From be64af2f90cfa16dca83f0a945c946f7e25d6d71 Mon Sep 17 00:00:00 2001 From: aponb Date: Sat, 5 Mar 2022 01:34:09 +0100 Subject: [PATCH] Replace exclusionary words whitelist and blacklist in the places that won't impact backwards compatibility (#2178) * Replace the exclusionary word whitelist with allowlist, and blacklist with denylist, in code commet and internal variable/method/class/package name. Signed-off-by: Andreas --- TESTING.md | 2 +- .../org/opensearch/client/NodeSelector.java | 2 +- .../org/opensearch/client/RestClient.java | 30 ++--- .../client/RestClientMultipleHostsTests.java | 10 +- .../opensearch/client/RestClientTests.java | 56 ++++----- .../org/opensearch/secure_sm/SecureSM.java | 2 +- .../common/AnalysisPainlessExtension.java | 4 +- .../common/ProcessorsWhitelistExtension.java | 4 +- .../ingest/common/processors_whitelist.txt | 2 +- .../opensearch/painless/spi/Whitelist.java | 36 +++--- .../painless/spi/WhitelistClass.java | 22 ++-- .../painless/spi/WhitelistClassBinding.java | 2 +- .../painless/spi/WhitelistConstructor.java | 4 +- .../painless/spi/WhitelistField.java | 4 +- .../spi/WhitelistInstanceBinding.java | 2 +- .../painless/spi/WhitelistLoader.java | 96 ++++++++-------- .../painless/spi/WhitelistMethod.java | 6 +- .../annotation/WhitelistAnnotationParser.java | 4 +- .../org/opensearch/painless/Compiler.java | 4 +- .../java/org/opensearch/painless/Def.java | 32 +++--- .../org/opensearch/painless/DefBootstrap.java | 8 +- .../org/opensearch/painless/FunctionRef.java | 4 +- .../opensearch/painless/PainlessPlugin.java | 24 ++-- .../action/PainlessContextAction.java | 2 +- .../lookup/PainlessLookupBuilder.java | 106 +++++++++--------- .../plugin-metadata/plugin-security.policy | 2 +- .../painless/spi/java.util.regex.txt | 2 +- .../spi/org.opensearch.aggs.movfn.txt | 2 +- .../painless/spi/org.opensearch.ingest.txt | 2 +- .../painless/spi/org.opensearch.score.txt | 2 +- .../painless/AugmentationTests.java | 6 +- .../opensearch/painless/BindingsTests.java | 10 +- .../painless/FeatureTestObject.java | 4 +- .../painless/FeatureTestObject2.java | 2 +- .../org/opensearch/painless/RegexTests.java | 2 +- .../opensearch/painless/ScriptTestCase.java | 6 +- .../painless/WhitelistLoaderTests.java | 34 +++--- .../spi/org.opensearch.painless.annotation | 2 +- ...org.opensearch.painless.annotation.unknown | 2 +- ...h.painless.annotation.unknown_with_options | 2 +- .../painless/spi/org.opensearch.painless.test | 2 +- .../test/painless/70_mov_fn_agg.yml | 2 +- modules/reindex/build.gradle | 2 +- .../index/reindex/ReindexValidator.java | 26 ++--- .../ReindexFromRemoteWhitelistTests.java | 64 +++++------ .../ReindexFromRemoteWithAuthTests.java | 2 +- .../opensearch/index/reindex/RetryTests.java | 2 +- .../test/reindex/20_validation.yml | 2 +- .../repositories/url/URLRepository.java | 6 +- plugins/discovery-azure-classic/build.gradle | 2 +- .../examples/painless-whitelist/build.gradle | 2 +- .../ExampleWhitelistExtension.java | 16 +-- .../ExampleWhitelistedClass.java | 6 +- .../painlesswhitelist/MyWhitelistPlugin.java | 2 +- .../painlesswhitelist/example_whitelist.txt | 2 +- .../test/painless_whitelist/10_basic.yml | 2 +- .../test/painless_whitelist/20_whitelist.yml | 2 +- .../test/painless_whitelist/30_static.yml | 2 +- plugins/repository-s3/build.gradle | 2 +- .../opensearch/bootstrap/BootstrapInfo.java | 2 +- .../bootstrap/SystemCallFilter.java | 2 +- .../common/inject/BindingProcessor.java | 2 +- .../common/inject/InheritingState.java | 8 +- .../org/opensearch/common/inject/State.java | 6 +- .../script/ScriptedMetricAggContexts.java | 2 +- .../pipeline/MovingFunctions.java | 4 +- .../cluster/ClusterModuleTests.java | 16 +-- .../decider/FilterAllocationDeciderTests.java | 2 +- .../aggregations/AggregatorTestCase.java | 22 ++-- .../yaml/BlacklistedPathPatternMatcher.java | 8 +- .../OpenSearchClientYamlSuiteTestCase.java | 36 +++--- 71 files changed, 402 insertions(+), 402 deletions(-) diff --git a/TESTING.md b/TESTING.md index 5571b7c7a4a..4a2a786469b 100644 --- a/TESTING.md +++ b/TESTING.md @@ -245,7 +245,7 @@ The YAML REST tests support all the options provided by the randomized runner, p - `tests.rest.suite`: comma separated paths of the test suites to be run (by default loaded from /rest-api-spec/test). It is possible to run only a subset of the tests providing a sub-folder or even a single yaml file (the default /rest-api-spec/test prefix is optional when files are loaded from classpath) e.g. `-Dtests.rest.suite=index,get,create/10_with_id` -- `tests.rest.blacklist`: comma separated globs that identify tests that are blacklisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**` +- `tests.rest.blacklist`: comma separated globs that identify tests that are denylisted and need to be skipped e.g. `-Dtests.rest.blacklist=index/**/Index document,get/10_basic/**` Java REST tests can be run with the "javaRestTest" task. diff --git a/client/rest/src/main/java/org/opensearch/client/NodeSelector.java b/client/rest/src/main/java/org/opensearch/client/NodeSelector.java index 398a3a72b94..09d5a2c1fe5 100644 --- a/client/rest/src/main/java/org/opensearch/client/NodeSelector.java +++ b/client/rest/src/main/java/org/opensearch/client/NodeSelector.java @@ -48,7 +48,7 @@ public interface NodeSelector { * iterate the nodes as many times as they need. *

* This may be called twice per request: first for "living" nodes that - * have not been blacklisted by previous errors. If the selector removes + * have not been denylisted by previous errors. If the selector removes * all nodes from the list or if there aren't any living nodes then the * {@link RestClient} will call this method with a list of "dead" nodes. *

diff --git a/client/rest/src/main/java/org/opensearch/client/RestClient.java b/client/rest/src/main/java/org/opensearch/client/RestClient.java index c004613f89b..4f899fd7091 100644 --- a/client/rest/src/main/java/org/opensearch/client/RestClient.java +++ b/client/rest/src/main/java/org/opensearch/client/RestClient.java @@ -125,7 +125,7 @@ public class RestClient implements Closeable { final List

defaultHeaders; private final String pathPrefix; private final AtomicInteger lastNodeIndex = new AtomicInteger(0); - private final ConcurrentMap blacklist = new ConcurrentHashMap<>(); + private final ConcurrentMap denylist = new ConcurrentHashMap<>(); private final FailureListener failureListener; private final NodeSelector nodeSelector; private volatile NodeTuple> nodeTuple; @@ -246,7 +246,7 @@ public class RestClient implements Closeable { authCache.put(node.getHost(), new BasicScheme()); } this.nodeTuple = new NodeTuple<>(Collections.unmodifiableList(new ArrayList<>(nodesByHost.values())), authCache); - this.blacklist.clear(); + this.denylist.clear(); } /** @@ -448,7 +448,7 @@ public class RestClient implements Closeable { */ private NodeTuple> nextNodes() throws IOException { NodeTuple> nodeTuple = this.nodeTuple; - Iterable hosts = selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector); + Iterable hosts = selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector); return new NodeTuple<>(hosts.iterator(), nodeTuple.authCache); } @@ -458,17 +458,17 @@ public class RestClient implements Closeable { */ static Iterable selectNodes( NodeTuple> nodeTuple, - Map blacklist, + Map denylist, AtomicInteger lastNodeIndex, NodeSelector nodeSelector ) throws IOException { /* * Sort the nodes into living and dead lists. */ - List livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - blacklist.size())); - List deadNodes = new ArrayList<>(blacklist.size()); + List livingNodes = new ArrayList<>(Math.max(0, nodeTuple.nodes.size() - denylist.size())); + List deadNodes = new ArrayList<>(denylist.size()); for (Node node : nodeTuple.nodes) { - DeadHostState deadness = blacklist.get(node.getHost()); + DeadHostState deadness = denylist.get(node.getHost()); if (deadness == null || deadness.shallBeRetried()) { livingNodes.add(node); } else { @@ -526,9 +526,9 @@ public class RestClient implements Closeable { * Receives as an argument the host that was used for the successful request. */ private void onResponse(Node node) { - DeadHostState removedHost = this.blacklist.remove(node.getHost()); + DeadHostState removedHost = this.denylist.remove(node.getHost()); if (logger.isDebugEnabled() && removedHost != null) { - logger.debug("removed [" + node + "] from blacklist"); + logger.debug("removed [" + node + "] from denylist"); } } @@ -538,19 +538,19 @@ public class RestClient implements Closeable { */ private void onFailure(Node node) { while (true) { - DeadHostState previousDeadHostState = blacklist.putIfAbsent( + DeadHostState previousDeadHostState = denylist.putIfAbsent( node.getHost(), new DeadHostState(DeadHostState.DEFAULT_TIME_SUPPLIER) ); if (previousDeadHostState == null) { if (logger.isDebugEnabled()) { - logger.debug("added [" + node + "] to blacklist"); + logger.debug("added [" + node + "] to denylist"); } break; } - if (blacklist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) { + if (denylist.replace(node.getHost(), previousDeadHostState, new DeadHostState(previousDeadHostState))) { if (logger.isDebugEnabled()) { - logger.debug("updated [" + node + "] already in blacklist"); + logger.debug("updated [" + node + "] already in denylist"); } break; } @@ -718,8 +718,8 @@ public class RestClient implements Closeable { } /** - * Contains a reference to a blacklisted node and the time until it is - * revived. We use this so we can do a single pass over the blacklist. + * Contains a reference to a denylisted node and the time until it is + * revived. We use this so we can do a single pass over the denylist. */ private static class DeadNode implements Comparable { final Node node; diff --git a/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java b/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java index 0011622fe24..0b7d2881ccb 100644 --- a/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java +++ b/client/rest/src/test/java/org/opensearch/client/RestClientMultipleHostsTests.java @@ -62,7 +62,7 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; /** - * Tests for {@link RestClient} behaviour against multiple hosts: fail-over, blacklisting etc. + * Tests for {@link RestClient} behaviour against multiple hosts: fail-over, denylisting etc. * Relies on a mock http client to intercept requests and return desired responses based on request path. */ public class RestClientMultipleHostsTests extends RestClientTestCase { @@ -154,7 +154,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase { fail("request should have failed"); } catch (ResponseException e) { Set hostsSet = hostsSet(); - // first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each + // first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each failureListener.assertCalled(nodes); do { Response response = e.getResponse(); @@ -175,7 +175,7 @@ public class RestClientMultipleHostsTests extends RestClientTestCase { assertEquals("every host should have been used but some weren't: " + hostsSet, 0, hostsSet.size()); } catch (IOException e) { Set hostsSet = hostsSet(); - // first request causes all the hosts to be blacklisted, the returned exception holds one suppressed exception each + // first request causes all the hosts to be denylisted, the returned exception holds one suppressed exception each failureListener.assertCalled(nodes); do { HttpHost httpHost = HttpHost.create(e.getMessage()); @@ -211,13 +211,13 @@ public class RestClientMultipleHostsTests extends RestClientTestCase { "host [" + response.getHost() + "] not found, most likely used multiple times", hostsSet.remove(response.getHost()) ); - // after the first request, all hosts are blacklisted, a single one gets resurrected each time + // after the first request, all hosts are denylisted, a single one gets resurrected each time failureListener.assertCalled(response.getHost()); assertEquals(0, e.getSuppressed().length); } catch (IOException e) { HttpHost httpHost = HttpHost.create(e.getMessage()); assertTrue("host [" + httpHost + "] not found, most likely used multiple times", hostsSet.remove(httpHost)); - // after the first request, all hosts are blacklisted, a single one gets resurrected each time + // after the first request, all hosts are denylisted, a single one gets resurrected each time failureListener.assertCalled(httpHost); assertEquals(0, e.getSuppressed().length); } diff --git a/client/rest/src/test/java/org/opensearch/client/RestClientTests.java b/client/rest/src/test/java/org/opensearch/client/RestClientTests.java index 169e2dbcfd8..ca761dcb6b9 100644 --- a/client/rest/src/test/java/org/opensearch/client/RestClientTests.java +++ b/client/rest/src/test/java/org/opensearch/client/RestClientTests.java @@ -260,11 +260,11 @@ public class RestClientTests extends RestClientTestCase { NodeTuple> nodeTuple = new NodeTuple<>(Arrays.asList(n1, n2, n3), null); - Map emptyBlacklist = Collections.emptyMap(); + Map emptyDenylist = Collections.emptyMap(); // Normal cases where the node selector doesn't reject all living nodes - assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyBlacklist, NodeSelector.ANY); - assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyBlacklist, not1); + assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, emptyDenylist, NodeSelector.ANY); + assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, emptyDenylist, not1); /* * Try a NodeSelector that excludes all nodes. This should @@ -274,83 +274,83 @@ public class RestClientTests extends RestClientTestCase { String message = "NodeSelector [NONE] rejected all nodes, living [" + "[host=http://1, version=1], [host=http://2, version=2], " + "[host=http://3, version=3]] and dead []"; - assertEquals(message, assertSelectAllRejected(nodeTuple, emptyBlacklist, noNodes)); + assertEquals(message, assertSelectAllRejected(nodeTuple, emptyDenylist, noNodes)); } // Mark all the nodes dead for a few test cases { final AtomicLong time = new AtomicLong(0L); Supplier timeSupplier = time::get; - Map blacklist = new HashMap<>(); - blacklist.put(n1.getHost(), new DeadHostState(timeSupplier)); - blacklist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier))); - blacklist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier)))); + Map denylist = new HashMap<>(); + denylist.put(n1.getHost(), new DeadHostState(timeSupplier)); + denylist.put(n2.getHost(), new DeadHostState(new DeadHostState(timeSupplier))); + denylist.put(n3.getHost(), new DeadHostState(new DeadHostState(new DeadHostState(timeSupplier)))); /* - * case when fewer nodeTuple than blacklist, won't result in any IllegalCapacityException + * case when fewer nodeTuple than denylist, won't result in any IllegalCapacityException */ { NodeTuple> fewerNodeTuple = new NodeTuple<>(Arrays.asList(n1, n2), null); - assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, blacklist, NodeSelector.ANY); - assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, blacklist, not1); + assertSelectLivingHosts(Arrays.asList(n1), fewerNodeTuple, denylist, NodeSelector.ANY); + assertSelectLivingHosts(Arrays.asList(n2), fewerNodeTuple, denylist, not1); } /* * selectHosts will revive a single host regardless of - * blacklist time. It'll revive the node that is closest + * denylist time. It'll revive the node that is closest * to being revived that the NodeSelector is ok with. */ - assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), NodeSelector.ANY)); - assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(), not1)); + assertEquals(singletonList(n1), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), NodeSelector.ANY)); + assertEquals(singletonList(n2), RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(), not1)); /* * Try a NodeSelector that excludes all nodes. This should * return a failure, but a different failure than when the - * blacklist is empty so that the caller knows that all of - * their nodes are blacklisted AND blocked. + * denylist is empty so that the caller knows that all of + * their nodes are denylisted AND blocked. */ String message = "NodeSelector [NONE] rejected all nodes, living [] and dead [" + "[host=http://1, version=1], [host=http://2, version=2], " + "[host=http://3, version=3]]"; - assertEquals(message, assertSelectAllRejected(nodeTuple, blacklist, noNodes)); + assertEquals(message, assertSelectAllRejected(nodeTuple, denylist, noNodes)); /* * Now lets wind the clock forward, past the timeout for one of * the dead nodes. We should return it. */ time.set(new DeadHostState(timeSupplier).getDeadUntilNanos()); - assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, blacklist, NodeSelector.ANY); + assertSelectLivingHosts(Arrays.asList(n1), nodeTuple, denylist, NodeSelector.ANY); /* * But if the NodeSelector rejects that node then we'll pick the * first on that the NodeSelector doesn't reject. */ - assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, blacklist, not1); + assertSelectLivingHosts(Arrays.asList(n2), nodeTuple, denylist, not1); /* * If we wind the clock way into the future, past any of the - * blacklist timeouts then we function as though the nodes aren't - * in the blacklist at all. + * denylist timeouts then we function as though the nodes aren't + * in the denylist at all. */ time.addAndGet(DeadHostState.MAX_CONNECTION_TIMEOUT_NANOS); - assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, blacklist, NodeSelector.ANY); - assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, blacklist, not1); + assertSelectLivingHosts(Arrays.asList(n1, n2, n3), nodeTuple, denylist, NodeSelector.ANY); + assertSelectLivingHosts(Arrays.asList(n2, n3), nodeTuple, denylist, not1); } } private void assertSelectLivingHosts( List expectedNodes, NodeTuple> nodeTuple, - Map blacklist, + Map denylist, NodeSelector nodeSelector ) throws IOException { int iterations = 1000; AtomicInteger lastNodeIndex = new AtomicInteger(0); - assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector)); + assertEquals(expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector)); // Calling it again rotates the set of results for (int i = 1; i < iterations; i++) { Collections.rotate(expectedNodes, 1); - assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, blacklist, lastNodeIndex, nodeSelector)); + assertEquals("iteration " + i, expectedNodes, RestClient.selectNodes(nodeTuple, denylist, lastNodeIndex, nodeSelector)); } } @@ -360,11 +360,11 @@ public class RestClientTests extends RestClientTestCase { */ private static String assertSelectAllRejected( NodeTuple> nodeTuple, - Map blacklist, + Map denylist, NodeSelector nodeSelector ) { try { - RestClient.selectNodes(nodeTuple, blacklist, new AtomicInteger(0), nodeSelector); + RestClient.selectNodes(nodeTuple, denylist, new AtomicInteger(0), nodeSelector); throw new AssertionError("expected selectHosts to fail"); } catch (IOException e) { return e.getMessage(); diff --git a/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java b/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java index 08f1efd4dac..f41c4984499 100644 --- a/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java +++ b/libs/secure-sm/src/main/java/org/opensearch/secure_sm/SecureSM.java @@ -54,7 +54,7 @@ import java.util.Set; * a thread must have {@code modifyThread} to even terminate its own pool, leaving * system threads unprotected. * - * This class throws exception on {@code exitVM} calls, and provides a whitelist where calls + * This class throws exception on {@code exitVM} calls, and provides an allowlist where calls * from exit are allowed. *

* Additionally it enforces threadgroup security with the following rules: diff --git a/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java b/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java index c479a6d01ee..1c13e51788f 100644 --- a/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java +++ b/modules/analysis-common/src/main/java/org/opensearch/analysis/common/AnalysisPainlessExtension.java @@ -43,13 +43,13 @@ import java.util.Map; public class AnalysisPainlessExtension implements PainlessExtension { - private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles( + private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles( AnalysisPainlessExtension.class, "painless_whitelist.txt" ); @Override public Map, List> getContextWhitelists() { - return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(WHITELIST)); + return Collections.singletonMap(AnalysisPredicateScript.CONTEXT, Collections.singletonList(ALLOWLIST)); } } diff --git a/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java b/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java index 93cb60c5b52..c45104873c7 100644 --- a/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java +++ b/modules/ingest-common/src/main/java/org/opensearch/ingest/common/ProcessorsWhitelistExtension.java @@ -44,13 +44,13 @@ import java.util.Map; public class ProcessorsWhitelistExtension implements PainlessExtension { - private static final Whitelist WHITELIST = WhitelistLoader.loadFromResourceFiles( + private static final Whitelist ALLOWLIST = WhitelistLoader.loadFromResourceFiles( ProcessorsWhitelistExtension.class, "processors_whitelist.txt" ); @Override public Map, List> getContextWhitelists() { - return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(WHITELIST)); + return Collections.singletonMap(IngestScript.CONTEXT, Collections.singletonList(ALLOWLIST)); } } diff --git a/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt b/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt index 1372ef2ed03..7b8c6050788 100644 --- a/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt +++ b/modules/ingest-common/src/main/resources/org/opensearch/ingest/common/processors_whitelist.txt @@ -17,7 +17,7 @@ # under the License. # -# This file contains a whitelist of static processor methods that can be accessed from painless +# This file contains a allowlist of static processor methods that can be accessed from painless class org.opensearch.ingest.common.Processors { long bytes(String) diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java index 695c8663872..b400c7a027f 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/Whitelist.java @@ -39,18 +39,18 @@ import java.util.List; import java.util.Objects; /** - * Whitelist contains data structures designed to be used to generate a whitelist of Java classes, + * Allowlist contains data structures designed to be used to generate an allowlist of Java classes, * constructors, methods, and fields that can be used within a Painless script at both compile-time * and run-time. * - * A whitelist consists of several pieces with {@link WhitelistClass}s as the top level. Each + * A Allowlist consists of several pieces with {@link WhitelistClass}s as the top level. Each * {@link WhitelistClass} will contain zero-to-many {@link WhitelistConstructor}s, {@link WhitelistMethod}s, and * {@link WhitelistField}s which are what will be available with a Painless script. See each individual - * whitelist object for more detail. + * allowlist object for more detail. */ public final class Whitelist { - private static final String[] BASE_WHITELIST_FILES = new String[] { + private static final String[] BASE_ALLOWLIST_FILES = new String[] { "org.opensearch.txt", "java.lang.txt", "java.math.txt", @@ -66,37 +66,37 @@ public final class Whitelist { "java.util.stream.txt" }; public static final List BASE_WHITELISTS = Collections.singletonList( - WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_WHITELIST_FILES) + WhitelistLoader.loadFromResourceFiles(Whitelist.class, WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS, BASE_ALLOWLIST_FILES) ); - /** The {@link ClassLoader} used to look up the whitelisted Java classes, constructors, methods, and fields. */ + /** The {@link ClassLoader} used to look up the allowlisted Java classes, constructors, methods, and fields. */ public final ClassLoader classLoader; - /** The {@link List} of all the whitelisted Painless classes. */ + /** The {@link List} of all the allowlisted Painless classes. */ public final List whitelistClasses; - /** The {@link List} of all the whitelisted static Painless methods. */ + /** The {@link List} of all the allowlisted static Painless methods. */ public final List whitelistImportedMethods; - /** The {@link List} of all the whitelisted Painless class bindings. */ + /** The {@link List} of all the allowlisted Painless class bindings. */ public final List whitelistClassBindings; - /** The {@link List} of all the whitelisted Painless instance bindings. */ + /** The {@link List} of all the allowlisted Painless instance bindings. */ public final List whitelistInstanceBindings; /** Standard constructor. All values must be not {@code null}. */ public Whitelist( ClassLoader classLoader, - List whitelistClasses, - List whitelistImportedMethods, - List whitelistClassBindings, - List whitelistInstanceBindings + List allowlistClasses, + List allowlistImportedMethods, + List allowlistClassBindings, + List allowlistInstanceBindings ) { this.classLoader = Objects.requireNonNull(classLoader); - this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(whitelistClasses)); - this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistImportedMethods)); - this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistClassBindings)); - this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(whitelistInstanceBindings)); + this.whitelistClasses = Collections.unmodifiableList(Objects.requireNonNull(allowlistClasses)); + this.whitelistImportedMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistImportedMethods)); + this.whitelistClassBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistClassBindings)); + this.whitelistInstanceBindings = Collections.unmodifiableList(Objects.requireNonNull(allowlistInstanceBindings)); } } diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java index 3947be60054..bf5083998f9 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClass.java @@ -42,7 +42,7 @@ import java.util.stream.Collectors; /** * Class represents the equivalent of a Java class in Painless complete with super classes, * constructors, methods, and fields. There must be a one-to-one mapping of class names to Java - * classes. Though, since multiple whitelists may be combined into a single whitelist for a + * classes. Though, since multiple allowlists may be combined into a single allowlist for a * specific context, as long as multiple classes representing the same Java class have the same * class name and have legal constructor/method overloading they can be merged together. * @@ -51,7 +51,7 @@ import java.util.stream.Collectors; * number of parameters, and multiples methods with the same name are allowed for a single class * as long as they have the same return type and a different number of parameters. * - * Classes will automatically extend other whitelisted classes if the Java class they represent is a + * Classes will automatically extend other allowlisted classes if the Java class they represent is a * subclass of other classes including Java interfaces. */ public final class WhitelistClass { @@ -62,13 +62,13 @@ public final class WhitelistClass { /** The Java class name this class represents. */ public final String javaClassName; - /** The {@link List} of whitelisted ({@link WhitelistConstructor}s) available to this class. */ + /** The {@link List} of allowlisted ({@link WhitelistConstructor}s) available to this class. */ public final List whitelistConstructors; - /** The {@link List} of whitelisted ({@link WhitelistMethod}s) available to this class. */ + /** The {@link List} of allowlisted ({@link WhitelistMethod}s) available to this class. */ public final List whitelistMethods; - /** The {@link List} of whitelisted ({@link WhitelistField}s) available to this class. */ + /** The {@link List} of allowlisted ({@link WhitelistField}s) available to this class. */ public final List whitelistFields; /** The {@link Map} of annotations for this class. */ @@ -78,18 +78,18 @@ public final class WhitelistClass { public WhitelistClass( String origin, String javaClassName, - List whitelistConstructors, - List whitelistMethods, - List whitelistFields, + List allowlistConstructors, + List allowlistMethods, + List allowlistFields, List painlessAnnotations ) { this.origin = Objects.requireNonNull(origin); this.javaClassName = Objects.requireNonNull(javaClassName); - this.whitelistConstructors = Collections.unmodifiableList(Objects.requireNonNull(whitelistConstructors)); - this.whitelistMethods = Collections.unmodifiableList(Objects.requireNonNull(whitelistMethods)); - this.whitelistFields = Collections.unmodifiableList(Objects.requireNonNull(whitelistFields)); + this.whitelistConstructors = Collections.unmodifiableList(Objects.requireNonNull(allowlistConstructors)); + this.whitelistMethods = Collections.unmodifiableList(Objects.requireNonNull(allowlistMethods)); + this.whitelistFields = Collections.unmodifiableList(Objects.requireNonNull(allowlistFields)); if (painlessAnnotations.isEmpty()) { this.painlessAnnotations = Collections.emptyMap(); diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClassBinding.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClassBinding.java index 387453f1ea8..15ce4b84c4b 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClassBinding.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistClassBinding.java @@ -50,7 +50,7 @@ import java.util.stream.Collectors; */ public class WhitelistClassBinding { - /** Information about where this constructor was whitelisted from. */ + /** Information about where this constructor was allowlisted from. */ public final String origin; /** The Java class name this class binding targets. */ diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistConstructor.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistConstructor.java index 4b96d727e4e..30182996825 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistConstructor.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistConstructor.java @@ -40,14 +40,14 @@ import java.util.Objects; import java.util.stream.Collectors; /** - * Constructor represents the equivalent of a Java constructor available as a whitelisted class + * Constructor represents the equivalent of a Java constructor available as a allowlisted class * constructor within Painless. Constructors for Painless classes may be accessed exactly as * constructors for Java classes are using the 'new' keyword. Painless classes may have multiple * constructors as long as they comply with arity overloading described for {@link WhitelistClass}. */ public final class WhitelistConstructor { - /** Information about where this constructor was whitelisted from. */ + /** Information about where this constructor was allowlisted from. */ public final String origin; /** diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistField.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistField.java index e6519ea68af..cc3f6290a6c 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistField.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistField.java @@ -40,13 +40,13 @@ import java.util.Objects; import java.util.stream.Collectors; /** - * Field represents the equivalent of a Java field available as a whitelisted class field + * Field represents the equivalent of a Java field available as an allowlisted class field * within Painless. Fields for Painless classes may be accessed exactly as fields for Java classes * are using the '.' operator on an existing class variable/field. */ public class WhitelistField { - /** Information about where this method was whitelisted from. */ + /** Information about where this method was allowlisted from. */ public final String origin; /** The field name used to look up the field reflection object. */ diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistInstanceBinding.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistInstanceBinding.java index 6e5994622ec..7e9bf0af94b 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistInstanceBinding.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistInstanceBinding.java @@ -46,7 +46,7 @@ import java.util.stream.Collectors; */ public class WhitelistInstanceBinding { - /** Information about where this constructor was whitelisted from. */ + /** Information about where this constructor was allowlisted from. */ public final String origin; /** The Java instance this instance binding targets. */ diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistLoader.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistLoader.java index 6f123198ab4..2da6d8fce1d 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistLoader.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistLoader.java @@ -54,7 +54,7 @@ public final class WhitelistLoader { /** * Loads and creates a {@link Whitelist} from one to many text files using only the base annotation parsers. - * See {@link #loadFromResourceFiles(Class, Map, String...)} for information on how to structure a whitelist + * See {@link #loadFromResourceFiles(Class, Map, String...)} for information on how to structure an allowlist * text file. */ public static Whitelist loadFromResourceFiles(Class resource, String... filepaths) { @@ -66,17 +66,17 @@ public final class WhitelistLoader { * {@link String}s with a single {@link Class} to be be used to load the resources where each {@link String} * is the path of a single text file. The {@link Class}'s {@link ClassLoader} will be used to lookup the Java * reflection objects for each individual {@link Class}, {@link Constructor}, {@link Method}, and {@link Field} - * specified as part of the whitelist in the text file. + * specified as part of the allowlist in the text file. * * A single pass is made through each file to collect all the information about each class, constructor, method, - * and field. Most validation will be done at a later point after all whitelists have been gathered and their + * and field. Most validation will be done at a later point after all allowlists have been gathered and their * merging takes place. * * A painless type name is one of the following: *
    *
  • def - The Painless dynamic type which is automatically included without a need to be - * whitelisted.
  • - *
  • fully-qualified Java type name - Any whitelisted Java class will have the equivalent name as + * allowlisted.
  • + *
  • fully-qualified Java type name - Any allowlisted Java class will have the equivalent name as * a Painless type name with the exception that any dollar symbols used as part of inner classes will * be replaced with dot symbols.
  • *
  • short Java type name - The text after the final dot symbol of any specified Java class. A @@ -84,7 +84,7 @@ public final class WhitelistLoader { * as described later.
  • *
* - * The following can be parsed from each whitelist text file: + * The following can be parsed from each allowlist text file: *
    *
  • Blank lines will be ignored by the parser.
  • *
  • Comments may be created starting with a pound '#' symbol and end with a newline. These will @@ -98,19 +98,19 @@ public final class WhitelistLoader { *
      *
    • A constructor may be specified starting with an opening parenthesis, followed by a * comma-delimited list of Painless type names corresponding to the type/class names for - * the equivalent Java parameter types (these must be whitelisted as well), a closing + * the equivalent Java parameter types (these must be allowlisted as well), a closing * parenthesis, and a newline.
    • *
    • A method may be specified starting with a Painless type name for the return type, * followed by the Java name of the method (which will also be the Painless name for the * method), an opening parenthesis, a comma-delimited list of Painless type names * corresponding to the type/class names for the equivalent Java parameter types - * (these must be whitelisted as well), a closing parenthesis, and a newline.
    • + * (these must be allowlisted as well), a closing parenthesis, and a newline. *
    • An augmented method may be specified starting with a Painless type name for the return * type, followed by the fully qualified Java name of the class the augmented method is - * part of (this class does not need to be whitelisted), the Java name of the method + * part of (this class does not need to be allowlisted), the Java name of the method * (which will also be the Painless name for the method), an opening parenthesis, a * comma-delimited list of Painless type names corresponding to the type/class names - * for the equivalent Java parameter types (these must be whitelisted as well), a closing + * for the equivalent Java parameter types (these must be allowlisted as well), a closing * parenthesis, and a newline.
    • *
    • A field may be specified starting with a Painless type name for the equivalent Java type * of the field, followed by the Java name of the field (which all be the Painless name @@ -130,7 +130,7 @@ public final class WhitelistLoader { * fully-qualified Java class name. Method argument types, method return types, and field types * must be specified with Painless type names (def, fully-qualified, or short) as described earlier. * - * The following example is used to create a single whitelist text file: + * The following example is used to create a single allowlist text file: * * {@code * # primitive types @@ -164,12 +164,12 @@ public final class WhitelistLoader { * } */ public static Whitelist loadFromResourceFiles(Class resource, Map parsers, String... filepaths) { - List whitelistClasses = new ArrayList<>(); - List whitelistStatics = new ArrayList<>(); - List whitelistClassBindings = new ArrayList<>(); + List allowlistClasses = new ArrayList<>(); + List allowlistStatics = new ArrayList<>(); + List allowlistClassBindings = new ArrayList<>(); - // Execute a single pass through the whitelist text files. This will gather all the - // constructors, methods, augmented methods, and fields for each whitelisted class. + // Execute a single pass through the allowlist text files. This will gather all the + // constructors, methods, augmented methods, and fields for each allowlisted class. for (String filepath : filepaths) { String line; int number = -1; @@ -181,11 +181,11 @@ public final class WhitelistLoader { ) { String parseType = null; - String whitelistClassOrigin = null; + String allowlistClassOrigin = null; String javaClassName = null; - List whitelistConstructors = null; - List whitelistMethods = null; - List whitelistFields = null; + List allowlistConstructors = null; + List allowlistMethods = null; + List allowlistFields = null; List classAnnotations = null; while ((line = reader.readLine()) != null) { @@ -197,7 +197,7 @@ public final class WhitelistLoader { continue; } - // Handle a new class by resetting all the variables necessary to construct a new WhitelistClass for the whitelist. + // Handle a new class by resetting all the variables necessary to construct a new AllowlistClass for the allowlist. // Expects the following format: 'class' ID annotations? '{' '\n' if (line.startsWith("class ")) { // Ensure the final token of the line is '{'. @@ -218,17 +218,17 @@ public final class WhitelistLoader { annotationIndex = line.length() - 1; classAnnotations = Collections.emptyList(); } else { - classAnnotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex, line.length() - 1)); + classAnnotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex, line.length() - 1)); } parseType = "class"; - whitelistClassOrigin = "[" + filepath + "]:[" + number + "]"; + allowlistClassOrigin = "[" + filepath + "]:[" + number + "]"; javaClassName = line.substring(5, annotationIndex).trim(); // Reset all the constructors, methods, and fields to support a new class. - whitelistConstructors = new ArrayList<>(); - whitelistMethods = new ArrayList<>(); - whitelistFields = new ArrayList<>(); + allowlistConstructors = new ArrayList<>(); + allowlistMethods = new ArrayList<>(); + allowlistFields = new ArrayList<>(); } else if (line.startsWith("static_import ")) { // Ensure the final token of the line is '{'. if (line.endsWith("{") == false) { @@ -250,25 +250,25 @@ public final class WhitelistLoader { throw new IllegalArgumentException("invalid definition: extraneous closing bracket"); } - // Create a new WhitelistClass with all the previously gathered constructors, methods, - // augmented methods, and fields, and add it to the list of whitelisted classes. + // Create a new AllowlistClass with all the previously gathered constructors, methods, + // augmented methods, and fields, and add it to the list of allowlisted classes. if ("class".equals(parseType)) { - whitelistClasses.add( + allowlistClasses.add( new WhitelistClass( - whitelistClassOrigin, + allowlistClassOrigin, javaClassName, - whitelistConstructors, - whitelistMethods, - whitelistFields, + allowlistConstructors, + allowlistMethods, + allowlistFields, classAnnotations ) ); - whitelistClassOrigin = null; + allowlistClassOrigin = null; javaClassName = null; - whitelistConstructors = null; - whitelistMethods = null; - whitelistFields = null; + allowlistConstructors = null; + allowlistMethods = null; + allowlistFields = null; classAnnotations = null; } @@ -330,7 +330,7 @@ public final class WhitelistLoader { annotationIndex = line.length(); annotations = Collections.emptyList(); } else { - annotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex)); + annotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex)); } // Parse the static import type and class. @@ -349,7 +349,7 @@ public final class WhitelistLoader { // Add a static import method or binding depending on the static import type. if ("from_class".equals(staticImportType)) { - whitelistStatics.add( + allowlistStatics.add( new WhitelistMethod( origin, targetJavaClassName, @@ -360,7 +360,7 @@ public final class WhitelistLoader { ) ); } else if ("bound_to".equals(staticImportType)) { - whitelistClassBindings.add( + allowlistClassBindings.add( new WhitelistClassBinding( origin, targetJavaClassName, @@ -410,9 +410,9 @@ public final class WhitelistLoader { int annotationIndex = line.indexOf('@'); annotations = annotationIndex == -1 ? Collections.emptyList() - : parseWhitelistAnnotations(parsers, line.substring(annotationIndex)); + : parseAllowlistAnnotations(parsers, line.substring(annotationIndex)); - whitelistConstructors.add( + allowlistConstructors.add( new WhitelistConstructor(origin, Arrays.asList(canonicalTypeNameParameters), annotations) ); @@ -462,9 +462,9 @@ public final class WhitelistLoader { int annotationIndex = line.indexOf('@'); annotations = annotationIndex == -1 ? Collections.emptyList() - : parseWhitelistAnnotations(parsers, line.substring(annotationIndex)); + : parseAllowlistAnnotations(parsers, line.substring(annotationIndex)); - whitelistMethods.add( + allowlistMethods.add( new WhitelistMethod( origin, javaAugmentedClassName, @@ -486,7 +486,7 @@ public final class WhitelistLoader { annotationIndex = line.length(); annotations = Collections.emptyList(); } else { - annotations = parseWhitelistAnnotations(parsers, line.substring(annotationIndex)); + annotations = parseAllowlistAnnotations(parsers, line.substring(annotationIndex)); } // Parse the field tokens. @@ -497,7 +497,7 @@ public final class WhitelistLoader { throw new IllegalArgumentException("invalid field definition: unexpected format [" + line + "]"); } - whitelistFields.add(new WhitelistField(origin, tokens[1], tokens[0], annotations)); + allowlistFields.add(new WhitelistField(origin, tokens[1], tokens[0], annotations)); } } else { throw new IllegalArgumentException("invalid definition: unable to parse line [" + line + "]"); @@ -515,10 +515,10 @@ public final class WhitelistLoader { ClassLoader loader = AccessController.doPrivileged((PrivilegedAction) resource::getClassLoader); - return new Whitelist(loader, whitelistClasses, whitelistStatics, whitelistClassBindings, Collections.emptyList()); + return new Whitelist(loader, allowlistClasses, allowlistStatics, allowlistClassBindings, Collections.emptyList()); } - private static List parseWhitelistAnnotations(Map parsers, String line) { + private static List parseAllowlistAnnotations(Map parsers, String line) { List annotations; diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistMethod.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistMethod.java index 2a8e94206e2..9a57a5a098c 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistMethod.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/WhitelistMethod.java @@ -40,7 +40,7 @@ import java.util.Objects; import java.util.stream.Collectors; /** - * Method represents the equivalent of a Java method available as a whitelisted class method + * Method represents the equivalent of a Java method available as an allowlisted class method * within Painless. Methods for Painless classes may be accessed exactly as methods for Java classes * are using the '.' operator on an existing class variable/field. Painless classes may have multiple * methods with the same name as long as they comply with arity overloading described in @@ -50,11 +50,11 @@ import java.util.stream.Collectors; * these are known as augmented methods. An augmented method can be added to a class as a part of any * Java class as long as the method is static and the first parameter of the method is the Java class * represented by the class. Note that the augmented method's parent Java class does not need to be - * whitelisted. + * allowlisted. */ public class WhitelistMethod { - /** Information about where this method was whitelisted from. */ + /** Information about where this method was allowlisted from. */ public final String origin; /** diff --git a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/annotation/WhitelistAnnotationParser.java b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/annotation/WhitelistAnnotationParser.java index ec270a33632..9874c61b2a0 100644 --- a/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/annotation/WhitelistAnnotationParser.java +++ b/modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/annotation/WhitelistAnnotationParser.java @@ -39,8 +39,8 @@ import java.util.stream.Collectors; import java.util.stream.Stream; /** - * WhitelistAnnotationParser is an interface used to define how to - * parse an annotation against any whitelist object while loading. + * AllowlistAnnotationParser is an interface used to define how to + * parse an annotation against any allowlist object while loading. */ public interface WhitelistAnnotationParser { diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/Compiler.java b/modules/lang-painless/src/main/java/org/opensearch/painless/Compiler.java index 5d302e2698f..eca931d87b6 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/Compiler.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/Compiler.java @@ -168,7 +168,7 @@ final class Compiler { private final Class scriptClass; /** - * The whitelist the script will use. + * The allowlist the script will use. */ private final PainlessLookup painlessLookup; @@ -182,7 +182,7 @@ final class Compiler { * @param scriptClass The class/interface the script will implement. * @param factoryClass An optional class/interface to create the {@code scriptClass} instance. * @param statefulFactoryClass An optional class/interface to create the {@code factoryClass} instance. - * @param painlessLookup The whitelist the script will use. + * @param painlessLookup The allowlist the script will use. */ Compiler(Class scriptClass, Class factoryClass, Class statefulFactoryClass, PainlessLookup painlessLookup) { this.scriptClass = scriptClass; diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/Def.java b/modules/lang-painless/src/main/java/org/opensearch/painless/Def.java index 1c5b40b0e71..de6fd5ebc01 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/Def.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/Def.java @@ -237,10 +237,10 @@ public final class Def { *

      *

      * This method traverses {@code recieverClass}'s class hierarchy (including interfaces) - * until it finds a matching whitelisted method. If one is not found, it throws an exception. + * until it finds a matching allowlisted method. If one is not found, it throws an exception. * Otherwise it returns a handle to the matching method. *

      - * @param painlessLookup the whitelist + * @param painlessLookup the allowlist * @param functions user defined functions and lambdas * @param constants available constants to be used if the method has the {@code InjectConstantAnnotation} * @param methodHandlesLookup caller's lookup @@ -249,7 +249,7 @@ public final class Def { * @param name Name of the method. * @param args bootstrap args passed to callsite * @return pointer to matching method to invoke. never returns null. - * @throws IllegalArgumentException if no matching whitelisted method was found. + * @throws IllegalArgumentException if no matching allowlisted method was found. * @throws Throwable if a method reference cannot be converted to an functional interface */ static MethodHandle lookupMethod( @@ -473,26 +473,26 @@ public final class Def { *

      * The following field loads are allowed: *

        - *
      • Whitelisted {@code field} from receiver's class or any superclasses. - *
      • Whitelisted method named {@code getField()} from receiver's class/superclasses/interfaces. - *
      • Whitelisted method named {@code isField()} from receiver's class/superclasses/interfaces. + *
      • Allowlisted {@code field} from receiver's class or any superclasses. + *
      • Allowlisted method named {@code getField()} from receiver's class/superclasses/interfaces. + *
      • Allowlisted method named {@code isField()} from receiver's class/superclasses/interfaces. *
      • The {@code length} field of an array. *
      • The value corresponding to a map key named {@code field} when the receiver is a Map. *
      • The value in a list at element {@code field} (integer) when the receiver is a List. *
      *

      * This method traverses {@code recieverClass}'s class hierarchy (including interfaces) - * until it finds a matching whitelisted getter. If one is not found, it throws an exception. + * until it finds a matching allowlisted getter. If one is not found, it throws an exception. * Otherwise it returns a handle to the matching getter. *

      - * @param painlessLookup the whitelist + * @param painlessLookup the allowlist * @param receiverClass Class of the object to retrieve the field from. * @param name Name of the field. * @return pointer to matching field. never returns null. - * @throws IllegalArgumentException if no matching whitelisted field was found. + * @throws IllegalArgumentException if no matching allowlisted field was found. */ static MethodHandle lookupGetter(PainlessLookup painlessLookup, Class receiverClass, String name) { - // first try whitelist + // first try allowlist MethodHandle getter = painlessLookup.lookupRuntimeGetterMethodHandle(receiverClass, name); if (getter != null) { @@ -530,24 +530,24 @@ public final class Def { *

      * The following field stores are allowed: *

        - *
      • Whitelisted {@code field} from receiver's class or any superclasses. - *
      • Whitelisted method named {@code setField()} from receiver's class/superclasses/interfaces. + *
      • Allowlisted {@code field} from receiver's class or any superclasses. + *
      • Allowlisted method named {@code setField()} from receiver's class/superclasses/interfaces. *
      • The value corresponding to a map key named {@code field} when the receiver is a Map. *
      • The value in a list at element {@code field} (integer) when the receiver is a List. *
      *

      * This method traverses {@code recieverClass}'s class hierarchy (including interfaces) - * until it finds a matching whitelisted setter. If one is not found, it throws an exception. + * until it finds a matching allowlisted setter. If one is not found, it throws an exception. * Otherwise it returns a handle to the matching setter. *

      - * @param painlessLookup the whitelist + * @param painlessLookup the allowlist * @param receiverClass Class of the object to retrieve the field from. * @param name Name of the field. * @return pointer to matching field. never returns null. - * @throws IllegalArgumentException if no matching whitelisted field was found. + * @throws IllegalArgumentException if no matching allowlisted field was found. */ static MethodHandle lookupSetter(PainlessLookup painlessLookup, Class receiverClass, String name) { - // first try whitelist + // first try allowlist MethodHandle setter = painlessLookup.lookupRuntimeSetterMethodHandle(receiverClass, name); if (setter != null) { diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java b/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java index 97e2b6f2466..0726881b129 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/DefBootstrap.java @@ -53,7 +53,7 @@ import java.util.Map; * shift operator, and dynamic array index normalize. *

      * When a new type is encountered at the call site, we lookup from the appropriate - * whitelist, and cache with a guard. If we encounter too many types, we stop caching. + * allowlist, and cache with a guard. If we encounter too many types, we stop caching. *

      * Based on the cascaded inlining cache from the JSR 292 cookbook * (https://code.google.com/archive/p/jsr292-cookbook/, BSD license) @@ -166,7 +166,7 @@ public final class DefBootstrap { } /** - * Does a slow lookup against the whitelist. + * Does a slow lookup against the allowlist. */ private MethodHandle lookup(int flavor, String name, Class receiver) throws Throwable { switch (flavor) { @@ -470,10 +470,10 @@ public final class DefBootstrap { * In addition to ordinary parameters, we also take some parameters defined at the call site: *

        *
      • {@code initialDepth}: initial call site depth. this is used to exercise megamorphic fallback. - *
      • {@code flavor}: type of dynamic call it is (and which part of whitelist to look at). + *
      • {@code flavor}: type of dynamic call it is (and which part of allowlist to look at). *
      • {@code args}: flavor-specific args. *
      - * And we take the {@link PainlessLookup} used to compile the script for whitelist checking. + * And we take the {@link PainlessLookup} used to compile the script for allowlist checking. *

      * see https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html#jvms-6.5.invokedynamic */ diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java b/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java index 097960dfbe6..c6aa2661487 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/FunctionRef.java @@ -59,8 +59,8 @@ import static org.objectweb.asm.Opcodes.H_NEWINVOKESPECIAL; */ public class FunctionRef { /** - * Creates a new FunctionRef which will resolve {@code type::call} from the whitelist. - * @param painlessLookup the whitelist against which this script is being compiled + * Creates a new FunctionRef which will resolve {@code type::call} from the allowlist. + * @param painlessLookup the allowlist against which this script is being compiled * @param functionTable user-defined and synthetic methods generated directly on the script class * @param location the character number within the script at compile-time * @param targetClass functional interface type to implement. diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java b/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java index 4c693243d2a..09a23c15f34 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/PainlessPlugin.java @@ -83,11 +83,11 @@ import java.util.function.Supplier; */ public final class PainlessPlugin extends Plugin implements ScriptPlugin, ExtensiblePlugin, ActionPlugin { - private static final Map, List> whitelists; + private static final Map, List> allowlists; /* - * Contexts from Core that need custom whitelists can add them to the map below. - * Whitelist resources should be added as appropriately named, separate files + * Contexts from Core that need custom allowlists can add them to the map below. + * Allowlist resources should be added as appropriately named, separate files * under Painless' resources */ static { @@ -108,23 +108,23 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens ingest.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt")); map.put(IngestScript.CONTEXT, ingest); - whitelists = map; + allowlists = map; } private final SetOnce painlessScriptEngine = new SetOnce<>(); @Override public ScriptEngine getScriptEngine(Settings settings, Collection> contexts) { - Map, List> contextsWithWhitelists = new HashMap<>(); + Map, List> contextsWithAllowlists = new HashMap<>(); for (ScriptContext context : contexts) { - // we might have a context that only uses the base whitelists, so would not have been filled in by reloadSPI - List contextWhitelists = whitelists.get(context); - if (contextWhitelists == null) { - contextWhitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS); + // we might have a context that only uses the base allowlists, so would not have been filled in by reloadSPI + List contextAllowlists = allowlists.get(context); + if (contextAllowlists == null) { + contextAllowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS); } - contextsWithWhitelists.put(context, contextWhitelists); + contextsWithAllowlists.put(context, contextAllowlists); } - painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithWhitelists)); + painlessScriptEngine.set(new PainlessScriptEngine(settings, contextsWithAllowlists)); return painlessScriptEngine.get(); } @@ -158,7 +158,7 @@ public final class PainlessPlugin extends Plugin implements ScriptPlugin, Extens .stream() .flatMap(extension -> extension.getContextWhitelists().entrySet().stream()) .forEach(entry -> { - List existing = whitelists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS)); + List existing = allowlists.computeIfAbsent(entry.getKey(), c -> new ArrayList<>(Whitelist.BASE_WHITELISTS)); existing.addAll(entry.getValue()); }); } diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java b/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java index 4b2125aac24..a9333fde6b4 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/action/PainlessContextAction.java @@ -68,7 +68,7 @@ import static java.util.Collections.singletonList; import static org.opensearch.rest.RestRequest.Method.GET; /** - * Internal REST API for querying context information about Painless whitelists. + * Internal REST API for querying context information about Painless allowlists. * Commands include the following: *

        *
      • GET /_scripts/painless/_context -- retrieves a list of contexts
      • diff --git a/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java b/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java index dd8e253db47..ff3fbc640e9 100644 --- a/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java +++ b/modules/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java @@ -126,107 +126,107 @@ public final class PainlessLookupBuilder { } } - public static PainlessLookup buildFromWhitelists(List whitelists) { + public static PainlessLookup buildFromWhitelists(List allowlists) { PainlessLookupBuilder painlessLookupBuilder = new PainlessLookupBuilder(); String origin = "internal error"; try { - for (Whitelist whitelist : whitelists) { - for (WhitelistClass whitelistClass : whitelist.whitelistClasses) { - origin = whitelistClass.origin; + for (Whitelist allowlist : allowlists) { + for (WhitelistClass allowlistClass : allowlist.whitelistClasses) { + origin = allowlistClass.origin; painlessLookupBuilder.addPainlessClass( - whitelist.classLoader, - whitelistClass.javaClassName, - whitelistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false + allowlist.classLoader, + allowlistClass.javaClassName, + allowlistClass.painlessAnnotations.containsKey(NoImportAnnotation.class) == false ); } } - for (Whitelist whitelist : whitelists) { - for (WhitelistClass whitelistClass : whitelist.whitelistClasses) { - String targetCanonicalClassName = whitelistClass.javaClassName.replace('$', '.'); + for (Whitelist allowlist : allowlists) { + for (WhitelistClass allowlistClass : allowlist.whitelistClasses) { + String targetCanonicalClassName = allowlistClass.javaClassName.replace('$', '.'); - for (WhitelistConstructor whitelistConstructor : whitelistClass.whitelistConstructors) { - origin = whitelistConstructor.origin; + for (WhitelistConstructor allowlistConstructor : allowlistClass.whitelistConstructors) { + origin = allowlistConstructor.origin; painlessLookupBuilder.addPainlessConstructor( targetCanonicalClassName, - whitelistConstructor.canonicalTypeNameParameters, - whitelistConstructor.painlessAnnotations + allowlistConstructor.canonicalTypeNameParameters, + allowlistConstructor.painlessAnnotations ); } - for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) { - origin = whitelistMethod.origin; + for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) { + origin = allowlistMethod.origin; painlessLookupBuilder.addPainlessMethod( - whitelist.classLoader, + allowlist.classLoader, targetCanonicalClassName, - whitelistMethod.augmentedCanonicalClassName, - whitelistMethod.methodName, - whitelistMethod.returnCanonicalTypeName, - whitelistMethod.canonicalTypeNameParameters, - whitelistMethod.painlessAnnotations + allowlistMethod.augmentedCanonicalClassName, + allowlistMethod.methodName, + allowlistMethod.returnCanonicalTypeName, + allowlistMethod.canonicalTypeNameParameters, + allowlistMethod.painlessAnnotations ); } - for (WhitelistField whitelistField : whitelistClass.whitelistFields) { - origin = whitelistField.origin; + for (WhitelistField allowlistField : allowlistClass.whitelistFields) { + origin = allowlistField.origin; painlessLookupBuilder.addPainlessField( targetCanonicalClassName, - whitelistField.fieldName, - whitelistField.canonicalTypeNameParameter + allowlistField.fieldName, + allowlistField.canonicalTypeNameParameter ); } } - for (WhitelistMethod whitelistStatic : whitelist.whitelistImportedMethods) { - origin = whitelistStatic.origin; + for (WhitelistMethod allowlistStatic : allowlist.whitelistImportedMethods) { + origin = allowlistStatic.origin; painlessLookupBuilder.addImportedPainlessMethod( - whitelist.classLoader, - whitelistStatic.augmentedCanonicalClassName, - whitelistStatic.methodName, - whitelistStatic.returnCanonicalTypeName, - whitelistStatic.canonicalTypeNameParameters, - whitelistStatic.painlessAnnotations + allowlist.classLoader, + allowlistStatic.augmentedCanonicalClassName, + allowlistStatic.methodName, + allowlistStatic.returnCanonicalTypeName, + allowlistStatic.canonicalTypeNameParameters, + allowlistStatic.painlessAnnotations ); } - for (WhitelistClassBinding whitelistClassBinding : whitelist.whitelistClassBindings) { - origin = whitelistClassBinding.origin; + for (WhitelistClassBinding allowlistClassBinding : allowlist.whitelistClassBindings) { + origin = allowlistClassBinding.origin; painlessLookupBuilder.addPainlessClassBinding( - whitelist.classLoader, - whitelistClassBinding.targetJavaClassName, - whitelistClassBinding.methodName, - whitelistClassBinding.returnCanonicalTypeName, - whitelistClassBinding.canonicalTypeNameParameters, - whitelistClassBinding.painlessAnnotations + allowlist.classLoader, + allowlistClassBinding.targetJavaClassName, + allowlistClassBinding.methodName, + allowlistClassBinding.returnCanonicalTypeName, + allowlistClassBinding.canonicalTypeNameParameters, + allowlistClassBinding.painlessAnnotations ); } - for (WhitelistInstanceBinding whitelistInstanceBinding : whitelist.whitelistInstanceBindings) { - origin = whitelistInstanceBinding.origin; + for (WhitelistInstanceBinding allowlistInstanceBinding : allowlist.whitelistInstanceBindings) { + origin = allowlistInstanceBinding.origin; painlessLookupBuilder.addPainlessInstanceBinding( - whitelistInstanceBinding.targetInstance, - whitelistInstanceBinding.methodName, - whitelistInstanceBinding.returnCanonicalTypeName, - whitelistInstanceBinding.canonicalTypeNameParameters + allowlistInstanceBinding.targetInstance, + allowlistInstanceBinding.methodName, + allowlistInstanceBinding.returnCanonicalTypeName, + allowlistInstanceBinding.canonicalTypeNameParameters ); } } } catch (Exception exception) { - throw new IllegalArgumentException("error loading whitelist(s) " + origin, exception); + throw new IllegalArgumentException("error loading allowlist(s) " + origin, exception); } return painlessLookupBuilder.build(); } // javaClassNamesToClasses is all the classes that need to be available to the custom classloader - // including classes used as part of imported methods and class bindings but not necessarily whitelisted + // including classes used as part of imported methods and class bindings but not necessarily allowlisted // individually. The values of javaClassNamesToClasses are a superset of the values of // canonicalClassNamesToClasses. private final Map> javaClassNamesToClasses; - // canonicalClassNamesToClasses is all the whitelisted classes available in a Painless script including + // canonicalClassNamesToClasses is all the allowlisted classes available in a Painless script including // classes with imported canonical names but does not include classes from imported methods or class - // bindings unless also whitelisted separately. The values of canonicalClassNamesToClasses are a subset + // bindings unless also allowlisted separately. The values of canonicalClassNamesToClasses are a subset // of the values of javaClassNamesToClasses. private final Map> canonicalClassNamesToClasses; private final Map, PainlessClassBuilder> classesToPainlessClassBuilders; @@ -2060,7 +2060,7 @@ public final class PainlessLookupBuilder { /** * Creates a {@link Map} of PainlessMethodKeys to {@link PainlessMethod}s per {@link PainlessClass} stored as * {@link PainlessClass#runtimeMethods} identical to {@link PainlessClass#methods} with the exception of generated - * bridge methods. A generated bridge method is created for each whitelisted method that has at least one parameter + * bridge methods. A generated bridge method is created for each allowlisted method that has at least one parameter * with a boxed type to cast from other numeric primitive/boxed types in a symmetric was not handled by * {@link MethodHandle#asType(MethodType)}. As an example {@link MethodHandle#asType(MethodType)} legally casts * from {@link Integer} to long but not from int to {@link Long}. Generated bridge methods cover the latter case. diff --git a/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy b/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy index d1e2f88bb16..ccfd6ba70dd 100644 --- a/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy +++ b/modules/lang-painless/src/main/plugin-metadata/plugin-security.policy @@ -34,6 +34,6 @@ grant { // needed to generate runtime classes permission java.lang.RuntimePermission "createClassLoader"; - // needed to find the classloader to load whitelisted classes from + // needed to find the classloader to load allowlisted classes from permission java.lang.RuntimePermission "getClassLoader"; }; diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt index ab12664824b..05b3e4fa83c 100644 --- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt +++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/java.util.regex.txt @@ -58,7 +58,7 @@ class java.util.regex.Matcher { String replaceFirst(String) boolean requireEnd() Matcher reset() - # Note: Do not whitelist Matcher.reset(String), it subverts regex limiting + # Note: Do not allowlist Matcher.reset(String), it subverts regex limiting int start() int start(int) Matcher useAnchoringBounds(boolean) diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt index ed75c44ce9f..e314934ed4e 100644 --- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt +++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.aggs.movfn.txt @@ -17,7 +17,7 @@ # under the License. # -# This file contains a whitelist for the Moving Function pipeline aggregator in core +# This file contains an allowlist for the Moving Function pipeline aggregator in core class org.opensearch.search.aggregations.pipeline.MovingFunctions { double max(double[]) diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt index 36f3c8e418d..cddb8e5f0aa 100644 --- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt +++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.ingest.txt @@ -17,7 +17,7 @@ # under the License. # -# This file contains a whitelist for the ingest scripts +# This file contains an allowlist for the ingest scripts class java.lang.String { String org.opensearch.painless.api.Augmentation sha1() diff --git a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt index 9c8b8fd0d2c..cca7e07a953 100644 --- a/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt +++ b/modules/lang-painless/src/main/resources/org/opensearch/painless/spi/org.opensearch.score.txt @@ -17,7 +17,7 @@ # under the License. # -# This file contains a whitelist for functions to be used in Score context +# This file contains an allowlist for functions to be used in Score context class org.opensearch.script.ScoreScript @no_import { } diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java index d5cd3205b31..98b0cad9960 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/AugmentationTests.java @@ -53,9 +53,9 @@ public class AugmentationTests extends ScriptTestCase { @BeforeClass public static void beforeClass() { Map, List> contexts = newDefaultContexts(); - List digestWhitelist = new ArrayList<>(Whitelist.BASE_WHITELISTS); - digestWhitelist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt")); - contexts.put(DigestTestScript.CONTEXT, digestWhitelist); + List digestAllowlist = new ArrayList<>(Whitelist.BASE_WHITELISTS); + digestAllowlist.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.ingest.txt")); + contexts.put(DigestTestScript.CONTEXT, digestAllowlist); SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts); } diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java index 65f277741cc..e5113d93677 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/BindingsTests.java @@ -51,8 +51,8 @@ public class BindingsTests extends ScriptTestCase { @BeforeClass public static void beforeClass() { Map, List> contexts = newDefaultContexts(); - List whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS); - whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test")); + List allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS); + allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test")); InstanceBindingTestClass instanceBindingTestClass = new InstanceBindingTestClass(1); WhitelistInstanceBinding getter = new WhitelistInstanceBinding( @@ -74,16 +74,16 @@ public class BindingsTests extends ScriptTestCase { List instanceBindingsList = new ArrayList<>(); instanceBindingsList.add(getter); instanceBindingsList.add(setter); - Whitelist instanceBindingsWhitelist = new Whitelist( + Whitelist instanceBindingsAllowlist = new Whitelist( instanceBindingTestClass.getClass().getClassLoader(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), instanceBindingsList ); - whitelists.add(instanceBindingsWhitelist); + allowlists.add(instanceBindingsAllowlist); - contexts.put(BindingsTestScript.CONTEXT, whitelists); + contexts.put(BindingsTestScript.CONTEXT, allowlists); SCRIPT_ENGINE = new PainlessScriptEngine(Settings.EMPTY, contexts); } diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java index 1bc6597b584..bf9ad76fc6c 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject.java @@ -35,7 +35,7 @@ package org.opensearch.painless; import java.util.List; import java.util.function.Function; -/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */ +/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */ public class FeatureTestObject { /** static method that returns true */ public static boolean overloadedStatic() { @@ -47,7 +47,7 @@ public class FeatureTestObject { return whatToReturn; } - /** static method only whitelisted as a static */ + /** static method only allowlisted as a static */ public static float staticAddFloatsTest(float x, float y) { return x + y; } diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java index 9fb0610bc94..22216e5fb41 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/FeatureTestObject2.java @@ -32,7 +32,7 @@ package org.opensearch.painless; -/** Currently just a dummy class for testing a few features not yet exposed by whitelist! */ +/** Currently just a dummy class for testing a few features not yet exposed by allowlist! */ public class FeatureTestObject2 { public FeatureTestObject2() { super(); diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java index cb8296a3f23..8c1f545efcf 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/RegexTests.java @@ -172,7 +172,7 @@ public class RegexTests extends ScriptTestCase { assertEquals("o", exec("Matcher m = /(?f)(?o)o/.matcher('foo'); m.find(); return m.namedGroup('second')")); } - // Make sure some methods on Pattern are whitelisted + // Make sure some methods on Pattern are allowlisted public void testSplit() { assertArrayEquals(new String[] { "cat", "dog" }, (String[]) exec("/,/.split('cat,dog')")); } diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java b/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java index 488c01c6d1a..a30aa97d334 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/ScriptTestCase.java @@ -62,9 +62,9 @@ public abstract class ScriptTestCase extends OpenSearchTestCase { /** Creates a new contexts map with PainlessTextScript = org.opensearch.painless.test */ protected static Map, List> newDefaultContexts() { Map, List> contexts = new HashMap<>(); - List whitelists = new ArrayList<>(Whitelist.BASE_WHITELISTS); - whitelists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test")); - contexts.put(PainlessTestScript.CONTEXT, whitelists); + List allowlists = new ArrayList<>(Whitelist.BASE_WHITELISTS); + allowlists.add(WhitelistLoader.loadFromResourceFiles(Whitelist.class, "org.opensearch.painless.test")); + contexts.put(PainlessTestScript.CONTEXT, allowlists); return contexts; } diff --git a/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java b/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java index 1f5b252cb74..e4e754a5414 100644 --- a/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java +++ b/modules/lang-painless/src/test/java/org/opensearch/painless/WhitelistLoaderTests.java @@ -70,51 +70,51 @@ public class WhitelistLoaderTests extends ScriptTestCase { public void testAnnotations() { Map parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS); parsers.put(AnnotationTestObject.TestAnnotation.NAME, AnnotationTestObject.TestAnnotationParser.INSTANCE); - Whitelist whitelist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation"); + Whitelist allowlist = WhitelistLoader.loadFromResourceFiles(Whitelist.class, parsers, "org.opensearch.painless.annotation"); - assertEquals(1, whitelist.whitelistClasses.size()); + assertEquals(1, allowlist.whitelistClasses.size()); - WhitelistClass whitelistClass = whitelist.whitelistClasses.get(0); + WhitelistClass allowlistClass = allowlist.whitelistClasses.get(0); - assertNotNull(whitelistClass.painlessAnnotations.get(NoImportAnnotation.class)); - assertEquals(1, whitelistClass.painlessAnnotations.size()); - assertEquals(3, whitelistClass.whitelistMethods.size()); + assertNotNull(allowlistClass.painlessAnnotations.get(NoImportAnnotation.class)); + assertEquals(1, allowlistClass.painlessAnnotations.size()); + assertEquals(3, allowlistClass.whitelistMethods.size()); int count = 0; - for (WhitelistMethod whitelistMethod : whitelistClass.whitelistMethods) { - if ("deprecatedMethod".equals(whitelistMethod.methodName)) { + for (WhitelistMethod allowlistMethod : allowlistClass.whitelistMethods) { + if ("deprecatedMethod".equals(allowlistMethod.methodName)) { assertEquals( "use another method", - ((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage() + ((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage() ); - assertEquals(1, whitelistMethod.painlessAnnotations.size()); + assertEquals(1, allowlistMethod.painlessAnnotations.size()); ++count; } - if ("annotatedTestMethod".equals(whitelistMethod.methodName)) { - AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get( + if ("annotatedTestMethod".equals(allowlistMethod.methodName)) { + AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get( AnnotationTestObject.TestAnnotation.class )); assertEquals("one", ta.getOne()); assertEquals("two", ta.getTwo()); assertEquals("three", ta.getThree()); - assertEquals(1, whitelistMethod.painlessAnnotations.size()); + assertEquals(1, allowlistMethod.painlessAnnotations.size()); ++count; } - if ("annotatedMultipleMethod".equals(whitelistMethod.methodName)) { + if ("annotatedMultipleMethod".equals(allowlistMethod.methodName)) { assertEquals( "test", - ((DeprecatedAnnotation) whitelistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage() + ((DeprecatedAnnotation) allowlistMethod.painlessAnnotations.get(DeprecatedAnnotation.class)).getMessage() ); - AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) whitelistMethod.painlessAnnotations.get( + AnnotationTestObject.TestAnnotation ta = ((AnnotationTestObject.TestAnnotation) allowlistMethod.painlessAnnotations.get( AnnotationTestObject.TestAnnotation.class )); assertEquals("one", ta.getOne()); assertEquals("two", ta.getTwo()); assertEquals("three", ta.getThree()); - assertEquals(2, whitelistMethod.painlessAnnotations.size()); + assertEquals(2, allowlistMethod.painlessAnnotations.size()); ++count; } } diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation index 35808a46a90..897fb9c7aff 100644 --- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation +++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation @@ -1,4 +1,4 @@ -# whitelist for annotation tests +# allowlist for annotation tests class org.opensearch.painless.AnnotationTestObject @no_import { void deprecatedMethod() @deprecated[message="use another method"] diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown index 386a0bfd7ac..c5bb17cc42c 100644 --- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown +++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown @@ -1,4 +1,4 @@ -# whitelist for annotation tests with unknown annotation +# allowlist for annotation tests with unknown annotation class org.opensearch.painless.AnnotationTestObject @no_import { void unknownAnnotationMethod() @unknownAnnotation diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options index 616776d5ed3..d6d96cc6cfc 100644 --- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options +++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.annotation.unknown_with_options @@ -1,4 +1,4 @@ -# whitelist for annotation tests with unknown annotation containing options +# allowlist for annotation tests with unknown annotation containing options class org.opensearch.painless.AnnotationTestObject @no_import { void unknownAnnotationMethod() @unknownAnootationWithMessage[arg="arg value"] diff --git a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test index d2329040570..5345f7fab87 100644 --- a/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test +++ b/modules/lang-painless/src/test/resources/org/opensearch/painless/spi/org.opensearch.painless.test @@ -1,4 +1,4 @@ -# whitelist for tests +# allowlist for tests # TODO: remove this when the transition from Joda to Java datetimes is completed class org.opensearch.script.JodaCompatibleZonedDateTime { diff --git a/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml b/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml index 57e7b4e31e0..fee31fca55d 100644 --- a/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml +++ b/modules/lang-painless/src/yamlRestTest/resources/rest-api-spec/test/painless/70_mov_fn_agg.yml @@ -1,4 +1,4 @@ -# Sanity integration test to make sure the custom context and whitelist work for moving_fn pipeline agg +# Sanity integration test to make sure the custom context and allowlist work for moving_fn pipeline agg # setup: - do: diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index 6639e799cdd..935fe468fdb 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -49,7 +49,7 @@ testClusters.all { // Modules who's integration is explicitly tested in integration tests module ':modules:parent-join' module ':modules:lang-painless' - // Whitelist reindexing from the local node so we can test reindex-from-remote. + // Allowlist reindexing from the local node so we can test reindex-from-remote. setting 'reindex.remote.whitelist', '127.0.0.1:*' } diff --git a/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java b/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java index 671827b0164..d4a2ba08409 100644 --- a/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java +++ b/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexValidator.java @@ -59,7 +59,7 @@ class ReindexValidator { static final String SORT_DEPRECATED_MESSAGE = "The sort option in reindex is deprecated. " + "Instead consider using query filtering to find the desired subset of data."; - private final CharacterRunAutomaton remoteWhitelist; + private final CharacterRunAutomaton remoteAllowlist; private final ClusterService clusterService; private final IndexNameExpressionResolver resolver; private final AutoCreateIndex autoCreateIndex; @@ -70,14 +70,14 @@ class ReindexValidator { IndexNameExpressionResolver resolver, AutoCreateIndex autoCreateIndex ) { - this.remoteWhitelist = buildRemoteWhitelist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings)); + this.remoteAllowlist = buildRemoteAllowlist(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.get(settings)); this.clusterService = clusterService; this.resolver = resolver; this.autoCreateIndex = autoCreateIndex; } void initialValidation(ReindexRequest request) { - checkRemoteWhitelist(remoteWhitelist, request.getRemoteInfo()); + checkRemoteAllowlist(remoteAllowlist, request.getRemoteInfo()); ClusterState state = clusterService.state(); validateAgainstAliases( request.getSearchRequest(), @@ -93,32 +93,32 @@ class ReindexValidator { } } - static void checkRemoteWhitelist(CharacterRunAutomaton whitelist, RemoteInfo remoteInfo) { + static void checkRemoteAllowlist(CharacterRunAutomaton allowlist, RemoteInfo remoteInfo) { if (remoteInfo == null) { return; } String check = remoteInfo.getHost() + ':' + remoteInfo.getPort(); - if (whitelist.run(check)) { + if (allowlist.run(check)) { return; } - String whiteListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(); - throw new IllegalArgumentException('[' + check + "] not whitelisted in " + whiteListKey); + String allowListKey = TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(); + throw new IllegalArgumentException('[' + check + "] not allowlisted in " + allowListKey); } /** - * Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote whitelist and make sure that it doesn't whitelist + * Build the {@link CharacterRunAutomaton} that represents the reindex-from-remote allowlist and make sure that it doesn't allowlist * the world. */ - static CharacterRunAutomaton buildRemoteWhitelist(List whitelist) { - if (whitelist.isEmpty()) { + static CharacterRunAutomaton buildRemoteAllowlist(List allowlist) { + if (allowlist.isEmpty()) { return new CharacterRunAutomaton(Automata.makeEmpty()); } - Automaton automaton = Regex.simpleMatchToAutomaton(whitelist.toArray(Strings.EMPTY_ARRAY)); + Automaton automaton = Regex.simpleMatchToAutomaton(allowlist.toArray(Strings.EMPTY_ARRAY)); automaton = MinimizationOperations.minimize(automaton, Operations.DEFAULT_DETERMINIZE_WORK_LIMIT); if (Operations.isTotal(automaton)) { throw new IllegalArgumentException( - "Refusing to start because whitelist " - + whitelist + "Refusing to start because allowlist " + + allowlist + " accepts all addresses. " + "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs " + "for them." diff --git a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java index e083b877236..df2d9894e64 100644 --- a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java +++ b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java @@ -44,22 +44,22 @@ import java.util.List; import static java.util.Collections.emptyList; import static java.util.Collections.emptyMap; import static java.util.Collections.singletonList; -import static org.opensearch.index.reindex.ReindexValidator.buildRemoteWhitelist; -import static org.opensearch.index.reindex.ReindexValidator.checkRemoteWhitelist; +import static org.opensearch.index.reindex.ReindexValidator.buildRemoteAllowlist; +import static org.opensearch.index.reindex.ReindexValidator.checkRemoteAllowlist; /** - * Tests the reindex-from-remote whitelist of remotes. + * Tests the reindex-from-remote allowlist of remotes. */ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase { private final BytesReference query = new BytesArray("{ \"foo\" : \"bar\" }"); public void testLocalRequestWithoutWhitelist() { - checkRemoteWhitelist(buildRemoteWhitelist(emptyList()), null); + checkRemoteAllowlist(buildRemoteAllowlist(emptyList()), null); } public void testLocalRequestWithWhitelist() { - checkRemoteWhitelist(buildRemoteWhitelist(randomWhitelist()), null); + checkRemoteAllowlist(buildRemoteAllowlist(randomAllowlist()), null); } /** @@ -81,16 +81,16 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase { } public void testWhitelistedRemote() { - List whitelist = randomWhitelist(); - String[] inList = whitelist.iterator().next().split(":"); + List allowlist = randomAllowlist(); + String[] inList = allowlist.iterator().next().split(":"); String host = inList[0]; int port = Integer.valueOf(inList[1]); - checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo(host, port)); + checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo(host, port)); } public void testWhitelistedByPrefix() { - checkRemoteWhitelist( - buildRemoteWhitelist(singletonList("*.example.com:9200")), + checkRemoteAllowlist( + buildRemoteAllowlist(singletonList("*.example.com:9200")), new RemoteInfo( randomAlphaOfLength(5), "es.example.com", @@ -104,34 +104,34 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase { RemoteInfo.DEFAULT_CONNECT_TIMEOUT ) ); - checkRemoteWhitelist( - buildRemoteWhitelist(singletonList("*.example.com:9200")), + checkRemoteAllowlist( + buildRemoteAllowlist(singletonList("*.example.com:9200")), newRemoteInfo("6e134134a1.us-east-1.aws.example.com", 9200) ); } public void testWhitelistedBySuffix() { - checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200)); + checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es.example.com:*")), newRemoteInfo("es.example.com", 9200)); } public void testWhitelistedByInfix() { - checkRemoteWhitelist(buildRemoteWhitelist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200)); + checkRemoteAllowlist(buildRemoteAllowlist(singletonList("es*.example.com:9200")), newRemoteInfo("es1.example.com", 9200)); } public void testLoopbackInWhitelistRemote() throws UnknownHostException { - List whitelist = randomWhitelist(); - whitelist.add("127.0.0.1:*"); - checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("127.0.0.1", 9200)); + List allowlist = randomAllowlist(); + allowlist.add("127.0.0.1:*"); + checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("127.0.0.1", 9200)); } public void testUnwhitelistedRemote() { int port = between(1, Integer.MAX_VALUE); - List whitelist = randomBoolean() ? randomWhitelist() : emptyList(); + List allowlist = randomBoolean() ? randomAllowlist() : emptyList(); Exception e = expectThrows( IllegalArgumentException.class, - () -> checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("not in list", port)) + () -> checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("not in list", port)) ); - assertEquals("[not in list:" + port + "] not whitelisted in reindex.remote.whitelist", e.getMessage()); + assertEquals("[not in list:" + port + "] not allowlisted in reindex.remote.whitelist", e.getMessage()); } public void testRejectMatchAll() { @@ -140,22 +140,22 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase { assertMatchesTooMuch(singletonList("***")); assertMatchesTooMuch(Arrays.asList("realstuff", "*")); assertMatchesTooMuch(Arrays.asList("*", "realstuff")); - List random = randomWhitelist(); + List random = randomAllowlist(); random.add("*"); assertMatchesTooMuch(random); } public void testIPv6Address() { - List whitelist = randomWhitelist(); - whitelist.add("[::1]:*"); - checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("[::1]", 9200)); + List allowlist = randomAllowlist(); + allowlist.add("[::1]:*"); + checkRemoteAllowlist(buildRemoteAllowlist(allowlist), newRemoteInfo("[::1]", 9200)); } - private void assertMatchesTooMuch(List whitelist) { - Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteWhitelist(whitelist)); + private void assertMatchesTooMuch(List allowlist) { + Exception e = expectThrows(IllegalArgumentException.class, () -> buildRemoteAllowlist(allowlist)); assertEquals( - "Refusing to start because whitelist " - + whitelist + "Refusing to start because allowlist " + + allowlist + " accepts all addresses. " + "This would allow users to reindex-from-remote any URL they like effectively having OpenSearch make HTTP GETs " + "for them.", @@ -163,12 +163,12 @@ public class ReindexFromRemoteWhitelistTests extends OpenSearchTestCase { ); } - private List randomWhitelist() { + private List randomAllowlist() { int size = between(1, 100); - List whitelist = new ArrayList<>(size); + List allowlist = new ArrayList<>(size); for (int i = 0; i < size; i++) { - whitelist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE)); + allowlist.add(randomAlphaOfLength(5) + ':' + between(1, Integer.MAX_VALUE)); } - return whitelist; + return allowlist; } } diff --git a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java index 2486ea3d922..e78715d9045 100644 --- a/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java +++ b/modules/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWithAuthTests.java @@ -98,7 +98,7 @@ public class ReindexFromRemoteWithAuthTests extends OpenSearchSingleNodeTestCase @Override protected Settings nodeSettings() { Settings.Builder settings = Settings.builder().put(super.nodeSettings()); - // Whitelist reindexing from the http host we're going to use + // Allowlist reindexing from the http host we're going to use settings.put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*"); settings.put(NetworkModule.HTTP_TYPE_KEY, Netty4Plugin.NETTY_HTTP_TRANSPORT_NAME); return settings.build(); diff --git a/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java b/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java index b95ec431717..96b1b5d3d2e 100644 --- a/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java +++ b/modules/reindex/src/test/java/org/opensearch/index/reindex/RetryTests.java @@ -102,7 +102,7 @@ public class RetryTests extends OpenSearchIntegTestCase { final Settings nodeSettings() { return Settings.builder() - // whitelist reindexing from the HTTP host we're going to use + // allowlist reindexing from the HTTP host we're going to use .put(TransportReindexAction.REMOTE_CLUSTER_WHITELIST.getKey(), "127.0.0.1:*") .build(); } diff --git a/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml b/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml index 7086e048eba..876d100e0bc 100644 --- a/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml +++ b/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml @@ -308,7 +308,7 @@ --- "unwhitelisted remote host fails": - do: - catch: /\[badremote:9200\] not whitelisted in reindex.remote.whitelist/ + catch: /\[badremote:9200\] not allowlisted in reindex.remote.whitelist/ reindex: body: source: diff --git a/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java b/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java index 041550b70a6..837a30555e1 100644 --- a/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java +++ b/modules/repository-url/src/main/java/org/opensearch/repositories/url/URLRepository.java @@ -95,7 +95,7 @@ public class URLRepository extends BlobStoreRepository { private final List supportedProtocols; - private final URIPattern[] urlWhiteList; + private final URIPattern[] urlAllowList; private final Environment environment; @@ -120,7 +120,7 @@ public class URLRepository extends BlobStoreRepository { } this.environment = environment; supportedProtocols = SUPPORTED_PROTOCOLS_SETTING.get(environment.settings()); - urlWhiteList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {}); + urlAllowList = ALLOWED_URLS_SETTING.get(environment.settings()).toArray(new URIPattern[] {}); basePath = BlobPath.cleanPath(); url = URL_SETTING.exists(metadata.settings()) ? URL_SETTING.get(metadata.settings()) @@ -161,7 +161,7 @@ public class URLRepository extends BlobStoreRepository { for (String supportedProtocol : supportedProtocols) { if (supportedProtocol.equals(protocol)) { try { - if (URIPattern.match(urlWhiteList, url.toURI())) { + if (URIPattern.match(urlAllowList, url.toURI())) { // URL matches white list - no additional processing is needed return url; } diff --git a/plugins/discovery-azure-classic/build.gradle b/plugins/discovery-azure-classic/build.gradle index 7bb9250ea40..968f4efb3fa 100644 --- a/plugins/discovery-azure-classic/build.gradle +++ b/plugins/discovery-azure-classic/build.gradle @@ -63,7 +63,7 @@ dependencies { api 'com.sun.xml.bind:jaxb-impl:2.2.3-1' // HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here, - // and whitelist this hack in JarHell + // and allowlist this hack in JarHell api 'javax.xml.bind:jaxb-api:2.3.1' } diff --git a/plugins/examples/painless-whitelist/build.gradle b/plugins/examples/painless-whitelist/build.gradle index 61888efbcf1..70052c209ab 100644 --- a/plugins/examples/painless-whitelist/build.gradle +++ b/plugins/examples/painless-whitelist/build.gradle @@ -32,7 +32,7 @@ apply plugin: 'opensearch.yaml-rest-test' opensearchplugin { name 'painless-whitelist' - description 'An example whitelisting additional classes and methods in painless' + description 'An example allowlisting additional classes and methods in painless' classname 'org.opensearch.example.painlesswhitelist.MyWhitelistPlugin' extendedPlugins = ['lang-painless'] licenseFile rootProject.file('licenses/APACHE-LICENSE-2.0.txt') diff --git a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java index 471c28ea445..74adcf5e4f5 100644 --- a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java +++ b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistExtension.java @@ -46,19 +46,19 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -/** An extension of painless which adds a whitelist. */ +/** An extension of painless which adds an allowlist. */ public class ExampleWhitelistExtension implements PainlessExtension { @Override public Map, List> getContextWhitelists() { Map parsers = new HashMap<>(WhitelistAnnotationParser.BASE_ANNOTATION_PARSERS); parsers.put(ExamplePainlessAnnotation.NAME, ExampleWhitelistAnnotationParser.INSTANCE); - Whitelist classWhitelist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt"); + Whitelist classAllowlist = WhitelistLoader.loadFromResourceFiles(ExampleWhitelistExtension.class, parsers, "example_whitelist.txt"); - ExampleWhitelistedInstance ewi = new ExampleWhitelistedInstance(1); + ExampleWhitelistedInstance eai = new ExampleWhitelistedInstance(1); WhitelistInstanceBinding addValue = new WhitelistInstanceBinding( "example addValue", - ewi, + eai, "addValue", "int", Collections.singletonList("int"), @@ -66,20 +66,20 @@ public class ExampleWhitelistExtension implements PainlessExtension { ); WhitelistInstanceBinding getValue = new WhitelistInstanceBinding( "example getValue", - ewi, + eai, "getValue", "int", Collections.emptyList(), Collections.emptyList() ); - Whitelist instanceWhitelist = new Whitelist( - ewi.getClass().getClassLoader(), + Whitelist instanceAllowlist = new Whitelist( + eai.getClass().getClassLoader(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Arrays.asList(addValue, getValue) ); - return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classWhitelist, instanceWhitelist)); + return Collections.singletonMap(FieldScript.CONTEXT, Arrays.asList(classAllowlist, instanceAllowlist)); } } diff --git a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java index 1798375686d..5832a2ee59a 100644 --- a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java +++ b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/ExampleWhitelistedClass.java @@ -33,9 +33,9 @@ package org.opensearch.example.painlesswhitelist; /** - * An example of a class to be whitelisted for use by painless scripts + * An example of a class to be allowlisted for use by painless scripts * - * Each of the members and methods below are whitelisted for use in search scripts. + * Each of the members and methods below are allowlisted for use in search scripts. * See example_whitelist.txt. */ public class ExampleWhitelistedClass { @@ -68,7 +68,7 @@ public class ExampleWhitelistedClass { return Integer.parseInt(x); } - // example method to attach annotations in whitelist + // example method to attach annotations in allowlist public void annotate() { // some logic here } diff --git a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java index 38a95545c46..ab6ba53e403 100644 --- a/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java +++ b/plugins/examples/painless-whitelist/src/main/java/org/opensearch/example/painlesswhitelist/MyWhitelistPlugin.java @@ -35,5 +35,5 @@ package org.opensearch.example.painlesswhitelist; import org.opensearch.plugins.Plugin; public class MyWhitelistPlugin extends Plugin { - // we don't actually need anything here, since whitelists are extended through SPI + // we don't actually need anything here, since allowlists are extended through SPI } diff --git a/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt b/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt index 5c6c605c7c2..8f2ccaf05f2 100644 --- a/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt +++ b/plugins/examples/painless-whitelist/src/main/resources/org/opensearch/example/painlesswhitelist/example_whitelist.txt @@ -17,7 +17,7 @@ # under the License. # -# This file contains a whitelist for an example class which may be access from painless +# This file contains an allowlist for an example class which may be access from painless class org.opensearch.example.painlesswhitelist.ExampleWhitelistedClass { # constructor diff --git a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml index 1b887058237..cc3762eb42d 100644 --- a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml +++ b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/10_basic.yml @@ -1,4 +1,4 @@ -# Integration tests for the painless whitelist example plugin +# Integration tests for the painless allowlist example plugin # "Plugin loaded": - skip: diff --git a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml index 51a440142fd..92289af1792 100644 --- a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml +++ b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/20_whitelist.yml @@ -1,4 +1,4 @@ -# Example test using whitelisted members and methods +# Example test using allowlisted members and methods "Whitelisted custom class": - do: diff --git a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml index c6d8048b979..447e1c2a827 100644 --- a/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml +++ b/plugins/examples/painless-whitelist/src/yamlRestTest/resources/rest-api-spec/test/painless_whitelist/30_static.yml @@ -1,4 +1,4 @@ -# Example test using whitelisted statically imported method +# Example test using allowlisted statically imported method "custom static imported method": - do: diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle index 21ad7b6dd54..c5939958c81 100644 --- a/plugins/repository-s3/build.gradle +++ b/plugins/repository-s3/build.gradle @@ -64,7 +64,7 @@ dependencies { api "joda-time:joda-time:${versions.joda}" // HACK: javax.xml.bind was removed from default modules in java 9, so we pull the api in here, - // and whitelist this hack in JarHell + // and allowlist this hack in JarHell api 'javax.xml.bind:jaxb-api:2.3.1' testImplementation project(':test:fixtures:s3-fixture') diff --git a/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java b/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java index 49787eeb09b..d45d8ddab9c 100644 --- a/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java +++ b/server/src/main/java/org/opensearch/bootstrap/BootstrapInfo.java @@ -79,7 +79,7 @@ public final class BootstrapInfo { // create a view of sysprops map that does not allow modifications // this must be done this way (e.g. versus an actual typed map), because - // some test methods still change properties, so whitelisted changes must + // some test methods still change properties, so allowlisted changes must // be reflected in this view. private static final Dictionary SYSTEM_PROPERTIES; static { diff --git a/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java b/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java index 434af8fceb1..8e179de9c28 100644 --- a/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java +++ b/server/src/main/java/org/opensearch/bootstrap/SystemCallFilter.java @@ -227,7 +227,7 @@ final class SystemCallFilter { static class Arch { /** AUDIT_ARCH_XXX constant from linux/audit.h */ final int audit; - /** syscall limit (necessary for blacklisting on amd64, to ban 32-bit syscalls) */ + /** syscall limit (necessary for denylisting on amd64, to ban 32-bit syscalls) */ final int limit; /** __NR_fork */ final int fork; diff --git a/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java b/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java index 948e1a4e6eb..671123f2df7 100644 --- a/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java +++ b/server/src/main/java/org/opensearch/common/inject/BindingProcessor.java @@ -293,7 +293,7 @@ class BindingProcessor extends AbstractProcessor { return false; } - // It's unfortunate that we have to maintain a blacklist of specific + // It's unfortunate that we have to maintain a denylist of specific // classes, but we can't easily block the whole package because of // all our unit tests. private static final Set> FORBIDDEN_TYPES = unmodifiableSet( diff --git a/server/src/main/java/org/opensearch/common/inject/InheritingState.java b/server/src/main/java/org/opensearch/common/inject/InheritingState.java index 3d821114ff4..70a2fb335cc 100644 --- a/server/src/main/java/org/opensearch/common/inject/InheritingState.java +++ b/server/src/main/java/org/opensearch/common/inject/InheritingState.java @@ -61,7 +61,7 @@ class InheritingState implements State { private final Map, Scope> scopes = new HashMap<>(); private final List converters = new ArrayList<>(); private final List listenerBindings = new ArrayList<>(); - private WeakKeySet blacklistedKeys = new WeakKeySet(); + private WeakKeySet denylistedKeys = new WeakKeySet(); private final Object lock; InheritingState(State parent) { @@ -145,17 +145,17 @@ class InheritingState implements State { @Override public void blacklist(Key key) { parent.blacklist(key); - blacklistedKeys.add(key); + denylistedKeys.add(key); } @Override public boolean isBlacklisted(Key key) { - return blacklistedKeys.contains(key); + return denylistedKeys.contains(key); } @Override public void clearBlacklisted() { - blacklistedKeys = new WeakKeySet(); + denylistedKeys = new WeakKeySet(); } @Override diff --git a/server/src/main/java/org/opensearch/common/inject/State.java b/server/src/main/java/org/opensearch/common/inject/State.java index 497c7d4d51e..6a69e9547d7 100644 --- a/server/src/main/java/org/opensearch/common/inject/State.java +++ b/server/src/main/java/org/opensearch/common/inject/State.java @@ -164,7 +164,7 @@ interface State { /** * Forbids the corresponding injector from creating a binding to {@code key}. Child injectors - * blacklist their bound keys on their parent injectors to prevent just-in-time bindings on the + * denylist their bound keys on their parent injectors to prevent just-in-time bindings on the * parent injector that would conflict. */ void blacklist(Key key); @@ -177,11 +177,11 @@ interface State { /** * Returns the shared lock for all injector data. This is a low-granularity, high-contention lock - * to be used when reading mutable data (ie. just-in-time bindings, and binding blacklists). + * to be used when reading mutable data (ie. just-in-time bindings, and binding denylists). */ Object lock(); - // ES_GUICE: clean blacklist keys + // ES_GUICE: clean denylist keys void clearBlacklisted(); void makeAllBindingsToEagerSingletons(Injector injector); diff --git a/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java b/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java index 7e85c5cdd72..1f187f7f0e8 100644 --- a/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java +++ b/server/src/main/java/org/opensearch/script/ScriptedMetricAggContexts.java @@ -126,7 +126,7 @@ public class ScriptedMetricAggContexts { return state; } - // Return the doc as a map (instead of LeafDocLookup) in order to abide by type whitelisting rules for + // Return the doc as a map (instead of LeafDocLookup) in order to abide by type allowlisting rules for // Painless scripts. public Map> getDoc() { return leafLookup == null ? null : leafLookup.doc(); diff --git a/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java b/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java index a9f3d06c0ea..e3a57654f94 100644 --- a/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java +++ b/server/src/main/java/org/opensearch/search/aggregations/pipeline/MovingFunctions.java @@ -192,7 +192,7 @@ public class MovingFunctions { } /** - * Version of holt that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but + * Version of holt that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but * here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone. */ public static double[] holtForecast(double[] values, double alpha, double beta, int numForecasts) { @@ -268,7 +268,7 @@ public class MovingFunctions { } /** - * Version of holt-winters that can "forecast", not exposed as a whitelisted function for moving_fn scripts, but + * Version of holt-winters that can "forecast", not exposed as an allowlisted function for moving_fn scripts, but * here as compatibility/code sharing for existing moving_avg agg. Can be removed when moving_avg is gone. */ public static double[] holtWintersForecast( diff --git a/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java b/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java index 8869c2857aa..004b784311b 100644 --- a/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java +++ b/server/src/test/java/org/opensearch/cluster/ClusterModuleTests.java @@ -254,29 +254,29 @@ public class ClusterModuleTests extends ModuleTestCase { } public void testPre63CustomsFiltering() { - final String whiteListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST); - final String whiteListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST); + final String allowListedClusterCustom = randomFrom(ClusterModule.PRE_6_3_CLUSTER_CUSTOMS_WHITE_LIST); + final String allowListedMetadataCustom = randomFrom(ClusterModule.PRE_6_3_METADATA_CUSTOMS_WHITE_LIST); final ClusterState clusterState = ClusterState.builder(ClusterName.DEFAULT) - .putCustom(whiteListedClusterCustom, new RestoreInProgress.Builder().build()) + .putCustom(allowListedClusterCustom, new RestoreInProgress.Builder().build()) .putCustom("other", new RestoreInProgress.Builder().build()) .metadata( Metadata.builder() - .putCustom(whiteListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList())) + .putCustom(allowListedMetadataCustom, new RepositoriesMetadata(Collections.emptyList())) .putCustom("other", new RepositoriesMetadata(Collections.emptyList())) .build() ) .build(); - assertNotNull(clusterState.custom(whiteListedClusterCustom)); + assertNotNull(clusterState.custom(allowListedClusterCustom)); assertNotNull(clusterState.custom("other")); - assertNotNull(clusterState.metadata().custom(whiteListedMetadataCustom)); + assertNotNull(clusterState.metadata().custom(allowListedMetadataCustom)); assertNotNull(clusterState.metadata().custom("other")); final ClusterState fixedClusterState = ClusterModule.filterCustomsForPre63Clients(clusterState); - assertNotNull(fixedClusterState.custom(whiteListedClusterCustom)); + assertNotNull(fixedClusterState.custom(allowListedClusterCustom)); assertNull(fixedClusterState.custom("other")); - assertNotNull(fixedClusterState.metadata().custom(whiteListedMetadataCustom)); + assertNotNull(fixedClusterState.metadata().custom(allowListedMetadataCustom)); assertNull(fixedClusterState.metadata().custom("other")); } diff --git a/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java b/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java index 2b408097757..0b00d261823 100644 --- a/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java +++ b/server/src/test/java/org/opensearch/cluster/routing/allocation/decider/FilterAllocationDeciderTests.java @@ -95,7 +95,7 @@ public class FilterAllocationDeciderTests extends OpenSearchAllocationTestCase { assertEquals(routingTable.index("idx").shard(0).shards().get(0).state(), UNASSIGNED); assertNull(routingTable.index("idx").shard(0).shards().get(0).currentNodeId()); - // after failing the shard we are unassigned since the node is blacklisted and we can't initialize on the other node + // after failing the shard we are unassigned since the node is denylisted and we can't initialize on the other node RoutingAllocation allocation = new RoutingAllocation(allocationDeciders, state.getRoutingNodes(), state, null, null, 0); allocation.debugDecision(true); Decision.Single decision = (Decision.Single) filterAllocationDecider.canAllocate( diff --git a/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java b/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java index b08edf10286..cbeefa7349e 100644 --- a/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java +++ b/test/framework/src/main/java/org/opensearch/search/aggregations/AggregatorTestCase.java @@ -175,16 +175,16 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase { protected ValuesSourceRegistry valuesSourceRegistry; // A list of field types that should not be tested, or are not currently supported - private static List TYPE_TEST_BLACKLIST; + private static List TYPE_TEST_DENYLIST; static { - List blacklist = new ArrayList<>(); - blacklist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects - blacklist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet) - blacklist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested - blacklist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion - blacklist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias - TYPE_TEST_BLACKLIST = blacklist; + List denylist = new ArrayList<>(); + denylist.add(ObjectMapper.CONTENT_TYPE); // Cannot aggregate objects + denylist.add(GeoShapeFieldMapper.CONTENT_TYPE); // Cannot aggregate geoshapes (yet) + denylist.add(ObjectMapper.NESTED_CONTENT_TYPE); // TODO support for nested + denylist.add(CompletionFieldMapper.CONTENT_TYPE); // TODO support completion + denylist.add(FieldAliasMapper.CONTENT_TYPE); // TODO support alias + TYPE_TEST_DENYLIST = denylist; } /** @@ -713,11 +713,11 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase { } /** - * A method that allows implementors to specifically blacklist particular field types (based on their content_name). + * A method that allows implementors to specifically denylist particular field types (based on their content_name). * This is needed in some areas where the ValuesSourceType is not granular enough, for example integer values * vs floating points, or `keyword` bytes vs `binary` bytes (which are not searchable) * - * This is a blacklist instead of a whitelist because there are vastly more field types than ValuesSourceTypes, + * This is a denylist instead of an allowlist because there are vastly more field types than ValuesSourceTypes, * and it's expected that these unsupported cases are exceptional rather than common */ protected List unsupportedMappedFieldTypes() { @@ -748,7 +748,7 @@ public abstract class AggregatorTestCase extends OpenSearchTestCase { for (Map.Entry mappedType : mapperRegistry.getMapperParsers().entrySet()) { // Some field types should not be tested, or require more work and are not ready yet - if (TYPE_TEST_BLACKLIST.contains(mappedType.getKey())) { + if (TYPE_TEST_DENYLIST.contains(mappedType.getKey())) { continue; } diff --git a/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java b/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java index 8a2e9deb424..15510e368b1 100644 --- a/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java +++ b/test/framework/src/main/java/org/opensearch/test/rest/yaml/BlacklistedPathPatternMatcher.java @@ -34,7 +34,7 @@ package org.opensearch.test.rest.yaml; import java.util.regex.Pattern; /** - * Matches blacklist patterns. + * Matches denylist patterns. * * Currently the following syntax is supported: * @@ -45,20 +45,20 @@ import java.util.regex.Pattern; * indices.get/10_basic/advanced/allow_no_indices (contains an additional segment) *
      * - * Each blacklist pattern is a suffix match on the path. Empty patterns are not allowed. + * Each denylist pattern is a suffix match on the path. Empty patterns are not allowed. */ final class BlacklistedPathPatternMatcher { private final Pattern pattern; /** - * Constructs a new BlacklistedPathPatternMatcher instance from the provided suffix pattern. + * Constructs a new DenylistedPathPatternMatcher instance from the provided suffix pattern. * * @param p The suffix pattern. Must be a non-empty string. */ BlacklistedPathPatternMatcher(String p) { // guard against accidentally matching everything as an empty string lead to the pattern ".*" which matches everything if (p == null || p.trim().isEmpty()) { - throw new IllegalArgumentException("Empty blacklist patterns are not supported"); + throw new IllegalArgumentException("Empty denylist patterns are not supported"); } // very simple transformation from wildcard to a proper regex String finalPattern = p.replaceAll("\\*", "[^/]*") // support wildcard matches (within a single path segment) diff --git a/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java b/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java index 375103d2c1d..ca2659e9523 100644 --- a/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java +++ b/test/framework/src/main/java/org/opensearch/test/rest/yaml/OpenSearchClientYamlSuiteTestCase.java @@ -88,13 +88,13 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe */ public static final String REST_TESTS_SUITE = "tests.rest.suite"; /** - * Property that allows to blacklist some of the REST tests based on a comma separated list of globs + * Property that allows to denylist some of the REST tests based on a comma separated list of globs * e.g. "-Dtests.rest.blacklist=get/10_basic/*" */ public static final String REST_TESTS_BLACKLIST = "tests.rest.blacklist"; /** - * We use tests.rest.blacklist in build files to blacklist tests; this property enables a user to add additional blacklisted tests on - * top of the tests blacklisted in the build. + * We use tests.rest.blacklist in build files to denylist tests; this property enables a user to add additional denylisted tests on + * top of the tests denylisted in the build. */ public static final String REST_TESTS_BLACKLIST_ADDITIONS = "tests.rest.blacklist_additions"; /** @@ -116,7 +116,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe */ private static final String PATHS_SEPARATOR = "(? blacklistPathMatchers; + private static List denylistPathMatchers; private static ClientYamlTestExecutionContext restTestExecutionContext; private static ClientYamlTestExecutionContext adminExecutionContext; private static ClientYamlTestClient clientYamlTestClient; @@ -138,7 +138,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe public void initAndResetContext() throws Exception { if (restTestExecutionContext == null) { assert adminExecutionContext == null; - assert blacklistPathMatchers == null; + assert denylistPathMatchers == null; final ClientYamlSuiteRestSpec restSpec = ClientYamlSuiteRestSpec.load(SPEC_PATH); validateSpec(restSpec); final List hosts = getClusterHosts(); @@ -149,21 +149,21 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe clientYamlTestClient = initClientYamlTestClient(restSpec, client(), hosts, esVersion, masterVersion); restTestExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, randomizeContentType()); adminExecutionContext = new ClientYamlTestExecutionContext(clientYamlTestClient, false); - final String[] blacklist = resolvePathsProperty(REST_TESTS_BLACKLIST, null); - blacklistPathMatchers = new ArrayList<>(); - for (final String entry : blacklist) { - blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry)); + final String[] denylist = resolvePathsProperty(REST_TESTS_BLACKLIST, null); + denylistPathMatchers = new ArrayList<>(); + for (final String entry : denylist) { + denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry)); } - final String[] blacklistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null); - for (final String entry : blacklistAdditions) { - blacklistPathMatchers.add(new BlacklistedPathPatternMatcher(entry)); + final String[] denylistAdditions = resolvePathsProperty(REST_TESTS_BLACKLIST_ADDITIONS, null); + for (final String entry : denylistAdditions) { + denylistPathMatchers.add(new BlacklistedPathPatternMatcher(entry)); } } assert restTestExecutionContext != null; assert adminExecutionContext != null; - assert blacklistPathMatchers != null; + assert denylistPathMatchers != null; - // admin context must be available for @After always, regardless of whether the test was blacklisted + // admin context must be available for @After always, regardless of whether the test was denylisted adminExecutionContext.clear(); restTestExecutionContext.clear(); @@ -184,7 +184,7 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe try { IOUtils.close(clientYamlTestClient); } finally { - blacklistPathMatchers = null; + denylistPathMatchers = null; restTestExecutionContext = null; adminExecutionContext = null; clientYamlTestClient = null; @@ -355,12 +355,12 @@ public abstract class OpenSearchClientYamlSuiteTestCase extends OpenSearchRestTe } public void test() throws IOException { - // skip test if it matches one of the blacklist globs - for (BlacklistedPathPatternMatcher blacklistedPathMatcher : blacklistPathMatchers) { + // skip test if it matches one of the denylist globs + for (BlacklistedPathPatternMatcher denylistedPathMatcher : denylistPathMatchers) { String testPath = testCandidate.getSuitePath() + "/" + testCandidate.getTestSection().getName(); assumeFalse( "[" + testCandidate.getTestPath() + "] skipped, reason: blacklisted", - blacklistedPathMatcher.isSuffixMatch(testPath) + denylistedPathMatcher.isSuffixMatch(testPath) ); }