Commit Graph

2745 Commits

Author SHA1 Message Date
Robert Muir a7cc91e868 Merge pull request #15501 from rmuir/sheisty_classes
thirdPartyAudit round 2
2015-12-17 03:44:27 -05:00
Robert Muir 6692e42d9a thirdPartyAudit round 2
This fixes the `lenient` parameter to be `missingClasses`. I will remove this boolean and we can handle them via the normal whitelist.
It also adds a check for sheisty classes (jar hell with the jdk).
This is inspired by the lucene "sheisty" classes check, but it has false positives. This check is more evil, it validates every class file against the extension classloader as a resource, to see if it exists there. If so: jar hell.

This jar hell is a problem for several reasons:

1. causes insanely-hard-to-debug problems (like bugs in forbidden-apis)
2. hides problems (like internal api access)
3. the code you think is executing, is not really executing
4. security permissions are not what you think they are
5. brings in unnecessary dependencies
6. its jar hell

The more difficult problems are stuff like jython, where these classes are simply 'uberjared' directly in, so you cant just fix them by removing a bogus dependency. And there is a legit reason for them to do that, they want to support java 1.4.
2015-12-17 02:35:00 -05:00
Jack Conradson 4523eaec88 Added plumbing for compile time script parameters.
Closes #15464
2015-12-16 18:29:21 -08:00
Robert Muir 4f9d4103f2 Merge pull request #15491 from rmuir/forbidden_third_party
Add gradle thirdPartyAudit to precommit tasks
2015-12-16 18:56:50 -05:00
Robert Muir 42138007db add some more comments about internal api usage 2015-12-16 18:56:02 -05:00
Robert Muir ee79d46583 Add gradle thirdPartyAudit to precommit tasks 2015-12-16 16:38:16 -05:00
Ryan Ernst a2b8f4b90a Merge pull request #15434 from rjernst/http_type
Expose http.type setting, and collapse al(most all) modules relating to transport/http
2015-12-16 11:54:30 -08:00
Adrien Grand 5d5c6591aa Validate that fields are defined only once.
There are two ways that a field can be defined twice:
 - by reusing the name of a meta mapper in the root object (`_id`, `_routing`,
   etc.)
 - by defining a sub-field both explicitly in the mapping and through the code
   in a field mapper (like ExternalMapper does)

This commit adds new checks in order to make sure this never happens.

Close #15057
2015-12-15 10:37:18 +01:00
Ryan Ernst 60d35c81af Plugins: Expose http.type setting, and collapse al(most all) modules relating to transport/http
This change adds back the http.type setting. It also cleans up all the
transport related guice code to be consolidated within the
NetworkModule (as transport and http related stuff is what and how ES
exposes over the network). The setter methods previously used by some
plugins to override eg the TransportService or HttpServerTransport are
removed, and those plugins should now register a custom implementation
of the class with a name and set that using the appropriate config
setting. Note that I think ActionModule should also be moved into here,
to sit along side the rest actions, but I left that for a followup.

closes #14148
2015-12-14 22:01:04 -08:00
Jason Tedor 11cbc08e45 Fix compilation in o.e.m.t.SimpleSortTests 2015-12-11 11:46:50 -05:00
Jason Tedor 3383c24be0 Remove and forbid use of Collections#shuffle(List) and Random#<init>()
This commit removes and now forbids all uses of
Collections#shuffle(List) and Random#<init>() across the codebase. The
rationale for removing and forbidding these methods is to increase test
reproducibility. As these methods use non-reproducible seeds, production
code and tests that rely on these methods contribute to
non-reproducbility of tests.

Instead of Collections#shuffle(List) the method
Collections#shuffle(List, Random) can be used. All that is required then
is a reproducible source of randomness. Consequently, the utility class
Randomness has been added to assist in creating reproducible sources of
randomness.

Instead of Random#<init>(), Random#<init>(long) with a reproducible seed
or the aforementioned Randomess class can be used.

Closes #15287
2015-12-11 11:16:38 -05:00
Robert Muir 1e8f9558a0 Remove now-dead code in expressions (fixed in https://issues.apache.org/jira/browse/LUCENE-6920) 2015-12-10 14:50:32 -05:00
Robert Muir 2741888498 Remove RuntimePermission("accessDeclaredMembers")
Upgrades lucene to 5.5.0-1719088, randomizedtesting to 2.3.2, and securemock to 1.2
2015-12-10 14:26:55 -05:00
Robert Muir e454fadc22 Merge branch 'master' into shave_mustache 2015-12-10 07:58:24 -05:00
Areek Zillur 025e9818e7 Refactors TransportReplicationAction to decouple request routing and shard operation logic 2015-12-10 01:32:07 -05:00
Robert Muir 61266dee19 mark messy rest test as messy and add to messy tests lists 2015-12-09 19:21:35 -05:00
Ryan Ernst 74dc5bf20a Fix template query parser tests to register mustache script engine 2015-12-08 21:33:48 -08:00
Ryan Ernst b7fb0824be Fix render search template tests 2015-12-08 21:33:48 -08:00
Robert Muir a6e1655fe9 fix integ tests 2015-12-09 00:30:32 -05:00
Robert Muir 17436d4332 get gradle check passing for lang-mustache 2015-12-09 00:10:37 -05:00
Robert Muir 3632ddf497 split out mustache methods so groovy works again 2015-12-09 00:00:40 -05:00
Ryan Ernst 907d3cf878 move template query builder tests back to core (using mockscript) 2015-12-08 20:26:45 -08:00
Robert Muir 2e299860e5 refactor mustache to lang-mustache plugin. No rest tests yet. 2015-12-08 22:45:21 -05:00
Robert Muir 3c419c2186 do expressions consistently with other engines 2015-12-05 22:08:40 -05:00
Robert Muir 2169a123a5 Filter classes loaded by scripts
Since 2.2 we run all scripts with minimal privileges, similar to applets in your browser.
The problem is, they have unrestricted access to other things they can muck with (ES, JDK, whatever).
So they can still easily do tons of bad things

This PR restricts what classes scripts can load via the classloader mechanism, to make life more difficult.
The "standard" list was populated from the old list used for the groovy sandbox: though
a few more were needed for tests to pass (java.lang.String, java.util.Iterator, nothing scary there).

Additionally, each scripting engine typically needs permissions to some runtime stuff.
That is the downside of this "good old classloader" approach, but I like the transparency and simplicity,
and I don't want to waste my time with any feature provided by the engine itself for this, I don't trust them.

This is not perfect and the engines are not perfect but you gotta start somewhere. For expert users that
need to tweak the permissions, we already support that via the standard java security configuration files, the
specification is simple, supports wildcards, etc (though we do not use them ourselves).
2015-12-05 21:46:52 -05:00
Robert Muir 46377778a9 Merge branch 'master' into getClassLoader 2015-12-04 15:58:36 -05:00
Robert Muir 7160c5ec15 list modules separately in pluginservice 2015-12-04 01:13:17 -05:00
Ryan Ernst a8e9403204 added gradle checks for modules configuration, and ability to add
modules to integ test cluster
2015-12-03 20:53:06 -08:00
Ryan Ernst 0a4a81afaf Added modules, distributions now include them (just plugins installed in
a diff dir)
2015-12-03 14:18:26 -08:00
Shay Banon bf0caafa04 remove old modules and gradle 2011-12-06 01:01:04 +02:00
Shay Banon a8fd2d48b8 first cleanup phase, move to single src 2011-12-06 00:59:23 +02:00
Shay Banon 9995d27841 Analysis: Add arabic, brazilian, czech to stemmer token filter language options, closes #1519. 2011-12-04 16:36:42 +02:00
Shay Banon 720954d8a6 Version missing a space, closes #1517. 2011-12-04 12:48:29 +02:00
Shay Banon 032e215f25 search missing from stats when using clear and search params, closes #1516. 2011-12-02 12:32:51 +02:00
Shay Banon be282cc4c8 Improve highlighting perf (a bit) by reusing some constructs across hits, closes #1513. 2011-11-30 19:15:31 +02:00
Shay Banon c93ddd9b61 check against hte fieldName... 2011-11-30 13:34:21 +02:00
Shay Banon 6c552b4187 have DocSet implement Bits interface 2011-11-29 23:53:38 +02:00
Shay Banon a21c0829c7 Query DSL: Bool filter does not take should clauses properly into account, closes #1511. 2011-11-29 22:39:07 +02:00
Shay Banon 76307a5e73 cleanup 2011-11-29 21:28:07 +02:00
Shay Banon e9d2f44d49 Query DSL: Bool filter does not take should clauses properly into account, closes #1511. 2011-11-29 21:27:36 +02:00
Shay Banon de49a313c5 Query DSL: Bool filter does not take should clauses properly into account, closes #1511. 2011-11-29 21:23:41 +02:00
Shay Banon 9bb9ce4e84 add 0.18.6 2011-11-29 13:55:11 +02:00
Shay Banon ae4ae598e3 make node closed exception serializable 2011-11-29 10:18:13 +02:00
Shay Banon b2fa6b7a94 When _source is disabled, don't return it in realtime get fetching the document from the transaction log, closes #1509. 2011-11-29 09:39:46 +02:00
Shay Banon e9fe8ec469 sync with latest Lucene block join, init parentDoc to -1, which makes the assert commented out valid again 2011-11-28 23:47:31 +02:00
Shay Banon 6b894d9f53 add the option to get mapping as a parsed map, also do some internal refactoring to share the code that parses into a map 2011-11-28 20:19:02 +02:00
Njal Karevoll b1707d219f set "http" on NodeInfo instances if it is passed in the constructor 2011-11-28 17:08:28 +02:00
Shay Banon d5aa7574f3 Upgrade to netty 3.2.7, closes #1506. 2011-11-28 14:48:49 +02:00
Shay Banon 4be7866bd9 Registering a percolate query with additional "object" level metadata can fail, closes #1505. 2011-11-27 18:06:18 +02:00
Shay Banon 32f1edf6f7 Analysis: Add language setting to lowercase filter, supporting greek and turkish, closes #1503. 2011-11-27 13:39:05 +02:00