Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename internalRuntimeForbidden and make heuristics reliable #95

Merged
merged 16 commits into from
Dec 29, 2015
Merged

Rename internalRuntimeForbidden and make heuristics reliable #95

merged 16 commits into from
Dec 29, 2015

Conversation

uschindler
Copy link
Member

This rewrite does the following:

  • Rename the setting (internally at the moment): internalRuntimeForbidden -> nonPortableRuntimeForbidden
  • On Java 9 (w/wo Jigsaw) check module system for runtime class flag (module name starts with "java." or "jdk."). This solves fixes issue Java 9: Better detection of runtime classes #54. This is officially documented by the Java 9 Jigsaw spec. Module names that are shipped with JDK can be detected by a prefix check. 3rd party, non-runtime modules would no longer be declared as internal. This is important for next:
  • Invert the package pattern: Only list packages in official Java documentation (java., javax., and few others extracted from Javadocs) instead of having a black list.

The new algorithm is simple:
If a class loaded is from the Java runtime (fixed in #91) and the module is correct, we will do a package name against a whitelist, extracted from Java 8 Javadocs. This will also detect non-portable classes from non-Oracle runtimes correctly. Just everything from the runtime packages (files under java.home or from modules in Java 9 that are part of runtime) is checked for package whitelist, everything else is not documented.

If somebody (like @rmuir in his JAR file tests) only wants to forbid "internal" packages according to security settings, the bundled signatures files can be used.

In this PR I will also remove the special flag "internalRuntimeForbidden" (deprecate and remove later!) and make the heuristics available as bundled signature. The bundled signature just does not exist as file in JAR file, it points to the rewriten heuristics code.

@uschindler
First stab on rewriting internalRuntimeForbidden heuristics to be rel…
2fbc274 
…iable without static signature file:

- On Java 9 (w/wo Jigsaw) check module system for runtime class (module name starts with "java." or "jdk.")
- Invert the package pattern: Only list packages in official Java documentation (java.*, javax.* and few others extracted from Javadocs)
- Start to rename the setting: internalRuntimeForbidden -> nonPortableRuntimeForbidden
@uschindler uschindler self-assigned this Dec 27, 2015
@uschindler uschindler added this to the 2.1 milestone Dec 27, 2015
@uschindler uschindler mentioned this pull request Dec 27, 2015
Closed
@uschindler uschindler mentioned this pull request Dec 27, 2015
Closed
@uschindler
Copy link
Member Author

All is implemented. 'internalRuntimForbidden' is deprecated and users should migrate to bundled signatures instead:

  • jdk-non-portable: improved heuristics as described above, works also with Java 9 module system. The signatures file is not existing in JAR file, it just refers to the completely rewritten heuristics.
  • jdk-internal: static signatures of stuff thats marked as internal in JDK and produces a SecurityException if executed with SecurityManager available. The list of packages is extracted from security property and bundled with forbiddenapis.

I will merge this now into master.

uschindler added a commit that referenced this pull request Dec 29, 2015
@uschindler
Merge pull request #95 from policeman-tools/features/internalRuntimeR…
e9f5181 
…ewrite

Rename internalRuntimeForbidden and make heuristics reliable
@uschindler uschindler merged commit e9f5181 into master Dec 29, 2015
@uschindler uschindler deleted the features/internalRuntimeRewrite branch December 29, 2015 11:53
@lukehutch lukehutch mentioned this pull request Dec 22, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@uschindler uschindler

Labels
enhancement
Milestone
2.1
Development

Successfully merging this pull request may close these issues.
1 participant
@uschindler