Skip to content

Commit

Permalink
fix(cli): Guard against foreign classpath items with a pathing JAR
Browse files Browse the repository at this point in the history
To not blindly add any JAR to the classpath that has been copied to the
distribution's "lib" directory, build a "pathing JAR" whose manifest
contains the intended runtime classpath. Then only use that JAR and the
main CLI JAR as the classpath for the application.

Fixes #9372.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
  • Loading branch information
sschuberth committed Nov 5, 2024
1 parent b43a41a commit 06059dd
Showing 1 changed file with 28 additions and 6 deletions.
34 changes: 28 additions & 6 deletions buildSrc/src/main/kotlin/ort-application-conventions.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -164,28 +164,50 @@ tasks.named<BuildNativeImageTask>("nativeCompile") {
}
}

val jar by tasks.getting(Jar::class)

val pathingJar by tasks.registering(Jar::class) {
archiveClassifier = "pathing"

manifest {
// Work around the command line length limit on Windows when passing the classpath to Java, see
// https://github.com/gradle/gradle/issues/1989.
attributes["Class-Path"] = configurations.runtimeClasspath.get().joinToString(" ") { it.name }
}
}

tasks.named<CreateStartScripts>("startScripts") {
classpath = jar.outputs.files + pathingJar.get().outputs.files

doLast {
// Work around the command line length limit on Windows when passing the classpath to Java, see
// https://github.com/gradle/gradle/issues/1989#issuecomment-395001392.
// Append the plugin directory to the Windows classpath.
val windowsScriptText = windowsScript.readText(Charset.defaultCharset())
windowsScript.writeText(
windowsScriptText.replace(
Regex("set CLASSPATH=%APP_HOME%\\\\lib\\\\.*"),
"set CLASSPATH=%APP_HOME%\\\\lib\\\\*;%APP_HOME%\\\\plugin\\\\*"
Regex("(set CLASSPATH=%APP_HOME%\\\\lib\\\\.*)"), "$1;%APP_HOME%\\\\plugin\\\\*"
)
)

// Append the plugin directory to the Unix classpath.
val unixScriptText = unixScript.readText(Charset.defaultCharset())
unixScript.writeText(
unixScriptText.replace(
Regex("CLASSPATH=\\\$APP_HOME/lib/.*"),
"CLASSPATH=\\\$APP_HOME/lib/*:\\\$APP_HOME/plugin/*"
Regex("(CLASSPATH=\\\$APP_HOME/lib/.*)"), "$1:\\\$APP_HOME/plugin/*"
)
)
}
}

distributions {
main {
contents {
from(pathingJar) {
into("lib")
}
}
}
}

val distTar = tasks.named<Tar>("distTar") {
compression = Compression.GZIP
}
Expand Down

0 comments on commit 06059dd

Please sign in to comment.