Replace exclusionary words whitelist and blacklist in the places that won't impact backwards compatibility (#2178)

* Replace the exclusionary word whitelist with allowlist, and blacklist with denylist, in code commet and internal variable/method/class/package name.

Signed-off-by: Andreas <apre@gmx.at>
This commit is contained in:
aponb 2022-03-05 01:34:09 +01:00 committed by GitHub
parent ae52008463
commit be64af2f90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
71 changed files with 402 additions and 402 deletions

View File

@ -245,7 +245,7 @@ The YAML REST tests support all the options provided by the randomized runner, p
- `tests.rest.suite`: comma separated paths of the test suites to be run (by default loaded from /rest-api-spec/test). It is possible to run only a subset of the tests providing a sub-folder or even a single yaml file (the default /rest-api-spec/test prefix is optional when files are loaded from classpath) e.g. `-Dtests.rest.suite=index,get,create/10_with_id`
- `tests.rest.blacklist`: comma separated globs that identify tests that are blacklisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**`
- `tests.rest.blacklist`: comma separated globs that identify tests that are denylisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**`
Java REST tests can be run with the "javaRestTest" task.

View File

@ -48,7 +48,7 @@ public interface NodeSelector {
* iterate the nodes as many times as they need.
* <p>
* This may be called twice per request: first for "living" nodes that
* have not been blacklisted by previous errors. If the selector removes
* have not been denylisted by previous errors. If the selector removes
* all nodes from the list or if there aren't any living nodes then the
* {@link RestClient} will call this method with a list of "dead" nodes.
* <p>

View File

@ -125,7 +125,7 @@ public class RestClient implements Closeable {
final List<Header> defaultHeaders;
private final String pathPrefix;
private final AtomicInteger lastNodeIndex = new AtomicInteger(0);
private final ConcurrentMap<HttpHost, DeadHostState> blacklist = new ConcurrentHashMap<>();
private final ConcurrentMap<HttpHost, DeadHostState> denylist = new ConcurrentHashMap<>();
private final FailureListener failureListener;
private final NodeSelector nodeSelector;
private volatile NodeTuple<List<Node>> nodeTuple;
@ -246,7 +246,7 @@ public class RestClient implements Closeable {
authCache.put(node.getHost(), new BasicScheme());
}
this.nodeTuple = new NodeTuple<>(Collections.unmodifiableList(new ArrayList<>(nodesByHost.values())), authCache);
this.blacklist.clear();
this.denylist.clear();
}
/**
@ -448,7 +448,7 @@ public class RestClient implements Closeable {
*/
private NodeTuple<Iterator<Node>> nextNodes() throws IOException {
NodeTuple<List<Node>> nodeTuple = this.nodeTuple;
Iterable<Node> hosts = selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector);
Iterable<Node> hosts = selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector);
return new NodeTuple<>(hosts.iterator(), nodeTuple.authCache);
}
@ -458,17 +458,17 @@ public class RestClient implements Closeable {
*/
static Iterable<Node> selectNodes(
NodeTuple<List<Node>> nodeTuple,
Map<HttpHost, DeadHostState> blacklist,
Map<HttpHost, DeadHostState> denylist,
AtomicInteger lastNodeIndex,
NodeSelector nodeSelector
) throws IOException {
/*
* Sort the nodes into living and dead lists.
*/
List<Node> livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - blacklist.size()));
List<DeadNode> deadNodes = new ArrayList<>(blacklist.size());
List<Node> livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - denylist.size()));
List<DeadNode> deadNodes = new ArrayList<>(denylist.size());
for (Node node : nodeTuple.nodes) {
DeadHostState deadness = blacklist.get(node.getHost());
DeadHostState deadness = denylist.get(node.getHost());
if (deadness == null || deadness.shallBeRetried()) {
livingNodes.add(node);
} else {
@ -526,9 +526,9 @@ public class RestClient implements Closeable {
* Receives as an argument the host that was used for the successful request.
*/
private void onResponse(Node node) {
DeadHostState removedHost = this.blacklist.remove(node.getHost());
DeadHostState removedHost = this.denylist.remove(node.getHost());
if (logger.isDebugEnabled() && removedHost != null) {
logger.debug("removed [" + node + "] from blacklist");
logger.debug("removed [" + node + "] from denylist");
}
}
@ -538,19 +538,19 @@ public class RestClient implements Closeable {
*/
private void onFailure(Node node) {
while (true) {
DeadHostState previousDeadHostState = blacklist.putIfAbsent(
DeadHostState previousDeadHostState = denylist.putIfAbsent(
node.getHost(),
new DeadHostState(DeadHostState.DEFAULT_TIME_SUPPLIER)
);
if (previousDeadHostState == null) {
if (logger.isDebugEnabled()) {
logger.debug("added [" + node + "] to blacklist");
logger.debug("added [" + node + "] to denylist");
}
break;
}
if (blacklist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) {
if (denylist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) {
if (logger.isDebugEnabled()) {
logger.debug("updated [" + node + "] already in blacklist");
logger.debug("updated [" + node + "] already in denylist");
}
break;
}
@ -718,8 +718,8 @@ public class RestClient implements Closeable {
}
/**
* Contains a reference to a blacklisted node and the time until it is
* revived. We use this so we can do a single pass over the blacklist.
* Contains a reference to a denylisted node and the time until it is
* revived. We use this so we can do a single pass over the denylist.
*/
private static class DeadNode implements Comparable<DeadNode> {
final Node node;

View File

@ -62,7 +62,7 @@ import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
/**
* Tests for {@link RestClient} behaviour against multiple hosts: fail-over, blacklisting etc.
* Tests for {@link RestClient} behaviour against multiple hosts: fail-over, denylisting etc.
* Relies on a mock http client to intercept requests and return desired responses based on request path.
*/
public class RestClientMultipleHostsTests extends RestClientTestCase {
@ -154,7 +154,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
fail("request should have failed");
} catch (ResponseException e) {
Set<HttpHost> hostsSet = hostsSet();
// first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each
// first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each
failureListener.assertCalled(nodes);
do {
Response response = e.getResponse();
@ -175,7 +175,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
assertEquals("every host should have been used but some weren't: " + hostsSet, 0, hostsSet.size());
} catch (IOException e) {
Set<HttpHost> hostsSet = hostsSet();
// first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each
// first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each
failureListener.assertCalled(nodes);
do {
HttpHost httpHost = HttpHost.create(e.getMessage());
@ -211,13 +211,13 @@ public class RestClientMultipleHostsTests extends RestClientTestCase {
"host [" + response.getHost() + "] not found, most likely used multiple times",
hostsSet.remove(response.getHost())
);
// after the first request, all hosts are blacklisted, a single one gets resurrected each time
// after the first request, all hosts are denylisted, a single one gets resurrected each time
failureListener.assertCalled(response.getHost());
assertEquals(0, e.getSuppressed().length);
} catch (IOException e) {
HttpHost httpHost = HttpHost.create(e.getMessage());
assertTrue("host [" + httpHost + "] not found, most likely used multiple times", hostsSet.remove(httpHost));
// after the first request, all hosts are blacklisted, a single one gets resurrected each time
// after the first request, all hosts are denylisted, a single one gets resurrected each time
failureListener.assertCalled(httpHost);
assertEquals(0, e.getSuppressed().length);
}

View File

@ -260,11 +260,11 @@ public class RestClientTests extends RestClientTestCase {
NodeTuple<List<Node>> nodeTuple = new NodeTuple<>(Arrays.asList(n1, n2, n3), null);
Map<HttpHost, DeadHostState> emptyBlacklist = Collections.emptyMap();
Map<HttpHost, DeadHostState> emptyDenylist = Collections.emptyMap();
// Normal cases where the node selector doesn't reject all living nodes
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyBlacklist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyBlacklist, not1);
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyDenylist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyDenylist, not1);
/*
* Try a NodeSelector that excludes all nodes. This should
@ -274,83 +274,83 @@ public class RestClientTests extends RestClientTestCase {
String message = "NodeSelector [NONE] rejected all nodes, living ["
+ "[host=http://1, version=1], [host=http://2, version=2], "
+ "[host=http://3, version=3]] and dead []";
assertEquals(message, assertSelectAllRejected(nodeTuple, emptyBlacklist, noNodes));
assertEquals(message, assertSelectAllRejected(nodeTuple, emptyDenylist, noNodes));
}
// Mark all the nodes dead for a few test cases
{
final AtomicLong time = new AtomicLong(0L);
Supplier<Long> timeSupplier = time::get;
Map<HttpHost, DeadHostState> blacklist = new HashMap<>();
blacklist.put(n1.getHost(), new DeadHostState(timeSupplier));
blacklist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier)));
blacklist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier))));
Map<HttpHost, DeadHostState> denylist = new HashMap<>();
denylist.put(n1.getHost(), new DeadHostState(timeSupplier));
denylist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier)));
denylist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier))));
/*
* case when fewer nodeTuple than blacklist, won't result in any IllegalCapacityException
* case when fewer nodeTuple than denylist, won't result in any IllegalCapacityException
*/
{
NodeTuple<List<Node>> fewerNodeTuple = new NodeTuple<>(Arrays.asList(n1, n2), null);
assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, blacklist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, blacklist, not1);
assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, denylist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, denylist, not1);
}
/*
* selectHosts will revive a single host regardless of
* blacklist time. It'll revive the node that is closest
* denylist time. It'll revive the node that is closest
* to being revived that the NodeSelector is ok with.
*/
assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), NodeSelector.ANY));
assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), not1));
assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), NodeSelector.ANY));
assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), not1));
/*
* Try a NodeSelector that excludes all nodes. This should
* return a failure, but a different failure than when the
* blacklist is empty so that the caller knows that all of
* their nodes are blacklisted AND blocked.
* denylist is empty so that the caller knows that all of
* their nodes are denylisted AND blocked.
*/
String message = "NodeSelector [NONE] rejected all nodes, living [] and dead ["
+ "[host=http://1, version=1], [host=http://2, version=2], "
+ "[host=http://3, version=3]]";
assertEquals(message, assertSelectAllRejected(nodeTuple, blacklist, noNodes));
assertEquals(message, assertSelectAllRejected(nodeTuple, denylist, noNodes));
/*
* Now lets wind the clock forward, past the timeout for one of
* the dead nodes. We should return it.
*/
time.set(new DeadHostState(timeSupplier).getDeadUntilNanos());
assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, blacklist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, denylist, NodeSelector.ANY);
/*
* But if the NodeSelector rejects that node then we'll pick the
* first on that the NodeSelector doesn't reject.
*/
assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, blacklist, not1);
assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, denylist, not1);
/*
* If we wind the clock way into the future, past any of the
* blacklist timeouts then we function as though the nodes aren't
* in the blacklist at all.
* denylist timeouts then we function as though the nodes aren't
* in the denylist at all.
*/
time.addAndGet(DeadHostState.MAX_CONNECTION_TIMEOUT_NANOS);
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, blacklist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, blacklist, not1);
assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, denylist, NodeSelector.ANY);
assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, denylist, not1);
}
}
private void assertSelectLivingHosts(
List<Node> expectedNodes,
NodeTuple<List<Node>> nodeTuple,
Map<HttpHost, DeadHostState> blacklist,
Map<HttpHost, DeadHostState> denylist,
NodeSelector nodeSelector
) throws IOException {
int iterations = 1000;
AtomicInteger lastNodeIndex = new AtomicInteger(0);
assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector));
assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector));
// Calling it again rotates the set of results
for (int i = 1; i < iterations; i++) {
Collections.rotate(expectedNodes, 1);
assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector));
assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector));
}
}
@ -360,11 +360,11 @@ public class RestClientTests extends RestClientTestCase {
*/
private static String assertSelectAllRejected(
NodeTuple<List<Node>> nodeTuple,
Map<HttpHost, DeadHostState> blacklist,
Map<HttpHost, DeadHostState> denylist,
NodeSelector nodeSelector
) {
try {
RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(0), nodeSelector);
RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(0), nodeSelector);
throw new AssertionError("expected selectHosts to fail");
} catch (IOException e) {
return e.getMessage();

View File

@ -54,7 +54,7 @@ import java.util.Set;
* a thread must have {@code modifyThread} to even terminate its own pool, leaving
* system threads unprotected.
* </ul>
* This class throws exception on {@code exitVM} calls, and provides a whitelist where calls
* This class throws exception on {@code exitVM} calls, and provides an allowlist where calls
* from exit are allowed.
* <p>
* Additionally it enforces threadgroup security with the following rules:

View File

@ -43,13 +43,13 @@ import java.util.Map;
public class AnalysisPainlessExtension implements PainlessExtension {
private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles(
private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles(
AnalysisPainlessExtension.class,
"painless_whitelist.txt"
);
@Override
public Map<ScriptContext<?>, List<Whitelist>> getContextWhitelists() {
return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(WHITELIST));
return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(ALLOWLIST));
}
}

View File

@ -44,13 +44,13 @@ import java.util.Map;
public class ProcessorsWhitelistExtension implements PainlessExtension {
private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles(
private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles(
ProcessorsWhitelistExtension.class,
"processors_whitelist.txt"
);
@Override
public Map<ScriptContext<?>, List<Whitelist>> getContextWhitelists() {
return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(WHITELIST));
return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(ALLOWLIST));
}
}

View File

@ -17,7 +17,7 @@
# under the License.
#
# This file contains a whitelist of static processor methods that can be accessed from painless
# This file contains a allowlist of static processor methods that can be accessed from painless
class org.opensearch.ingest.common.Processors {
long bytes(String)

View File

@ -39,18 +39,18 @@ import java.util.List;
import java.util.Objects;
/**
* Whitelist contains data structures designed to be used to generate a whitelist of Java classes,
* Allowlist contains data structures designed to be used to generate an allowlist of Java classes,
* constructors, methods, and fields that can be used within a Painless script at both compile-time
* and run-time.
*
* A whitelist consists of several pieces with {@link WhitelistClass}s as the top level. Each
* A Allowlist consists of several pieces with {@link WhitelistClass}s as the top level. Each
* {@link WhitelistClass} will contain zero-to-many {@link WhitelistConstructor}s, {@link WhitelistMethod}s, and
* {@link WhitelistField}s which are what will be available with a Painless script. See each individual
* whitelist object for more detail.
* allowlist object for more detail.
*/
public final class Whitelist {
private static final String[] BASE_WHITELIST_FILES = new String[] {
private static final String[] BASE_ALLOWLIST_FILES = new String[] {
"org.opensearch.txt",
"java.lang.txt",
"java.math.txt",
@ -66,37 +66,37 @@ public final class Whitelist {
"java.util.stream.txt" };
public static final List<Whitelist> BASE_WHITELISTS = Collections.singletonList(
WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_WHITELIST_FILES)
WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_ALLOWLIST_FILES)
);
/** The {@link ClassLoader} used to look up the whitelisted Java classes, constructors, methods, and fields. */
/** The {@link ClassLoader} used to look up the allowlisted Java classes, constructors, methods, and fields. */
public final ClassLoader classLoader;
/** The {@link List} of all the whitelisted Painless classes. */
/** The {@link List} of all the allowlisted Painless classes. */
public final List<WhitelistClass> whitelistClasses;
/** The {@link List} of all the whitelisted static Painless methods. */
/** The {@link List} of all the allowlisted static Painless methods. */
public final List<WhitelistMethod> whitelistImportedMethods;
/** The {@link List} of all the whitelisted Painless class bindings. */
/** The {@link List} of all the allowlisted Painless class bindings. */
public final List<WhitelistClassBinding> whitelistClassBindings;
/** The {@link List} of all the whitelisted Painless instance bindings. */
/** The {@link List} of all the allowlisted Painless instance bindings. */
public final List<WhitelistInstanceBinding> whitelistInstanceBindings;
/** Standard constructor. All values must be not {@code null}. */
public Whitelist(
ClassLoader classLoader,
List<WhitelistClass> whitelistClasses,
List<WhitelistMethod> whitelistImportedMethods,
List<WhitelistClassBinding> whitelistClassBindings,
List<WhitelistInstanceBinding> whitelistInstanceBindings
List<WhitelistClass> allowlistClasses,
List<WhitelistMethod> allowlistImportedMethods,
List<WhitelistClassBinding> allowlistClassBindings,
List<WhitelistInstanceBinding> allowlistInstanceBindings
) {
this.classLoader = Objects.requireNonNull(classLoader);
this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(whitelistClasses));
this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistImportedMethods));
this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistClassBindings));
this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistInstanceBindings));
this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(allowlistClasses));
this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistImportedMethods));
this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistClassBindings));
this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistInstanceBindings));
}
}

View File

@ -42,7 +42,7 @@ import java.util.stream.Collectors;
/**
* Class represents the equivalent of a Java class in Painless complete with super classes,
* constructors, methods, and fields. There must be a one-to-one mapping of class names to Java
* classes. Though, since multiple whitelists may be combined into a single whitelist for a
* classes. Though, since multiple allowlists may be combined into a single allowlist for a
* specific context, as long as multiple classes representing the same Java class have the same
* class name and have legal constructor/method overloading they can be merged together.
*
@ -51,7 +51,7 @@ import java.util.stream.Collectors;
* number of parameters, and multiples methods with the same name are allowed for a single class
* as long as they have the same return type and a different number of parameters.
*
* Classes will automatically extend other whitelisted classes if the Java class they represent is a
* Classes will automatically extend other allowlisted classes if the Java class they represent is a
* subclass of other classes including Java interfaces.
*/
public final class WhitelistClass {
@ -62,13 +62,13 @@ public final class WhitelistClass {
/** The Java class name this class represents. */
public final String javaClassName;
/** The {@link List} of whitelisted ({@link WhitelistConstructor}s) available to this class. */
/** The {@link List} of allowlisted ({@link WhitelistConstructor}s) available to this class. */
public final List<WhitelistConstructor> whitelistConstructors;
/** The {@link List} of whitelisted ({@link WhitelistMethod}s) available to this class. */
/** The {@link List} of allowlisted ({@link WhitelistMethod}s) available to this class. */
public final List<WhitelistMethod> whitelistMethods;
/** The {@link List} of whitelisted ({@link WhitelistField}s) available to this class. */
/** The {@link List} of allowlisted ({@link WhitelistField}s) available to this class. */
public final List<WhitelistField> whitelistFields;
/** The {@link Map} of annotations for this class. */
@ -78,18 +78,18 @@ public final class WhitelistClass {
public WhitelistClass(
String origin,
String javaClassName,
List<WhitelistConstructor> whitelistConstructors,
List<WhitelistMethod> whitelistMethods,
List<WhitelistField> whitelistFields,
List<WhitelistConstructor> allowlistConstructors,
List<WhitelistMethod> allowlistMethods,
List<WhitelistField> allowlistFields,
List<Object> painlessAnnotations
) {
this.origin = Objects.requireNonNull(origin);
this.javaClassName = Objects.requireNonNull(javaClassName);
this.whitelistConstructors = Collections.unmodifiableList(Objects.requireNonNull(whitelistConstructors));
this.whitelistMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistMethods));
this.whitelistFields = Collections.unmodifiableList(Objects.requireNonNull(whitelistFields));
this.whitelistConstructors = Collections.unmodifiableList(Objects.requireNonNull(allowlistConstructors));
this.whitelistMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistMethods));
this.whitelistFields = Collections.unmodifiableList(Objects.requireNonNull(allowlistFields));
if (painlessAnnotations.isEmpty()) {
this.painlessAnnotations = Collections.emptyMap();

View File

@ -50,7 +50,7 @@ import java.util.stream.Collectors;
*/
public class WhitelistClassBinding {
/** Information about where this constructor was whitelisted from. */
/** Information about where this constructor was allowlisted from. */
public final String origin;
/** The Java class name this class binding targets. */

View File

@ -40,14 +40,14 @@ import java.util.Objects;
import java.util.stream.Collectors;
/**
* Constructor represents the equivalent of a Java constructor available as a whitelisted class
* Constructor represents the equivalent of a Java constructor available as a allowlisted class
* constructor within Painless. Constructors for Painless classes may be accessed exactly as
* constructors for Java classes are using the 'new' keyword. Painless classes may have multiple
* constructors as long as they comply with arity overloading described for {@link WhitelistClass}.
*/
public final class WhitelistConstructor {
/** Information about where this constructor was whitelisted from. */
/** Information about where this constructor was allowlisted from. */
public final String origin;
/**

View File

@ -40,13 +40,13 @@ import java.util.Objects;
import java.util.stream.Collectors;
/**
* Field represents the equivalent of a Java field available as a whitelisted class field
* Field represents the equivalent of a Java field available as an allowlisted class field
* within Painless. Fields for Painless classes may be accessed exactly as fields for Java classes
* are using the '.' operator on an existing class variable/field.
*/
public class WhitelistField {
/** Information about where this method was whitelisted from. */
/** Information about where this method was allowlisted from. */
public final String origin;
/** The field name used to look up the field reflection object. */

View File

@ -46,7 +46,7 @@ import java.util.stream.Collectors;
*/
public class WhitelistInstanceBinding {
/** Information about where this constructor was whitelisted from. */
/** Information about where this constructor was allowlisted from. */
public final String origin;
/** The Java instance this instance binding targets. */

View File

@ -54,7 +54,7 @@ public final class WhitelistLoader {
/**
* Loads and creates a {@link Whitelist} from one to many text files using only the base annotation parsers.
* See {@link #loadFromResourceFiles(Class, Map, String...)} for information on how to structure a whitelist
* See {@link #loadFromResourceFiles(Class, Map, String...)} for information on how to structure an allowlist
* text file.
*/
public static Whitelist loadFromResourceFiles(Class<?> resource, String... filepaths) {
@ -66,17 +66,17 @@ public final class WhitelistLoader {
* {@link String}s with a single {@link Class} to be be used to load the resources where each {@link String}
* is the path of a single text file. The {@link Class}'s {@link ClassLoader} will be used to lookup the Java
* reflection objects for each individual {@link Class}, {@link Constructor}, {@link Method}, and {@link Field}
* specified as part of the whitelist in the text file.
* specified as part of the allowlist in the text file.
*
* A single pass is made through each file to collect all the information about each class, constructor, method,
* and field. Most validation will be done at a later point after all whitelists have been gathered and their
* and field. Most validation will be done at a later point after all allowlists have been gathered and their
* merging takes place.
*
* A painless type name is one of the following:
* <ul>
* <li> def - The Painless dynamic type which is automatically included without a need to be
* whitelisted. </li>
* <li> fully-qualified Java type name - Any whitelisted Java class will have the equivalent name as
* allowlisted. </li>
* <li> fully-qualified Java type name - Any allowlisted Java class will have the equivalent name as
* a Painless type name with the exception that any dollar symbols used as part of inner classes will
* be replaced with dot symbols. </li>
* <li> short Java type name - The text after the final dot symbol of any specified Java class. A
@ -84,7 +84,7 @@ public final class WhitelistLoader {
* as described later. </li>
* </ul>
*
* The following can be parsed from each whitelist text file:
* The following can be parsed from each allowlist text file:
* <ul>
* <li> Blank lines will be ignored by the parser. </li>
* <li> Comments may be created starting with a pound '#' symbol and end with a newline. These will
@ -98,19 +98,19 @@ public final class WhitelistLoader {
* <ul>
* <li> A constructor may be specified starting with an opening parenthesis, followed by a
* comma-delimited list of Painless type names corresponding to the type/class names for
* the equivalent Java parameter types (these must be whitelisted as well), a closing
* the equivalent Java parameter types (these must be allowlisted as well), a closing
* parenthesis, and a newline. </li>
* <li> A method may be specified starting with a Painless type name for the return type,
* followed by the Java name of the method (which will also be the Painless name for the
* method), an opening parenthesis, a comma-delimited list of Painless type names
* corresponding to the type/class names for the equivalent Java parameter types
* (these must be whitelisted as well), a closing parenthesis, and a newline. </li>
* (these must be allowlisted as well), a closing parenthesis, and a newline. </li>
* <li> An augmented method may be specified starting with a Painless type name for the return
* type, followed by the fully qualified Java name of the class the augmented method is
* part of (this class does not need to be whitelisted), the Java name of the method
* part of (this class does not need to be allowlisted), the Java name of the method
* (which will also be the Painless name for the method), an opening parenthesis, a
* comma-delimited list of Painless type names corresponding to the type/class names
* for the equivalent Java parameter types (these must be whitelisted as well), a closing
* for the equivalent Java parameter types (these must be allowlisted as well), a closing
* parenthesis, and a newline. </li>
* <li>A field may be specified starting with a Painless type name for the equivalent Java type
* of the field, followed by the Java name of the field (which all be the Painless name
@ -130,7 +130,7 @@ public final class WhitelistLoader {
* fully-qualified Java class name. Method argument types, method return types, and field types
* must be specified with Painless type names (def, fully-qualified, or short) as described earlier.
*
* The following example is used to create a single whitelist text file:
* The following example is used to create a single allowlist text file:
*
* {@code
* # primitive types
@ -164,12 +164,12 @@ public final class WhitelistLoader {
* }
*/
public static Whitelist loadFromResourceFiles(Class<?> resource, Map<String, WhitelistAnnotationParser> parsers, String... filepaths) {
List<WhitelistClass> whitelistClasses = new ArrayList<>();
List<WhitelistMethod> whitelistStatics = new ArrayList<>();
List<WhitelistClassBinding> whitelistClassBindings = new ArrayList<>();
List<WhitelistClass> allowlistClasses = new ArrayList<>();
List<WhitelistMethod> allowlistStatics = new ArrayList<>();
List<WhitelistClassBinding> allowlistClassBindings = new ArrayList<>();
// Execute a single pass through the whitelist text files. This will gather all the
// constructors, methods, augmented methods, and fields for each whitelisted class.
// Execute a single pass through the allowlist text files. This will gather all the
// constructors, methods, augmented methods, and fields for each allowlisted class.
for (String filepath : filepaths) {
String line;
int number = -1;
@ -181,11 +181,11 @@ public final class WhitelistLoader {
) {
String parseType = null;
String whitelistClassOrigin = null;
String allowlistClassOrigin = null;
String javaClassName = null;
List<WhitelistConstructor> whitelistConstructors = null;
List<WhitelistMethod> whitelistMethods = null;
List<WhitelistField> whitelistFields = null;
List<WhitelistConstructor> allowlistConstructors = null;
List<WhitelistMethod> allowlistMethods = null;
List<WhitelistField> allowlistFields = null;
List<Object> classAnnotations = null;
while ((line = reader.readLine()) != null) {
@ -197,7 +197,7 @@ public final class WhitelistLoader {
continue;
}
// Handle a new class by resetting all the variables necessary to construct a new WhitelistClass for the whitelist.
// Handle a new class by resetting all the variables necessary to construct a new AllowlistClass for the allowlist.
// Expects the following format: 'class' ID annotations? '{' '\n'
if (line.startsWith("class ")) {
// Ensure the final token of the line is '{'.
@ -218,17 +218,17 @@ public final class WhitelistLoader {
annotationIndex = line.length() - 1;
classAnnotations = Collections.emptyList();
} else {
classAnnotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex, line.length() - 1));
classAnnotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex, line.length() - 1));
}
parseType = "class";
whitelistClassOrigin = "[" + filepath + "]:[" + number + "]";
allowlistClassOrigin = "[" + filepath + "]:[" + number + "]";
javaClassName = line.substring(5, annotationIndex).trim();
// Reset all the constructors, methods, and fields to support a new class.
whitelistConstructors = new ArrayList<>();
whitelistMethods = new ArrayList<>();
whitelistFields = new ArrayList<>();
allowlistConstructors = new ArrayList<>();
allowlistMethods = new ArrayList<>();
allowlistFields = new ArrayList<>();
} else if (line.startsWith("static_import ")) {
// Ensure the final token of the line is '{'.
if (line.endsWith("{") == false) {
@ -250,25 +250,25 @@ public final class WhitelistLoader {
throw new IllegalArgumentException("invalid definition: extraneous closing bracket");
}
// Create a new WhitelistClass with all the previously gathered constructors, methods,
// augmented methods, and fields, and add it to the list of whitelisted classes.
// Create a new AllowlistClass with all the previously gathered constructors, methods,
// augmented methods, and fields, and add it to the list of allowlisted classes.
if ("class".equals(parseType)) {
whitelistClasses.add(
allowlistClasses.add(
new WhitelistClass(
whitelistClassOrigin,
allowlistClassOrigin,
javaClassName,
whitelistConstructors,
whitelistMethods,
whitelistFields,
allowlistConstructors,
allowlistMethods,
allowlistFields,
classAnnotations
)
);
whitelistClassOrigin = null;
allowlistClassOrigin = null;
javaClassName = null;
whitelistConstructors = null;
whitelistMethods = null;
whitelistFields = null;
allowlistConstructors = null;
allowlistMethods = null;
allowlistFields = null;
classAnnotations = null;
}
@ -330,7 +330,7 @@ public final class WhitelistLoader {
annotationIndex = line.length();
annotations = Collections.emptyList();
} else {
annotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
annotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
}
// Parse the static import type and class.
@ -349,7 +349,7 @@ public final class WhitelistLoader {
// Add a static import method or binding depending on the static import type.
if ("from_class".equals(staticImportType)) {
whitelistStatics.add(
allowlistStatics.add(
new WhitelistMethod(
origin,
targetJavaClassName,
@ -360,7 +360,7 @@ public final class WhitelistLoader {
)
);
} else if ("bound_to".equals(staticImportType)) {
whitelistClassBindings.add(
allowlistClassBindings.add(
new WhitelistClassBinding(
origin,
targetJavaClassName,
@ -410,9 +410,9 @@ public final class WhitelistLoader {
int annotationIndex = line.indexOf('@');
annotations = annotationIndex == -1
? Collections.emptyList()
: parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
: parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
whitelistConstructors.add(
allowlistConstructors.add(
new WhitelistConstructor(origin, Arrays.asList(canonicalTypeNameParameters), annotations)
);
@ -462,9 +462,9 @@ public final class WhitelistLoader {
int annotationIndex = line.indexOf('@');
annotations = annotationIndex == -1
? Collections.emptyList()
: parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
: parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
whitelistMethods.add(
allowlistMethods.add(
new WhitelistMethod(
origin,
javaAugmentedClassName,
@ -486,7 +486,7 @@ public final class WhitelistLoader {
annotationIndex = line.length();
annotations = Collections.emptyList();
} else {
annotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex));
annotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex));
}
// Parse the field tokens.
@ -497,7 +497,7 @@ public final class WhitelistLoader {
throw new IllegalArgumentException("invalid field definition: unexpected format [" + line + "]");
}
whitelistFields.add(new WhitelistField(origin, tokens[1], tokens[0], annotations));
allowlistFields.add(new WhitelistField(origin, tokens[1], tokens[0], annotations));
}
} else {
throw new IllegalArgumentException("invalid definition: unable to parse line [" + line + "]");
@ -515,10 +515,10 @@ public final class WhitelistLoader {
ClassLoader loader = AccessController.doPrivileged((PrivilegedAction<ClassLoader>) resource::getClassLoader);
return new Whitelist(loader, whitelistClasses, whitelistStatics, whitelistClassBindings, Collections.emptyList());
return new Whitelist(loader, allowlistClasses, allowlistStatics, allowlistClassBindings, Collections.emptyList());
}
private static List<Object> parseWhitelistAnnotations(Map<String, WhitelistAnnotationParser> parsers, String line) {
private static List<Object> parseAllowlistAnnotations(Map<String, WhitelistAnnotationParser> parsers, String line) {
List<Object> annotations;

View File

@ -40,7 +40,7 @@ import java.util.Objects;
import java.util.stream.Collectors;
/**
* Method represents the equivalent of a Java method available as a whitelisted class method
* Method represents the equivalent of a Java method available as an allowlisted class method
* within Painless. Methods for Painless classes may be accessed exactly as methods for Java classes
* are using the '.' operator on an existing class variable/field. Painless classes may have multiple
* methods with the same name as long as they comply with arity overloading described in
@ -50,11 +50,11 @@ import java.util.stream.Collectors;
* these are known as augmented methods. An augmented method can be added to a class as a part of any
* Java class as long as the method is static and the first parameter of the method is the Java class
* represented by the class. Note that the augmented method's parent Java class does not need to be
* whitelisted.
* allowlisted.
*/
public class WhitelistMethod {
/** Information about where this method was whitelisted from. */
/** Information about where this method was allowlisted from. */
public final String origin;
/**

View File

@ -39,8 +39,8 @@ import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* WhitelistAnnotationParser is an interface used to define how to
* parse an annotation against any whitelist object while loading.
* AllowlistAnnotationParser is an interface used to define how to
* parse an annotation against any allowlist object while loading.
*/
public interface WhitelistAnnotationParser {

View File

@ -168,7 +168,7 @@ final class Compiler {
private final Class<?> scriptClass;
/**
* The whitelist the script will use.
* The allowlist the script will use.
*/
private final PainlessLookup painlessLookup;
@ -182,7 +182,7 @@ final class Compiler {
* @param scriptClass The class/interface the script will implement.
* @param factoryClass An optional class/interface to create the {@code scriptClass} instance.
* @param statefulFactoryClass An optional class/interface to create the {@code factoryClass} instance.
* @param painlessLookup The whitelist the script will use.
* @param painlessLookup The allowlist the script will use.
*/
Compiler(Class<?> scriptClass, Class<?> factoryClass, Class<?> statefulFactoryClass, PainlessLookup painlessLookup) {
this.scriptClass = scriptClass;

View File

@ -237,10 +237,10 @@ public final class Def {
* </p>
* <p>
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
* until it finds a matching whitelisted method. If one is not found, it throws an exception.
* until it finds a matching allowlisted method. If one is not found, it throws an exception.
* Otherwise it returns a handle to the matching method.
* </p>
* @param painlessLookup the whitelist
* @param painlessLookup the allowlist
* @param functions user defined functions and lambdas
* @param constants available constants to be used if the method has the {@code InjectConstantAnnotation}
* @param methodHandlesLookup caller's lookup
@ -249,7 +249,7 @@ public final class Def {
* @param name Name of the method.
* @param args bootstrap args passed to callsite
* @return pointer to matching method to invoke. never returns null.
* @throws IllegalArgumentException if no matching whitelisted method was found.
* @throws IllegalArgumentException if no matching allowlisted method was found.
* @throws Throwable if a method reference cannot be converted to an functional interface
*/
static MethodHandle lookupMethod(
@ -473,26 +473,26 @@ public final class Def {
* <p>
* The following field loads are allowed:
* <ul>
* <li>Whitelisted {@code field} from receiver's class or any superclasses.
* <li>Whitelisted method named {@code getField()} from receiver's class/superclasses/interfaces.
* <li>Whitelisted method named {@code isField()} from receiver's class/superclasses/interfaces.
* <li>Allowlisted {@code field} from receiver's class or any superclasses.
* <li>Allowlisted method named {@code getField()} from receiver's class/superclasses/interfaces.
* <li>Allowlisted method named {@code isField()} from receiver's class/superclasses/interfaces.
* <li>The {@code length} field of an array.
* <li>The value corresponding to a map key named {@code field} when the receiver is a Map.
* <li>The value in a list at element {@code field} (integer) when the receiver is a List.
* </ul>
* <p>
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
* until it finds a matching whitelisted getter. If one is not found, it throws an exception.
* until it finds a matching allowlisted getter. If one is not found, it throws an exception.
* Otherwise it returns a handle to the matching getter.
* </p>
* @param painlessLookup the whitelist
* @param painlessLookup the allowlist
* @param receiverClass Class of the object to retrieve the field from.
* @param name Name of the field.
* @return pointer to matching field. never returns null.
* @throws IllegalArgumentException if no matching whitelisted field was found.
* @throws IllegalArgumentException if no matching allowlisted field was found.
*/
static MethodHandle lookupGetter(PainlessLookup painlessLookup, Class<?> receiverClass, String name) {
// first try whitelist
// first try allowlist
MethodHandle getter = painlessLookup.lookupRuntimeGetterMethodHandle(receiverClass, name);
if (getter != null) {
@ -530,24 +530,24 @@ public final class Def {
* <p>
* The following field stores are allowed:
* <ul>
* <li>Whitelisted {@code field} from receiver's class or any superclasses.
* <li>Whitelisted method named {@code setField()} from receiver's class/superclasses/interfaces.
* <li>Allowlisted {@code field} from receiver's class or any superclasses.
* <li>Allowlisted method named {@code setField()} from receiver's class/superclasses/interfaces.
* <li>The value corresponding to a map key named {@code field} when the receiver is a Map.
* <li>The value in a list at element {@code field} (integer) when the receiver is a List.
* </ul>
* <p>
* This method traverses {@code recieverClass}'s class hierarchy (including interfaces)
* until it finds a matching whitelisted setter. If one is not found, it throws an exception.
* until it finds a matching allowlisted setter. If one is not found, it throws an exception.
* Otherwise it returns a handle to the matching setter.
* </p>
* @param painlessLookup the whitelist
* @param painlessLookup the allowlist
* @param receiverClass Class of the object to retrieve the field from.
* @param name Name of the field.
* @return pointer to matching field. never returns null.
* @throws IllegalArgumentException if no matching whitelisted field was found.
* @throws IllegalArgumentException if no matching allowlisted field was found.
*/
static MethodHandle lookupSetter(PainlessLookup painlessLookup, Class<?> receiverClass, String name) {
// first try whitelist
// first try allowlist
MethodHandle setter = painlessLookup.lookupRuntimeSetterMethodHandle(receiverClass, name);
if (setter != null) {

View File

@ -53,7 +53,7 @@ import java.util.Map;
* shift operator, and dynamic array index normalize.
* <p>
* When a new type is encountered at the call site, we lookup from the appropriate
* whitelist, and cache with a guard. If we encounter too many types, we stop caching.
* allowlist, and cache with a guard. If we encounter too many types, we stop caching.
* <p>
* Based on the cascaded inlining cache from the JSR 292 cookbook
* (https://code.google.com/archive/p/jsr292-cookbook/, BSD license)
@ -166,7 +166,7 @@ public final class DefBootstrap {
}
/**
* Does a slow lookup against the whitelist.
* Does a slow lookup against the allowlist.
*/
private MethodHandle lookup(int flavor, String name, Class<?> receiver) throws Throwable {
switch (flavor) {
@ -470,10 +470,10 @@ public final class DefBootstrap {
* In addition to ordinary parameters, we also take some parameters defined at the call site:
* <ul>
* <li>{@code initialDepth}: initial call site depth. this is used to exercise megamorphic fallback.
* <li>{@code flavor}: type of dynamic call it is (and which part of whitelist to look at).
* <li>{@code flavor}: type of dynamic call it is (and which part of allowlist to look at).
* <li>{@code args}: flavor-specific args.
* </ul>
* And we take the {@link PainlessLookup} used to compile the script for whitelist checking.
* And we take the {@link PainlessLookup} used to compile the script for allowlist checking.
* <p>
* see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html#jvms-6.5.invokedynamic
*/

View File

@ -59,8 +59,8 @@ import static org.objectweb.asm.Opcodes.H_NEWINVOKESPECIAL;
*/
public class FunctionRef {
/**
* Creates a new FunctionRef which will resolve {@code type::call} from the whitelist.
* @param painlessLookup the whitelist against which this script is being compiled
* Creates a new FunctionRef which will resolve {@code type::call} from the allowlist.
* @param painlessLookup the allowlist against which this script is being compiled
* @param functionTable user-defined and synthetic methods generated directly on the script class
* @param location the character number within the script at compile-time
* @param targetClass functional interface type to implement.

View File

@ -83,11 +83,11 @@ import java.util.function.Supplier;
*/
public final class PainlessPlugin extends Plugin implements ScriptPlugin, ExtensiblePlugin, ActionPlugin {
private static final Map<ScriptContext<?>, List<Whitelist>> whitelists;
private static final Map<ScriptContext<?>, List<Whitelist>> allowlists;
/*
* Contexts from Core that need custom whitelists can add them to the map below.
* Whitelist resources should be added as appropriately named, separate files
* Contexts from Core that need custom allowlists can add them to the map below.
* Allowlist resources should be added as appropriately named, separate files
* under Painless' resources
*/
static {
@ -108,23 +108,23 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
ingest.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
map.put(IngestScript.CONTEXT, ingest);
whitelists = map;
allowlists = map;
}
private final SetOnce<PainlessScriptEngine> painlessScriptEngine = new SetOnce<>();
@Override
public ScriptEngine getScriptEngine(Settings settings, Collection<ScriptContext<?>> contexts) {
Map<ScriptContext<?>, List<Whitelist>> contextsWithWhitelists = new HashMap<>();
Map<ScriptContext<?>, List<Whitelist>> contextsWithAllowlists = new HashMap<>();
for (ScriptContext<?> context : contexts) {
// we might have a context that only uses the base whitelists, so would not have been filled in by reloadSPI
List<Whitelist> contextWhitelists = whitelists.get(context);
if (contextWhitelists == null) {
contextWhitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
// we might have a context that only uses the base allowlists, so would not have been filled in by reloadSPI
List<Whitelist> contextAllowlists = allowlists.get(context);
if (contextAllowlists == null) {
contextAllowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
}
contextsWithWhitelists.put(context, contextWhitelists);
contextsWithAllowlists.put(context, contextAllowlists);
}
painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithWhitelists));
painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithAllowlists));
return painlessScriptEngine.get();
}
@ -158,7 +158,7 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens
.stream()
.flatMap(extension -> extension.getContextWhitelists().entrySet().stream())
.forEach(entry -> {
List<Whitelist> existing = whitelists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS));
List<Whitelist> existing = allowlists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS));
existing.addAll(entry.getValue());
});
}

View File

@ -68,7 +68,7 @@ import static java.util.Collections.singletonList;
import static org.opensearch.rest.RestRequest.Method.GET;
/**
* Internal REST API for querying context information about Painless whitelists.
* Internal REST API for querying context information about Painless allowlists.
* Commands include the following:
* <ul>
* <li> GET /_scripts/painless/_context -- retrieves a list of contexts </li>

View File

@ -126,107 +126,107 @@ public final class PainlessLookupBuilder {
}
}
public static PainlessLookup buildFromWhitelists(List<Whitelist> whitelists) {
public static PainlessLookup buildFromWhitelists(List<Whitelist> allowlists) {
PainlessLookupBuilder painlessLookupBuilder = new PainlessLookupBuilder();
String origin = "internal error";
try {
for (Whitelist whitelist : whitelists) {
for (WhitelistClass whitelistClass : whitelist.whitelistClasses) {
origin = whitelistClass.origin;
for (Whitelist allowlist : allowlists) {
for (WhitelistClass allowlistClass : allowlist.whitelistClasses) {
origin = allowlistClass.origin;
painlessLookupBuilder.addPainlessClass(
whitelist.classLoader,
whitelistClass.javaClassName,
whitelistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false
allowlist.classLoader,
allowlistClass.javaClassName,
allowlistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false
);
}
}
for (Whitelist whitelist : whitelists) {
for (WhitelistClass whitelistClass : whitelist.whitelistClasses) {
String targetCanonicalClassName = whitelistClass.javaClassName.replace('$', '.');
for (Whitelist allowlist : allowlists) {
for (WhitelistClass allowlistClass : allowlist.whitelistClasses) {
String targetCanonicalClassName = allowlistClass.javaClassName.replace('$', '.');
for (WhitelistConstructor whitelistConstructor : whitelistClass.whitelistConstructors) {
origin = whitelistConstructor.origin;
for (WhitelistConstructor allowlistConstructor : allowlistClass.whitelistConstructors) {
origin = allowlistConstructor.origin;
painlessLookupBuilder.addPainlessConstructor(
targetCanonicalClassName,
whitelistConstructor.canonicalTypeNameParameters,
whitelistConstructor.painlessAnnotations
allowlistConstructor.canonicalTypeNameParameters,
allowlistConstructor.painlessAnnotations
);
}
for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) {
origin = whitelistMethod.origin;
for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) {
origin = allowlistMethod.origin;
painlessLookupBuilder.addPainlessMethod(
whitelist.classLoader,
allowlist.classLoader,
targetCanonicalClassName,
whitelistMethod.augmentedCanonicalClassName,
whitelistMethod.methodName,
whitelistMethod.returnCanonicalTypeName,
whitelistMethod.canonicalTypeNameParameters,
whitelistMethod.painlessAnnotations
allowlistMethod.augmentedCanonicalClassName,
allowlistMethod.methodName,
allowlistMethod.returnCanonicalTypeName,
allowlistMethod.canonicalTypeNameParameters,
allowlistMethod.painlessAnnotations
);
}
for (WhitelistField whitelistField : whitelistClass.whitelistFields) {
origin = whitelistField.origin;
for (WhitelistField allowlistField : allowlistClass.whitelistFields) {
origin = allowlistField.origin;
painlessLookupBuilder.addPainlessField(
targetCanonicalClassName,
whitelistField.fieldName,
whitelistField.canonicalTypeNameParameter
allowlistField.fieldName,
allowlistField.canonicalTypeNameParameter
);
}
}
for (WhitelistMethod whitelistStatic : whitelist.whitelistImportedMethods) {
origin = whitelistStatic.origin;
for (WhitelistMethod allowlistStatic : allowlist.whitelistImportedMethods) {
origin = allowlistStatic.origin;
painlessLookupBuilder.addImportedPainlessMethod(
whitelist.classLoader,
whitelistStatic.augmentedCanonicalClassName,
whitelistStatic.methodName,
whitelistStatic.returnCanonicalTypeName,
whitelistStatic.canonicalTypeNameParameters,
whitelistStatic.painlessAnnotations
allowlist.classLoader,
allowlistStatic.augmentedCanonicalClassName,
allowlistStatic.methodName,
allowlistStatic.returnCanonicalTypeName,
allowlistStatic.canonicalTypeNameParameters,
allowlistStatic.painlessAnnotations
);
}
for (WhitelistClassBinding whitelistClassBinding : whitelist.whitelistClassBindings) {
origin = whitelistClassBinding.origin;
for (WhitelistClassBinding allowlistClassBinding : allowlist.whitelistClassBindings) {
origin = allowlistClassBinding.origin;
painlessLookupBuilder.addPainlessClassBinding(
whitelist.classLoader,
whitelistClassBinding.targetJavaClassName,
whitelistClassBinding.methodName,
whitelistClassBinding.returnCanonicalTypeName,
whitelistClassBinding.canonicalTypeNameParameters,
whitelistClassBinding.painlessAnnotations
allowlist.classLoader,
allowlistClassBinding.targetJavaClassName,
allowlistClassBinding.methodName,
allowlistClassBinding.returnCanonicalTypeName,
allowlistClassBinding.canonicalTypeNameParameters,
allowlistClassBinding.painlessAnnotations
);
}
for (WhitelistInstanceBinding whitelistInstanceBinding : whitelist.whitelistInstanceBindings) {
origin = whitelistInstanceBinding.origin;
for (WhitelistInstanceBinding allowlistInstanceBinding : allowlist.whitelistInstanceBindings) {
origin = allowlistInstanceBinding.origin;
painlessLookupBuilder.addPainlessInstanceBinding(
whitelistInstanceBinding.targetInstance,
whitelistInstanceBinding.methodName,
whitelistInstanceBinding.returnCanonicalTypeName,
whitelistInstanceBinding.canonicalTypeNameParameters
allowlistInstanceBinding.targetInstance,
allowlistInstanceBinding.methodName,
allowlistInstanceBinding.returnCanonicalTypeName,
allowlistInstanceBinding.canonicalTypeNameParameters
);
}
}
} catch (Exception exception) {
throw new IllegalArgumentException("error loading whitelist(s) " + origin, exception);
throw new IllegalArgumentException("error loading allowlist(s) " + origin, exception);
}
return painlessLookupBuilder.build();
}
// javaClassNamesToClasses is all the classes that need to be available to the custom classloader
// including classes used as part of imported methods and class bindings but not necessarily whitelisted
// including classes used as part of imported methods and class bindings but not necessarily allowlisted
// individually. The values of javaClassNamesToClasses are a superset of the values of
// canonicalClassNamesToClasses.
private final Map<String, Class<?>> javaClassNamesToClasses;
// canonicalClassNamesToClasses is all the whitelisted classes available in a Painless script including
// canonicalClassNamesToClasses is all the allowlisted classes available in a Painless script including
// classes with imported canonical names but does not include classes from imported methods or class
// bindings unless also whitelisted separately. The values of canonicalClassNamesToClasses are a subset
// bindings unless also allowlisted separately. The values of canonicalClassNamesToClasses are a subset
// of the values of javaClassNamesToClasses.
private final Map<String, Class<?>> canonicalClassNamesToClasses;
private final Map<Class<?>, PainlessClassBuilder> classesToPainlessClassBuilders;
@ -2060,7 +2060,7 @@ public final class PainlessLookupBuilder {
/**
* Creates a {@link Map} of PainlessMethodKeys to {@link PainlessMethod}s per {@link PainlessClass} stored as
* {@link PainlessClass#runtimeMethods} identical to {@link PainlessClass#methods} with the exception of generated
* bridge methods. A generated bridge method is created for each whitelisted method that has at least one parameter
* bridge methods. A generated bridge method is created for each allowlisted method that has at least one parameter
* with a boxed type to cast from other numeric primitive/boxed types in a symmetric was not handled by
* {@link MethodHandle#asType(MethodType)}. As an example {@link MethodHandle#asType(MethodType)} legally casts
* from {@link Integer} to long but not from int to {@link Long}. Generated bridge methods cover the latter case.

View File

@ -34,6 +34,6 @@ grant {
// needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader";
// needed to find the classloader to load whitelisted classes from
// needed to find the classloader to load allowlisted classes from
permission java.lang.RuntimePermission "getClassLoader";
};

View File

@ -58,7 +58,7 @@ class java.util.regex.Matcher {
String replaceFirst(String)
boolean requireEnd()
Matcher reset()
# Note: Do not whitelist Matcher.reset(String), it subverts regex limiting
# Note: Do not allowlist Matcher.reset(String), it subverts regex limiting
int start()
int start(int)
Matcher useAnchoringBounds(boolean)

View File

@ -17,7 +17,7 @@
# under the License.
#
# This file contains a whitelist for the Moving Function pipeline aggregator in core
# This file contains an allowlist for the Moving Function pipeline aggregator in core
class org.opensearch.search.aggregations.pipeline.MovingFunctions {
double max(double[])

View File

@ -17,7 +17,7 @@
# under the License.
#
# This file contains a whitelist for the ingest scripts
# This file contains an allowlist for the ingest scripts
class java.lang.String {
String org.opensearch.painless.api.Augmentation sha1()

View File

@ -17,7 +17,7 @@
# under the License.
#
# This file contains a whitelist for functions to be used in Score context
# This file contains an allowlist for functions to be used in Score context
class org.opensearch.script.ScoreScript @no_import {
}

View File

@ -53,9 +53,9 @@ public class AugmentationTests extends ScriptTestCase {
@BeforeClass
public static void beforeClass() {
Map<ScriptContext<?>, List<Whitelist>> contexts = newDefaultContexts();
List<Whitelist> digestWhitelist = new ArrayList<>(Whitelist.BASE_WHITELISTS);
digestWhitelist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
contexts.put(DigestTestScript.CONTEXT, digestWhitelist);
List<Whitelist> digestAllowlist = new ArrayList<>(Whitelist.BASE_WHITELISTS);
digestAllowlist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt"));
contexts.put(DigestTestScript.CONTEXT, digestAllowlist);
SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts);
}

View File

@ -51,8 +51,8 @@ public class BindingsTests extends ScriptTestCase {
@BeforeClass
public static void beforeClass() {
Map<ScriptContext<?>, List<Whitelist>> contexts = newDefaultContexts();
List<Whitelist> whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
List<Whitelist> allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
InstanceBindingTestClass instanceBindingTestClass = new InstanceBindingTestClass(1);
WhitelistInstanceBinding getter = new WhitelistInstanceBinding(
@ -74,16 +74,16 @@ public class BindingsTests extends ScriptTestCase {
List<WhitelistInstanceBinding> instanceBindingsList = new ArrayList<>();
instanceBindingsList.add(getter);
instanceBindingsList.add(setter);
Whitelist instanceBindingsWhitelist = new Whitelist(
Whitelist instanceBindingsAllowlist = new Whitelist(
instanceBindingTestClass.getClass().getClassLoader(),
Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList(),
instanceBindingsList
);
whitelists.add(instanceBindingsWhitelist);
allowlists.add(instanceBindingsAllowlist);
contexts.put(BindingsTestScript.CONTEXT, whitelists);
contexts.put(BindingsTestScript.CONTEXT, allowlists);
SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts);
}

View File

@ -35,7 +35,7 @@ package org.opensearch.painless;
import java.util.List;
import java.util.function.Function;
/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */
/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */
public class FeatureTestObject {
/** static method that returns true */
public static boolean overloadedStatic() {
@ -47,7 +47,7 @@ public class FeatureTestObject {
return whatToReturn;
}
/** static method only whitelisted as a static */
/** static method only allowlisted as a static */
public static float staticAddFloatsTest(float x, float y) {
return x + y;
}

View File

@ -32,7 +32,7 @@
package org.opensearch.painless;
/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */
/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */
public class FeatureTestObject2 {
public FeatureTestObject2() {
super();

View File

@ -172,7 +172,7 @@ public class RegexTests extends ScriptTestCase {
assertEquals("o", exec("Matcher m = /(?<first>f)(?<second>o)o/.matcher('foo'); m.find(); return m.namedGroup('second')"));
}
// Make sure some methods on Pattern are whitelisted
// Make sure some methods on Pattern are allowlisted
public void testSplit() {
assertArrayEquals(new String[] { "cat", "dog" }, (String[]) exec("/,/.split('cat,dog')"));
}

View File

@ -62,9 +62,9 @@ public abstract class ScriptTestCase extends OpenSearchTestCase {
/** Creates a new contexts map with PainlessTextScript = org.opensearch.painless.test */
protected static Map<ScriptContext<?>, List<Whitelist>> newDefaultContexts() {
Map<ScriptContext<?>, List<Whitelist>> contexts = new HashMap<>();
List<Whitelist> whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
contexts.put(PainlessTestScript.CONTEXT, whitelists);
List<Whitelist> allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS);
allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test"));
contexts.put(PainlessTestScript.CONTEXT, allowlists);
return contexts;
}

View File

@ -70,51 +70,51 @@ public class WhitelistLoaderTests extends ScriptTestCase {
public void testAnnotations() {
Map<String, WhitelistAnnotationParser> parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS);
parsers.put(AnnotationTestObject.TestAnnotation.NAME, AnnotationTestObject.TestAnnotationParser.INSTANCE);
Whitelist whitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation");
Whitelist allowlist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation");
assertEquals(1, whitelist.whitelistClasses.size());
assertEquals(1, allowlist.whitelistClasses.size());
WhitelistClass whitelistClass = whitelist.whitelistClasses.get(0);
WhitelistClass allowlistClass = allowlist.whitelistClasses.get(0);
assertNotNull(whitelistClass.painlessAnnotations.get(NoImportAnnotation.class));
assertEquals(1, whitelistClass.painlessAnnotations.size());
assertEquals(3, whitelistClass.whitelistMethods.size());
assertNotNull(allowlistClass.painlessAnnotations.get(NoImportAnnotation.class));
assertEquals(1, allowlistClass.painlessAnnotations.size());
assertEquals(3, allowlistClass.whitelistMethods.size());
int count = 0;
for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) {
if ("deprecatedMethod".equals(whitelistMethod.methodName)) {
for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) {
if ("deprecatedMethod".equals(allowlistMethod.methodName)) {
assertEquals(
"use another method",
((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
);
assertEquals(1, whitelistMethod.painlessAnnotations.size());
assertEquals(1, allowlistMethod.painlessAnnotations.size());
++count;
}
if ("annotatedTestMethod".equals(whitelistMethod.methodName)) {
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get(
if ("annotatedTestMethod".equals(allowlistMethod.methodName)) {
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get(
AnnotationTestObject.TestAnnotation.class
));
assertEquals("one", ta.getOne());
assertEquals("two", ta.getTwo());
assertEquals("three", ta.getThree());
assertEquals(1, whitelistMethod.painlessAnnotations.size());
assertEquals(1, allowlistMethod.painlessAnnotations.size());
++count;
}
if ("annotatedMultipleMethod".equals(whitelistMethod.methodName)) {
if ("annotatedMultipleMethod".equals(allowlistMethod.methodName)) {
assertEquals(
"test",
((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage()
);
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get(
AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get(
AnnotationTestObject.TestAnnotation.class
));
assertEquals("one", ta.getOne());
assertEquals("two", ta.getTwo());
assertEquals("three", ta.getThree());
assertEquals(2, whitelistMethod.painlessAnnotations.size());
assertEquals(2, allowlistMethod.painlessAnnotations.size());
++count;
}
}

View File

@ -1,4 +1,4 @@
# whitelist for annotation tests
# allowlist for annotation tests
class org.opensearch.painless.AnnotationTestObject @no_import {
void deprecatedMethod() @deprecated[message="use another method"]

View File

@ -1,4 +1,4 @@
# whitelist for annotation tests with unknown annotation
# allowlist for annotation tests with unknown annotation
class org.opensearch.painless.AnnotationTestObject @no_import {
void unknownAnnotationMethod() @unknownAnnotation

View File

@ -1,4 +1,4 @@
# whitelist for annotation tests with unknown annotation containing options
# allowlist for annotation tests with unknown annotation containing options
class org.opensearch.painless.AnnotationTestObject @no_import {
void unknownAnnotationMethod() @unknownAnootationWithMessage[arg="arg value"]

View File

@ -1,4 +1,4 @@
# whitelist for tests
# allowlist for tests
# TODO: remove this when the transition from Joda to Java datetimes is completed
class org.opensearch.script.JodaCompatibleZonedDateTime {

View File

@ -1,4 +1,4 @@
# Sanity integration test to make sure the custom context and whitelist work for moving_fn pipeline agg
# Sanity integration test to make sure the custom context and allowlist work for moving_fn pipeline agg
#
setup:
- do:

View File

@ -49,7 +49,7 @@ testClusters.all {
// Modules who's integration is explicitly tested in integration tests
module ':modules:parent-join'
module ':modules:lang-painless'
// Whitelist reindexing from the local node so we can test reindex-from-remote.
// Allowlist reindexing from the local node so we can test reindex-from-remote.
setting 'reindex.remote.whitelist', '127.0.0.1:*'
}

View File

@ -59,7 +59,7 @@ class ReindexValidator {
static final String SORT_DEPRECATED_MESSAGE = "The sort option in reindex is deprecated. "
+ "Instead consider using query filtering to find the desired subset of data.";
private final CharacterRunAutomaton remoteWhitelist;
private final CharacterRunAutomaton remoteAllowlist;
private final ClusterService clusterService;
private final IndexNameExpressionResolver resolver;
private final AutoCreateIndex autoCreateIndex;
@ -70,14 +70,14 @@ class ReindexValidator {
IndexNameExpressionResolver resolver,
AutoCreateIndex autoCreateIndex
) {
this.remoteWhitelist = buildRemoteWhitelist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings));
this.remoteAllowlist = buildRemoteAllowlist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings));
this.clusterService = clusterService;
this.resolver = resolver;
this.autoCreateIndex = autoCreateIndex;
}
void initialValidation(ReindexRequest request) {
checkRemoteWhitelist(remoteWhitelist, request.getRemoteInfo());
checkRemoteAllowlist(remoteAllowlist, request.getRemoteInfo());
ClusterState state = clusterService.state();
validateAgainstAliases(
request.getSearchRequest(),
@ -93,32 +93,32 @@ class ReindexValidator {
}
}
static void checkRemoteWhitelist(CharacterRunAutomaton whitelist, RemoteInfo remoteInfo) {
static void checkRemoteAllowlist(CharacterRunAutomaton allowlist, RemoteInfo remoteInfo) {
if (remoteInfo == null) {
return;
}
String check = remoteInfo.getHost() + ':' + remoteInfo.getPort();
if (whitelist.run(check)) {
if (allowlist.run(check)) {
return;
}
String whiteListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey();
throw new IllegalArgumentException('[' + check + "] not whitelisted in " + whiteListKey);
String allowListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey();
throw new IllegalArgumentException('[' + check + "] not allowlisted in " + allowListKey);
}
/**
* Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote whitelist and make sure that it doesn't whitelist
* Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote allowlist and make sure that it doesn't allowlist
* the world.
*/
static CharacterRunAutomaton buildRemoteWhitelist(List<String> whitelist) {
if (whitelist.isEmpty()) {
static CharacterRunAutomaton buildRemoteAllowlist(List<String> allowlist) {
if (allowlist.isEmpty()) {
return new CharacterRunAutomaton(Automata.makeEmpty());
}
Automaton automaton = Regex.simpleMatchToAutomaton(whitelist.toArray(Strings.EMPTY_ARRAY));
Automaton automaton = Regex.simpleMatchToAutomaton(allowlist.toArray(Strings.EMPTY_ARRAY));
automaton = MinimizationOperations.minimize(automaton, Operations.DEFAULT_DETERMINIZE_WORK_LIMIT);
if (Operations.isTotal(automaton)) {
throw new IllegalArgumentException(
"Refusing to start because whitelist "
+ whitelist
"Refusing to start because allowlist "
+ allowlist
+ " accepts all addresses. "
+ "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs "
+ "for them."

View File

@ -44,22 +44,22 @@ import java.util.List;
import static java.util.Collections.emptyList;
import static java.util.Collections.emptyMap;
import static java.util.Collections.singletonList;
import static org.opensearch.index.reindex.ReindexValidator.buildRemoteWhitelist;
import static org.opensearch.index.reindex.ReindexValidator.checkRemoteWhitelist;
import static org.opensearch.index.reindex.ReindexValidator.buildRemoteAllowlist;
import static org.opensearch.index.reindex.ReindexValidator.checkRemoteAllowlist;
/**
* Tests the reindex-from-remote whitelist of remotes.
* Tests the reindex-from-remote allowlist of remotes.
*/
public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
private final BytesReference query = new BytesArray("{ \"foo\" : \"bar\" }");
public void testLocalRequestWithoutWhitelist() {
checkRemoteWhitelist(buildRemoteWhitelist(emptyList()), null);
checkRemoteAllowlist(buildRemoteAllowlist(emptyList()), null);
}
public void testLocalRequestWithWhitelist() {
checkRemoteWhitelist(buildRemoteWhitelist(randomWhitelist()), null);
checkRemoteAllowlist(buildRemoteAllowlist(randomAllowlist()), null);
}
/**
@ -81,16 +81,16 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
}
public void testWhitelistedRemote() {
List<String> whitelist = randomWhitelist();
String[] inList = whitelist.iterator().next().split(":");
List<String> allowlist = randomAllowlist();
String[] inList = allowlist.iterator().next().split(":");
String host = inList[0];
int port = Integer.valueOf(inList[1]);
checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo(host, port));
checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo(host, port));
}
public void testWhitelistedByPrefix() {
checkRemoteWhitelist(
buildRemoteWhitelist(singletonList("*.example.com:9200")),
checkRemoteAllowlist(
buildRemoteAllowlist(singletonList("*.example.com:9200")),
new RemoteInfo(
randomAlphaOfLength(5),
"es.example.com",
@ -104,34 +104,34 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
RemoteInfo.DEFAULT_CONNECT_TIMEOUT
)
);
checkRemoteWhitelist(
buildRemoteWhitelist(singletonList("*.example.com:9200")),
checkRemoteAllowlist(
buildRemoteAllowlist(singletonList("*.example.com:9200")),
newRemoteInfo("6e134134a1.us-east-1.aws.example.com", 9200)
);
}
public void testWhitelistedBySuffix() {
checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200));
checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200));
}
public void testWhitelistedByInfix() {
checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200));
checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200));
}
public void testLoopbackInWhitelistRemote() throws UnknownHostException {
List<String> whitelist = randomWhitelist();
whitelist.add("127.0.0.1:*");
checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("127.0.0.1", 9200));
List<String> allowlist = randomAllowlist();
allowlist.add("127.0.0.1:*");
checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("127.0.0.1", 9200));
}
public void testUnwhitelistedRemote() {
int port = between(1, Integer.MAX_VALUE);
List<String> whitelist = randomBoolean() ? randomWhitelist() : emptyList();
List<String> allowlist = randomBoolean() ? randomAllowlist() : emptyList();
Exception e = expectThrows(
IllegalArgumentException.class,
() -> checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("not in list", port))
() -> checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("not in list", port))
);
assertEquals("[not in list:" + port + "] not whitelisted in reindex.remote.whitelist", e.getMessage());
assertEquals("[not in list:" + port + "] not allowlisted in reindex.remote.whitelist", e.getMessage());
}
public void testRejectMatchAll() {
@ -140,22 +140,22 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
assertMatchesTooMuch(singletonList("***"));
assertMatchesTooMuch(Arrays.asList("realstuff", "*"));
assertMatchesTooMuch(Arrays.asList("*", "realstuff"));
List<String> random = randomWhitelist();
List<String> random = randomAllowlist();
random.add("*");
assertMatchesTooMuch(random);
}
public void testIPv6Address() {
List<String> whitelist = randomWhitelist();
whitelist.add("[::1]:*");
checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("[::1]", 9200));
List<String> allowlist = randomAllowlist();
allowlist.add("[::1]:*");
checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("[::1]", 9200));
}
private void assertMatchesTooMuch(List<String> whitelist) {
Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteWhitelist(whitelist));
private void assertMatchesTooMuch(List<String> allowlist) {
Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteAllowlist(allowlist));
assertEquals(
"Refusing to start because whitelist "
+ whitelist
"Refusing to start because allowlist "
+ allowlist
+ " accepts all addresses. "
+ "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs "
+ "for them.",
@ -163,12 +163,12 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase {
);
}
private List<String> randomWhitelist() {
private List<String> randomAllowlist() {
int size = between(1, 100);
List<String> whitelist = new ArrayList<>(size);
List<String> allowlist = new ArrayList<>(size);
for (int i = 0; i < size; i++) {
whitelist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE));
allowlist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE));
}
return whitelist;
return allowlist;
}
}

View File

@ -98,7 +98,7 @@ public class ReindexFromRemoteWithAuthTests extends OpenSearchSingleNodeTestCase
@Override
protected Settings nodeSettings() {
Settings.Builder settings = Settings.builder().put(super.nodeSettings());
// Whitelist reindexing from the http host we're going to use
// Allowlist reindexing from the http host we're going to use
settings.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*");
settings.put(NetworkModule.HTTP_TYPE_KEY, Netty4Plugin.NETTY_HTTP_TRANSPORT_NAME);
return settings.build();

View File

@ -102,7 +102,7 @@ public class RetryTests extends OpenSearchIntegTestCase {
final Settings nodeSettings() {
return Settings.builder()
// whitelist reindexing from the HTTP host we're going to use
// allowlist reindexing from the HTTP host we're going to use
.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*")
.build();
}

View File

@ -308,7 +308,7 @@
---
"unwhitelisted remote host fails":
- do:
catch: /\[badremote:9200\] not whitelisted in reindex.remote.whitelist/
catch: /\[badremote:9200\] not allowlisted in reindex.remote.whitelist/
reindex:
body:
source:

View File

@ -95,7 +95,7 @@ public class URLRepository extends BlobStoreRepository {
private final List<String> supportedProtocols;
private final URIPattern[] urlWhiteList;
private final URIPattern[] urlAllowList;
private final Environment environment;
@ -120,7 +120,7 @@ public class URLRepository extends BlobStoreRepository {
}
this.environment = environment;
supportedProtocols = SUPPORTED_PROTOCOLS_SETTING.get(environment.settings());
urlWhiteList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {});
urlAllowList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {});
basePath = BlobPath.cleanPath();
url = URL_SETTING.exists(metadata.settings())
? URL_SETTING.get(metadata.settings())
@ -161,7 +161,7 @@ public class URLRepository extends BlobStoreRepository {
for (String supportedProtocol : supportedProtocols) {
if (supportedProtocol.equals(protocol)) {
try {
if (URIPattern.match(urlWhiteList, url.toURI())) {
if (URIPattern.match(urlAllowList, url.toURI())) {
// URL matches white list - no additional processing is needed
return url;
}

View File

@ -63,7 +63,7 @@ dependencies {
api 'com.sun.xml.bind:jaxb-impl:2.2.3-1'
// HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here,
// and whitelist this hack in JarHell
// and allowlist this hack in JarHell
api 'javax.xml.bind:jaxb-api:2.3.1'
}

View File

@ -32,7 +32,7 @@ apply plugin: 'opensearch.yaml-rest-test'
opensearchplugin {
name 'painless-whitelist'
description 'An example whitelisting additional classes and methods in painless'
description 'An example allowlisting additional classes and methods in painless'
classname 'org.opensearch.example.painlesswhitelist.MyWhitelistPlugin'
extendedPlugins = ['lang-painless']
licenseFile rootProject.file('licenses/APACHE-LICENSE-2.0.txt')

View File

@ -46,19 +46,19 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
/** An extension of painless which adds a whitelist. */
/** An extension of painless which adds an allowlist. */
public class ExampleWhitelistExtension implements PainlessExtension {
@Override
public Map<ScriptContext<?>, List<Whitelist>> getContextWhitelists() {
Map<String, WhitelistAnnotationParser> parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS);
parsers.put(ExamplePainlessAnnotation.NAME, ExampleWhitelistAnnotationParser.INSTANCE);
Whitelist classWhitelist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt");
Whitelist classAllowlist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt");
ExampleWhitelistedInstance ewi = new ExampleWhitelistedInstance(1);
ExampleWhitelistedInstance eai = new ExampleWhitelistedInstance(1);
WhitelistInstanceBinding addValue = new WhitelistInstanceBinding(
"example addValue",
ewi,
eai,
"addValue",
"int",
Collections.singletonList("int"),
@ -66,20 +66,20 @@ public class ExampleWhitelistExtension implements PainlessExtension {
);
WhitelistInstanceBinding getValue = new WhitelistInstanceBinding(
"example getValue",
ewi,
eai,
"getValue",
"int",
Collections.emptyList(),
Collections.emptyList()
);
Whitelist instanceWhitelist = new Whitelist(
ewi.getClass().getClassLoader(),
Whitelist instanceAllowlist = new Whitelist(
eai.getClass().getClassLoader(),
Collections.emptyList(),
Collections.emptyList(),
Collections.emptyList(),
Arrays.asList(addValue, getValue)
);
return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classWhitelist, instanceWhitelist));
return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classAllowlist, instanceAllowlist));
}
}

View File

@ -33,9 +33,9 @@
package org.opensearch.example.painlesswhitelist;
/**
* An example of a class to be whitelisted for use by painless scripts
* An example of a class to be allowlisted for use by painless scripts
*
* Each of the members and methods below are whitelisted for use in search scripts.
* Each of the members and methods below are allowlisted for use in search scripts.
* See <a href="file:example_whitelist.txt">example_whitelist.txt</a>.
*/
public class ExampleWhitelistedClass {
@ -68,7 +68,7 @@ public class ExampleWhitelistedClass {
return Integer.parseInt(x);
}
// example method to attach annotations in whitelist
// example method to attach annotations in allowlist
public void annotate() {
// some logic here
}

View File

@ -35,5 +35,5 @@ package org.opensearch.example.painlesswhitelist;
import org.opensearch.plugins.Plugin;
public class MyWhitelistPlugin extends Plugin {
// we don't actually need anything here, since whitelists are extended through SPI
// we don't actually need anything here, since allowlists are extended through SPI
}

View File

@ -17,7 +17,7 @@
# under the License.
#
# This file contains a whitelist for an example class which may be access from painless
# This file contains an allowlist for an example class which may be access from painless
class org.opensearch.example.painlesswhitelist.ExampleWhitelistedClass {
# constructor

View File

@ -1,4 +1,4 @@
# Integration tests for the painless whitelist example plugin
# Integration tests for the painless allowlist example plugin
#
"Plugin loaded":
- skip:

View File

@ -1,4 +1,4 @@
# Example test using whitelisted members and methods
# Example test using allowlisted members and methods
"Whitelisted custom class":
- do:

View File

@ -1,4 +1,4 @@
# Example test using whitelisted statically imported method
# Example test using allowlisted statically imported method
"custom static imported method":
- do:

View File

@ -64,7 +64,7 @@ dependencies {
api "joda-time:joda-time:${versions.joda}"
// HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here,
// and whitelist this hack in JarHell
// and allowlist this hack in JarHell
api 'javax.xml.bind:jaxb-api:2.3.1'
testImplementation project(':test:fixtures:s3-fixture')

View File

@ -79,7 +79,7 @@ public final class BootstrapInfo {
// create a view of sysprops map that does not allow modifications
// this must be done this way (e.g. versus an actual typed map), because
// some test methods still change properties, so whitelisted changes must
// some test methods still change properties, so allowlisted changes must
// be reflected in this view.
private static final Dictionary<Object, Object> SYSTEM_PROPERTIES;
static {

View File

@ -227,7 +227,7 @@ final class SystemCallFilter {
static class Arch {
/** AUDIT_ARCH_XXX constant from linux/audit.h */
final int audit;
/** syscall limit (necessary for blacklisting on amd64, to ban 32-bit syscalls) */
/** syscall limit (necessary for denylisting on amd64, to ban 32-bit syscalls) */
final int limit;
/** __NR_fork */
final int fork;

View File

@ -293,7 +293,7 @@ class BindingProcessor extends AbstractProcessor {
return false;
}
// It's unfortunate that we have to maintain a blacklist of specific
// It's unfortunate that we have to maintain a denylist of specific
// classes, but we can't easily block the whole package because of
// all our unit tests.
private static final Set<Class<?>> FORBIDDEN_TYPES = unmodifiableSet(

View File

@ -61,7 +61,7 @@ class InheritingState implements State {
private final Map<Class<? extends Annotation>, Scope> scopes = new HashMap<>();
private final List<MatcherAndConverter> converters = new ArrayList<>();
private final List<TypeListenerBinding> listenerBindings = new ArrayList<>();
private WeakKeySet blacklistedKeys = new WeakKeySet();
private WeakKeySet denylistedKeys = new WeakKeySet();
private final Object lock;
InheritingState(State parent) {
@ -145,17 +145,17 @@ class InheritingState implements State {
@Override
public void blacklist(Key<?> key) {
parent.blacklist(key);
blacklistedKeys.add(key);
denylistedKeys.add(key);
}
@Override
public boolean isBlacklisted(Key<?> key) {
return blacklistedKeys.contains(key);
return denylistedKeys.contains(key);
}
@Override
public void clearBlacklisted() {
blacklistedKeys = new WeakKeySet();
denylistedKeys = new WeakKeySet();
}
@Override

View File

@ -164,7 +164,7 @@ interface State {
/**
* Forbids the corresponding injector from creating a binding to {@code key}. Child injectors
* blacklist their bound keys on their parent injectors to prevent just-in-time bindings on the
* denylist their bound keys on their parent injectors to prevent just-in-time bindings on the
* parent injector that would conflict.
*/
void blacklist(Key<?> key);
@ -177,11 +177,11 @@ interface State {
/**
* Returns the shared lock for all injector data. This is a low-granularity, high-contention lock
* to be used when reading mutable data (ie. just-in-time bindings, and binding blacklists).
* to be used when reading mutable data (ie. just-in-time bindings, and binding denylists).
*/
Object lock();
// ES_GUICE: clean blacklist keys
// ES_GUICE: clean denylist keys
void clearBlacklisted();
void makeAllBindingsToEagerSingletons(Injector injector);

View File

@ -126,7 +126,7 @@ public class ScriptedMetricAggContexts {
return state;
}
// Return the doc as a map (instead of LeafDocLookup) in order to abide by type whitelisting rules for
// Return the doc as a map (instead of LeafDocLookup) in order to abide by type allowlisting rules for
// Painless scripts.
public Map<String, ScriptDocValues<?>> getDoc() {
return leafLookup == null ? null : leafLookup.doc();

View File

@ -192,7 +192,7 @@ public class MovingFunctions {
}
/**
* Version of holt that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but
* Version of holt that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but
* here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone.
*/
public static double[] holtForecast(double[] values, double alpha, double beta, int numForecasts) {
@ -268,7 +268,7 @@ public class MovingFunctions {
}
/**
* Version of holt-winters that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but
* Version of holt-winters that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but
* here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone.
*/
public static double[] holtWintersForecast(

View File

@ -254,29 +254,29 @@ public class ClusterModuleTests extends ModuleTestCase {
}
public void testPre63CustomsFiltering() {
final String whiteListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST);
final String whiteListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST);
final String allowListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST);
final String allowListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST);
final ClusterState clusterState = ClusterState.builder(ClusterName.DEFAULT)
.putCustom(whiteListedClusterCustom, new RestoreInProgress.Builder().build())
.putCustom(allowListedClusterCustom, new RestoreInProgress.Builder().build())
.putCustom("other", new RestoreInProgress.Builder().build())
.metadata(
Metadata.builder()
.putCustom(whiteListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList()))
.putCustom(allowListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList()))
.putCustom("other", new RepositoriesMetadata(Collections.emptyList()))
.build()
)
.build();
assertNotNull(clusterState.custom(whiteListedClusterCustom));
assertNotNull(clusterState.custom(allowListedClusterCustom));
assertNotNull(clusterState.custom("other"));
assertNotNull(clusterState.metadata().custom(whiteListedMetadataCustom));
assertNotNull(clusterState.metadata().custom(allowListedMetadataCustom));
assertNotNull(clusterState.metadata().custom("other"));
final ClusterState fixedClusterState = ClusterModule.filterCustomsForPre63Clients(clusterState);
assertNotNull(fixedClusterState.custom(whiteListedClusterCustom));
assertNotNull(fixedClusterState.custom(allowListedClusterCustom));
assertNull(fixedClusterState.custom("other"));
assertNotNull(fixedClusterState.metadata().custom(whiteListedMetadataCustom));
assertNotNull(fixedClusterState.metadata().custom(allowListedMetadataCustom));
assertNull(fixedClusterState.metadata().custom("other"));
}

View File

@ -95,7 +95,7 @@ public class FilterAllocationDeciderTests extends OpenSearchAllocationTestCase {
assertEquals(routingTable.index("idx").shard(0).shards().get(0).state(), UNASSIGNED);
assertNull(routingTable.index("idx").shard(0).shards().get(0).currentNodeId());
// after failing the shard we are unassigned since the node is blacklisted and we can't initialize on the other node
// after failing the shard we are unassigned since the node is denylisted and we can't initialize on the other node
RoutingAllocation allocation = new RoutingAllocation(allocationDeciders, state.getRoutingNodes(), state, null, null, 0);
allocation.debugDecision(true);
Decision.Single decision = (Decision.Single) filterAllocationDecider.canAllocate(

View File

@ -175,16 +175,16 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
protected ValuesSourceRegistry valuesSourceRegistry;
// A list of field types that should not be tested, or are not currently supported
private static List<String> TYPE_TEST_BLACKLIST;
private static List<String> TYPE_TEST_DENYLIST;
static {
List<String> blacklist = new ArrayList<>();
blacklist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects
blacklist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet)
blacklist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested
blacklist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion
blacklist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias
TYPE_TEST_BLACKLIST = blacklist;
List<String> denylist = new ArrayList<>();
denylist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects
denylist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet)
denylist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested
denylist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion
denylist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias
TYPE_TEST_DENYLIST = denylist;
}
/**
@ -713,11 +713,11 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
}
/**
* A method that allows implementors to specifically blacklist particular field types (based on their content_name).
* A method that allows implementors to specifically denylist particular field types (based on their content_name).
* This is needed in some areas where the ValuesSourceType is not granular enough, for example integer values
* vs floating points, or `keyword` bytes vs `binary` bytes (which are not searchable)
*
* This is a blacklist instead of a whitelist because there are vastly more field types than ValuesSourceTypes,
* This is a denylist instead of an allowlist because there are vastly more field types than ValuesSourceTypes,
* and it's expected that these unsupported cases are exceptional rather than common
*/
protected List<String> unsupportedMappedFieldTypes() {
@ -748,7 +748,7 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase {
for (Map.Entry<String, Mapper.TypeParser> mappedType : mapperRegistry.getMapperParsers().entrySet()) {
// Some field types should not be tested, or require more work and are not ready yet
if (TYPE_TEST_BLACKLIST.contains(mappedType.getKey())) {
if (TYPE_TEST_DENYLIST.contains(mappedType.getKey())) {
continue;
}

View File

@ -34,7 +34,7 @@ package org.opensearch.test.rest.yaml;
import java.util.regex.Pattern;
/**
* Matches blacklist patterns.
* Matches denylist patterns.
*
* Currently the following syntax is supported:
*
@ -45,20 +45,20 @@ import java.util.regex.Pattern;
* <code>indices.get/10_basic/advanced/allow_no_indices</code> (contains an additional segment)</li>
* </ul>
*
* Each blacklist pattern is a suffix match on the path. Empty patterns are not allowed.
* Each denylist pattern is a suffix match on the path. Empty patterns are not allowed.
*/
final class BlacklistedPathPatternMatcher {
private final Pattern pattern;
/**
* Constructs a new <code>BlacklistedPathPatternMatcher</code> instance from the provided suffix pattern.
* Constructs a new <code>DenylistedPathPatternMatcher</code> instance from the provided suffix pattern.
*
* @param p The suffix pattern. Must be a non-empty string.
*/
BlacklistedPathPatternMatcher(String p) {
// guard against accidentally matching everything as an empty string lead to the pattern ".*" which matches everything
if (p == null || p.trim().isEmpty()) {
throw new IllegalArgumentException("Empty blacklist patterns are not supported");
throw new IllegalArgumentException("Empty denylist patterns are not supported");
}
// very simple transformation from wildcard to a proper regex
String finalPattern = p.replaceAll("\\*", "[^/]*") // support wildcard matches (within a single path segment)

View File

@ -88,13 +88,13 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
*/
public static final String REST_TESTS_SUITE = "tests.rest.suite";
/**
* Property that allows to blacklist some of the REST tests based on a comma separated list of globs
* Property that allows to denylist some of the REST tests based on a comma separated list of globs
* e.g. "-Dtests.rest.blacklist=get/10_basic/*"
*/
public static final String REST_TESTS_BLACKLIST = "tests.rest.blacklist";
/**
* We use tests.rest.blacklist in build files to blacklist tests; this property enables a user to add additional blacklisted tests on
* top of the tests blacklisted in the build.
* We use tests.rest.blacklist in build files to denylist tests; this property enables a user to add additional denylisted tests on
* top of the tests denylisted in the build.
*/
public static final String REST_TESTS_BLACKLIST_ADDITIONS = "tests.rest.blacklist_additions";
/**
@ -116,7 +116,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
*/
private static final String PATHS_SEPARATOR = "(?<!\\\\),";
private static List<BlacklistedPathPatternMatcher> blacklistPathMatchers;
private static List<BlacklistedPathPatternMatcher> denylistPathMatchers;
private static ClientYamlTestExecutionContext restTestExecutionContext;
private static ClientYamlTestExecutionContext adminExecutionContext;
private static ClientYamlTestClient clientYamlTestClient;
@ -138,7 +138,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
public void initAndResetContext() throws Exception {
if (restTestExecutionContext == null) {
assert adminExecutionContext == null;
assert blacklistPathMatchers == null;
assert denylistPathMatchers == null;
final ClientYamlSuiteRestSpec restSpec = ClientYamlSuiteRestSpec.load(SPEC_PATH);
validateSpec(restSpec);
final List<HttpHost> hosts = getClusterHosts();
@ -149,21 +149,21 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
clientYamlTestClient = initClientYamlTestClient(restSpec, client(), hosts, esVersion, masterVersion);
restTestExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, randomizeContentType());
adminExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, false);
final String[] blacklist = resolvePathsProperty(REST_TESTS_BLACKLIST, null);
blacklistPathMatchers = new ArrayList<>();
for (final String entry : blacklist) {
blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
final String[] denylist = resolvePathsProperty(REST_TESTS_BLACKLIST, null);
denylistPathMatchers = new ArrayList<>();
for (final String entry : denylist) {
denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
}
final String[] blacklistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null);
for (final String entry : blacklistAdditions) {
blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
final String[] denylistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null);
for (final String entry : denylistAdditions) {
denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry));
}
}
assert restTestExecutionContext != null;
assert adminExecutionContext != null;
assert blacklistPathMatchers != null;
assert denylistPathMatchers != null;
// admin context must be available for @After always, regardless of whether the test was blacklisted
// admin context must be available for @After always, regardless of whether the test was denylisted
adminExecutionContext.clear();
restTestExecutionContext.clear();
@ -184,7 +184,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
try {
IOUtils.close(clientYamlTestClient);
} finally {
blacklistPathMatchers = null;
denylistPathMatchers = null;
restTestExecutionContext = null;
adminExecutionContext = null;
clientYamlTestClient = null;
@ -355,12 +355,12 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe
}
public void test() throws IOException {
// skip test if it matches one of the blacklist globs
for (BlacklistedPathPatternMatcher blacklistedPathMatcher : blacklistPathMatchers) {
// skip test if it matches one of the denylist globs
for (BlacklistedPathPatternMatcher denylistedPathMatcher : denylistPathMatchers) {
String testPath = testCandidate.getSuitePath() + "/" + testCandidate.getTestSection().getName();
assumeFalse(
"[" + testCandidate.getTestPath() + "] skipped, reason: blacklisted",
blacklistedPathMatcher.isSuffixMatch(testPath)
denylistedPathMatcher.isSuffixMatch(testPath)
);
}