From 2741888498fde57f8a4b94d94b3178eb83b97774 Mon Sep 17 00:00:00 2001 From: Robert Muir Date: Thu, 10 Dec 2015 14:26:55 -0500 Subject: [PATCH 1/2] Remove RuntimePermission("accessDeclaredMembers") Upgrades lucene to 5.5.0-1719088, randomizedtesting to 2.3.2, and securemock to 1.2 --- .../resources/forbidden/all-signatures.txt | 7 ++++++ buildSrc/version.properties | 4 ++-- .../main/java/org/elasticsearch/Version.java | 2 +- .../org/elasticsearch/common/inject/Key.java | 4 ++-- .../common/inject/Reflection.java | 2 +- .../assistedinject/FactoryProvider.java | 2 +- .../internal/ProviderMethodsModule.java | 2 +- .../common/inject/spi/InjectionPoint.java | 10 ++++---- .../elasticsearch/bootstrap/security.policy | 7 +++--- .../bootstrap/test-framework.policy | 16 +++++++++---- .../ExceptionSerializationTests.java | 2 +- .../java/org/elasticsearch/VersionTests.java | 2 +- .../NodesStatsBasicBackwardsCompatIT.java | 2 +- .../bwcompat/RestoreBackwardsCompatIT.java | 2 +- .../analysis/NGramTokenizerFactoryTests.java | 2 +- .../index/query/AbstractQueryTestCase.java | 6 ++--- ...ers-common-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ers-common-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ard-codecs-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ard-codecs-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ucene-core-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ucene-core-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...e-grouping-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...e-grouping-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ighlighter-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ighlighter-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ucene-join-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ucene-join-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ene-memory-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ene-memory-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ucene-misc-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ucene-misc-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ne-queries-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ne-queries-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ueryparser-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ueryparser-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ne-sandbox-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ne-sandbox-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ne-spatial-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ne-spatial-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...-spatial3d-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...-spatial3d-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...ne-suggest-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...ne-suggest-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...xpressions-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...xpressions-5.5.0-snapshot-1719088.jar.sha1 | 1 + .../plugin-metadata/plugin-security.policy | 2 -- .../plugin-metadata/plugin-security.policy | 1 + .../mustache/MustacheScriptEngineService.java | 22 ++++++++++++++++-- .../plugin-metadata/plugin-security.policy | 23 +++++++++++++++++++ ...lyzers-icu-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...lyzers-icu-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...s-kuromoji-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...s-kuromoji-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...s-phonetic-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...s-phonetic-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...rs-smartcn-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...rs-smartcn-5.5.0-snapshot-1719088.jar.sha1 | 1 + ...rs-stempel-5.4.0-snapshot-1715952.jar.sha1 | 1 - ...rs-stempel-5.5.0-snapshot-1719088.jar.sha1 | 1 + .../plugin-metadata/plugin-security.policy | 3 ++- .../cloud/gce/GceComputeServiceImpl.java | 15 ++++++++++-- .../gce/RetryHttpInitializerWrapper.java | 20 ++++++++++++++++ .../plugin-metadata/plugin-security.policy | 1 + .../gce/RetryHttpInitializerWrapperTests.java | 6 ++--- .../plugin-metadata/plugin-security.policy | 3 ++- .../org/elasticsearch/test/VersionUtils.java | 2 +- .../hamcrest/ElasticsearchAssertions.java | 2 +- .../test/test/LoggingListenerTests.java | 6 ++--- 69 files changed, 153 insertions(+), 65 deletions(-) delete mode 100644 distribution/licenses/lucene-analyzers-common-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-analyzers-common-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-backward-codecs-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-backward-codecs-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-core-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-core-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-grouping-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-grouping-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-highlighter-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-highlighter-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-join-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-join-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-memory-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-memory-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-misc-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-misc-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-queries-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-queries-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-queryparser-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-queryparser-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-sandbox-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-sandbox-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-spatial-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-spatial-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-spatial3d-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-spatial3d-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 distribution/licenses/lucene-suggest-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 distribution/licenses/lucene-suggest-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 modules/lang-expression/licenses/lucene-expressions-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 modules/lang-expression/licenses/lucene-expressions-5.5.0-snapshot-1719088.jar.sha1 create mode 100644 modules/lang-mustache/src/main/plugin-metadata/plugin-security.policy delete mode 100644 plugins/analysis-icu/licenses/lucene-analyzers-icu-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 plugins/analysis-icu/licenses/lucene-analyzers-icu-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.5.0-snapshot-1719088.jar.sha1 delete mode 100644 plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.4.0-snapshot-1715952.jar.sha1 create mode 100644 plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.5.0-snapshot-1719088.jar.sha1 diff --git a/buildSrc/src/main/resources/forbidden/all-signatures.txt b/buildSrc/src/main/resources/forbidden/all-signatures.txt index 5a91807233b..4bc24c9a2af 100644 --- a/buildSrc/src/main/resources/forbidden/all-signatures.txt +++ b/buildSrc/src/main/resources/forbidden/all-signatures.txt @@ -92,6 +92,13 @@ java.net.InetAddress#getCanonicalHostName() java.net.InetSocketAddress#getHostName() @ Use getHostString() instead, which avoids a DNS lookup @defaultMessage Do not violate java's access system +java.lang.Class#getDeclaredClasses() @ Do not violate java's access system: Use getClasses() instead +java.lang.Class#getDeclaredConstructor(java.lang.Class[]) @ Do not violate java's access system: Use getConstructor() instead +java.lang.Class#getDeclaredConstructors() @ Do not violate java's access system: Use getConstructors() instead +java.lang.Class#getDeclaredField(java.lang.String) @ Do not violate java's access system: Use getField() instead +java.lang.Class#getDeclaredFields() @ Do not violate java's access system: Use getFields() instead +java.lang.Class#getDeclaredMethod(java.lang.String, java.lang.Class[]) @ Do not violate java's access system: Use getMethod() instead +java.lang.Class#getDeclaredMethods() @ Do not violate java's access system: Use getMethods() instead java.lang.reflect.AccessibleObject#setAccessible(boolean) java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean) diff --git a/buildSrc/version.properties b/buildSrc/version.properties index fc4ef40d6d5..e33383afa23 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -1,5 +1,5 @@ elasticsearch = 3.0.0-SNAPSHOT -lucene = 5.4.0-snapshot-1715952 +lucene = 5.5.0-snapshot-1719088 # optional dependencies spatial4j = 0.5 @@ -11,7 +11,7 @@ jna = 4.1.0 # test dependencies -randomizedrunner = 2.2.0 +randomizedrunner = 2.3.2 junit = 4.11 httpclient = 4.3.6 httpcore = 4.3.3 diff --git a/core/src/main/java/org/elasticsearch/Version.java b/core/src/main/java/org/elasticsearch/Version.java index 4e4ec3b614f..a5e2e38ca26 100644 --- a/core/src/main/java/org/elasticsearch/Version.java +++ b/core/src/main/java/org/elasticsearch/Version.java @@ -276,7 +276,7 @@ public class Version { public static final int V_2_2_0_ID = 2020099; public static final Version V_2_2_0 = new Version(V_2_2_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0); public static final int V_3_0_0_ID = 3000099; - public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0); + public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_5_0); public static final Version CURRENT = V_3_0_0; static { diff --git a/core/src/main/java/org/elasticsearch/common/inject/Key.java b/core/src/main/java/org/elasticsearch/common/inject/Key.java index 3af3b4e1a8a..7344dfe5b41 100644 --- a/core/src/main/java/org/elasticsearch/common/inject/Key.java +++ b/core/src/main/java/org/elasticsearch/common/inject/Key.java @@ -333,7 +333,7 @@ public class Key { * Returns {@code true} if the given annotation type has no attributes. */ static boolean isMarker(Class annotationType) { - return annotationType.getDeclaredMethods().length == 0; + return annotationType.getMethods().length == 0; } /** @@ -345,7 +345,7 @@ public class Key { ensureRetainedAtRuntime(annotationType); ensureIsBindingAnnotation(annotationType); - if (annotationType.getDeclaredMethods().length == 0) { + if (annotationType.getMethods().length == 0) { return new AnnotationTypeStrategy(annotationType, annotation); } diff --git a/core/src/main/java/org/elasticsearch/common/inject/Reflection.java b/core/src/main/java/org/elasticsearch/common/inject/Reflection.java index 22c542bb9ef..667466f751b 100644 --- a/core/src/main/java/org/elasticsearch/common/inject/Reflection.java +++ b/core/src/main/java/org/elasticsearch/common/inject/Reflection.java @@ -41,7 +41,7 @@ class Reflection { @SuppressWarnings("unchecked") static Constructor invalidConstructor() { try { - return (Constructor) InvalidConstructor.class.getDeclaredConstructor(); + return (Constructor) InvalidConstructor.class.getConstructor(); } catch (NoSuchMethodException e) { throw new AssertionError(e); } diff --git a/core/src/main/java/org/elasticsearch/common/inject/assistedinject/FactoryProvider.java b/core/src/main/java/org/elasticsearch/common/inject/assistedinject/FactoryProvider.java index 3837de81b60..0def65b9a13 100644 --- a/core/src/main/java/org/elasticsearch/common/inject/assistedinject/FactoryProvider.java +++ b/core/src/main/java/org/elasticsearch/common/inject/assistedinject/FactoryProvider.java @@ -212,7 +212,7 @@ public class FactoryProvider implements Provider, HasDependencies { TypeLiteral factoryType, TypeLiteral implementationType) { List> constructors = new ArrayList<>(); - for (Constructor constructor : implementationType.getRawType().getDeclaredConstructors()) { + for (Constructor constructor : implementationType.getRawType().getConstructors()) { if (constructor.getAnnotation(AssistedInject.class) != null) { @SuppressWarnings("unchecked") // the constructor type and implementation type agree AssistedConstructor assistedConstructor = new AssistedConstructor( diff --git a/core/src/main/java/org/elasticsearch/common/inject/internal/ProviderMethodsModule.java b/core/src/main/java/org/elasticsearch/common/inject/internal/ProviderMethodsModule.java index 1671b4a8eac..5e45b4990c6 100644 --- a/core/src/main/java/org/elasticsearch/common/inject/internal/ProviderMethodsModule.java +++ b/core/src/main/java/org/elasticsearch/common/inject/internal/ProviderMethodsModule.java @@ -83,7 +83,7 @@ public final class ProviderMethodsModule implements Module { public List> getProviderMethods(Binder binder) { List> result = new ArrayList<>(); for (Class c = delegate.getClass(); c != Object.class; c = c.getSuperclass()) { - for (Method method : c.getDeclaredMethods()) { + for (Method method : c.getMethods()) { if (method.getAnnotation(Provides.class) != null) { result.add(createProviderMethod(binder, method)); } diff --git a/core/src/main/java/org/elasticsearch/common/inject/spi/InjectionPoint.java b/core/src/main/java/org/elasticsearch/common/inject/spi/InjectionPoint.java index 17497d5f429..286635b9b65 100644 --- a/core/src/main/java/org/elasticsearch/common/inject/spi/InjectionPoint.java +++ b/core/src/main/java/org/elasticsearch/common/inject/spi/InjectionPoint.java @@ -188,7 +188,7 @@ public final class InjectionPoint { Errors errors = new Errors(rawType); Constructor injectableConstructor = null; - for (Constructor constructor : rawType.getDeclaredConstructors()) { + for (Constructor constructor : rawType.getConstructors()) { Inject inject = constructor.getAnnotation(Inject.class); if (inject != null) { if (inject.optional()) { @@ -212,7 +212,7 @@ public final class InjectionPoint { // If no annotated constructor is found, look for a no-arg constructor instead. try { - Constructor noArgConstructor = rawType.getDeclaredConstructor(); + Constructor noArgConstructor = rawType.getConstructor(); // Disallow private constructors on non-private classes (unless they have @Inject) if (Modifier.isPrivate(noArgConstructor.getModifiers()) @@ -334,7 +334,7 @@ public final class InjectionPoint { // name. In Scala, fields always get accessor methods (that we need to ignore). See bug 242. if (member instanceof Method) { try { - if (member.getDeclaringClass().getDeclaredField(member.getName()) != null) { + if (member.getDeclaringClass().getField(member.getName()) != null) { return; } } catch (NoSuchFieldException ignore) { @@ -390,7 +390,7 @@ public final class InjectionPoint { Factory FIELDS = new Factory() { @Override public Field[] getMembers(Class type) { - return type.getDeclaredFields(); + return type.getFields(); } @Override @@ -402,7 +402,7 @@ public final class InjectionPoint { Factory METHODS = new Factory() { @Override public Method[] getMembers(Class type) { - return type.getDeclaredMethods(); + return type.getMethods(); } @Override diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy index 7e060cd6d90..26785010110 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -31,10 +31,12 @@ grant codeBase "${codebase.securesm-1.0.jar}" { //// Very special jar permissions: //// These are dangerous permissions that we don't want to grant to everything. -grant codeBase "${codebase.lucene-core-5.4.0-snapshot-1715952.jar}" { +grant codeBase "${codebase.lucene-core-5.5.0-snapshot-1719088.jar}" { // needed to allow MMapDirectory's "unmap hack" permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + // NOTE: also needed for RAMUsageEstimator size calculations + permission java.lang.RuntimePermission "accessDeclaredMembers"; }; //// Everything else: @@ -97,9 +99,6 @@ grant { // (TODO: clean this up?) permission java.lang.RuntimePermission "getProtectionDomain"; - // likely not low hanging fruit... - permission java.lang.RuntimePermission "accessDeclaredMembers"; - // needed by HotThreads and potentially more // otherwise can be provided only to test libraries permission java.lang.RuntimePermission "getStackTrace"; diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy index cde6795db30..b5f9c24d04f 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy @@ -21,30 +21,38 @@ //// These are mock objects and test management that we allow test framework libs //// to provide on our behalf. But tests themselves cannot do this stuff! -grant codeBase "${codebase.securemock-1.1.jar}" { +grant codeBase "${codebase.securemock-1.2.jar}" { // needed to access ReflectionFactory (see below) permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; // needed to support creation of mocks permission java.lang.RuntimePermission "reflectionFactoryAccess"; // needed for spy interception, etc + permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "${codebase.lucene-test-framework-5.4.0-snapshot-1715952.jar}" { +grant codeBase "${codebase.lucene-test-framework-5.5.0-snapshot-1719088.jar}" { // needed by RamUsageTester permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "${codebase.randomizedtesting-runner-2.2.0.jar}" { +grant codeBase "${codebase.randomizedtesting-runner-2.3.2.jar}" { // optionally needed for access to private test methods (e.g. beforeClass) permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // needed to fail tests on uncaught exceptions from other threads permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler"; // needed for top threads handling permission org.elasticsearch.ThreadPermission "modifyArbitraryThreadGroup"; + // needed for TestClass creation + permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.junit4-ant-2.2.0.jar}" { +grant codeBase "${codebase.junit4-ant-2.3.2.jar}" { // needed for stream redirection permission java.lang.RuntimePermission "setIO"; }; + +grant codeBase "${codebase.junit-4.11.jar}" { + // needed for TestClass creation + permission java.lang.RuntimePermission "accessDeclaredMembers"; +}; diff --git a/core/src/test/java/org/elasticsearch/ExceptionSerializationTests.java b/core/src/test/java/org/elasticsearch/ExceptionSerializationTests.java index 21ee6de6b55..46cdea3dadf 100644 --- a/core/src/test/java/org/elasticsearch/ExceptionSerializationTests.java +++ b/core/src/test/java/org/elasticsearch/ExceptionSerializationTests.java @@ -136,7 +136,7 @@ public class ExceptionSerializationTests extends ESTestCase { } else if (ElasticsearchException.isRegistered((Class) clazz)) { registered.add(clazz); try { - if (clazz.getDeclaredMethod("writeTo", StreamOutput.class) != null) { + if (clazz.getMethod("writeTo", StreamOutput.class) != null) { hasDedicatedWrite.add(clazz); } } catch (Exception e) { diff --git a/core/src/test/java/org/elasticsearch/VersionTests.java b/core/src/test/java/org/elasticsearch/VersionTests.java index d79d1ee0928..52508f8dc83 100644 --- a/core/src/test/java/org/elasticsearch/VersionTests.java +++ b/core/src/test/java/org/elasticsearch/VersionTests.java @@ -191,7 +191,7 @@ public class VersionTests extends ESTestCase { public void testAllVersionsMatchId() throws Exception { Map maxBranchVersions = new HashMap<>(); - for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) { + for (java.lang.reflect.Field field : Version.class.getFields()) { if (field.getName().endsWith("_ID")) { assertTrue(field.getName() + " should be static", Modifier.isStatic(field.getModifiers())); assertTrue(field.getName() + " should be final", Modifier.isFinal(field.getModifiers())); diff --git a/core/src/test/java/org/elasticsearch/bwcompat/NodesStatsBasicBackwardsCompatIT.java b/core/src/test/java/org/elasticsearch/bwcompat/NodesStatsBasicBackwardsCompatIT.java index 5a823840711..39ed23b9779 100644 --- a/core/src/test/java/org/elasticsearch/bwcompat/NodesStatsBasicBackwardsCompatIT.java +++ b/core/src/test/java/org/elasticsearch/bwcompat/NodesStatsBasicBackwardsCompatIT.java @@ -69,7 +69,7 @@ public class NodesStatsBasicBackwardsCompatIT extends ESBackcompatTestCase { NodesStatsRequestBuilder nsBuilder = tc.admin().cluster().prepareNodesStats(); Class c = nsBuilder.getClass(); - for (Method method : c.getDeclaredMethods()) { + for (Method method : c.getMethods()) { if (method.getName().startsWith("set")) { if (method.getParameterTypes().length == 1 && method.getParameterTypes()[0] == boolean.class) { method.invoke(nsBuilder, randomBoolean()); diff --git a/core/src/test/java/org/elasticsearch/bwcompat/RestoreBackwardsCompatIT.java b/core/src/test/java/org/elasticsearch/bwcompat/RestoreBackwardsCompatIT.java index bccd4290d8e..228f1a65121 100644 --- a/core/src/test/java/org/elasticsearch/bwcompat/RestoreBackwardsCompatIT.java +++ b/core/src/test/java/org/elasticsearch/bwcompat/RestoreBackwardsCompatIT.java @@ -92,7 +92,7 @@ public class RestoreBackwardsCompatIT extends AbstractSnapshotIntegTestCase { } SortedSet expectedVersions = new TreeSet<>(); - for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) { + for (java.lang.reflect.Field field : Version.class.getFields()) { if (Modifier.isStatic(field.getModifiers()) && field.getType() == Version.class) { Version v = (Version) field.get(Version.class); if (v.snapshot()) continue; diff --git a/core/src/test/java/org/elasticsearch/index/analysis/NGramTokenizerFactoryTests.java b/core/src/test/java/org/elasticsearch/index/analysis/NGramTokenizerFactoryTests.java index b7bdbb23279..d931b478f3e 100644 --- a/core/src/test/java/org/elasticsearch/index/analysis/NGramTokenizerFactoryTests.java +++ b/core/src/test/java/org/elasticsearch/index/analysis/NGramTokenizerFactoryTests.java @@ -237,7 +237,7 @@ public class NGramTokenizerFactoryTests extends ESTokenStreamTestCase { private Version randomVersion(Random random) throws IllegalArgumentException, IllegalAccessException { - Field[] declaredFields = Version.class.getDeclaredFields(); + Field[] declaredFields = Version.class.getFields(); List versionFields = new ArrayList<>(); for (Field field : declaredFields) { if ((field.getModifiers() & Modifier.STATIC) != 0 && field.getName().startsWith("V_") && field.getType() == Version.class) { diff --git a/core/src/test/java/org/elasticsearch/index/query/AbstractQueryTestCase.java b/core/src/test/java/org/elasticsearch/index/query/AbstractQueryTestCase.java index 72bbe3ce509..aa97d722737 100644 --- a/core/src/test/java/org/elasticsearch/index/query/AbstractQueryTestCase.java +++ b/core/src/test/java/org/elasticsearch/index/query/AbstractQueryTestCase.java @@ -828,21 +828,21 @@ public abstract class AbstractQueryTestCase> AbstractQueryTestCase delegate; @Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { - if (method.equals(Client.class.getDeclaredMethod("get", GetRequest.class))) { + if (method.equals(Client.class.getMethod("get", GetRequest.class))) { return new PlainActionFuture() { @Override public GetResponse get() throws InterruptedException, ExecutionException { return delegate.executeGet((GetRequest) args[0]); } }; - } else if (method.equals(Client.class.getDeclaredMethod("multiTermVectors", MultiTermVectorsRequest.class))) { + } else if (method.equals(Client.class.getMethod("multiTermVectors", MultiTermVectorsRequest.class))) { return new PlainActionFuture() { @Override public MultiTermVectorsResponse get() throws InterruptedException, ExecutionException { return delegate.executeMultiTermVectors((MultiTermVectorsRequest) args[0]); } }; - } else if (method.equals(Object.class.getDeclaredMethod("toString"))) { + } else if (method.equals(Object.class.getMethod("toString"))) { return "MockClient"; } throw new UnsupportedOperationException("this test can't handle calls to: " + method); diff --git a/distribution/licenses/lucene-analyzers-common-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-analyzers-common-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index ff69dc3ef85..00000000000 --- a/distribution/licenses/lucene-analyzers-common-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -feaf885ed4155fb7202c1f90ac2eb40503961efc \ No newline at end of file diff --git a/distribution/licenses/lucene-analyzers-common-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-analyzers-common-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..5d95f64a15f --- /dev/null +++ b/distribution/licenses/lucene-analyzers-common-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +9f2b9811a4f4a57a1b3a98bdc1e1b63476b9f628 \ No newline at end of file diff --git a/distribution/licenses/lucene-backward-codecs-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-backward-codecs-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 1341c039ec9..00000000000 --- a/distribution/licenses/lucene-backward-codecs-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -5b5b5c950b4fcac38cf48fab911f75da61e780fa \ No newline at end of file diff --git a/distribution/licenses/lucene-backward-codecs-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-backward-codecs-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..0ae258b597a --- /dev/null +++ b/distribution/licenses/lucene-backward-codecs-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +038071889a5dbeb279e37fa46225e194139a427c \ No newline at end of file diff --git a/distribution/licenses/lucene-core-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-core-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 10ffbd13d29..00000000000 --- a/distribution/licenses/lucene-core-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -84685d37a34b4d87e2928566ed266a7f005ca67d \ No newline at end of file diff --git a/distribution/licenses/lucene-core-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-core-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..aee7c10cffd --- /dev/null +++ b/distribution/licenses/lucene-core-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +b986d0ad8ee4dda8172a5a61875c47631e4b21d4 \ No newline at end of file diff --git a/distribution/licenses/lucene-grouping-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-grouping-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 6eed3e2016c..00000000000 --- a/distribution/licenses/lucene-grouping-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -ff92011208ed5c28f041acc37bd77728a89fc6a5 \ No newline at end of file diff --git a/distribution/licenses/lucene-grouping-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-grouping-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..aa1011e007e --- /dev/null +++ b/distribution/licenses/lucene-grouping-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +f46574fbdfbcc81d936c77e15ba5b3af2c2b7253 \ No newline at end of file diff --git a/distribution/licenses/lucene-highlighter-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-highlighter-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index ac8fb4d9ea7..00000000000 --- a/distribution/licenses/lucene-highlighter-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -5d46f26a6cb36aede89b8728b6fcbc427d4f9416 \ No newline at end of file diff --git a/distribution/licenses/lucene-highlighter-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-highlighter-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..561f17e773c --- /dev/null +++ b/distribution/licenses/lucene-highlighter-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +f620262d667a294d390e8df7575cc2cca2626559 \ No newline at end of file diff --git a/distribution/licenses/lucene-join-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-join-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index fade0257eb2..00000000000 --- a/distribution/licenses/lucene-join-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -726ea07bbfdfbfbee80522353496fc6667dc33c9 \ No newline at end of file diff --git a/distribution/licenses/lucene-join-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-join-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..4735bdf1d2d --- /dev/null +++ b/distribution/licenses/lucene-join-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +4c44b07242fd706f6f7f14c9063a725e0e5b98cd \ No newline at end of file diff --git a/distribution/licenses/lucene-memory-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-memory-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 4ce0f783e02..00000000000 --- a/distribution/licenses/lucene-memory-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -d8d7a7b573a4cfc54745a126e905ccfd523b7a24 \ No newline at end of file diff --git a/distribution/licenses/lucene-memory-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-memory-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..9c19a6ad622 --- /dev/null +++ b/distribution/licenses/lucene-memory-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +1e33e0aa5fc227e90c8314f61b4cba1090035e33 \ No newline at end of file diff --git a/distribution/licenses/lucene-misc-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-misc-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 245438c2013..00000000000 --- a/distribution/licenses/lucene-misc-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -cd9d4fb4492bd2680cea2f038a051311329f6443 \ No newline at end of file diff --git a/distribution/licenses/lucene-misc-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-misc-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..c4a61bff68b --- /dev/null +++ b/distribution/licenses/lucene-misc-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +e416893f7b781239a15d3e2c7200ff26574d14de \ No newline at end of file diff --git a/distribution/licenses/lucene-queries-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-queries-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 5244f410208..00000000000 --- a/distribution/licenses/lucene-queries-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -a1a04d191443e51f992ed3dd02d0e14fd48493c9 \ No newline at end of file diff --git a/distribution/licenses/lucene-queries-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-queries-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..edc56751403 --- /dev/null +++ b/distribution/licenses/lucene-queries-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +b153b63b9333feedb18af2673eb6ccaf95bcc8bf \ No newline at end of file diff --git a/distribution/licenses/lucene-queryparser-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-queryparser-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 4600767eff0..00000000000 --- a/distribution/licenses/lucene-queryparser-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -c4d34b29b8b14ad3deb300a6d699e9d8965a3c2c \ No newline at end of file diff --git a/distribution/licenses/lucene-queryparser-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-queryparser-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..eddd3d6cdcd --- /dev/null +++ b/distribution/licenses/lucene-queryparser-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +0aa2758d70a79f2e0f33a87624fd9d31e155c864 \ No newline at end of file diff --git a/distribution/licenses/lucene-sandbox-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-sandbox-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 7ad16aef71e..00000000000 --- a/distribution/licenses/lucene-sandbox-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -bf45dbd653d66ce9d2c3f19b69997b8098d8b416 \ No newline at end of file diff --git a/distribution/licenses/lucene-sandbox-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-sandbox-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..571903cc72c --- /dev/null +++ b/distribution/licenses/lucene-sandbox-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +873c716ba629dae389b12ddb1aedf2f5c5f57fea \ No newline at end of file diff --git a/distribution/licenses/lucene-spatial-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-spatial-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index e366610d820..00000000000 --- a/distribution/licenses/lucene-spatial-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -2bddfda70f5c657064d12860b03c2cd8a5029bfc \ No newline at end of file diff --git a/distribution/licenses/lucene-spatial-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-spatial-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..5e6a27b7cd1 --- /dev/null +++ b/distribution/licenses/lucene-spatial-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +9d7e47c2fb73c614cc5ca41529b2c273c73b0ce7 \ No newline at end of file diff --git a/distribution/licenses/lucene-spatial3d-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-spatial3d-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index ed120db66d4..00000000000 --- a/distribution/licenses/lucene-spatial3d-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -881b8cd571fb3ccdcc69f1316468d816812513fb \ No newline at end of file diff --git a/distribution/licenses/lucene-spatial3d-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-spatial3d-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..cf841e18c5a --- /dev/null +++ b/distribution/licenses/lucene-spatial3d-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +4766305088797a66fe02d5aaa98e086867816e42 \ No newline at end of file diff --git a/distribution/licenses/lucene-suggest-5.4.0-snapshot-1715952.jar.sha1 b/distribution/licenses/lucene-suggest-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index adab6824e9d..00000000000 --- a/distribution/licenses/lucene-suggest-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -466e2bc02f45f04cbf516e5df78b9c2ebd99e944 \ No newline at end of file diff --git a/distribution/licenses/lucene-suggest-5.5.0-snapshot-1719088.jar.sha1 b/distribution/licenses/lucene-suggest-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..1fbb60a9d7a --- /dev/null +++ b/distribution/licenses/lucene-suggest-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +f0ee6fb780ea8aa9ec6d31e6a9cc7d48700bd2ca \ No newline at end of file diff --git a/modules/lang-expression/licenses/lucene-expressions-5.4.0-snapshot-1715952.jar.sha1 b/modules/lang-expression/licenses/lucene-expressions-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index d81842d03ad..00000000000 --- a/modules/lang-expression/licenses/lucene-expressions-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -414dfcf600b6c02b90a21bd219a5e115bbda0d14 \ No newline at end of file diff --git a/modules/lang-expression/licenses/lucene-expressions-5.5.0-snapshot-1719088.jar.sha1 b/modules/lang-expression/licenses/lucene-expressions-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..50bb58f443d --- /dev/null +++ b/modules/lang-expression/licenses/lucene-expressions-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +787356d4ae6142bb8ca7e9713d0a281a797b57fb \ No newline at end of file diff --git a/modules/lang-expression/src/main/plugin-metadata/plugin-security.policy b/modules/lang-expression/src/main/plugin-metadata/plugin-security.policy index 9f50be3dd05..c11af51e464 100644 --- a/modules/lang-expression/src/main/plugin-metadata/plugin-security.policy +++ b/modules/lang-expression/src/main/plugin-metadata/plugin-security.policy @@ -20,8 +20,6 @@ grant { // needed to generate runtime classes permission java.lang.RuntimePermission "createClassLoader"; - // needed because of security problems in JavascriptCompiler - permission java.lang.RuntimePermission "getClassLoader"; // expression runtime permission org.elasticsearch.script.ClassPermission "java.lang.String"; diff --git a/modules/lang-groovy/src/main/plugin-metadata/plugin-security.policy b/modules/lang-groovy/src/main/plugin-metadata/plugin-security.policy index 7de3e1a62aa..e1fd920d119 100644 --- a/modules/lang-groovy/src/main/plugin-metadata/plugin-security.policy +++ b/modules/lang-groovy/src/main/plugin-metadata/plugin-security.policy @@ -23,6 +23,7 @@ grant { // needed by IndyInterface permission java.lang.RuntimePermission "getClassLoader"; // needed by groovy engine + permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; // needed by GroovyScriptEngineService to close its classloader (why?) permission java.lang.RuntimePermission "closeClassLoader"; diff --git a/modules/lang-mustache/src/main/java/org/elasticsearch/script/mustache/MustacheScriptEngineService.java b/modules/lang-mustache/src/main/java/org/elasticsearch/script/mustache/MustacheScriptEngineService.java index 3affd0c5a12..93172056071 100644 --- a/modules/lang-mustache/src/main/java/org/elasticsearch/script/mustache/MustacheScriptEngineService.java +++ b/modules/lang-mustache/src/main/java/org/elasticsearch/script/mustache/MustacheScriptEngineService.java @@ -19,6 +19,8 @@ package org.elasticsearch.script.mustache; import com.github.mustachejava.Mustache; + +import org.elasticsearch.SpecialPermission; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.inject.Inject; @@ -34,6 +36,8 @@ import org.elasticsearch.script.SearchScript; import org.elasticsearch.search.lookup.SearchLookup; import java.lang.ref.SoftReference; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Collections; import java.util.Map; @@ -123,6 +127,9 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc // Nothing to do here } + // permission checked before doing crazy reflection + static final SpecialPermission SPECIAL_PERMISSION = new SpecialPermission(); + /** * Used at query execution time by script service in order to execute a query template. * */ @@ -148,9 +155,20 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc @Override public Object run() { - BytesStreamOutput result = new BytesStreamOutput(); + final BytesStreamOutput result = new BytesStreamOutput(); try (UTF8StreamWriter writer = utf8StreamWriter().setOutput(result)) { - ((Mustache) template.compiled()).execute(writer, vars); + // crazy reflection here + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(SPECIAL_PERMISSION); + } + AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Void run() { + ((Mustache) template.compiled()).execute(writer, vars); + return null; + } + }); } catch (Exception e) { logger.error("Error running " + template, e); throw new ScriptException("Error running " + template, e); diff --git a/modules/lang-mustache/src/main/plugin-metadata/plugin-security.policy b/modules/lang-mustache/src/main/plugin-metadata/plugin-security.policy new file mode 100644 index 00000000000..ea2db551912 --- /dev/null +++ b/modules/lang-mustache/src/main/plugin-metadata/plugin-security.policy @@ -0,0 +1,23 @@ +/* + * Licensed to Elasticsearch under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +grant { + // needed to do crazy reflection + permission java.lang.RuntimePermission "accessDeclaredMembers"; +}; diff --git a/plugins/analysis-icu/licenses/lucene-analyzers-icu-5.4.0-snapshot-1715952.jar.sha1 b/plugins/analysis-icu/licenses/lucene-analyzers-icu-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 22ca2f2339c..00000000000 --- a/plugins/analysis-icu/licenses/lucene-analyzers-icu-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -d957c3956797c9c057e65f6342eeb104fa20951e \ No newline at end of file diff --git a/plugins/analysis-icu/licenses/lucene-analyzers-icu-5.5.0-snapshot-1719088.jar.sha1 b/plugins/analysis-icu/licenses/lucene-analyzers-icu-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..4942bbc6af3 --- /dev/null +++ b/plugins/analysis-icu/licenses/lucene-analyzers-icu-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +4e56ba76d6b23756b2bd4d9e42b2b00122cd4fa5 \ No newline at end of file diff --git a/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.4.0-snapshot-1715952.jar.sha1 b/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 3a31061d4fa..00000000000 --- a/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -2ea1253cd3a704dea02382d6f9abe7c2a58874ac \ No newline at end of file diff --git a/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.5.0-snapshot-1719088.jar.sha1 b/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..1ba2a93066d --- /dev/null +++ b/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +d6ccac802dc1e4c177be043a173377cf5e517cff \ No newline at end of file diff --git a/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.4.0-snapshot-1715952.jar.sha1 b/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index 44a895a25fc..00000000000 --- a/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7f2132a00895c6eacfc735a4d6056275a692363b \ No newline at end of file diff --git a/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.5.0-snapshot-1719088.jar.sha1 b/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..2b611862d41 --- /dev/null +++ b/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +70ad9f6c3738727229867419d949527cc7789f62 \ No newline at end of file diff --git a/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.4.0-snapshot-1715952.jar.sha1 b/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index d00f2ec42af..00000000000 --- a/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -5eff0c934476356fcd608d574ce0af4104e5e2a4 \ No newline at end of file diff --git a/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.5.0-snapshot-1719088.jar.sha1 b/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..e28887afd56 --- /dev/null +++ b/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +75504fd906929700e7d11f9600e4a79de48e1090 \ No newline at end of file diff --git a/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.4.0-snapshot-1715952.jar.sha1 b/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.4.0-snapshot-1715952.jar.sha1 deleted file mode 100644 index ccc82e3661a..00000000000 --- a/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.4.0-snapshot-1715952.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -210cab15ecf74e5a1bf35173ef5b0d420475694c \ No newline at end of file diff --git a/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.5.0-snapshot-1719088.jar.sha1 b/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.5.0-snapshot-1719088.jar.sha1 new file mode 100644 index 00000000000..739ecc4eb8f --- /dev/null +++ b/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.5.0-snapshot-1719088.jar.sha1 @@ -0,0 +1 @@ +9eeeeabeab89ec305e831d80bdcc7e85a1140fbb \ No newline at end of file diff --git a/plugins/discovery-ec2/src/main/plugin-metadata/plugin-security.policy b/plugins/discovery-ec2/src/main/plugin-metadata/plugin-security.policy index 42bd707b7b9..d5c92a9d67b 100644 --- a/plugins/discovery-ec2/src/main/plugin-metadata/plugin-security.policy +++ b/plugins/discovery-ec2/src/main/plugin-metadata/plugin-security.policy @@ -19,7 +19,8 @@ grant { // needed because of problems in ClientConfiguration - // TODO: get this fixed in aws sdk + // TODO: get these fixed in aws sdk + permission java.lang.RuntimePermission "accessDeclaredMembers"; // NOTE: no tests fail without this, but we know the problem // exists in AWS sdk, and tests here are not thorough permission java.lang.RuntimePermission "getClassLoader"; diff --git a/plugins/discovery-gce/src/main/java/org/elasticsearch/cloud/gce/GceComputeServiceImpl.java b/plugins/discovery-gce/src/main/java/org/elasticsearch/cloud/gce/GceComputeServiceImpl.java index 943b1cd0eae..07e05f06c6d 100644 --- a/plugins/discovery-gce/src/main/java/org/elasticsearch/cloud/gce/GceComputeServiceImpl.java +++ b/plugins/discovery-gce/src/main/java/org/elasticsearch/cloud/gce/GceComputeServiceImpl.java @@ -45,6 +45,7 @@ import java.io.IOException; import java.net.URL; import java.security.AccessController; import java.security.GeneralSecurityException; +import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.*; @@ -103,23 +104,33 @@ public class GceComputeServiceImpl extends AbstractLifecycleComponent() { @Override public HttpHeaders run() throws IOException { return new HttpHeaders(); } }); + GenericUrl genericUrl = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public GenericUrl run() { + return new GenericUrl(url); + } + }); // This is needed to query meta data: https://cloud.google.com/compute/docs/metadata headers.put("Metadata-Flavor", "Google"); HttpResponse response; response = getGceHttpTransport().createRequestFactory() - .buildGetRequest(new GenericUrl(url)) + .buildGetRequest(genericUrl) .setHeaders(headers) .execute(); String metadata = response.parseAsString(); diff --git a/plugins/discovery-gce/src/main/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapper.java b/plugins/discovery-gce/src/main/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapper.java index 6d48943aec4..1d73e1d540e 100644 --- a/plugins/discovery-gce/src/main/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapper.java +++ b/plugins/discovery-gce/src/main/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapper.java @@ -20,13 +20,18 @@ package org.elasticsearch.discovery.gce; import com.google.api.client.auth.oauth2.Credential; +import com.google.api.client.googleapis.testing.auth.oauth2.MockGoogleCredential; import com.google.api.client.http.*; import com.google.api.client.util.ExponentialBackOff; import com.google.api.client.util.Sleeper; + +import org.elasticsearch.SpecialPermission; import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.ESLoggerFactory; import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Objects; public class RetryHttpInitializerWrapper implements HttpRequestInitializer { @@ -60,6 +65,21 @@ public class RetryHttpInitializerWrapper implements HttpRequestInitializer { this.sleeper = sleeper; this.maxWait = maxWait; } + + // Use only for testing + static MockGoogleCredential.Builder newMockCredentialBuilder() { + // TODO: figure out why GCE is so bad like this + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + sm.checkPermission(new SpecialPermission()); + } + return AccessController.doPrivileged(new PrivilegedAction() { + @Override + public MockGoogleCredential.Builder run() { + return new MockGoogleCredential.Builder(); + } + }); + } @Override public void initialize(HttpRequest httpRequest) { diff --git a/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy b/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy index 80a99785e45..429c47287b7 100644 --- a/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy +++ b/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy @@ -19,5 +19,6 @@ grant { // needed because of problems in gce + permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; diff --git a/plugins/discovery-gce/src/test/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapperTests.java b/plugins/discovery-gce/src/test/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapperTests.java index dcbd878bea8..ef92bd74305 100644 --- a/plugins/discovery-gce/src/test/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapperTests.java +++ b/plugins/discovery-gce/src/test/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapperTests.java @@ -97,7 +97,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase { FailThenSuccessBackoffTransport fakeTransport = new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 3); - MockGoogleCredential credential = new MockGoogleCredential.Builder() + MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder() .build(); MockSleeper mockSleeper = new MockSleeper(); @@ -122,7 +122,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase { FailThenSuccessBackoffTransport fakeTransport = new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, maxRetryTimes); JsonFactory jsonFactory = new JacksonFactory(); - MockGoogleCredential credential = new MockGoogleCredential.Builder() + MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder() .build(); MockSleeper oneTimeSleeper = new MockSleeper() { @@ -155,7 +155,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase { FailThenSuccessBackoffTransport fakeTransport = new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 1, true); - MockGoogleCredential credential = new MockGoogleCredential.Builder() + MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder() .build(); MockSleeper mockSleeper = new MockSleeper(); RetryHttpInitializerWrapper retryHttpInitializerWrapper = new RetryHttpInitializerWrapper(credential, mockSleeper, 500); diff --git a/plugins/repository-s3/src/main/plugin-metadata/plugin-security.policy b/plugins/repository-s3/src/main/plugin-metadata/plugin-security.policy index 62b29a2b78f..e5f26c3e9d1 100644 --- a/plugins/repository-s3/src/main/plugin-metadata/plugin-security.policy +++ b/plugins/repository-s3/src/main/plugin-metadata/plugin-security.policy @@ -19,6 +19,7 @@ grant { // needed because of problems in ClientConfiguration - // TODO: get this fixed in aws sdk + // TODO: get these fixed in aws sdk + permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "getClassLoader"; }; diff --git a/test-framework/src/main/java/org/elasticsearch/test/VersionUtils.java b/test-framework/src/main/java/org/elasticsearch/test/VersionUtils.java index 30a89e4fb5f..93eef969b43 100644 --- a/test-framework/src/main/java/org/elasticsearch/test/VersionUtils.java +++ b/test-framework/src/main/java/org/elasticsearch/test/VersionUtils.java @@ -35,7 +35,7 @@ public class VersionUtils { private static final List SORTED_VERSIONS; static { - Field[] declaredFields = Version.class.getDeclaredFields(); + Field[] declaredFields = Version.class.getFields(); Set ids = new HashSet<>(); for (Field field : declaredFields) { final int mod = field.getModifiers(); diff --git a/test-framework/src/main/java/org/elasticsearch/test/hamcrest/ElasticsearchAssertions.java b/test-framework/src/main/java/org/elasticsearch/test/hamcrest/ElasticsearchAssertions.java index 7176916cdfe..9d8ad7f7dcf 100644 --- a/test-framework/src/main/java/org/elasticsearch/test/hamcrest/ElasticsearchAssertions.java +++ b/test-framework/src/main/java/org/elasticsearch/test/hamcrest/ElasticsearchAssertions.java @@ -705,7 +705,7 @@ public class ElasticsearchAssertions { IllegalAccessException, InvocationTargetException { try { Class clazz = streamable.getClass(); - Constructor constructor = clazz.getDeclaredConstructor(); + Constructor constructor = clazz.getConstructor(); assertThat(constructor, Matchers.notNullValue()); Streamable newInstance = constructor.newInstance(); return newInstance; diff --git a/test-framework/src/test/java/org/elasticsearch/test/test/LoggingListenerTests.java b/test-framework/src/test/java/org/elasticsearch/test/test/LoggingListenerTests.java index 3c8913fded0..bb0722365cf 100644 --- a/test-framework/src/test/java/org/elasticsearch/test/test/LoggingListenerTests.java +++ b/test-framework/src/test/java/org/elasticsearch/test/test/LoggingListenerTests.java @@ -47,7 +47,7 @@ public class LoggingListenerTests extends ESTestCase { assertThat(xyzLogger.getLevel(), nullValue()); assertThat(abcLogger.getLevel(), nullValue()); - Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod"); + Method method = TestClass.class.getMethod("annotatedTestMethod"); TestLogging annotation = method.getAnnotation(TestLogging.class); Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation); loggingListener.testStarted(testDescription); @@ -105,7 +105,7 @@ public class LoggingListenerTests extends ESTestCase { assertThat(abcLogger.getLevel(), equalTo("ERROR")); assertThat(xyzLogger.getLevel(), nullValue()); - Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod"); + Method method = TestClass.class.getMethod("annotatedTestMethod"); TestLogging annotation = method.getAnnotation(TestLogging.class); Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation); loggingListener.testStarted(testDescription); @@ -116,7 +116,7 @@ public class LoggingListenerTests extends ESTestCase { assertThat(abcLogger.getLevel(), equalTo("ERROR")); assertThat(xyzLogger.getLevel(), nullValue()); - Method method2 = TestClass.class.getDeclaredMethod("annotatedTestMethod2"); + Method method2 = TestClass.class.getMethod("annotatedTestMethod2"); TestLogging annotation2 = method2.getAnnotation(TestLogging.class); Description testDescription2 = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod2", annotation2); loggingListener.testStarted(testDescription2); From 1e8f9558a0a16b98bc575d4f54499b72d4ce7e9a Mon Sep 17 00:00:00 2001 From: Robert Muir Date: Thu, 10 Dec 2015 14:50:32 -0500 Subject: [PATCH 2/2] Remove now-dead code in expressions (fixed in https://issues.apache.org/jira/browse/LUCENE-6920) --- .../script/expression/ExpressionPlugin.java | 27 ------------------- 1 file changed, 27 deletions(-) diff --git a/modules/lang-expression/src/main/java/org/elasticsearch/script/expression/ExpressionPlugin.java b/modules/lang-expression/src/main/java/org/elasticsearch/script/expression/ExpressionPlugin.java index 48c7b4cb34d..c72428c4c4c 100644 --- a/modules/lang-expression/src/main/java/org/elasticsearch/script/expression/ExpressionPlugin.java +++ b/modules/lang-expression/src/main/java/org/elasticsearch/script/expression/ExpressionPlugin.java @@ -19,38 +19,11 @@ package org.elasticsearch.script.expression; -import org.apache.lucene.expressions.js.JavascriptCompiler; -import org.elasticsearch.SpecialPermission; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.script.ScriptModule; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.text.ParseException; - public class ExpressionPlugin extends Plugin { - // lucene expressions has crazy checks in its clinit for the functions map - // it violates rules of classloaders to detect accessibility - // TODO: clean that up - static { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new SpecialPermission()); - } - AccessController.doPrivileged(new PrivilegedAction() { - @Override - public Void run() { - try { - JavascriptCompiler.compile("0"); - } catch (ParseException e) { - throw new RuntimeException(e); - } - return null; - } - }); - } - @Override public String name() { return "lang-expression";