Consider multi release jars when running third party audit (#33206)

Exclude classes meant for newer versions than what we are auditing against, those classes won't be found. There's no reason to exclude JDK classes from newer versions, with this PR, we will not extract them in the first place.
2018-08-29 09:53:04 +03:00 · 2018-08-29 09:53:04 +03:00 · f29f0af7bc
parent 2dc4a5bb56
commit f29f0af7bc
5 changed files with 24 additions and 55 deletions
--- a/buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy
+++ b/buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy
@ -87,6 +87,7 @@ class PrecommitTasks {
            dependsOn(buildResources)
            signatureFile = buildResources.copy("forbidden/third-party-audit.txt")
            javaHome = project.runtimeJavaHome
+            targetCompatibility = project.runtimeJavaVersion
        }
        return thirdPartyAuditTask
    }
--- a/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java
+++ b/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java
@ -23,6 +23,7 @@ import org.elasticsearch.gradle.JdkJarHellCheck;
 import org.elasticsearch.test.NamingConventionsCheck;
 import org.gradle.api.DefaultTask;
 import org.gradle.api.GradleException;
+import org.gradle.api.JavaVersion;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.file.FileCollection;
 import org.gradle.api.tasks.Input;
@ -66,6 +67,17 @@ public class ThirdPartyAuditTask extends DefaultTask {

    private String javaHome;

+    private JavaVersion targetCompatibility;
+
+    @Input
+    public JavaVersion getTargetCompatibility() {
+        return targetCompatibility;
+    }
+
+    public void setTargetCompatibility(JavaVersion targetCompatibility) {
+        this.targetCompatibility = targetCompatibility;
+    }
+
    @InputFiles
    public Configuration getForbiddenAPIsConfiguration() {
        return getProject().getConfigurations().getByName("forbiddenApisCliJar");
@ -157,10 +169,19 @@ public class ThirdPartyAuditTask extends DefaultTask {

    private void extractJars(FileCollection jars) {
        File jarExpandDir = getJarExpandDir();
+        // We need to clean up to make sure old dependencies don't linger
+        getProject().delete(jarExpandDir);
        jars.forEach(jar ->
            getProject().copy(spec -> {
                spec.from(getProject().zipTree(jar));
                spec.into(jarExpandDir);
+                // Exclude classes for multi release jars above target
+                for (int i = Integer.parseInt(targetCompatibility.getMajorVersion()) + 1;
+                     i <= Integer.parseInt(JavaVersion.VERSION_HIGHER.getMajorVersion());
+                     i++
+                ) {
+                  spec.exclude("META-INF/versions/" + i + "/**");
+                }
            })
        );
    }
--- a/server/build.gradle
+++ b/server/build.gradle
@ -304,21 +304,6 @@ thirdPartyAudit.excludes = [
  'com.google.common.geometry.S2LatLng',
 ]

-if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
-          // Used by Log4J 2.11.1
-            'java.io.ObjectInputFilter',
-            'java.io.ObjectInputFilter$Config',
-            'java.io.ObjectInputFilter$FilterInfo',
-            'java.io.ObjectInputFilter$Status',
-          // added in 9
-            'java.lang.ProcessHandle',
-            'java.lang.StackWalker',
-            'java.lang.StackWalker$Option',
-            'java.lang.StackWalker$StackFrame'
-  ]
-}
-
 if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
  thirdPartyAudit.excludes += ['javax.xml.bind.DatatypeConverter']
 }
--- a/test/logger-usage/build.gradle
+++ b/test/logger-usage/build.gradle
@ -42,23 +42,4 @@ thirdPartyAudit.excludes = [
  'org.osgi.framework.SynchronousBundleListener',
  'org.osgi.framework.wiring.BundleWire',
  'org.osgi.framework.wiring.BundleWiring'
-]
-
-if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-  // Used by Log4J 2.11.1
-  thirdPartyAudit.excludes += [
-    'java.io.ObjectInputFilter',
-    'java.io.ObjectInputFilter$Config',
-    'java.io.ObjectInputFilter$FilterInfo',
-    'java.io.ObjectInputFilter$Status'
-  ]
-}
-
-if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
-     'java.lang.ProcessHandle',
-     'java.lang.StackWalker',
-     'java.lang.StackWalker$Option',
-     'java.lang.StackWalker$StackFrame'
-  ]
-}
+]
--- a/x-pack/plugin/sql/sql-action/build.gradle
+++ b/x-pack/plugin/sql/sql-action/build.gradle
@ -138,23 +138,4 @@ thirdPartyAudit.excludes = [
        'org.zeromq.ZMQ$Context',
        'org.zeromq.ZMQ$Socket',
        'org.zeromq.ZMQ'
-]
-
-if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-    // Used by Log4J 2.11.1
-    thirdPartyAudit.excludes += [
-      'java.io.ObjectInputFilter',
-      'java.io.ObjectInputFilter$Config',
-      'java.io.ObjectInputFilter$FilterInfo',
-      'java.io.ObjectInputFilter$Status'
-    ]
-}
-
-if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
-    thirdPartyAudit.excludes += [
-      'java.lang.ProcessHandle',
-      'java.lang.StackWalker',
-      'java.lang.StackWalker$Option',
-      'java.lang.StackWalker$StackFrame'
-    ]
-}
+]