom("other"));
|
||||
assertNotNull(fixedClusterState.metadata().custom(whiteListedMetadataCustom));
|
||||
assertNotNull(fixedClusterState.metadata().custom(allowListedMetadataCustom));
|
||||
assertNull(fixedClusterState.metadata().custom("other"));
|
||||
}
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ public class FilterAllocationDeciderTests extends OpenSearchAllocationTestCase {
|
|||
assertEquals(routingTable.index("idx").shard(0).shards().get(0).state(), UNASSIGNED);
|
||||
assertNull(routingTable.index("idx").shard(0).shards().get(0).currentNodeId());
|
||||
|
||||
// after failing the shard we are unassigned since the node is blacklisted and we can't initialize on the other node
|
||||
// after failing the shard we are unassigned since the node is denylisted and we can't initialize on the other node
|
||||
RoutingAllocation allocation = new RoutingAllocation(allocationDeciders, state.getRoutingNodes(), state, null, null, 0);
|
||||
allocation.debugDecision(true);
|
||||
Decision.Single decision = (Decision.Single) filterAllocationDecider.canAllocate(
|
||||
|
|
|
@ -175,16 +175,16 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
|
|||
protected ValuesSourceRegistry valuesSourceRegistry;
|
||||
|
||||
// A list of field types that should not be tested, or are not currently supported
|
||||
private static List<String> TYPE_TEST_BLACKLIST;
|
||||
private static List<String> TYPE_TEST_DENYLIST;
|
||||
|
||||
static {
|
||||
List<String> blacklist = new ArrayList<>();
|
||||
blacklist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects
|
||||
blacklist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet)
|
||||
blacklist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested
|
||||
blacklist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion
|
||||
blacklist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias
|
||||
TYPE_TEST_BLACKLIST = blacklist;
|
||||
List<String> denylist = new ArrayList<>();
|
||||
denylist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects
|
||||
denylist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet)
|
||||
denylist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested
|
||||
denylist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion
|
||||
denylist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias
|
||||
TYPE_TEST_DENYLIST = denylist;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -713,11 +713,11 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
|
|||
}
|
||||
|
||||
/**
|
||||
* A method that allows implementors to specifically blacklist particular field types (based on their content_name).
|
||||
* A method that allows implementors to specifically denylist particular field types (based on their content_name).
|
||||
* This is needed in some areas where the ValuesSourceType is not granular enough, for example integer values
|
||||
* vs floating points, or `keyword` bytes vs `binary` bytes (which are not searchable)
|
||||
*
|
||||
* This is a blacklist instead of a whitelist because there are vastly more field types than ValuesSourceTypes,
|
||||
* This is a denylist instead of an allowlist because there are vastly more field types than ValuesSourceTypes,
|
||||
* and it's expected that these unsupported cases are exceptional rather than common
|
||||
*/
|
||||
protected List<String> unsupportedMappedFieldTypes() {
|
||||
|
@ -748,7 +748,7 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
|
|||
for (Map.Entry<String, Mapper.TypeParser> mappedType : mapperRegistry.getMapperParsers().entrySet()) {
|
||||
|
||||
// Some field types should not be tested, or require more work and are not ready yet
|
||||
if (TYPE_TEST_BLACKLIST.contains(mappedType.getKey())) {
|
||||
if (TYPE_TEST_DENYLIST.contains(mappedType.getKey())) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ package org.opensearch.test.rest.yaml;
|
|||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* Matches blacklist patterns.
|
||||
* Matches denylist patterns.
|
||||
*
|
||||
* Currently the following syntax is supported:
|
||||
*
|
||||
|
@ -45,20 +45,20 @@ import java.util.regex.Pattern;
|
|||
* <code>indices.get/10_basic/advanced/allow_no_indices</code> (contains an additional segment)</li>
|
||||
* </ul>
|
||||
*
|
||||
* Each blacklist pattern is a suffix match on the path. Empty patterns are not allowed.
|
||||
* Each denylist pattern is a suffix match on the path. Empty patterns are not allowed.
|
||||
*/
|
||||
final class BlacklistedPathPatternMatcher {
|
||||
private final Pattern pattern;
|
||||
|
||||
/**
|
||||
* Constructs a new <code>BlacklistedPathPatternMatcher</code> instance from the provided suffix pattern.
|
||||
* Constructs a new <code>DenylistedPathPatternMatcher</code> instance from the provided suffix pattern.
|
||||
*
|
||||
* @param p The suffix pattern. Must be a non-empty string.
|
||||
*/
|
||||
BlacklistedPathPatternMatcher(String p) {
|
||||
// guard against accidentally matching everything as an empty string lead to the pattern ".*" which matches everything
|
||||
if (p == null || p.trim().isEmpty()) {
|
||||
throw new IllegalArgumentException("Empty blacklist patterns are not supported");
|
||||
throw new IllegalArgumentException("Empty denylist patterns are not supported");
|
||||
}
|
||||
// very simple transformation from wildcard to a proper regex
|
||||
String finalPattern = p.replaceAll("\\*", "[^/]*") // support wildcard matches (within a single path segment)
|
||||
|
|
|
@ -88,13 +88,13 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
|
|||
*/
|
||||
public static final String REST_TESTS_SUITE = "tests.rest.suite";
|
||||
/**
|
||||
* Property that allows to blacklist some of the REST tests based on a comma separated list of globs
|
||||
* Property that allows to denylist some of the REST tests based on a comma separated list of globs
|
||||
* e.g. "-Dtests.rest.blacklist=get/10_basic/*"
|
||||
*/
|
||||
public static final String REST_TESTS_BLACKLIST = "tests.rest.blacklist";
|
||||
/**
|
||||
* We use tests.rest.blacklist in build files to blacklist tests; this property enables a user to add additional blacklisted tests on
|
||||
* top of the tests blacklisted in the build.
|
||||
* We use tests.rest.blacklist in build files to denylist tests; this property enables a user to add additional denylisted tests on
|
||||
* top of the tests denylisted in the build.
|
||||
*/
|
||||
public static final String REST_TESTS_BLACKLIST_ADDITIONS = "tests.rest.blacklist_additions";
|
||||
/**
|
||||
|
@ -116,7 +116,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
|
|||
*/
|
||||
private static final String PATHS_SEPARATOR = "(?<!\\\\),";
|
||||
|
||||
private static List<BlacklistedPathPatternMatcher> blacklistPathMatchers;
|
||||
private static List<BlacklistedPathPatternMatcher> denylistPathMatchers;
|
||||
private static ClientYamlTestExecutionContext restTestExecutionContext;
|
||||
private static ClientYamlTestExecutionContext adminExecutionContext;
|
||||
private static ClientYamlTestClient clientYamlTestClient;
|
||||
|
@ -138,7 +138,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
|
|||
public void initAndResetContext() throws Exception {
|
||||
if (restTestExecutionContext == null) {
|
||||
assert adminExecutionContext == null;
|
||||
assert blacklistPathMatchers == null;
|
||||
assert denylistPathMatchers == null;
|
||||
final ClientYamlSuiteRestSpec restSpec = ClientYamlSuiteRestSpec.load(SPEC_PATH);
|
||||
validateSpec(restSpec);
|
||||
final List<HttpHost> hosts = getClusterHosts();
|
||||
|
@ -149,21 +149,21 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
|
|||
clientYamlTestClient = initClientYamlTestClient(restSpec, client(), hosts, esVersion, masterVersion);
|
||||
restTestExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, randomizeContentType());
|
||||
adminExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, false);
|
||||
final String[] blacklist = resolvePathsProperty(REST_TESTS_BLACKLIST, null);
|
||||
blacklistPathMatchers = new ArrayList<>();
|
||||
for (final String entry : blacklist) {
|
||||
blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
|
||||
final String[] denylist = resolvePathsProperty(REST_TESTS_BLACKLIST, null);
|
||||
denylistPathMatchers = new ArrayList<>();
|
||||
for (final String entry : denylist) {
|
||||
denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
|
||||
}
|
||||
final String[] blacklistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null);
|
||||
for (final String entry : blacklistAdditions) {
|
||||
blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
|
||||
final String[] denylistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null);
|
||||
for (final String entry : denylistAdditions) {
|
||||
denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
|
||||
}
|
||||
}
|
||||
assert restTestExecutionContext != null;
|
||||
assert adminExecutionContext != null;
|
||||
assert blacklistPathMatchers != null;
|
||||
assert denylistPathMatchers != null;
|
||||
|
||||
// admin context must be available for @After always, regardless of whether the test was blacklisted
|
||||
// admin context must be available for @After always, regardless of whether the test was denylisted
|
||||
adminExecutionContext.clear();
|
||||
|
||||
restTestExecutionContext.clear();
|
||||
|
@ -184,7 +184,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
|
|||
try {
|
||||
IOUtils.close(clientYamlTestClient);
|
||||
} finally {
|
||||
blacklistPathMatchers = null;
|
||||
denylistPathMatchers = null;
|
||||
restTestExecutionContext = null;
|
||||
adminExecutionContext = null;
|
||||
clientYamlTestClient = null;
|
||||
|
@ -355,12 +355,12 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
|
|||
}
|
||||
|
||||
public void test() throws IOException {
|
||||
// skip test if it matches one of the blacklist globs
|
||||
for (BlacklistedPathPatternMatcher blacklistedPathMatcher : blacklistPathMatchers) {
|
||||
// skip test if it matches one of the denylist globs
|
||||
for (BlacklistedPathPatternMatcher denylistedPathMatcher : denylistPathMatchers) {
|
||||
String testPath = testCandidate.getSuitePath() + "/" + testCandidate.getTestSection().getName();
|
||||
assumeFalse(
|
||||
"[" + testCandidate.getTestPath() + "] skipped, reason: blacklisted",
|
||||
blacklistedPathMatcher.isSuffixMatch(testPath)
|
||||
denylistedPathMatcher.isSuffixMatch(testPath)
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue