Skip to content

Commit

Permalink
Consider multi release jars when running third party audit (#33206)
Browse files Browse the repository at this point in the history
Exclude classes meant for newer versions than what we are auditing against, those classes won't be found. There's no reason to exclude JDK classes from newer versions, with this PR, we will not extract them in the first place.
  • Loading branch information
alpar-t authored Aug 29, 2018
1 parent 2dc4a5b commit f29f0af
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 55 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ class PrecommitTasks {
dependsOn(buildResources)
signatureFile = buildResources.copy("forbidden/third-party-audit.txt")
javaHome = project.runtimeJavaHome
targetCompatibility = project.runtimeJavaVersion
}
return thirdPartyAuditTask
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.elasticsearch.test.NamingConventionsCheck;
import org.gradle.api.DefaultTask;
import org.gradle.api.GradleException;
import org.gradle.api.JavaVersion;
import org.gradle.api.artifacts.Configuration;
import org.gradle.api.file.FileCollection;
import org.gradle.api.tasks.Input;
Expand Down Expand Up @@ -66,6 +67,17 @@ public class ThirdPartyAuditTask extends DefaultTask {

private String javaHome;

private JavaVersion targetCompatibility;

@Input
public JavaVersion getTargetCompatibility() {
return targetCompatibility;
}

public void setTargetCompatibility(JavaVersion targetCompatibility) {
this.targetCompatibility = targetCompatibility;
}

@InputFiles
public Configuration getForbiddenAPIsConfiguration() {
return getProject().getConfigurations().getByName("forbiddenApisCliJar");
Expand Down Expand Up @@ -157,10 +169,19 @@ public void runThirdPartyAudit() throws IOException {

private void extractJars(FileCollection jars) {
File jarExpandDir = getJarExpandDir();
// We need to clean up to make sure old dependencies don't linger
getProject().delete(jarExpandDir);
jars.forEach(jar ->
getProject().copy(spec -> {
spec.from(getProject().zipTree(jar));
spec.into(jarExpandDir);
// Exclude classes for multi release jars above target
for (int i = Integer.parseInt(targetCompatibility.getMajorVersion()) + 1;
i <= Integer.parseInt(JavaVersion.VERSION_HIGHER.getMajorVersion());
i++
) {
spec.exclude("META-INF/versions/" + i + "/**");
}
})
);
}
Expand Down
15 changes: 0 additions & 15 deletions server/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -304,21 +304,6 @@ thirdPartyAudit.excludes = [
'com.google.common.geometry.S2LatLng',
]

if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
thirdPartyAudit.excludes += [
// Used by Log4J 2.11.1
'java.io.ObjectInputFilter',
'java.io.ObjectInputFilter$Config',
'java.io.ObjectInputFilter$FilterInfo',
'java.io.ObjectInputFilter$Status',
// added in 9
'java.lang.ProcessHandle',
'java.lang.StackWalker',
'java.lang.StackWalker$Option',
'java.lang.StackWalker$StackFrame'
]
}

if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.excludes += ['javax.xml.bind.DatatypeConverter']
}
Expand Down
21 changes: 1 addition & 20 deletions test/logger-usage/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -42,23 +42,4 @@ thirdPartyAudit.excludes = [
'org.osgi.framework.SynchronousBundleListener',
'org.osgi.framework.wiring.BundleWire',
'org.osgi.framework.wiring.BundleWiring'
]

if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
// Used by Log4J 2.11.1
thirdPartyAudit.excludes += [
'java.io.ObjectInputFilter',
'java.io.ObjectInputFilter$Config',
'java.io.ObjectInputFilter$FilterInfo',
'java.io.ObjectInputFilter$Status'
]
}

if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
thirdPartyAudit.excludes += [
'java.lang.ProcessHandle',
'java.lang.StackWalker',
'java.lang.StackWalker$Option',
'java.lang.StackWalker$StackFrame'
]
}
]
21 changes: 1 addition & 20 deletions x-pack/plugin/sql/sql-action/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -138,23 +138,4 @@ thirdPartyAudit.excludes = [
'org.zeromq.ZMQ$Context',
'org.zeromq.ZMQ$Socket',
'org.zeromq.ZMQ'
]

if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
// Used by Log4J 2.11.1
thirdPartyAudit.excludes += [
'java.io.ObjectInputFilter',
'java.io.ObjectInputFilter$Config',
'java.io.ObjectInputFilter$FilterInfo',
'java.io.ObjectInputFilter$Status'
]
}

if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
thirdPartyAudit.excludes += [
'java.lang.ProcessHandle',
'java.lang.StackWalker',
'java.lang.StackWalker$Option',
'java.lang.StackWalker$StackFrame'
]
}
]

0 comments on commit f29f0af

Please sign in to comment.