Merge pull request #15378 from rmuir/tame_reflection
Remove RuntimePermission("accessDeclaredMembers")
This commit is contained in:
Robert Muir
commit
d190283fea
|
|
@ -92,6 +92,13 @@ java.net.InetAddress#getCanonicalHostName()
|
|||
java.net.InetSocketAddress#getHostName() @ Use getHostString() instead, which avoids a DNS lookup
|
||||
|
||||
@defaultMessage Do not violate java's access system
|
||||
java.lang.Class#getDeclaredClasses() @ Do not violate java's access system: Use getClasses() instead
|
||||
java.lang.Class#getDeclaredConstructor(java.lang.Class[]) @ Do not violate java's access system: Use getConstructor() instead
|
||||
java.lang.Class#getDeclaredConstructors() @ Do not violate java's access system: Use getConstructors() instead
|
||||
java.lang.Class#getDeclaredField(java.lang.String) @ Do not violate java's access system: Use getField() instead
|
||||
java.lang.Class#getDeclaredFields() @ Do not violate java's access system: Use getFields() instead
|
||||
java.lang.Class#getDeclaredMethod(java.lang.String, java.lang.Class[]) @ Do not violate java's access system: Use getMethod() instead
|
||||
java.lang.Class#getDeclaredMethods() @ Do not violate java's access system: Use getMethods() instead
|
||||
java.lang.reflect.AccessibleObject#setAccessible(boolean)
|
||||
java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
elasticsearch = 3.0.0-SNAPSHOT
|
||||
lucene = 5.4.0-snapshot-1715952
|
||||
lucene = 5.5.0-snapshot-1719088
|
||||
|
||||
# optional dependencies
|
||||
spatial4j = 0.5
|
||||
|
|
@ -11,7 +11,7 @@ jna = 4.1.0
|
|||
|
||||
|
||||
# test dependencies
|
||||
randomizedrunner = 2.2.0
|
||||
randomizedrunner = 2.3.2
|
||||
junit = 4.11
|
||||
httpclient = 4.3.6
|
||||
httpcore = 4.3.3
|
||||
|
|
|
|||
|
|
@ -276,7 +276,7 @@ public class Version {
|
|||
public static final int V_2_2_0_ID = 2020099;
|
||||
public static final Version V_2_2_0 = new Version(V_2_2_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0);
|
||||
public static final int V_3_0_0_ID = 3000099;
|
||||
public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0);
|
||||
public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_5_0);
|
||||
public static final Version CURRENT = V_3_0_0;
|
||||
|
||||
static {
|
||||
|
|
|
|||
|
|
@ -333,7 +333,7 @@ public class Key<T> {
|
|||
* Returns {@code true} if the given annotation type has no attributes.
|
||||
*/
|
||||
static boolean isMarker(Class<? extends Annotation> annotationType) {
|
||||
return annotationType.getDeclaredMethods().length == 0;
|
||||
return annotationType.getMethods().length == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -345,7 +345,7 @@ public class Key<T> {
|
|||
ensureRetainedAtRuntime(annotationType);
|
||||
ensureIsBindingAnnotation(annotationType);
|
||||
|
||||
if (annotationType.getDeclaredMethods().length == 0) {
|
||||
if (annotationType.getMethods().length == 0) {
|
||||
return new AnnotationTypeStrategy(annotationType, annotation);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ class Reflection {
|
|||
@SuppressWarnings("unchecked")
|
||||
static <T> Constructor<T> invalidConstructor() {
|
||||
try {
|
||||
return (Constructor<T>) InvalidConstructor.class.getDeclaredConstructor();
|
||||
return (Constructor<T>) InvalidConstructor.class.getConstructor();
|
||||
} catch (NoSuchMethodException e) {
|
||||
throw new AssertionError(e);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -212,7 +212,7 @@ public class FactoryProvider<F> implements Provider<F>, HasDependencies {
|
|||
TypeLiteral<?> factoryType, TypeLiteral<?> implementationType) {
|
||||
List<AssistedConstructor<?>> constructors = new ArrayList<>();
|
||||
|
||||
for (Constructor<?> constructor : implementationType.getRawType().getDeclaredConstructors()) {
|
||||
for (Constructor<?> constructor : implementationType.getRawType().getConstructors()) {
|
||||
if (constructor.getAnnotation(AssistedInject.class) != null) {
|
||||
@SuppressWarnings("unchecked") // the constructor type and implementation type agree
|
||||
AssistedConstructor assistedConstructor = new AssistedConstructor(
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ public final class ProviderMethodsModule implements Module {
|
|||
public List<ProviderMethod<?>> getProviderMethods(Binder binder) {
|
||||
List<ProviderMethod<?>> result = new ArrayList<>();
|
||||
for (Class<?> c = delegate.getClass(); c != Object.class; c = c.getSuperclass()) {
|
||||
for (Method method : c.getDeclaredMethods()) {
|
||||
for (Method method : c.getMethods()) {
|
||||
if (method.getAnnotation(Provides.class) != null) {
|
||||
result.add(createProviderMethod(binder, method));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -188,7 +188,7 @@ public final class InjectionPoint {
|
|||
Errors errors = new Errors(rawType);
|
||||
|
||||
Constructor<?> injectableConstructor = null;
|
||||
for (Constructor<?> constructor : rawType.getDeclaredConstructors()) {
|
||||
for (Constructor<?> constructor : rawType.getConstructors()) {
|
||||
Inject inject = constructor.getAnnotation(Inject.class);
|
||||
if (inject != null) {
|
||||
if (inject.optional()) {
|
||||
|
|
@ -212,7 +212,7 @@ public final class InjectionPoint {
|
|||
|
||||
// If no annotated constructor is found, look for a no-arg constructor instead.
|
||||
try {
|
||||
Constructor<?> noArgConstructor = rawType.getDeclaredConstructor();
|
||||
Constructor<?> noArgConstructor = rawType.getConstructor();
|
||||
|
||||
// Disallow private constructors on non-private classes (unless they have @Inject)
|
||||
if (Modifier.isPrivate(noArgConstructor.getModifiers())
|
||||
|
|
@ -334,7 +334,7 @@ public final class InjectionPoint {
|
|||
// name. In Scala, fields always get accessor methods (that we need to ignore). See bug 242.
|
||||
if (member instanceof Method) {
|
||||
try {
|
||||
if (member.getDeclaringClass().getDeclaredField(member.getName()) != null) {
|
||||
if (member.getDeclaringClass().getField(member.getName()) != null) {
|
||||
return;
|
||||
}
|
||||
} catch (NoSuchFieldException ignore) {
|
||||
|
|
@ -390,7 +390,7 @@ public final class InjectionPoint {
|
|||
Factory<Field> FIELDS = new Factory<Field>() {
|
||||
@Override
|
||||
public Field[] getMembers(Class<?> type) {
|
||||
return type.getDeclaredFields();
|
||||
return type.getFields();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -402,7 +402,7 @@ public final class InjectionPoint {
|
|||
Factory<Method> METHODS = new Factory<Method>() {
|
||||
@Override
|
||||
public Method[] getMembers(Class<?> type) {
|
||||
return type.getDeclaredMethods();
|
||||
return type.getMethods();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -31,10 +31,12 @@ grant codeBase "${codebase.securesm-1.0.jar}" {
|
|||
//// Very special jar permissions:
|
||||
//// These are dangerous permissions that we don't want to grant to everything.
|
||||
|
||||
grant codeBase "${codebase.lucene-core-5.4.0-snapshot-1715952.jar}" {
|
||||
grant codeBase "${codebase.lucene-core-5.5.0-snapshot-1719088.jar}" {
|
||||
// needed to allow MMapDirectory's "unmap hack"
|
||||
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
// NOTE: also needed for RAMUsageEstimator size calculations
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
};
|
||||
|
||||
//// Everything else:
|
||||
|
|
@ -97,9 +99,6 @@ grant {
|
|||
// (TODO: clean this up?)
|
||||
permission java.lang.RuntimePermission "getProtectionDomain";
|
||||
|
||||
// likely not low hanging fruit...
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
|
||||
// needed by HotThreads and potentially more
|
||||
// otherwise can be provided only to test libraries
|
||||
permission java.lang.RuntimePermission "getStackTrace";
|
||||
|
|
|
|||
|
|
@ -21,30 +21,38 @@
|
|||
//// These are mock objects and test management that we allow test framework libs
|
||||
//// to provide on our behalf. But tests themselves cannot do this stuff!
|
||||
|
||||
grant codeBase "${codebase.securemock-1.1.jar}" {
|
||||
grant codeBase "${codebase.securemock-1.2.jar}" {
|
||||
// needed to access ReflectionFactory (see below)
|
||||
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
|
||||
// needed to support creation of mocks
|
||||
permission java.lang.RuntimePermission "reflectionFactoryAccess";
|
||||
// needed for spy interception, etc
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
};
|
||||
|
||||
grant codeBase "${codebase.lucene-test-framework-5.4.0-snapshot-1715952.jar}" {
|
||||
grant codeBase "${codebase.lucene-test-framework-5.5.0-snapshot-1719088.jar}" {
|
||||
// needed by RamUsageTester
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
};
|
||||
|
||||
grant codeBase "${codebase.randomizedtesting-runner-2.2.0.jar}" {
|
||||
grant codeBase "${codebase.randomizedtesting-runner-2.3.2.jar}" {
|
||||
// optionally needed for access to private test methods (e.g. beforeClass)
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
// needed to fail tests on uncaught exceptions from other threads
|
||||
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
|
||||
// needed for top threads handling
|
||||
permission org.elasticsearch.ThreadPermission "modifyArbitraryThreadGroup";
|
||||
// needed for TestClass creation
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
};
|
||||
|
||||
grant codeBase "${codebase.junit4-ant-2.2.0.jar}" {
|
||||
grant codeBase "${codebase.junit4-ant-2.3.2.jar}" {
|
||||
// needed for stream redirection
|
||||
permission java.lang.RuntimePermission "setIO";
|
||||
};
|
||||
|
||||
grant codeBase "${codebase.junit-4.11.jar}" {
|
||||
// needed for TestClass creation
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ public class ExceptionSerializationTests extends ESTestCase {
|
|||
} else if (ElasticsearchException.isRegistered((Class<? extends Throwable>) clazz)) {
|
||||
registered.add(clazz);
|
||||
try {
|
||||
if (clazz.getDeclaredMethod("writeTo", StreamOutput.class) != null) {
|
||||
if (clazz.getMethod("writeTo", StreamOutput.class) != null) {
|
||||
hasDedicatedWrite.add(clazz);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ public class VersionTests extends ESTestCase {
|
|||
|
||||
public void testAllVersionsMatchId() throws Exception {
|
||||
Map<String, Version> maxBranchVersions = new HashMap<>();
|
||||
for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) {
|
||||
for (java.lang.reflect.Field field : Version.class.getFields()) {
|
||||
if (field.getName().endsWith("_ID")) {
|
||||
assertTrue(field.getName() + " should be static", Modifier.isStatic(field.getModifiers()));
|
||||
assertTrue(field.getName() + " should be final", Modifier.isFinal(field.getModifiers()));
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ public class NodesStatsBasicBackwardsCompatIT extends ESBackcompatTestCase {
|
|||
NodesStatsRequestBuilder nsBuilder = tc.admin().cluster().prepareNodesStats();
|
||||
|
||||
Class c = nsBuilder.getClass();
|
||||
for (Method method : c.getDeclaredMethods()) {
|
||||
for (Method method : c.getMethods()) {
|
||||
if (method.getName().startsWith("set")) {
|
||||
if (method.getParameterTypes().length == 1 && method.getParameterTypes()[0] == boolean.class) {
|
||||
method.invoke(nsBuilder, randomBoolean());
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ public class RestoreBackwardsCompatIT extends AbstractSnapshotIntegTestCase {
|
|||
}
|
||||
|
||||
SortedSet<String> expectedVersions = new TreeSet<>();
|
||||
for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) {
|
||||
for (java.lang.reflect.Field field : Version.class.getFields()) {
|
||||
if (Modifier.isStatic(field.getModifiers()) && field.getType() == Version.class) {
|
||||
Version v = (Version) field.get(Version.class);
|
||||
if (v.snapshot()) continue;
|
||||
|
|
|
|||
|
|
@ -237,7 +237,7 @@ public class NGramTokenizerFactoryTests extends ESTokenStreamTestCase {
|
|||
|
||||
|
||||
private Version randomVersion(Random random) throws IllegalArgumentException, IllegalAccessException {
|
||||
Field[] declaredFields = Version.class.getDeclaredFields();
|
||||
Field[] declaredFields = Version.class.getFields();
|
||||
List<Field> versionFields = new ArrayList<>();
|
||||
for (Field field : declaredFields) {
|
||||
if ((field.getModifiers() & Modifier.STATIC) != 0 && field.getName().startsWith("V_") && field.getType() == Version.class) {
|
||||
|
|
|
|||
|
|
@ -828,21 +828,21 @@ public abstract class AbstractQueryTestCase<QB extends AbstractQueryBuilder<QB>>
|
|||
AbstractQueryTestCase delegate;
|
||||
@Override
|
||||
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
|
||||
if (method.equals(Client.class.getDeclaredMethod("get", GetRequest.class))) {
|
||||
if (method.equals(Client.class.getMethod("get", GetRequest.class))) {
|
||||
return new PlainActionFuture<GetResponse>() {
|
||||
@Override
|
||||
public GetResponse get() throws InterruptedException, ExecutionException {
|
||||
return delegate.executeGet((GetRequest) args[0]);
|
||||
}
|
||||
};
|
||||
} else if (method.equals(Client.class.getDeclaredMethod("multiTermVectors", MultiTermVectorsRequest.class))) {
|
||||
} else if (method.equals(Client.class.getMethod("multiTermVectors", MultiTermVectorsRequest.class))) {
|
||||
return new PlainActionFuture<MultiTermVectorsResponse>() {
|
||||
@Override
|
||||
public MultiTermVectorsResponse get() throws InterruptedException, ExecutionException {
|
||||
return delegate.executeMultiTermVectors((MultiTermVectorsRequest) args[0]);
|
||||
}
|
||||
};
|
||||
} else if (method.equals(Object.class.getDeclaredMethod("toString"))) {
|
||||
} else if (method.equals(Object.class.getMethod("toString"))) {
|
||||
return "MockClient";
|
||||
}
|
||||
throw new UnsupportedOperationException("this test can't handle calls to: " + method);
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
feaf885ed4155fb7202c1f90ac2eb40503961efc
|
||||
|
|
@ -0,0 +1 @@
|
|||
9f2b9811a4f4a57a1b3a98bdc1e1b63476b9f628
|
||||
|
|
@ -1 +0,0 @@
|
|||
5b5b5c950b4fcac38cf48fab911f75da61e780fa
|
||||
|
|
@ -0,0 +1 @@
|
|||
038071889a5dbeb279e37fa46225e194139a427c
|
||||
|
|
@ -1 +0,0 @@
|
|||
84685d37a34b4d87e2928566ed266a7f005ca67d
|
||||
|
|
@ -0,0 +1 @@
|
|||
b986d0ad8ee4dda8172a5a61875c47631e4b21d4
|
||||
|
|
@ -1 +0,0 @@
|
|||
ff92011208ed5c28f041acc37bd77728a89fc6a5
|
||||
|
|
@ -0,0 +1 @@
|
|||
f46574fbdfbcc81d936c77e15ba5b3af2c2b7253
|
||||
|
|
@ -1 +0,0 @@
|
|||
5d46f26a6cb36aede89b8728b6fcbc427d4f9416
|
||||
|
|
@ -0,0 +1 @@
|
|||
f620262d667a294d390e8df7575cc2cca2626559
|
||||
|
|
@ -1 +0,0 @@
|
|||
726ea07bbfdfbfbee80522353496fc6667dc33c9
|
||||
|
|
@ -0,0 +1 @@
|
|||
4c44b07242fd706f6f7f14c9063a725e0e5b98cd
|
||||
|
|
@ -1 +0,0 @@
|
|||
d8d7a7b573a4cfc54745a126e905ccfd523b7a24
|
||||
|
|
@ -0,0 +1 @@
|
|||
1e33e0aa5fc227e90c8314f61b4cba1090035e33
|
||||
|
|
@ -1 +0,0 @@
|
|||
cd9d4fb4492bd2680cea2f038a051311329f6443
|
||||
|
|
@ -0,0 +1 @@
|
|||
e416893f7b781239a15d3e2c7200ff26574d14de
|
||||
|
|
@ -1 +0,0 @@
|
|||
a1a04d191443e51f992ed3dd02d0e14fd48493c9
|
||||
|
|
@ -0,0 +1 @@
|
|||
b153b63b9333feedb18af2673eb6ccaf95bcc8bf
|
||||
|
|
@ -1 +0,0 @@
|
|||
c4d34b29b8b14ad3deb300a6d699e9d8965a3c2c
|
||||
|
|
@ -0,0 +1 @@
|
|||
0aa2758d70a79f2e0f33a87624fd9d31e155c864
|
||||
|
|
@ -1 +0,0 @@
|
|||
bf45dbd653d66ce9d2c3f19b69997b8098d8b416
|
||||
|
|
@ -0,0 +1 @@
|
|||
873c716ba629dae389b12ddb1aedf2f5c5f57fea
|
||||
|
|
@ -1 +0,0 @@
|
|||
2bddfda70f5c657064d12860b03c2cd8a5029bfc
|
||||
|
|
@ -0,0 +1 @@
|
|||
9d7e47c2fb73c614cc5ca41529b2c273c73b0ce7
|
||||
|
|
@ -1 +0,0 @@
|
|||
881b8cd571fb3ccdcc69f1316468d816812513fb
|
||||
|
|
@ -0,0 +1 @@
|
|||
4766305088797a66fe02d5aaa98e086867816e42
|
||||
|
|
@ -1 +0,0 @@
|
|||
466e2bc02f45f04cbf516e5df78b9c2ebd99e944
|
||||
|
|
@ -0,0 +1 @@
|
|||
f0ee6fb780ea8aa9ec6d31e6a9cc7d48700bd2ca
|
||||
|
|
@ -1 +0,0 @@
|
|||
414dfcf600b6c02b90a21bd219a5e115bbda0d14
|
||||
|
|
@ -0,0 +1 @@
|
|||
787356d4ae6142bb8ca7e9713d0a281a797b57fb
|
||||
|
|
@ -19,38 +19,11 @@
|
|||
|
||||
package org.elasticsearch.script.expression;
|
||||
|
||||
import org.apache.lucene.expressions.js.JavascriptCompiler;
|
||||
import org.elasticsearch.SpecialPermission;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.script.ScriptModule;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.text.ParseException;
|
||||
|
||||
public class ExpressionPlugin extends Plugin {
|
||||
|
||||
// lucene expressions has crazy checks in its clinit for the functions map
|
||||
// it violates rules of classloaders to detect accessibility
|
||||
// TODO: clean that up
|
||||
static {
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new SpecialPermission());
|
||||
}
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@Override
|
||||
public Void run() {
|
||||
try {
|
||||
JavascriptCompiler.compile("0");
|
||||
} catch (ParseException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public String name() {
|
||||
return "lang-expression";
|
||||
|
|
|
|||
|
|
@ -20,8 +20,6 @@
|
|||
grant {
|
||||
// needed to generate runtime classes
|
||||
permission java.lang.RuntimePermission "createClassLoader";
|
||||
// needed because of security problems in JavascriptCompiler
|
||||
permission java.lang.RuntimePermission "getClassLoader";
|
||||
|
||||
// expression runtime
|
||||
permission org.elasticsearch.script.ClassPermission "java.lang.String";
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ grant {
|
|||
// needed by IndyInterface
|
||||
permission java.lang.RuntimePermission "getClassLoader";
|
||||
// needed by groovy engine
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
|
||||
// needed by GroovyScriptEngineService to close its classloader (why?)
|
||||
permission java.lang.RuntimePermission "closeClassLoader";
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@
|
|||
package org.elasticsearch.script.mustache;
|
||||
|
||||
import com.github.mustachejava.Mustache;
|
||||
|
||||
import org.elasticsearch.SpecialPermission;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.component.AbstractComponent;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
|
|
@ -34,6 +36,8 @@ import org.elasticsearch.script.SearchScript;
|
|||
import org.elasticsearch.search.lookup.SearchLookup;
|
||||
|
||||
import java.lang.ref.SoftReference;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
|
|
@ -123,6 +127,9 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc
|
|||
// Nothing to do here
|
||||
}
|
||||
|
||||
// permission checked before doing crazy reflection
|
||||
static final SpecialPermission SPECIAL_PERMISSION = new SpecialPermission();
|
||||
|
||||
/**
|
||||
* Used at query execution time by script service in order to execute a query template.
|
||||
* */
|
||||
|
|
@ -148,9 +155,20 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc
|
|||
|
||||
@Override
|
||||
public Object run() {
|
||||
BytesStreamOutput result = new BytesStreamOutput();
|
||||
final BytesStreamOutput result = new BytesStreamOutput();
|
||||
try (UTF8StreamWriter writer = utf8StreamWriter().setOutput(result)) {
|
||||
// crazy reflection here
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(SPECIAL_PERMISSION);
|
||||
}
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@Override
|
||||
public Void run() {
|
||||
((Mustache) template.compiled()).execute(writer, vars);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
} catch (Exception e) {
|
||||
logger.error("Error running " + template, e);
|
||||
throw new ScriptException("Error running " + template, e);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
/*
|
||||
* Licensed to Elasticsearch under one or more contributor
|
||||
* license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright
|
||||
* ownership. Elasticsearch licenses this file to you under
|
||||
* the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
grant {
|
||||
// needed to do crazy reflection
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
};
|
||||
|
|
@ -1 +0,0 @@
|
|||
d957c3956797c9c057e65f6342eeb104fa20951e
|
||||
|
|
@ -0,0 +1 @@
|
|||
4e56ba76d6b23756b2bd4d9e42b2b00122cd4fa5
|
||||
|
|
@ -1 +0,0 @@
|
|||
2ea1253cd3a704dea02382d6f9abe7c2a58874ac
|
||||
|
|
@ -0,0 +1 @@
|
|||
d6ccac802dc1e4c177be043a173377cf5e517cff
|
||||
|
|
@ -1 +0,0 @@
|
|||
7f2132a00895c6eacfc735a4d6056275a692363b
|
||||
|
|
@ -0,0 +1 @@
|
|||
70ad9f6c3738727229867419d949527cc7789f62
|
||||
|
|
@ -1 +0,0 @@
|
|||
5eff0c934476356fcd608d574ce0af4104e5e2a4
|
||||
|
|
@ -0,0 +1 @@
|
|||
75504fd906929700e7d11f9600e4a79de48e1090
|
||||
|
|
@ -1 +0,0 @@
|
|||
210cab15ecf74e5a1bf35173ef5b0d420475694c
|
||||
|
|
@ -0,0 +1 @@
|
|||
9eeeeabeab89ec305e831d80bdcc7e85a1140fbb
|
||||
|
|
@ -19,7 +19,8 @@
|
|||
|
||||
grant {
|
||||
// needed because of problems in ClientConfiguration
|
||||
// TODO: get this fixed in aws sdk
|
||||
// TODO: get these fixed in aws sdk
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
// NOTE: no tests fail without this, but we know the problem
|
||||
// exists in AWS sdk, and tests here are not thorough
|
||||
permission java.lang.RuntimePermission "getClassLoader";
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ import java.io.IOException;
|
|||
import java.net.URL;
|
||||
import java.security.AccessController;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.*;
|
||||
|
|
@ -103,23 +104,33 @@ public class GceComputeServiceImpl extends AbstractLifecycleComponent<GceCompute
|
|||
public String metadata(String metadataPath) throws IOException {
|
||||
String urlMetadataNetwork = GCE_METADATA_URL + "/" + metadataPath;
|
||||
logger.debug("get metadata from [{}]", urlMetadataNetwork);
|
||||
URL url = new URL(urlMetadataNetwork);
|
||||
final URL url = new URL(urlMetadataNetwork);
|
||||
HttpHeaders headers;
|
||||
try {
|
||||
// hack around code messiness in GCE code
|
||||
// TODO: get this fixed
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new SpecialPermission());
|
||||
}
|
||||
headers = AccessController.doPrivileged(new PrivilegedExceptionAction<HttpHeaders>() {
|
||||
@Override
|
||||
public HttpHeaders run() throws IOException {
|
||||
return new HttpHeaders();
|
||||
}
|
||||
});
|
||||
GenericUrl genericUrl = AccessController.doPrivileged(new PrivilegedAction<GenericUrl>() {
|
||||
@Override
|
||||
public GenericUrl run() {
|
||||
return new GenericUrl(url);
|
||||
}
|
||||
});
|
||||
|
||||
// This is needed to query meta data: https://cloud.google.com/compute/docs/metadata
|
||||
headers.put("Metadata-Flavor", "Google");
|
||||
HttpResponse response;
|
||||
response = getGceHttpTransport().createRequestFactory()
|
||||
.buildGetRequest(new GenericUrl(url))
|
||||
.buildGetRequest(genericUrl)
|
||||
.setHeaders(headers)
|
||||
.execute();
|
||||
String metadata = response.parseAsString();
|
||||
|
|
|
|||
|
|
@ -20,13 +20,18 @@
|
|||
package org.elasticsearch.discovery.gce;
|
||||
|
||||
import com.google.api.client.auth.oauth2.Credential;
|
||||
import com.google.api.client.googleapis.testing.auth.oauth2.MockGoogleCredential;
|
||||
import com.google.api.client.http.*;
|
||||
import com.google.api.client.util.ExponentialBackOff;
|
||||
import com.google.api.client.util.Sleeper;
|
||||
|
||||
import org.elasticsearch.SpecialPermission;
|
||||
import org.elasticsearch.common.logging.ESLogger;
|
||||
import org.elasticsearch.common.logging.ESLoggerFactory;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.Objects;
|
||||
|
||||
public class RetryHttpInitializerWrapper implements HttpRequestInitializer {
|
||||
|
|
@ -61,6 +66,21 @@ public class RetryHttpInitializerWrapper implements HttpRequestInitializer {
|
|||
this.maxWait = maxWait;
|
||||
}
|
||||
|
||||
// Use only for testing
|
||||
static MockGoogleCredential.Builder newMockCredentialBuilder() {
|
||||
// TODO: figure out why GCE is so bad like this
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new SpecialPermission());
|
||||
}
|
||||
return AccessController.doPrivileged(new PrivilegedAction<MockGoogleCredential.Builder>() {
|
||||
@Override
|
||||
public MockGoogleCredential.Builder run() {
|
||||
return new MockGoogleCredential.Builder();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initialize(HttpRequest httpRequest) {
|
||||
final HttpUnsuccessfulResponseHandler backoffHandler =
|
||||
|
|
|
|||
|
|
@ -19,5 +19,6 @@
|
|||
|
||||
grant {
|
||||
// needed because of problems in gce
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
|
|||
FailThenSuccessBackoffTransport fakeTransport =
|
||||
new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 3);
|
||||
|
||||
MockGoogleCredential credential = new MockGoogleCredential.Builder()
|
||||
MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
|
||||
.build();
|
||||
MockSleeper mockSleeper = new MockSleeper();
|
||||
|
||||
|
|
@ -122,7 +122,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
|
|||
FailThenSuccessBackoffTransport fakeTransport =
|
||||
new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, maxRetryTimes);
|
||||
JsonFactory jsonFactory = new JacksonFactory();
|
||||
MockGoogleCredential credential = new MockGoogleCredential.Builder()
|
||||
MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
|
||||
.build();
|
||||
|
||||
MockSleeper oneTimeSleeper = new MockSleeper() {
|
||||
|
|
@ -155,7 +155,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
|
|||
FailThenSuccessBackoffTransport fakeTransport =
|
||||
new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 1, true);
|
||||
|
||||
MockGoogleCredential credential = new MockGoogleCredential.Builder()
|
||||
MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
|
||||
.build();
|
||||
MockSleeper mockSleeper = new MockSleeper();
|
||||
RetryHttpInitializerWrapper retryHttpInitializerWrapper = new RetryHttpInitializerWrapper(credential, mockSleeper, 500);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
|
||||
grant {
|
||||
// needed because of problems in ClientConfiguration
|
||||
// TODO: get this fixed in aws sdk
|
||||
// TODO: get these fixed in aws sdk
|
||||
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
||||
permission java.lang.RuntimePermission "getClassLoader";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ public class VersionUtils {
|
|||
|
||||
private static final List<Version> SORTED_VERSIONS;
|
||||
static {
|
||||
Field[] declaredFields = Version.class.getDeclaredFields();
|
||||
Field[] declaredFields = Version.class.getFields();
|
||||
Set<Integer> ids = new HashSet<>();
|
||||
for (Field field : declaredFields) {
|
||||
final int mod = field.getModifiers();
|
||||
|
|
|
|||
|
|
@ -705,7 +705,7 @@ public class ElasticsearchAssertions {
|
|||
IllegalAccessException, InvocationTargetException {
|
||||
try {
|
||||
Class<? extends Streamable> clazz = streamable.getClass();
|
||||
Constructor<? extends Streamable> constructor = clazz.getDeclaredConstructor();
|
||||
Constructor<? extends Streamable> constructor = clazz.getConstructor();
|
||||
assertThat(constructor, Matchers.notNullValue());
|
||||
Streamable newInstance = constructor.newInstance();
|
||||
return newInstance;
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ public class LoggingListenerTests extends ESTestCase {
|
|||
assertThat(xyzLogger.getLevel(), nullValue());
|
||||
assertThat(abcLogger.getLevel(), nullValue());
|
||||
|
||||
Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod");
|
||||
Method method = TestClass.class.getMethod("annotatedTestMethod");
|
||||
TestLogging annotation = method.getAnnotation(TestLogging.class);
|
||||
Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation);
|
||||
loggingListener.testStarted(testDescription);
|
||||
|
|
@ -105,7 +105,7 @@ public class LoggingListenerTests extends ESTestCase {
|
|||
assertThat(abcLogger.getLevel(), equalTo("ERROR"));
|
||||
assertThat(xyzLogger.getLevel(), nullValue());
|
||||
|
||||
Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod");
|
||||
Method method = TestClass.class.getMethod("annotatedTestMethod");
|
||||
TestLogging annotation = method.getAnnotation(TestLogging.class);
|
||||
Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation);
|
||||
loggingListener.testStarted(testDescription);
|
||||
|
|
@ -116,7 +116,7 @@ public class LoggingListenerTests extends ESTestCase {
|
|||
assertThat(abcLogger.getLevel(), equalTo("ERROR"));
|
||||
assertThat(xyzLogger.getLevel(), nullValue());
|
||||
|
||||
Method method2 = TestClass.class.getDeclaredMethod("annotatedTestMethod2");
|
||||
Method method2 = TestClass.class.getMethod("annotatedTestMethod2");
|
||||
TestLogging annotation2 = method2.getAnnotation(TestLogging.class);
|
||||
Description testDescription2 = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod2", annotation2);
|
||||
loggingListener.testStarted(testDescription2);
|
||||
|
|
|
|||
Loading…
Reference in New Issue