diff --git a/settings.gradle b/settings.gradle index cca3ef0b8..23d836865 100644 --- a/settings.gradle +++ b/settings.gradle @@ -9,4 +9,5 @@ include 'temporal-kotlin' include 'temporal-spring-boot-autoconfigure' include 'temporal-spring-boot-starter' include 'temporal-remote-data-encoder' -include 'temporal-shaded' \ No newline at end of file +include 'temporal-shaded' +include 'temporal-workflowcheck' \ No newline at end of file diff --git a/temporal-workflowcheck/README.md b/temporal-workflowcheck/README.md new file mode 100644 index 000000000..8d2e6a04c --- /dev/null +++ b/temporal-workflowcheck/README.md @@ -0,0 +1,325 @@ +# Temporal Workflow Check for Java + +Temporal workflowcheck is a utility scans Java bytecode looking for workflow implementation methods that do invalid +things. This mostly centers around +[workflow logic constraints](https://docs.temporal.io/dev-guide/java/foundations#workflow-logic-requirements) that +require workflows are deterministic. Currently it will catch when a workflow method does any of the following: + +* Invokes a method that is configured as invalid (e.g. threading, IO, random, system time, etc) +* Accesses a static field configured as invalid (e.g. `System.out`) +* Accesses a non-final static field +* Invokes a method that itself violates any of the above rules + +With the last rule, that means this analyzer is recursive and gathers information transitively to ensure +non-deterministic calls aren't made indirectly. + +⚠️ BETA + +This software is beta quality. We are gathering feedback before considering it stable. + +## Running + +### Prerequisites + +* JDK 8+ + +### Running manually + +The all-in-one JAR is best for running manually. Either download the latest version `-all.jar` from +https://repo1.maven.org/maven2/io/temporal/temporal-workflowcheck or build via `gradlew :temporal-workflowcheck:build` +then obtain `-all.jar` in `temporal-workflowcheck/build/libs`. + +Simply running the following will show help text: + + java -jar path/to/temporal-workflowcheck--all.jar --help + +Replace `` with the actual version. The `check` call runs the workflow check and it accepts classpath entries +as arguments, for example: + + java -jar path/to/temporal-workflowcheck--all.jar check path/to/my.jar path/to/my/classes/ + +The `check` command accepts the following arguments: + +* `--config ` - Path to a `.properties` configuration file. Multiple `--config` arguments can be provided with + the later overriding the earlier. See the [Configuration](#configuration) section for details. +* `--no-default-config` - If present, the default configuration file will not be the implied first configuration file. +* `--show-valid` - In addition to showing invalid workflow methods, also show which workflow methods are valid. +* `` - All other arguments are classpath entries. This accepts the same values as `-cp` on `java` + commands. Each entry can be a set of entries separated by platform-specific path separator (i.e. `;` for Windows or + `:` for Nix), or prefixed with an `@` symbol saying it's a file with entries one per line, or just as separate + arguments. They are all combined to one large classpath when running. + +### Running in a Gradle project + +See the [Gradle sample](samples/gradle). + +### Running in a Maven project + +See the [Maven sample](samples/maven). + +### Running programmatically + +The workflowcheck utility is also a library. The `io.temporal.workflowcheck.WorkflowCheck` class can be instantiated +with a `io.temporal.workflowcheck.Config` and then `findWorkflowClasses` can be run with classpath entries. This will +return details about every workflow method implementation found, including invalid pieces. + +## Usage + +To use workflowcheck effectively, users may have to add configuration and warning-suppression to properly handle false +positives. + +### Configuration + +workflowcheck configuration is done via `.properties` file(s). The main use of configuration is to configure what the +system considers an "invalid" method or field. Each property is in the format: + +``` +temporal.workflowcheck.invalid.[[some/package/]ClassName.]memberName[(Lmethod/Descriptor;)V]=true|false +``` + +The key names after `temporal.workflowcheck.invalid.` are known as "descriptor patterns" and these patterns are checked +to see whether a call or field access is invalid. If the value is `true` the pattern is considered invalid and if it is +`false` it is considered valid. When supplying properties files as configuration, the later-provided configuration keys +overwrite the earlier keys. During checking, the more-specific patterns are checked first and the first, most-specific +one to say whether it is valid or invalid is what is used. This means that, given the following two properties: + +``` +temporal.workflowcheck.invalid.my/package/MyUnsafeClass=true +temporal.workflowcheck.invalid.my/package/MyUnsafeClass.safeMethod=false +``` + +Every method and static field on `my.package.MyUnsafeClass` is considered invalid _except_ for `safeMethod`. + +The [implied default configuration](src/main/resources/io/temporal/workflowcheck/workflowcheck.properties) contains a +good set of default invalid/valid configurations to catch most logic mistakes. Additional configurations can be more +specific. For example, the default configuration disallows any calls on `java.lang.Thread`. But if, say, a failure is +reported for `java.lang.Thread.getId()` but it is known to be used safely/deterministically by Temporal's definition, +then a configuration file with the following will make it valid: + +``` +temporal.workflowcheck.invalid.java/lang/Thread.getId=false +``` + +When the system checks for valid/invalid, it checks the most-specific to least-specific (kinda), trying to find whether +there is a key present (regardless of whether it is `true` or `false`) and it uses that value. For example, when the +system encounters a call to `myString.indexOf("foo", 123)`, it will check for the following keys in order (the +`temporal.workflowcheck.invalid.` prefix is removed for brevity): + +* `java/lang/String.indexOf(Ljava/lang/String;I)` +* `java/lang/String.indexOf` +* `String.indexOf(Ljava/lang/String;I)` +* `String.indexOf` +* `indexOf(Ljava/lang/String;I)` +* `indexOf` +* `String` +* `java/lang/String` +* `java/lang` +* `java` + +The class name is the binary class name as defined by the JVM spec. The method descriptor is the method descriptor as +defined by the JVM spec but with the return type removed (return types can be covariant across interfaces and therefore +not useful for our strict checking). + +Note, in order to support superclass/superinterface checking, if nothing is found for the type, the same method is +checked against the superclass and superinterfaces. So technically `java/lang/Object.indexOf` would match even though +that method does not exist. This is by intention to allow marking entire hierarchies of methods invalid (e.g. +`Map.forEach=true` but `LinkedHashMap.forEach=false`). + +There is advanced logic with inheritance and how the proper implementation of a method is determined including resolving +interface default methods, but that is beyond this documentation. Users are encouraged to write tests confirming +behavior of configuration keys. + +### Suppressing warnings + +Usually in Java when wanting to suppress warnings on source code, the `@SuppressWarnings` annotation in `java.lang` is +used. However, workflowcheck operates on bytecode and that annotation is not preserved in bytecode. As an alternative, +the `@WorkflowCheck.SuppressWarnings` annotation is available in `io.temporal.workflowcheck` that will ignore errors. +For instance, one could have: + +```java +@WorkflowCheck.SuppressWarnings +public long getCurrentMillis() { + return System.currentTimeMillis(); +} +``` + +This will now consider `getCurrentMillis` as valid regardless of what's inside it. Since the retention policy on the +`@WorkflowCheck.SuppressWarnings` annotation is `CLASS`, it is not even required to be present at runtime. So the +`workflowcheck` library can just be a compile-only dependency (i.e. `provided` scope in Maven or `compileOnly` in +Gradle), the library is not needed at runtime. + +the `@WorkflowCheck.SuppressWarnings` annotation provides an `invalidMembers` field that can be a set of the descriptor +patterns mentioned in the [Configuration](#configuration) section above. When not set, every invalid piece is accepted, +so users are encouraged to at least put the method/field name they want to allow so accidental suppression is avoided. +That means the above snippet would become: + +```java +@WorkflowCheck.SuppressWarnings(invalidMembers = "currentTimeMillis") +public long getCurrentMillis() { + return System.currentTimeMillis(); +} +``` + +_Technically_ there is an inline suppression approach that is a runtime no-op that is `WorkflowCheck.suppressWarnings()` +invocation followed by `WorkflowCheck.restoreWarnings()` later. So the above _could_ be: + +```java +public long getCurrentMillis() { + WorkflowCheck.suppressWarnings("currentTimeMillis"); + var l = System.currentTimeMillis(); + WorkflowCheck.restoreWarnings(); + return l; +} +``` + +However this is hard to use for a couple of reasons. First, the methods are evaluated when they are seen in bytecode, +not in the order they appear in logic. `javac` bytecode ordering is not the same as source ordering. Second, this does +require a runtime dependency on the workflowcheck library. Users are discouraged from ever using this and should use the +annotation instead. + +### Best practices + +#### False positives + +When encountering a false positive in a commonly used or third-party library, decide how far up the call stack the call +is considered deterministic by Temporal's definition. Then configure the method as "valid". + +When encountering a specific false positive in workflow code, consider moving it to its own method and adding +`@WorkflowCheck.SuppressWarnings` for just that method (or just add that annotation on the method but target the +specific call). Annotations can be better than using configuration files for small amounts of local workflow code +because the configuration file can get really cluttered with single-workflow-specific code and using configuration makes +it hard for code readers to see that it is intentionally marked as valid. + +#### Collection iteration + +By default, iterating any `Iterable` is considered unsafe with specific exceptions carved out for `LinkedHashMap`, +`List`, `SortedMap`, and `SortedSet`. But in many cases, static analysis code cannot detect that something is safe. For +example: + +``` +var map = new TreeMap<>(Map.of("a", "b")); +for (var entry : map.entrySet()) { + // ... +} +``` + +The implicit `Set.iterator` call on the `entrySet` will be considered invalid, because `entrySet`'s type is `Set`. The +same thing happens when a higher level collection type is used, for example: + +``` +Collection strings = new TreeSet<>(List.of("foo", "bar")); +for (var string : strings) { + // ... +} +``` + +In cases where the higher-level type can be used, try to use that. So in the above sample change to +`SortedSet strings`. If that is not available, wrapping as a list just for iteration is acceptable. Workflow +performance is not the same as general Java code performance, so it is often totally reasonable to accept the hit on +iteration. So for the first example, it could be written like so: + +``` +var map = new TreeMap<>(Map.of("a", "b")); +for (var entry : new ArrayList<>(map.entrySet())) { + // ... +} +``` + +In advanced situations, warning-suppression approaches can be applied. + +## Internals + +The following sections give some insight into the development of workflowcheck. + +### How it works + +Workflowcheck works by scanning all non-standard-library classes on the classpath. When scanning, in addition to some +other details, the following bits of information are collected for every method: + +* Whether the method is a workflow declaration (e.g. interface methods with `@WorkflowMethod`) +* Unsuppressed/unconfigured method invocations +* Field accesses configured as invalid +* Unsuppressed/unconfigured static field access + +This intentionally, to avoid eager recursion issues, does not traverse the call graph eagerly. + +Then for every method of every scanned class, it is checked whether it is a workflow method. This is done by checking if +it contains a body and overrides any super interface workflow declaration at any level. For every method that is a +workflow implementation, it is processed for invalidity. + +The invalidity processor is a recursive call that checks a method for whether it is invalid. Specifically, it: + +* Considers all invalid field accesses as invalid member accesses +* Resolves target of all static field accesses and if the fields are non-final static fields, considers them invalid + member accesses +* Checks all method calls to see if they are invalid by: + * Finding the most-specific configured descriptor pattern, using advanced most-specific logic when encountering + ambiguous interface depth. If it is configured invalid, mark as such. Regardless of whether invalid or valid, if it + was configured at all, do not go to the next step. + * Resolve the most specific implementation of a method. Just because `Foo.bar()` is the method invocation doesn't mean + `Foo` declares `bar()`, it may inherited. Advanced virtual resolution logic is used to find the first implementation + in the hierarchy that it refers to. If/when resolved, that method is recursively checked for invalidity via this + same processor (storing itself to prevent recursion) and if it's invalid, then so is this call. + +This algorithm ensures that configuration can apply at multiple levels of hierarchy but transitive code-based method +invalidity is only on the proper implementation. So if `Foo.bar()` is bad but `ExtendsFoo.bar()` is ok, the former does +not report a false positive (unless of course `ExtendsFoo.bar()` invokes `super.bar()` which would transitively mark it +as invalid). + +During this resolution, the call graph is constructed with access to the class/method details for each transitive +non-recursive invocation. Once complete, all the valid methods are trimmed to relieve memory pressure and all classes +with workflow implementations properly contain their direct and indirect invalid member accesses. + +The printer then prints these out. + +### FAQ + +**Why not use static analysis library X?** + +One of the primary features of workflowcheck is to find whether a method is invalid transitively (i.e. building a call +graph) across existing bytecode including the Java standard library. During research, no tool was found to be able to do +this without significant effort or performance penalties. Approaches researched: + +* Checkstyle, ErrorProne, PMD, etc - not built for transitive bytecode checking +* Custom annotation processor - Bad caching across compilation units, JDK compiler API hard to use (have to add-opens + for modules for sun compiler API, or have to use third party) +* Soot/SootUp - Soot is too old, SootUp is undergoing new development but was still a bit rough when tried (e.g. failed + when an annotation wasn't on the classpath) +* ClassGraph - Does not say which methods call other methods (so not a call graph) +* SemGrep - Does not seem to support recursive call-graph analysis on bytecode to find bad calls at arbitrary call + depths +* CodeQL - Too slow +* Doop, jQAssistant, java-callgraph, etc - not up to date + +Overall, walking the classpath using traditional, high-performance bytecode visiting via OW2 ASM is a good choice for +this project's needs. + +**Why use `.properties` files instead of a better configuration format?** + +A goal of the workflowcheck project is to have as few dependencies as possible. + +**Why not use more modern Java features in the code?** + +The code is optimized for performance, so direct field access instead of encapsulation, looping instead of streaming, +mutable objects instead of records, etc may be present. But the user-facing API does follow proper practices. + +### TODO + +Currently, this project is missing many features: + +* Accept environment variables to point to config files +* Accept environment variables to provide specific config properties +* Accept Java system properties to point to config files +* Accept Java system properties to provide specific config properties +* Check lambda contents but avoid SideEffect +* Module support +* Prevent field mutation in queries and update validators +* Config prebuilding where you can give a set of packages and it will generate a `.properties` set of invalid methods + and save from having to reread the class files of that package at runtime + * Also consider shipping with prebuilt config for Java standard library through Java 21 +* Support SARIF output for better integration with tooling like GitHub actions +* Change output to work with IntelliJ's console linking better (see + [this SO answer](https://stackoverflow.com/questions/7930844/is-it-possible-to-have-clickable-class-names-in-console-output-in-intellij)) +* Support an HTML-formatted result with collapsible hierarchy +* For very deep trees, support `[...]` by default to replace all but the two beginning and two end entries (with CLI + option to show more) \ No newline at end of file diff --git a/temporal-workflowcheck/build.gradle b/temporal-workflowcheck/build.gradle new file mode 100644 index 000000000..2aca0745b --- /dev/null +++ b/temporal-workflowcheck/build.gradle @@ -0,0 +1,44 @@ +plugins { + id 'application' + id 'com.gradleup.shadow' version '8.3.3' +} + +description = 'Temporal Java WorkflowCheck Static Analyzer' + +dependencies { + implementation 'org.ow2.asm:asm:9.6' + compileOnly 'com.google.code.findbugs:jsr305:3.0.2' + testImplementation project(":temporal-sdk") + testImplementation "junit:junit:${junitVersion}" + // Only for testing external-JAR-based bad calls + testImplementation "com.google.guava:guava:$guavaVersion" +} + +application { + mainClass = 'io.temporal.workflowcheck.Main' +} + +// Need all-in-one JAR +shadowJar { + relocate 'org.objectweb.asm', 'io.temporal.workflowcheck.shaded.org.objectweb.asm' +} +build.dependsOn shadowJar + +// Access Java test source as resource +tasks.register('copyJavaSourcesToResources') { + doLast { + copy { + from('src/test/java') { + include '**/*.*' + } + into 'build/resources/test' + } + } +} +processTestResources.dependsOn copyJavaSourcesToResources + +spotless { + java { + toggleOffOn() + } +} \ No newline at end of file diff --git a/temporal-workflowcheck/samples/.gitignore b/temporal-workflowcheck/samples/.gitignore new file mode 100644 index 000000000..c8214acb5 --- /dev/null +++ b/temporal-workflowcheck/samples/.gitignore @@ -0,0 +1,3 @@ +gradle/build +gradle-multi-project/project-app/build +gradle-multi-project/project-workflows/build \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle-multi-project/README.md b/temporal-workflowcheck/samples/gradle-multi-project/README.md new file mode 100644 index 000000000..e8f88b2f7 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/README.md @@ -0,0 +1,18 @@ +# Temporal Workflow Check for Java - Gradle Sample + +This sample shows how to incorporate `workflowcheck` into a Gradle build that has multiple projects. Currently there are +no published releases, so this example includes the primary build in the [settings.gradle](settings.gradle) file. But +users may just want to reference a published JAR when it is available. + +To run: + + gradlew check + +This will output something like: + +``` +Analyzing classpath for classes with workflow methods... +Found 1 class(es) with workflow methods +Workflow method io.temporal.workflowcheck.sample.gradlemulti.workflows.MyWorkflowImpl.errorAtNight() (declared on io.temporal.workflowcheck.sample.gradlemulti.workflows.MyWorkflow) has 1 invalid member access: + MyWorkflowImpl.java:10 invokes java.time.LocalTime.now() which is configured as invalid +``` \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle-multi-project/build.gradle b/temporal-workflowcheck/samples/gradle-multi-project/build.gradle new file mode 100644 index 000000000..3c0353983 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/build.gradle @@ -0,0 +1,9 @@ +plugins { + id 'java' +} + +allprojects { + repositories { + mavenCentral() + } +} \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle-multi-project/gradle/wrapper/gradle-wrapper.jar b/temporal-workflowcheck/samples/gradle-multi-project/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 000000000..249e5832f Binary files /dev/null and b/temporal-workflowcheck/samples/gradle-multi-project/gradle/wrapper/gradle-wrapper.jar differ diff --git a/temporal-workflowcheck/samples/gradle-multi-project/gradle/wrapper/gradle-wrapper.properties b/temporal-workflowcheck/samples/gradle-multi-project/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 000000000..3ce6d3be5 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Sun Dec 24 20:45:25 CST 2023 +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/temporal-workflowcheck/samples/gradle-multi-project/gradlew b/temporal-workflowcheck/samples/gradle-multi-project/gradlew new file mode 100644 index 000000000..1b6c78733 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/gradlew @@ -0,0 +1,234 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/temporal-workflowcheck/samples/gradle-multi-project/gradlew.bat b/temporal-workflowcheck/samples/gradle-multi-project/gradlew.bat new file mode 100644 index 000000000..107acd32c --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/temporal-workflowcheck/samples/gradle-multi-project/project-app/build.gradle b/temporal-workflowcheck/samples/gradle-multi-project/project-app/build.gradle new file mode 100644 index 000000000..c9b8e15cd --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/project-app/build.gradle @@ -0,0 +1,43 @@ +plugins { + id 'application' +} + +group = 'io.temporal' +version = '1.0-SNAPSHOT' + +application { + mainClass = 'io.temporal.workflowcheck.sample.gradlemulti.app.App' +} + +dependencies { + implementation project(':project-workflows') + implementation 'io.temporal:temporal-sdk:1.22.3' +} + +// *** workflowcheck config *** + +// Create a configuration for workflowcheck dependency +configurations { + workflowcheckDependency +} + +// Set the dependency +dependencies { + // May want to add :all to the end of the dependency to get the shaded form + workflowcheckDependency 'io.temporal:temporal-workflowcheck:+' +} + +// Create the workflowcheck task +tasks.register('workflowcheck', JavaExec) { + // Set the classpath to the workflowcheck dependency + classpath = configurations.workflowcheckDependency + // Java 17+ is required for workflowcheck + javaLauncher = javaToolchains.launcherFor { + languageVersion = JavaLanguageVersion.of(17) + } + // The argument to workflowcheck is the classpath + mainClass = 'io.temporal.workflowcheck.Main' + args = ['check', sourceSets.main.runtimeClasspath.files.join(File.pathSeparator)] +} + +check.finalizedBy workflowcheck \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle-multi-project/project-app/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/app/App.java b/temporal-workflowcheck/samples/gradle-multi-project/project-app/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/app/App.java new file mode 100644 index 000000000..4b2c88709 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/project-app/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/app/App.java @@ -0,0 +1,9 @@ +package io.temporal.workflowcheck.sample.gradlemulti.app; + +import io.temporal.workflowcheck.sample.gradlemulti.workflows.MyWorkflow; + +public class App { + public static void main(String[] args) { + System.out.println("Workflow class: " + MyWorkflow.class); + } +} \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle-multi-project/project-app/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/app/MyWorkflowImpl.java b/temporal-workflowcheck/samples/gradle-multi-project/project-app/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/app/MyWorkflowImpl.java new file mode 100644 index 000000000..a3dac4392 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/project-app/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/app/MyWorkflowImpl.java @@ -0,0 +1,15 @@ +package io.temporal.workflowcheck.sample.gradlemulti.app; + +import java.time.LocalTime; +import io.temporal.failure.ApplicationFailure; +import io.temporal.workflowcheck.sample.gradlemulti.workflows.MyWorkflow; + +public class MyWorkflowImpl implements MyWorkflow { + @Override + public void errorAtNight() { + // Let's throw an application exception only after 8 PM local time + if (LocalTime.now().getHour() >= 20) { + throw ApplicationFailure.newFailure("Can't call this workflow after 8PM", "time-error"); + } + } +} diff --git a/temporal-workflowcheck/samples/gradle-multi-project/project-workflows/build.gradle b/temporal-workflowcheck/samples/gradle-multi-project/project-workflows/build.gradle new file mode 100644 index 000000000..b4f95db60 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/project-workflows/build.gradle @@ -0,0 +1,14 @@ +plugins { + id 'java' +} + +group = 'io.temporal' +version = '1.0-SNAPSHOT' + +repositories { + mavenCentral() +} + +dependencies { + implementation 'io.temporal:temporal-sdk:1.22.3' +} diff --git a/temporal-workflowcheck/samples/gradle-multi-project/project-workflows/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/workflows/MyWorkflow.java b/temporal-workflowcheck/samples/gradle-multi-project/project-workflows/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/workflows/MyWorkflow.java new file mode 100644 index 000000000..d702c056d --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/project-workflows/src/main/java/io/temporal/workflowcheck/sample/gradlemulti/workflows/MyWorkflow.java @@ -0,0 +1,10 @@ +package io.temporal.workflowcheck.sample.gradlemulti.workflows; + +import io.temporal.workflow.WorkflowInterface; +import io.temporal.workflow.WorkflowMethod; + +@WorkflowInterface +public interface MyWorkflow { + @WorkflowMethod + void errorAtNight(); +} diff --git a/temporal-workflowcheck/samples/gradle-multi-project/settings.gradle b/temporal-workflowcheck/samples/gradle-multi-project/settings.gradle new file mode 100644 index 000000000..ecc40db2a --- /dev/null +++ b/temporal-workflowcheck/samples/gradle-multi-project/settings.gradle @@ -0,0 +1,6 @@ +rootProject.name = 'temporal-workflowcheck-samples-gradle-multi-project' +include 'project-app', 'project-workflows' + +// Add the workflowcheck project as a composite build. We are only doing this +// for the sample, normally this is not needed. +includeBuild '../../../' \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle/README.md b/temporal-workflowcheck/samples/gradle/README.md new file mode 100644 index 000000000..f9888ebd3 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/README.md @@ -0,0 +1,18 @@ +# Temporal Workflow Check for Java - Gradle Sample + +This sample shows how to incorporate `workflowcheck` into a Gradle build. Currently there are no published releases, so +this example includes the primary build in the [settings.gradle](settings.gradle) file. But users may just want to +reference a published JAR when it is available. + +To run: + + gradlew check + +This will output something like: + +``` +Analyzing classpath for classes with workflow methods... +Found 1 class(es) with workflow methods +Workflow method io.temporal.workflowcheck.sample.gradle.MyWorkflowImpl.errorAtNight() (declared on io.temporal.workflowcheck.sample.gradle.MyWorkflow) has 1 invalid member access: + MyWorkflowImpl.java:10 invokes java.time.LocalTime.now() which is configured as invalid +``` \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle/build.gradle b/temporal-workflowcheck/samples/gradle/build.gradle new file mode 100644 index 000000000..8a02669e5 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/build.gradle @@ -0,0 +1,42 @@ +plugins { + id 'java' +} + +group = 'io.temporal' +version = '1.0-SNAPSHOT' + +repositories { + mavenCentral() +} + +dependencies { + implementation 'io.temporal:temporal-sdk:1.22.3' +} + +// *** workflowcheck config *** + +// Create a configuration for workflowcheck dependency +configurations { + workflowcheckDependency +} + +// Set the dependency +dependencies { + // May want to add :all to the end of the dependency to get the shaded form + workflowcheckDependency 'io.temporal:temporal-workflowcheck:+' +} + +// Create the workflowcheck task +tasks.register('workflowcheck', JavaExec) { + // Set the classpath to the workflowcheck dependency + classpath = configurations.workflowcheckDependency + // // Java 17+ is required for workflowcheck + // javaLauncher = javaToolchains.launcherFor { + // languageVersion = JavaLanguageVersion.of(17) + // } + // The argument to workflowcheck is the classpath + mainClass = 'io.temporal.workflowcheck.Main' + args = ['check', sourceSets.main.runtimeClasspath.files.join(File.pathSeparator)] +} + +check.finalizedBy workflowcheck \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle/gradle/wrapper/gradle-wrapper.jar b/temporal-workflowcheck/samples/gradle/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 000000000..249e5832f Binary files /dev/null and b/temporal-workflowcheck/samples/gradle/gradle/wrapper/gradle-wrapper.jar differ diff --git a/temporal-workflowcheck/samples/gradle/gradle/wrapper/gradle-wrapper.properties b/temporal-workflowcheck/samples/gradle/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 000000000..3ce6d3be5 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Sun Dec 24 20:45:25 CST 2023 +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/temporal-workflowcheck/samples/gradle/gradlew b/temporal-workflowcheck/samples/gradle/gradlew new file mode 100644 index 000000000..1b6c78733 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/gradlew @@ -0,0 +1,234 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/temporal-workflowcheck/samples/gradle/gradlew.bat b/temporal-workflowcheck/samples/gradle/gradlew.bat new file mode 100644 index 000000000..107acd32c --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/temporal-workflowcheck/samples/gradle/settings.gradle b/temporal-workflowcheck/samples/gradle/settings.gradle new file mode 100644 index 000000000..7843878f9 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/settings.gradle @@ -0,0 +1,5 @@ +rootProject.name = 'temporal-workflowcheck-samples-gradle' + +// Add the workflowcheck project as a composite build. We are only doing this +// for the sample, normally this is not needed. +includeBuild '../../../' \ No newline at end of file diff --git a/temporal-workflowcheck/samples/gradle/src/main/java/io/temporal/workflowcheck/sample/gradle/MyWorkflow.java b/temporal-workflowcheck/samples/gradle/src/main/java/io/temporal/workflowcheck/sample/gradle/MyWorkflow.java new file mode 100644 index 000000000..93e21ae62 --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/src/main/java/io/temporal/workflowcheck/sample/gradle/MyWorkflow.java @@ -0,0 +1,10 @@ +package io.temporal.workflowcheck.sample.gradle; + +import io.temporal.workflow.WorkflowInterface; +import io.temporal.workflow.WorkflowMethod; + +@WorkflowInterface +public interface MyWorkflow { + @WorkflowMethod + void errorAtNight(); +} diff --git a/temporal-workflowcheck/samples/gradle/src/main/java/io/temporal/workflowcheck/sample/gradle/MyWorkflowImpl.java b/temporal-workflowcheck/samples/gradle/src/main/java/io/temporal/workflowcheck/sample/gradle/MyWorkflowImpl.java new file mode 100644 index 000000000..351f1a2de --- /dev/null +++ b/temporal-workflowcheck/samples/gradle/src/main/java/io/temporal/workflowcheck/sample/gradle/MyWorkflowImpl.java @@ -0,0 +1,14 @@ +package io.temporal.workflowcheck.sample.gradle; + +import java.time.LocalTime; +import io.temporal.failure.ApplicationFailure; + +public class MyWorkflowImpl implements MyWorkflow { + @Override + public void errorAtNight() { + // Let's throw an application exception only after 8 PM local time + if (LocalTime.now().getHour() >= 20) { + throw ApplicationFailure.newFailure("Can't call this workflow after 8PM", "time-error"); + } + } +} diff --git a/temporal-workflowcheck/samples/maven/README.md b/temporal-workflowcheck/samples/maven/README.md new file mode 100644 index 000000000..ba669c81e --- /dev/null +++ b/temporal-workflowcheck/samples/maven/README.md @@ -0,0 +1,24 @@ +# Temporal Workflow Check for Java - Maven Sample + +This sample shows how to incorporate `workflowcheck` into a Maven build. Currently there are no published releases, so +this example expects the primary Gradle to publish the JAR to a local Maven repo that this project references. In the +future, users may just want to reference a published JAR when it is available. + +To run, first publish the `workflowcheck` JAR to a local repository. ⚠️ WARNING: While there remain no published +releases of workflowcheck, it is currently undocumented on how to publish to a local/disk Maven repo. + +Now with the local repository present, can run the following from this dir: + + mvn -U verify + +Note, this is a sample using the local repository so that's why we have `-U`. For normal use, `mvn verify` without the +`-U` can be used (and the `` section of the `pom.xml` can be removed). + +This will output something like: + +``` +Analyzing classpath for classes with workflow methods... +Found 1 class(es) with workflow methods +Workflow method io.temporal.workflowcheck.sample.maven.MyWorkflowImpl.errorAtNight() (declared on io.temporal.workflowcheck.sample.maven.MyWorkflow) has 1 invalid member access: + MyWorkflowImpl.java:11 invokes java.time.LocalTime.now() which is configured as invalid +``` \ No newline at end of file diff --git a/temporal-workflowcheck/samples/maven/pom.xml b/temporal-workflowcheck/samples/maven/pom.xml new file mode 100644 index 000000000..ef9702baa --- /dev/null +++ b/temporal-workflowcheck/samples/maven/pom.xml @@ -0,0 +1,102 @@ + + + 4.0.0 + + io.temporal + temporal-workflowcheck-samples-maven + 1.0-SNAPSHOT + + + 17 + 17 + UTF-8 + + + + + io.temporal + temporal-sdk + 1.22.3 + + + + + + + temporal-workflowcheck-repo + file://${project.basedir}/../../temporal-workflowcheck/build/repo + + + + + + + + + org.apache.maven.plugins + maven-dependency-plugin + 3.6.1 + + + generate-classpath-file + generate-resources + + build-classpath + + + ${project.build.directory}/classpath.txt + + + + + + + + org.codehaus.mojo + exec-maven-plugin + 3.1.1 + + + workflowcheck + verify + + java + + + true + io.temporal.workflowcheck.Main + + check + + @${project.build.directory}/classpath.txt + ${project.build.outputDirectory} + + + + + + + io.temporal + temporal-workflowcheck + 1.0-SNAPSHOT + + + + + + + \ No newline at end of file diff --git a/temporal-workflowcheck/samples/maven/src/main/java/io/temporal/workflowcheck/sample/maven/MyWorkflow.java b/temporal-workflowcheck/samples/maven/src/main/java/io/temporal/workflowcheck/sample/maven/MyWorkflow.java new file mode 100644 index 000000000..af5cca509 --- /dev/null +++ b/temporal-workflowcheck/samples/maven/src/main/java/io/temporal/workflowcheck/sample/maven/MyWorkflow.java @@ -0,0 +1,10 @@ +package io.temporal.workflowcheck.sample.maven; + +import io.temporal.workflow.WorkflowInterface; +import io.temporal.workflow.WorkflowMethod; + +@WorkflowInterface +public interface MyWorkflow { + @WorkflowMethod + void errorAtNight(); +} diff --git a/temporal-workflowcheck/samples/maven/src/main/java/io/temporal/workflowcheck/sample/maven/MyWorkflowImpl.java b/temporal-workflowcheck/samples/maven/src/main/java/io/temporal/workflowcheck/sample/maven/MyWorkflowImpl.java new file mode 100644 index 000000000..a3dbe0a50 --- /dev/null +++ b/temporal-workflowcheck/samples/maven/src/main/java/io/temporal/workflowcheck/sample/maven/MyWorkflowImpl.java @@ -0,0 +1,15 @@ +package io.temporal.workflowcheck.sample.maven; + +import io.temporal.failure.ApplicationFailure; + +import java.time.LocalTime; + +public class MyWorkflowImpl implements MyWorkflow { + @Override + public void errorAtNight() { + // Let's throw an application exception only after 8 PM local time + if (LocalTime.now().getHour() >= 20) { + throw ApplicationFailure.newFailure("Can't call this workflow after 8PM", "time-error"); + } + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassInfo.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassInfo.java new file mode 100644 index 000000000..c674ea2cf --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassInfo.java @@ -0,0 +1,274 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.util.*; +import javax.annotation.Nullable; + +/** Information about a class. */ +public class ClassInfo { + int access; + String name; + @Nullable String fileName; + @Nullable String superClass; + @Nullable String[] superInterfaces; + + // Keyed by method name, each is an overload in no particular order. This may + // not include unimportant methods after processing. + Map> methods = new HashMap<>(); + + // This may be removed after processing. + @Nullable Set nonFinalStaticFields; + + /** JVM access flag for the class as defined in JVM spec. */ + public int getAccess() { + return access; + } + + /** Full binary class name as defined in JVM spec (i.e. using '/' instead of '.'). */ + public String getName() { + return name; + } + + /** File name the class was defined in if known. */ + @Nullable + public String getFileName() { + return fileName; + } + + /** Super class of this class. Only null for java/lang/Object. */ + @Nullable + public String getSuperClass() { + return superClass; + } + + /** Super interfaces of this class if any. */ + @Nullable + public String[] getSuperInterfaces() { + return superInterfaces; + } + + /** + * Methods of note on this class. This may not include all methods, but rather only the methods + * that are important (i.e. are a workflow decl/impl or are invalid methods). + */ + public Map> getMethods() { + return methods; + } + + /** Information about a method. */ + public static class MethodInfo { + final int access; + final String descriptor; + @Nullable final Boolean configuredInvalid; + @Nullable MethodWorkflowDeclInfo workflowDecl; + // Set after loading + @Nullable MethodWorkflowImplInfo workflowImpl; + // Removed after loading (if null then invalidMemberAccesses is now the + // canonical set). May be null when loading if configuredInvalid already + // set. + @Nullable List memberAccesses; + // Set after loading (but can still be null), never non-null+empty + @Nullable List invalidMemberAccesses; + + MethodInfo(int access, String descriptor, @Nullable Boolean configuredInvalid) { + this.access = access; + this.descriptor = descriptor; + this.configuredInvalid = configuredInvalid; + } + + /** JVM access flag for the class as defined in JVM spec. */ + public int getAccess() { + return access; + } + + /** JVM descriptor for the method. */ + public String getDescriptor() { + return descriptor; + } + + /** Gets whether configured invalid. This is null if not configured one way or another. */ + @Nullable + public Boolean getConfiguredInvalid() { + return configuredInvalid; + } + + /** Get workflow declaration info if this is a workflow declaration. */ + @Nullable + public MethodWorkflowDeclInfo getWorkflowDecl() { + return workflowDecl; + } + + /** Get workflow implementation info if this is a workflow implementation. */ + @Nullable + public MethodWorkflowImplInfo getWorkflowImpl() { + return workflowImpl; + } + + /** + * Get all invalid members accessed within this method. This may be null if {@link + * #getConfiguredInvalid()} is non-null which supersedes this. + */ + @Nullable + public List getInvalidMemberAccesses() { + return invalidMemberAccesses; + } + + /** Whether this method is invalid (i.e. configured invalid or accesses invalid members). */ + public boolean isInvalid() { + return configuredInvalid != null ? configuredInvalid : invalidMemberAccesses != null; + } + } + + /** Information about a workflow method declaration. */ + public static class MethodWorkflowDeclInfo { + final Kind kind; + + MethodWorkflowDeclInfo(Kind kind) { + this.kind = kind; + } + + /** Kind of workflow method. */ + public Kind getKind() { + return kind; + } + + /** Kinds of workflow methods. */ + public enum Kind { + WORKFLOW, + QUERY, + SIGNAL, + UPDATE, + UPDATE_VALIDATOR; + + static final Map annotationDescriptors; + + static { + annotationDescriptors = new HashMap<>(5); + annotationDescriptors.put("Lio/temporal/workflow/WorkflowMethod;", WORKFLOW); + annotationDescriptors.put("Lio/temporal/workflow/QueryMethod;", QUERY); + annotationDescriptors.put("Lio/temporal/workflow/SignalMethod;", SIGNAL); + annotationDescriptors.put("Lio/temporal/workflow/UpdateMethod;", UPDATE); + annotationDescriptors.put("Lio/temporal/workflow/UpdateValidatorMethod;", UPDATE_VALIDATOR); + } + } + } + + /** Information about a workflow method implementation. */ + public static class MethodWorkflowImplInfo { + final ClassInfo declClassInfo; + final MethodWorkflowDeclInfo workflowDecl; + + MethodWorkflowImplInfo(ClassInfo declClassInfo, MethodWorkflowDeclInfo workflowDecl) { + this.declClassInfo = declClassInfo; + this.workflowDecl = workflowDecl; + } + + /** Class information about the declaring class. */ + public ClassInfo getDeclClassInfo() { + return declClassInfo; + } + + /** Information about the declaration. */ + public MethodWorkflowDeclInfo getWorkflowDecl() { + return workflowDecl; + } + } + + /** Information about invalid member access. */ + public static class MethodInvalidMemberAccessInfo { + final String className; + final String memberName; + final String memberDescriptor; + @Nullable final Integer line; + final Operation operation; + + // Set in second phase + @Nullable ClassInfo resolvedInvalidClass; + // This is null if not a method or if the method is configured invalid + // directly + @Nullable MethodInfo resolvedInvalidMethod; + + MethodInvalidMemberAccessInfo( + String className, + String memberName, + String memberDescriptor, + @Nullable Integer line, + Operation operation) { + this.className = className; + this.memberName = memberName; + this.memberDescriptor = memberDescriptor; + this.line = line; + this.operation = operation; + } + + /** Qualified class name used when accessing. */ + public String getClassName() { + return className; + } + + /** Member name accessed. */ + public String getMemberName() { + return memberName; + } + + /** Descriptor of the member (different for fields and methods). */ + public String getMemberDescriptor() { + return memberDescriptor; + } + + /** Line access occurred on if known. */ + @Nullable + public Integer getLine() { + return line; + } + + /** Operation that makes this invalid. */ + public Operation getOperation() { + return operation; + } + + /** + * Class information about the true class the invalid check occurred on if it can be determined. + */ + @Nullable + public ClassInfo getResolvedInvalidClass() { + return resolvedInvalidClass; + } + + /** + * If this invalid access is a method call, this is the resolved method information if any which + * shows why it was invalid. + */ + @Nullable + public MethodInfo getResolvedInvalidMethod() { + return resolvedInvalidMethod; + } + + /** Invalid operations. */ + public enum Operation { + METHOD_CALL, + FIELD_STATIC_GET, + FIELD_STATIC_PUT, + FIELD_CONFIGURED_INVALID, + } + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassInfoVisitor.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassInfoVisitor.java new file mode 100644 index 000000000..3d89068b7 --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassInfoVisitor.java @@ -0,0 +1,405 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.annotation.Nullable; +import org.objectweb.asm.*; + +/** + * Visitor that visits the bytecode of a class. This is intentionally meant to be fast and have no + * recursion or other reliance on the visiting of other classes. Successive phases tie class + * information together. + */ +class ClassInfoVisitor extends ClassVisitor { + // Visible for testing + static final Logger logger = Logger.getLogger(ClassInfoVisitor.class.getName()); + + final ClassInfo classInfo = new ClassInfo(); + private final Config config; + private final MethodHandler methodHandler = new MethodHandler(); + @Nullable private SuppressionStack suppressionStack; + + ClassInfoVisitor(Config config) { + super(Opcodes.ASM9); + this.config = config; + } + + @Override + public void visit( + int version, + int access, + String name, + String signature, + String superName, + String[] interfaces) { + classInfo.access = access; + classInfo.name = name; + classInfo.superClass = superName; + classInfo.superInterfaces = interfaces; + } + + @Override + public AnnotationVisitor visitAnnotation(String descriptor, boolean visible) { + return maybeSuppressionAttributeHandler(descriptor); + } + + @Override + public void visitSource(String source, String debug) { + classInfo.fileName = source; + } + + @Override + public FieldVisitor visitField( + int access, String name, String descriptor, String signature, Object value) { + // Record all static non-final fields + if ((access & Opcodes.ACC_FINAL) == 0 && (access & Opcodes.ACC_STATIC) != 0) { + if (classInfo.nonFinalStaticFields == null) { + classInfo.nonFinalStaticFields = new HashSet<>(); + } + classInfo.nonFinalStaticFields.add(name); + } + + // TODO(cretz): Support suppression attributes on static non-final fields + return null; + } + + @Override + public MethodVisitor visitMethod( + int access, String name, String descriptor, String signature, String[] exceptions) { + // Add method to class + ClassInfo.MethodInfo methodInfo = + new ClassInfo.MethodInfo( + access, descriptor, config.invalidMembers.check(classInfo.name, name, descriptor)); + classInfo.methods.computeIfAbsent(name, k -> new ArrayList<>()).add(methodInfo); + + // Reset and reuse the handler + methodHandler.reset(name, methodInfo); + return methodHandler; + } + + private AnnotationVisitor maybeSuppressionAttributeHandler(String descriptor) { + if (descriptor.equals("Lio/temporal/workflowcheck/WorkflowCheck$SuppressWarnings;")) { + return new SuppressionAttributeHandler(); + } + return null; + } + + private class SuppressionAttributeHandler extends AnnotationVisitor { + private final List specificDescriptors = new ArrayList<>(); + + SuppressionAttributeHandler() { + super(Opcodes.ASM9); + } + + @Override + public AnnotationVisitor visitArray(String name) { + return this; + } + + @Override + public void visit(String name, Object value) { + // For now there is only one annotation param possible + if (value instanceof String) { + specificDescriptors.add((String) value); + } + } + + @Override + public void visitEnd() { + if (suppressionStack == null) { + suppressionStack = new SuppressionStack(); + } + suppressionStack.push( + specificDescriptors.isEmpty() ? null : specificDescriptors.toArray(new String[0])); + } + } + + private class MethodHandler extends MethodVisitor { + private String methodName; + private ClassInfo.MethodInfo methodInfo; + @Nullable private Integer methodLineNumber; + private int methodSuppressions; + private boolean methodSuppressionAnnotation; + @Nullable private String prevInsnLdcString; + + MethodHandler() { + super(Opcodes.ASM9); + } + + void reset(String methodName, ClassInfo.MethodInfo methodInfo) { + this.methodName = methodName; + this.methodInfo = methodInfo; + this.methodLineNumber = null; + this.methodSuppressions = 0; + this.methodSuppressionAnnotation = false; + } + + @Override + public AnnotationVisitor visitAnnotation(String descriptor, boolean visible) { + // Check if suppression annotation + AnnotationVisitor suppressionVisitor = maybeSuppressionAttributeHandler(descriptor); + if (suppressionVisitor != null) { + methodSuppressions++; + methodSuppressionAnnotation = true; + return suppressionVisitor; + } + + // If this descriptor is a known workflow decl kind, set as a decl + ClassInfo.MethodWorkflowDeclInfo.Kind declKind = + ClassInfo.MethodWorkflowDeclInfo.Kind.annotationDescriptors.get(descriptor); + if (declKind != null) { + if (logger.isLoggable(Level.FINE)) { + logger.log( + Level.FINE, + "Found workflow method decl on {0}.{1}", + new Object[] {classInfo.name, methodName}); + } + methodInfo.workflowDecl = new ClassInfo.MethodWorkflowDeclInfo(declKind); + } + return null; + } + + @Override + public void visitLineNumber(int line, Label start) { + methodLineNumber = line; + } + + @Override + public void visitEnd() { + // Pop any remaining suppressions + if (suppressionStack != null && methodSuppressions > 0) { + for (int i = 0; i < methodSuppressions; i++) { + suppressionStack.pop(); + } + // Also warn if there were un-restored suppressions + int expectedMethodSuppressions = methodSuppressionAnnotation ? 1 : 0; + if (methodSuppressions > expectedMethodSuppressions) { + logger.log( + Level.WARNING, + "{0} warning suppression(s) not restored in {1}.{2}", + new Object[] { + methodSuppressions - expectedMethodSuppressions, classInfo.name, methodName + }); + } + } + } + + @Override + public void visitMethodInsn( + int opcode, String owner, String name, String descriptor, boolean isInterface) { + // If this method is already configured invalid one way or another, don't + // be concerned with invalid calls + if (methodInfo.configuredInvalid != null) { + return; + } + + // Check if the call is being suppressed + if (maybeSuppressInsn(owner, name, descriptor)) { + return; + } + + // We tried many ways to do stream processing of invalid calls while they + // are loaded. While the recursion issue is trivially solved, properly + // resolving implemented interfaces (using proper specificity checks to + // disambiguate default impls) and similar challenges made it clear that + // it is worth the extra memory to capture _all_ calls up front and + // post-process whether they're invalid. This makes all method signatures + // available for resolution at invalid-check time. + if (methodInfo.memberAccesses == null) { + methodInfo.memberAccesses = new ArrayList<>(); + } + methodInfo.memberAccesses.add( + new ClassInfo.MethodInvalidMemberAccessInfo( + owner, + name, + descriptor, + methodLineNumber, + ClassInfo.MethodInvalidMemberAccessInfo.Operation.METHOD_CALL)); + } + + @Override + public void visitFieldInsn(int opcode, String owner, String name, String descriptor) { + // If this method is already configured invalid one way or another, don't + // be concerned with invalid fields + if (methodInfo.configuredInvalid != null) { + return; + } + + // Check if the field is being suppressed + if (maybeSuppressInsn(owner, name, descriptor)) { + return; + } + + // Check if the field is configured invalid one way or another + Boolean invalid = config.invalidMembers.check(owner, name, null); + if (invalid != null) { + if (invalid) { + if (methodInfo.memberAccesses == null) { + methodInfo.memberAccesses = new ArrayList<>(); + } + methodInfo.memberAccesses.add( + new ClassInfo.MethodInvalidMemberAccessInfo( + owner, + name, + descriptor, + methodLineNumber, + ClassInfo.MethodInvalidMemberAccessInfo.Operation.FIELD_CONFIGURED_INVALID)); + } + return; + } + + // Check if this is getting/putting a static field. We don't check + // whether the field is final or not until post-processing. + if (opcode == Opcodes.GETSTATIC || opcode == Opcodes.PUTSTATIC) { + if (methodInfo.memberAccesses == null) { + methodInfo.memberAccesses = new ArrayList<>(); + } + methodInfo.memberAccesses.add( + new ClassInfo.MethodInvalidMemberAccessInfo( + owner, + name, + descriptor, + methodLineNumber, + opcode == Opcodes.GETSTATIC + ? ClassInfo.MethodInvalidMemberAccessInfo.Operation.FIELD_STATIC_GET + : ClassInfo.MethodInvalidMemberAccessInfo.Operation.FIELD_STATIC_PUT)); + } + } + + // True if instruction should not be checked for invalidity + private boolean maybeSuppressInsn(String owner, String name, String descriptor) { + try { + // Check if suppression call + if ("io/temporal/workflowcheck/WorkflowCheck".equals(owner)) { + if ("suppressWarnings".equals(name)) { + String[] specificDescriptors = null; + // If there's a string, it must be an LDC or we ignore + if ("(Ljava/lang/String;)V".equals(descriptor)) { + // TODO(cretz): Should we throw instead of warn if this is not a constant string? + if (prevInsnLdcString == null) { + logger.log( + Level.WARNING, + "WorkflowCheck.suppressWarnings call not using string literal at {0}.{1} ({2})", + new Object[] {classInfo.name, methodName, fileLoc()}); + return true; + } + specificDescriptors = new String[] {prevInsnLdcString}; + } + if (suppressionStack == null) { + suppressionStack = new SuppressionStack(); + } + methodSuppressions++; + suppressionStack.push(specificDescriptors); + prevInsnLdcString = null; + return true; + } else if ("restoreWarnings".equals(name)) { + if (suppressionStack != null && methodSuppressions > 0) { + methodSuppressions--; + suppressionStack.pop(); + } else { + logger.log( + Level.WARNING, + "Restore with no previous suppression at {0}.{1} ({2})", + new Object[] {classInfo.name, methodName, fileLoc()}); + } + return true; + } + } + + // If suppressed, don't go any further + return suppressionStack != null + && suppressionStack.checkSuppressed(owner, name, descriptor); + } finally { + prevInsnLdcString = null; + } + } + + private String fileLoc() { + if (classInfo.fileName == null) { + if (methodLineNumber == null) { + return ""; + } + return ":" + methodLineNumber; + } + return classInfo.fileName + + ":" + + (methodLineNumber == null ? "" : methodLineNumber); + } + + @Override + public void visitLdcInsn(Object value) { + if (value instanceof String) { + prevInsnLdcString = (String) value; + } else { + prevInsnLdcString = null; + } + } + + @Override + public void visitInsn(int opcode) { + prevInsnLdcString = null; + } + + @Override + public void visitIntInsn(int opcode, int operand) { + prevInsnLdcString = null; + } + + @Override + public void visitVarInsn(int opcode, int varIndex) { + prevInsnLdcString = null; + } + + @Override + public void visitTypeInsn(int opcode, String type) { + prevInsnLdcString = null; + } + + @Override + public void visitInvokeDynamicInsn( + String name, + String descriptor, + Handle bootstrapMethodHandle, + Object... bootstrapMethodArguments) { + prevInsnLdcString = null; + } + + @Override + public void visitJumpInsn(int opcode, Label label) { + prevInsnLdcString = null; + } + + @Override + public void visitIincInsn(int varIndex, int increment) { + prevInsnLdcString = null; + } + + @Override + public void visitMultiANewArrayInsn(String descriptor, int numDimensions) { + prevInsnLdcString = null; + } + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassPath.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassPath.java new file mode 100644 index 000000000..4da8907ae --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/ClassPath.java @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.io.File; +import java.io.IOException; +import java.net.URL; +import java.net.URLClassLoader; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; + +/** Classpath helpers for a class loader to get all classes. */ +class ClassPath implements AutoCloseable { + static boolean isStandardLibraryClass(String name) { + return name.startsWith("java/") + || name.startsWith("javax/") + || name.startsWith("jdk/") + || name.startsWith("com/sun/"); + } + + final URLClassLoader classLoader; + // Non-standard-library classes only here + final List classes = new ArrayList<>(); + + ClassPath(String... classPaths) throws IOException { + List urls = new ArrayList<>(); + for (String classPath : classPaths) { + // If there is an `@` sign starting the classPath, instead read from a file + if (classPath.startsWith("@")) { + classPath = + new String( + Files.readAllBytes(Paths.get(classPath.substring(1))), StandardCharsets.UTF_8) + .trim(); + } + // Split and handle each entry + for (String entry : classPath.split(File.pathSeparator)) { + File file = new File(entry); + // Like javac and others, we just ignore non-existing entries + if (file.exists()) { + if (file.isDirectory()) { + urls.add(file.toURI().toURL()); + findClassesInDir("", file, classes); + } else if (entry.endsWith(".jar")) { + urls.add(file.getAbsoluteFile().toURI().toURL()); + findClassesInJar(file, classes); + } + } + } + } + classLoader = new URLClassLoader(urls.toArray(new URL[0])); + // Sort the classes to loaded in a deterministic order + classes.sort(String::compareTo); + } + + private static void findClassesInDir(String path, File dir, List classes) { + File[] files = dir.listFiles(); + if (files == null) { + return; + } + for (File file : files) { + if (file.isDirectory()) { + findClassesInDir(path + file.getName() + "/", file, classes); + } else if (file.getName().endsWith(".class")) { + addClass(path + file.getName(), classes); + } + } + } + + private static void findClassesInJar(File jar, List classes) throws IOException { + try (JarFile jarFile = new JarFile(jar)) { + Enumeration entries = jarFile.entries(); + while (entries.hasMoreElements()) { + JarEntry entry = entries.nextElement(); + if (entry.getName().endsWith(".class")) { + addClass(entry.getName(), classes); + } + } + } + } + + private static void addClass(String fullPath, List classes) { + // Trim off trailing .class + String className = fullPath.substring(0, fullPath.length() - 6); + // Only if not built in + if (!isStandardLibraryClass(className)) { + classes.add(className); + } + } + + @Override + public void close() throws IOException { + classLoader.close(); + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Config.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Config.java new file mode 100644 index 000000000..3123a634d --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Config.java @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +/** Configuration for workflow check. See README for configuration format. */ +public class Config { + /** Load the default set of config properties. */ + public static Properties defaultProperties() throws IOException { + Properties props = new Properties(); + try (InputStream is = Config.class.getResourceAsStream("workflowcheck.properties")) { + props.load(is); + } + return props; + } + + /** + * Create a new configuration from the given set of properties. Later properties with the same key + * overwrite previous ones, but more specific properties apply before less specific ones. + */ + public static Config fromProperties(Properties... props) { + return new Config(new DescriptorMatcher("invalid", props)); + } + + final DescriptorMatcher invalidMembers; + + private Config(DescriptorMatcher invalidMembers) { + this.invalidMembers = invalidMembers; + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/DescriptorMatcher.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/DescriptorMatcher.java new file mode 100644 index 000000000..8ac8d357e --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/DescriptorMatcher.java @@ -0,0 +1,153 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; +import javax.annotation.Nullable; + +/** + * Matcher for a set of descriptors. Pattern is + * [[qualified/class/]Name.]memberName[(Lthe/Method/Desc;)V]. + */ +class DescriptorMatcher { + private final Map descriptors; + + DescriptorMatcher(Map descriptors) { + this.descriptors = descriptors; + } + + DescriptorMatcher(String category, Properties[] propSets) { + this(new HashMap<>()); + for (Properties props : propSets) { + addFromProperties(category, props); + } + } + + DescriptorMatcher(String[] positiveMatches) { + this(new HashMap<>(positiveMatches.length)); + for (String positiveMatch : positiveMatches) { + descriptors.put(positiveMatch, true); + } + } + + void addFromProperties(String category, Properties props) { + String prefix = "temporal.workflowcheck." + category + "."; + for (Map.Entry entry : props.entrySet()) { + // Key is temporal.workflowcheck..= + String key = (String) entry.getKey(); + if (!key.startsWith(prefix)) { + continue; + } + // Sanity check to confirm methods with descriptors need to _not_ have + // return values + int closeParenIndex = key.lastIndexOf(')'); + if (closeParenIndex > 0 && closeParenIndex != key.length() - 1) { + throw new IllegalArgumentException( + "Config key '" + key + "' should not have anything after ')'"); + } + String desc = key.substring(31); + String value = (String) entry.getValue(); + if ("true".equals(value)) { + descriptors.put(desc, true); + } else if ("false".equals(value)) { + descriptors.put(desc, false); + } else { + throw new IllegalArgumentException( + "Config key " + key + " supposed to be true or false, was " + value); + } + } + } + + @Nullable + Boolean check(String className, @Nullable String memberName, @Nullable String methodDescriptor) { + // Check full descriptor sans return, then full sans params, then just + // member, then just member sans params, then FQCN, and then each parent + // package. We remove return values from the method descriptor since the + // map only allows arguments. + if (methodDescriptor != null) { + methodDescriptor = methodDescriptor.substring(0, methodDescriptor.indexOf(')') + 1); + } + + // Member name + descriptor doesn't have to be present to check class + if (memberName != null) { + // Try qualified class with method + String classAndMember = className + "." + memberName; + if (methodDescriptor != null) { + Boolean invalid = descriptors.get(classAndMember + methodDescriptor); + if (invalid != null) { + return invalid; + } + } + Boolean invalid = descriptors.get(classAndMember); + if (invalid != null) { + return invalid; + } + // Try unqualified class with member + int slashIndex = className.lastIndexOf('/'); + if (slashIndex > 0) { + classAndMember = classAndMember.substring(slashIndex + 1); + if (methodDescriptor != null) { + invalid = descriptors.get(classAndMember + methodDescriptor); + if (invalid != null) { + return invalid; + } + } + invalid = descriptors.get(classAndMember); + if (invalid != null) { + return invalid; + } + } + // Just member + if (methodDescriptor != null) { + invalid = descriptors.get(memberName + methodDescriptor); + if (invalid != null) { + return invalid; + } + } + invalid = descriptors.get(memberName); + if (invalid != null) { + return invalid; + } + } + // Unqualified class name + int slashIndex = className.lastIndexOf('/'); + if (slashIndex > 0) { + Boolean invalid = descriptors.get(className.substring(slashIndex + 1)); + if (invalid != null) { + return invalid; + } + } + // All packages above class + while (true) { + Boolean invalid = descriptors.get(className); + if (invalid != null) { + return invalid; + } + int slash = className.lastIndexOf('/'); + if (slash == -1) { + return null; + } + className = className.substring(0, slash); + } + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Loader.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Loader.java new file mode 100644 index 000000000..030d8f5ac --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Loader.java @@ -0,0 +1,396 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.io.IOException; +import java.io.InputStream; +import java.util.*; +import javax.annotation.Nullable; +import org.objectweb.asm.ClassReader; +import org.objectweb.asm.Opcodes; + +/** + * Loader that loads the classes, caches them, and does the work to determine invalidity across + * classes (and clean up the classes). + */ +class Loader { + private final Config config; + private final ClassPath classPath; + private final Map classes = new HashMap<>(); + + Loader(Config config, ClassPath classPath) { + this.config = config; + this.classPath = classPath; + } + + ClassInfo loadClass(String className) { + return classes.computeIfAbsent( + className, + v -> { + try (InputStream is = classPath.classLoader.getResourceAsStream(className + ".class")) { + if (is == null) { + // We are going to just make a dummy when we can't find a class + // TODO(cretz): Warn? + ClassInfo info = new ClassInfo(); + info.access = Opcodes.ACC_SYNTHETIC; + info.name = className; + return info; + } + ClassInfoVisitor visitor = new ClassInfoVisitor(config); + new ClassReader(is).accept(visitor, ClassReader.SKIP_FRAMES); + return visitor.classInfo; + } catch (IOException e) { + throw new RuntimeException(e); + } + }); + } + + @Nullable + ClassInfo.MethodWorkflowImplInfo findWorkflowImplInfo( + ClassInfo on, String implClassName, String implMethodName, String implMethodDescriptor) { + // Check my own methods + List methods = on.methods.get(implMethodName); + if (methods != null) { + for (ClassInfo.MethodInfo method : methods) { + if (method.workflowDecl != null + && isMethodOverride(on, method, implClassName, implMethodDescriptor)) { + return new ClassInfo.MethodWorkflowImplInfo(on, method.workflowDecl); + } + } + } + // Check super class then super interfaces (we don't care about the + // potential duplicate checks, better than maintaining an already-seen map) + if (on.superClass != null && !ClassPath.isStandardLibraryClass(on.superClass)) { + ClassInfo.MethodWorkflowImplInfo info = + findWorkflowImplInfo( + loadClass(on.superClass), implClassName, implMethodName, implMethodDescriptor); + if (info != null) { + return info; + } + } + if (on.superInterfaces != null) { + for (String iface : on.superInterfaces) { + if (!ClassPath.isStandardLibraryClass(iface)) { + ClassInfo.MethodWorkflowImplInfo info = + findWorkflowImplInfo( + loadClass(iface), implClassName, implMethodName, implMethodDescriptor); + if (info != null) { + return info; + } + } + } + } + return null; + } + + void processMethodValidity(ClassInfo.MethodInfo method, Set processing) { + // If it has no member accesses (possibly actually has no calls/fields or + // just has configured-invalid already set) or already processed, do + // nothing. This of course means that recursion does not apply for + // invalidity. + if (method.memberAccesses == null || processing.contains(method)) { + return; + } + // Go over every call and check whether invalid + processing.add(method); + for (ClassInfo.MethodInvalidMemberAccessInfo memberAccess : method.memberAccesses) { + boolean invalid = false; + switch (memberAccess.operation) { + case FIELD_CONFIGURED_INVALID: + // This is always considered invalid + invalid = true; + break; + case FIELD_STATIC_GET: + case FIELD_STATIC_PUT: + // This is considered invalid if the class has the field as a + // non-final static + memberAccess.resolvedInvalidClass = loadClass(memberAccess.className); + invalid = + memberAccess.resolvedInvalidClass.nonFinalStaticFields != null + && memberAccess.resolvedInvalidClass.nonFinalStaticFields.contains( + memberAccess.memberName); + break; + case METHOD_CALL: + // A call is considered invalid/valid if: + // * Configured invalid set in the hierarchy (most-specific wins) + // * Actual impl of the method has invalid calls + ClassInfo callClass = loadClass(memberAccess.className); + + ConfiguredInvalidResolution configResolution = new ConfiguredInvalidResolution(); + resolveConfiguredInvalid( + callClass, + memberAccess.memberName, + memberAccess.memberDescriptor, + 0, + configResolution); + if (configResolution.value != null) { + if (configResolution.value) { + memberAccess.resolvedInvalidClass = configResolution.classFoundOn; + invalid = true; + } + break; + } + + MethodResolution methodResolution = new MethodResolution(); + resolveMethod( + loadClass(memberAccess.className), + memberAccess.className, + memberAccess.memberName, + memberAccess.memberDescriptor, + methodResolution); + if (methodResolution.implClass != null) { + // Process invalidity on this method, then check if it's invalid + processMethodValidity(methodResolution.implMethod, processing); + if (methodResolution.implMethod.isInvalid()) { + memberAccess.resolvedInvalidClass = methodResolution.implClass; + memberAccess.resolvedInvalidMethod = methodResolution.implMethod; + invalid = true; + } + } + break; + } + if (invalid) { + if (method.invalidMemberAccesses == null) { + method.invalidMemberAccesses = new ArrayList<>(1); + } + method.invalidMemberAccesses.add(memberAccess); + } + } + // Unset the member accesses now that we've processed them + method.memberAccesses = null; + // Sort invalid accesses if there are any + if (method.invalidMemberAccesses != null) { + method.invalidMemberAccesses.sort(Comparator.comparingInt(m -> m.line == null ? -1 : m.line)); + } + processing.remove(method); + } + + private static class ConfiguredInvalidResolution { + private ClassInfo classFoundOn; + private int depthFoundOn; + private Boolean value; + } + + private void resolveConfiguredInvalid( + ClassInfo on, + String methodName, + String methodDescriptor, + int depth, + ConfiguredInvalidResolution resolution) { + // First check myself + Boolean configuredInvalid = config.invalidMembers.check(on.name, methodName, methodDescriptor); + if (configuredInvalid != null + && isMoreSpecific(resolution.classFoundOn, resolution.depthFoundOn, on, depth)) { + resolution.classFoundOn = on; + resolution.depthFoundOn = depth; + resolution.value = configuredInvalid; + } + + // Now check super class and super interfaces. We don't care enough to + // prevent re-checking diamonds. + if (on.superClass != null) { + resolveConfiguredInvalid( + loadClass(on.superClass), methodName, methodDescriptor, depth + 1, resolution); + } + if (on.superInterfaces != null) { + for (String iface : on.superInterfaces) { + resolveConfiguredInvalid( + loadClass(iface), methodName, methodDescriptor, depth + 1, resolution); + } + } + } + + private static class MethodResolution { + ClassInfo implClass; + ClassInfo.MethodInfo implMethod; + } + + private void resolveMethod( + ClassInfo on, + String callClassName, + String callMethodName, + String callMethodDescriptor, + MethodResolution resolution) { + // First, see if the method is even on this class + List methods = on.methods.get(callMethodName); + if (methods != null) { + for (ClassInfo.MethodInfo method : methods) { + // Only methods with bodies apply + if ((method.access & Opcodes.ACC_ABSTRACT) != 0 + || (method.access & Opcodes.ACC_NATIVE) != 0) { + continue; + } + // To qualify, method descriptor must match if same call class name, or + // method must be an override if different call class name + if ((callClassName.equals(on.name) && method.descriptor.equals(callMethodDescriptor)) + || isMethodOverride(on, method, callClassName, callMethodDescriptor)) { + // If we have a body and impl hasn't been sent, this is the impl. + // Otherwise, we have to check whether it's more specific. Depth does + // not matter because Java compiler won't allow ambiguity here (i.e. + // multiple unrelated interface defaults). + if (isMoreSpecific(resolution.implClass, 0, on, 0)) { + resolution.implClass = on; + resolution.implMethod = method; + // If this is not an interface, we're done trying to find others + if ((method.access & Opcodes.ACC_INTERFACE) == 0) { + return; + } + } + break; + } + } + } + + // Now check super class and super interfaces. We don't care enough to + // prevent re-checking diamonds. + if (on.superClass != null) { + resolveMethod( + loadClass(on.superClass), + callClassName, + callMethodName, + callMethodDescriptor, + resolution); + } + if (on.superInterfaces != null) { + for (String iface : on.superInterfaces) { + resolveMethod( + loadClass(iface), callClassName, callMethodName, callMethodDescriptor, resolution); + } + } + } + + private boolean isMoreSpecific( + @Nullable ClassInfo prevClass, int prevDepth, ClassInfo newClass, int newDepth) { + // If there is no prev, this is always more specific + if (prevClass == null) { + return true; + } + + // If the prev class is not an interface, it is always more specific, then + // apply that logic to new over any interface that may have been seen + if ((prevClass.access & Opcodes.ACC_INTERFACE) == 0) { + return false; + } else if ((newClass.access & Opcodes.ACC_INTERFACE) == 0) { + return true; + } + + // Now that we know they are both interfaces, if the new class is a + // sub-interface of the prev class, it is more specific. For default-method + // resolution purposes, Java would disallow two independent implementations + // of the same default method on independent interfaces. But this isn't for + // default purposes, so there can be multiple. In this rare case, we will + // choose which has the least depth, and in the rarer case they are the + // same depth, we just leave previous. + if (isAssignableFrom(prevClass.name, newClass)) { + return true; + } else if (!isAssignableFrom(newClass.name, prevClass)) { + return false; + } + return newDepth < prevDepth; + } + + // Expects name check to already be done + private boolean isMethodOverride( + ClassInfo superClass, + ClassInfo.MethodInfo superMethod, + // If null, package-private not verified + @Nullable String subClassName, + String subMethodDescriptor) { + // Final, static, or private are never inherited + int superAccess = superMethod.access; + if ((superAccess & Opcodes.ACC_FINAL) != 0 + || (superAccess & Opcodes.ACC_STATIC) != 0 + || (superAccess & Opcodes.ACC_PRIVATE) != 0) { + return false; + } + // Package-private only inherited if same package + if (subClassName != null + && (superAccess & Opcodes.ACC_PUBLIC) == 0 + && (superAccess & Opcodes.ACC_PROTECTED) == 0) { + int slashIndex = superClass.name.lastIndexOf('/'); + if (slashIndex == 0 + || !subClassName.startsWith(superClass.name.substring(0, slashIndex + 1))) { + return false; + } + } + // Check descriptor. This can have a covariant return, so this must check + // exact args first then return covariance. + String superDesc = superMethod.descriptor; + // Simple equality perf shortcut + if (superDesc.equals(subMethodDescriptor)) { + return true; + } + // Since it didn't match exact, check up to end paren if both have ")L" + int endParen = superDesc.lastIndexOf(')'); + if (endParen >= subMethodDescriptor.length() + || subMethodDescriptor.charAt(endParen) != ')' + || superDesc.charAt(endParen + 1) != 'L' + || subMethodDescriptor.charAt(endParen + 1) != 'L') { + return false; + } + // Check args + if (!subMethodDescriptor.regionMatches(0, superMethod.descriptor, 0, endParen + 1)) { + return false; + } + // Check super return is same or super of sub return (after 'L', before end ';') + return isAssignableFrom( + superMethod.descriptor.substring(endParen + 2, superMethod.descriptor.length() - 1), + subMethodDescriptor.substring(endParen + 2, subMethodDescriptor.length() - 1)); + } + + private boolean isAssignableFrom(String sameOrSuperOfSubject, String subject) { + if (sameOrSuperOfSubject.equals(subject)) { + return true; + } + return isAssignableFrom(sameOrSuperOfSubject, loadClass(subject)); + } + + private boolean isAssignableFrom(String sameOrSuperOfSubject, ClassInfo subject) { + if (sameOrSuperOfSubject.equals(subject.name)) { + return true; + } + if (sameOrSuperOfSubject.equals(subject.superClass)) { + return true; + } + if (subject.superInterfaces != null) { + for (String iface : subject.superInterfaces) { + if (sameOrSuperOfSubject.equals(iface)) { + return true; + } + } + } + // Since there were no direct matches, now check if subject super classes + // or interfaces match + if (subject.superClass != null) { + if (isAssignableFrom(sameOrSuperOfSubject, loadClass(subject.superClass))) { + return true; + } + } + if (subject.superInterfaces != null) { + for (String iface : subject.superInterfaces) { + if (isAssignableFrom(sameOrSuperOfSubject, loadClass(iface))) { + return true; + } + } + } + return false; + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Main.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Main.java new file mode 100644 index 000000000..34dd0b8b0 --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Main.java @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.io.FileInputStream; +import java.io.IOException; +import java.util.*; +import java.util.stream.Collectors; + +/** Entrypoint for CLI. */ +public class Main { + public static void main(String[] args) throws IOException { + if (args.length == 0 || "--help".equals(args[0])) { + System.err.println( + "Analyze Temporal workflows for common mistakes.\n" + + "\n" + + "Usage:\n" + + " workflowcheck [command]\n" + + "\n" + + "Commands:\n" + + " check - Check all workflow code on the classpath for invalid calls\n" + + " prebuild-config - Pre-build a config for certain packages to keep from scanning each time (TODO)"); + return; + } + switch (args[0]) { + case "check": + System.exit(check(Arrays.copyOfRange(args, 1, args.length))); + case "prebuild-config": + System.exit(prebuildConfig(Arrays.copyOfRange(args, 1, args.length))); + default: + System.err.println("Unrecognized command '" + args[0] + "'"); + System.exit(1); + } + } + + private static int check(String[] args) throws IOException { + if (args.length == 1 && "--help".equals(args[0])) { + System.err.println( + "Analyze Temporal workflows for common mistakes.\n" + + "\n" + + "Usage:\n" + + " workflowcheck check [--config ] [--no-default-config] [--show-valid]"); + return 0; + } + // Args list that removes options as encountered + List argsList = new ArrayList<>(Arrays.asList(args)); + + // Load config + List configProps = new ArrayList<>(); + if (!argsList.remove("--no-default-config")) { + configProps.add(Config.defaultProperties()); + } + while (true) { + int configIndex = argsList.indexOf("--config"); + if (configIndex == -1) { + break; + } else if (configIndex == argsList.size() - 1) { + System.err.println("Missing --config value"); + return 1; + } + argsList.remove(configIndex); + Properties props = new Properties(); + try (FileInputStream is = new FileInputStream(argsList.remove(configIndex))) { + props.load(is); + } + configProps.add(props); + } + + // Whether we should also show valid + boolean showValid = argsList.remove("--show-valid"); + + // Ensure that we have at least one classpath arg + if (argsList.isEmpty()) { + System.err.println("At least one classpath argument required"); + return 1; + } + // While it can rarely be possible for the first file in a class path string + // to start with a dash, we're going to assume it's an invalid argument and + // users can qualify if needed. + Optional invalidArg = argsList.stream().filter(s -> s.startsWith("-")).findFirst(); + if (invalidArg.isPresent()) { + System.err.println("Unrecognized argument: " + invalidArg); + } + + System.err.println("Analyzing classpath for classes with workflow methods..."); + Config config = Config.fromProperties(configProps.toArray(new Properties[0])); + List infos = + new WorkflowCheck(config).findWorkflowClasses(argsList.toArray(new String[0])); + System.out.println("Found " + infos.size() + " class(es) with workflow methods"); + if (infos.isEmpty()) { + return 0; + } + + // Print workflow methods impls + boolean anyInvalidImpls = false; + for (ClassInfo info : infos) { + List>> methodEntries = + info.methods.entrySet().stream() + .sorted(Map.Entry.comparingByKey()) + .collect(Collectors.toList()); + for (Map.Entry> methods : methodEntries) { + for (ClassInfo.MethodInfo method : methods.getValue()) { + // Only impls + if (method.workflowImpl == null) { + continue; + } + if (showValid || method.isInvalid()) { + System.out.println(Printer.methodText(info, methods.getKey(), method)); + } + if (method.isInvalid()) { + anyInvalidImpls = true; + } + } + } + } + return anyInvalidImpls ? 1 : 0; + } + + private static int prebuildConfig(String[] args) { + System.err.println("TODO"); + return 1; + } + + private Main() {} +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Printer.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Printer.java new file mode 100644 index 000000000..7abf27ca4 --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/Printer.java @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.util.Collections; +import java.util.IdentityHashMap; +import java.util.Set; +import javax.annotation.Nullable; +import org.objectweb.asm.Type; + +/** Helpers for printing results. */ +class Printer { + static String methodText( + ClassInfo classInfo, String methodName, ClassInfo.MethodInfo methodInfo) { + Printer printer = new Printer(); + printer.appendMethod( + classInfo, methodName, methodInfo, "", Collections.newSetFromMap(new IdentityHashMap<>())); + return printer.bld.toString(); + } + + private final StringBuilder bld = new StringBuilder(); + + private void appendMethod( + ClassInfo classInfo, + String methodName, + ClassInfo.MethodInfo methodInfo, + String indent, + Set seenMethods) { + seenMethods.add(methodInfo); + bld.append(indent); + if (methodInfo.workflowImpl != null) { + bld.append("Workflow method "); + appendFriendlyMember(classInfo.name, methodName, methodInfo.descriptor); + bld.append(" (declared on "); + appendFriendlyClassName(methodInfo.workflowImpl.declClassInfo.name); + bld.append(")"); + } else { + bld.append("Method "); + appendFriendlyMember(classInfo.name, methodName, methodInfo.descriptor); + } + if (!methodInfo.isInvalid()) { + bld.append(" is valid\n"); + } else if (methodInfo.configuredInvalid != null) { + bld.append(" is configured as invalid\n"); + } else if (seenMethods.size() > 30) { + bld.append(" is invalid (stack depth exceeded, stopping here)\n"); + } else if (methodInfo.invalidMemberAccesses != null) { + bld.append(" has ") + .append(methodInfo.invalidMemberAccesses.size()) + .append(" invalid member access"); + if (methodInfo.invalidMemberAccesses.size() > 1) { + bld.append("es"); + } + bld.append(":\n"); + for (ClassInfo.MethodInvalidMemberAccessInfo memberAccess : + methodInfo.invalidMemberAccesses) { + appendInvalidMemberAccess(classInfo, memberAccess, indent + " ", seenMethods); + } + } else { + // Should not happen + bld.append(" is invalid for unknown reasons\n"); + } + seenMethods.remove(methodInfo); + } + + private void appendInvalidMemberAccess( + ClassInfo callerClassInfo, + ClassInfo.MethodInvalidMemberAccessInfo accessInfo, + String indent, + Set seenMethods) { + bld.append(indent); + if (callerClassInfo.fileName == null) { + bld.append(""); + } else { + bld.append(callerClassInfo.fileName); + if (accessInfo.line != null) { + bld.append(':').append(accessInfo.line); + } + } + switch (accessInfo.operation) { + case FIELD_CONFIGURED_INVALID: + bld.append(" references "); + appendFriendlyMember(accessInfo.className, accessInfo.memberName, null); + bld.append(" which is configured as invalid\n"); + break; + case FIELD_STATIC_GET: + bld.append(" gets "); + appendFriendlyMember(accessInfo.className, accessInfo.memberName, null); + bld.append(" which is a non-final static field\n"); + break; + case FIELD_STATIC_PUT: + bld.append(" sets "); + appendFriendlyMember(accessInfo.className, accessInfo.memberName, null); + bld.append(" which is a non-final static field\n"); + break; + case METHOD_CALL: + bld.append(" invokes "); + appendFriendlyMember( + accessInfo.className, accessInfo.memberName, accessInfo.memberDescriptor); + if (accessInfo.resolvedInvalidClass == null) { + // Should never happen + bld.append(" (resolution failed)\n"); + } else if (accessInfo.resolvedInvalidMethod == null) { + bld.append(" which is configured as invalid\n"); + } else if (seenMethods.contains(accessInfo.resolvedInvalidMethod)) { + // Should not happen + bld.append(" (unexpected recursion)\n"); + } else { + bld.append(":\n"); + appendMethod( + accessInfo.resolvedInvalidClass, + accessInfo.memberName, + accessInfo.resolvedInvalidMethod, + indent + " ", + seenMethods); + } + break; + } + } + + private void appendFriendlyClassName(String className) { + bld.append(className.replace('/', '.')); + } + + private void appendFriendlyMember( + String className, String memberName, @Nullable String methodDescriptor) { + appendFriendlyClassName(className); + bld.append('.').append(memberName); + if (methodDescriptor != null) { + bld.append('('); + Type[] argTypes = Type.getArgumentTypes(methodDescriptor); + for (int i = 0; i < argTypes.length; i++) { + if (i > 0) { + bld.append(", "); + } + bld.append(argTypes[i].getClassName()); + } + bld.append(')'); + } + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/SuppressionStack.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/SuppressionStack.java new file mode 100644 index 000000000..3fde9ec86 --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/SuppressionStack.java @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.util.Deque; +import java.util.LinkedList; +import javax.annotation.Nullable; + +/** Utility to push/pop configured suppressions. */ +class SuppressionStack { + // If a value is null, that means suppress all + private final Deque stack = new LinkedList<>(); + + // If null or empty string array given, all things suppressed + void push(@Nullable String[] specificDescriptors) { + if (specificDescriptors == null || specificDescriptors.length == 0) { + stack.push(null); + } else { + stack.push(new DescriptorMatcher(specificDescriptors)); + } + } + + void pop() { + stack.pop(); + } + + boolean checkSuppressed(String className, String methodName, String methodDescriptor) { + // Since suppressions are only additive, we can iterate in any order we want + for (DescriptorMatcher matcher : stack) { + // If matcher is null, that means suppress all + if (matcher == null) { + return true; + } + Boolean suppressed = matcher.check(className, methodName, methodDescriptor); + if (suppressed != null && suppressed) { + return true; + } + } + return false; + } +} diff --git a/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/WorkflowCheck.java b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/WorkflowCheck.java new file mode 100644 index 000000000..882f8e6ee --- /dev/null +++ b/temporal-workflowcheck/src/main/java/io/temporal/workflowcheck/WorkflowCheck.java @@ -0,0 +1,158 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.io.IOException; +import java.lang.annotation.ElementType; +import java.lang.annotation.Target; +import java.util.*; +import org.objectweb.asm.Opcodes; + +/** Utilities to help validate workflow correctness. */ +public class WorkflowCheck { + /** + * Suppress all invalid-workflow warnings until the matching call to {@link #restoreWarnings()}. + * This must be accompanied by a closing {@link #restoreWarnings()}. A more specific form of this + * that suppresses only certain warnings is at {@link #suppressWarnings(String)}. Note, this does + * not respect logical order, but rather bytecode order. Users are encouraged to use the {@link + * SuppressWarnings} annotation instead. + */ + public static void suppressWarnings() {} + + /** + * Suppress invalid-workflow warnings that apply to this descriptor until the matching call to + * {@link #restoreWarnings()}. This must be accompanied by a closing {@link #restoreWarnings()}. A + * more generic form of this that suppresses only certain warnings is at {@link + * #suppressWarnings()}. Note, this does not respect logical order, but rather bytecode order. + * Users are encouraged to use the {@link SuppressWarnings} annotation instead. + */ + public static void suppressWarnings(String specificDesc) {} + + /** Restore warnings suppressed via suppressWarnings calls. */ + public static void restoreWarnings() {} + + /** + * Suppress warnings on the class or method this is put on. If invalidMembers is provided, + * this only suppresses those specific descriptors. Otherwise this suppresses all. + */ + @Target({ElementType.TYPE, ElementType.METHOD, ElementType.CONSTRUCTOR}) + public @interface SuppressWarnings { + // Note, intentionally not called "value" for the default because there may + // be other warnings to suppress in the future + + /** Descriptors for invalid members to suppress. If empty/unset, this suppresses all. */ + String[] invalidMembers() default {}; + } + + private final Config config; + + /** Create a new workflow check with the given config. */ + public WorkflowCheck(Config config) { + this.config = config; + } + + /** + * Scan the given classpaths finding all classes with workflow implementation methods, and check + * them for validity. This returns all classes that have at least one method whose {@link + * ClassInfo.MethodInfo#getWorkflowImpl()} is non-null. + */ + public List findWorkflowClasses(String... classPaths) throws IOException { + // Load all non-built-in classes' methods to find workflow impls + List workflowClasses = new ArrayList<>(); + try (ClassPath classPath = new ClassPath(classPaths)) { + Loader loader = new Loader(config, classPath); + for (String className : classPath.classes) { + ClassInfo info = loader.loadClass(className); + boolean hasWorkflowImpl = false; + for (Map.Entry> methodEntry : info.methods.entrySet()) { + for (ClassInfo.MethodInfo method : methodEntry.getValue()) { + // Workflow impl method must be non-static public with a body + if ((method.access & Opcodes.ACC_STATIC) == 0 + && (method.access & Opcodes.ACC_PUBLIC) != 0 + && (method.access & Opcodes.ACC_ABSTRACT) == 0 + && (method.access & Opcodes.ACC_NATIVE) == 0) { + method.workflowImpl = + loader.findWorkflowImplInfo( + info, info.name, methodEntry.getKey(), method.descriptor); + // We need to check for method validity only if it's an impl + if (method.workflowImpl != null) { + hasWorkflowImpl = true; + loader.processMethodValidity( + method, Collections.newSetFromMap(new IdentityHashMap<>())); + } + } + } + } + if (hasWorkflowImpl) { + workflowClasses.add(info); + } + } + } + + // Now that we have processed all invalidity on each class, trim off + // unimportant class pieces + Set trimmed = Collections.newSetFromMap(new IdentityHashMap<>()); + workflowClasses.forEach(info -> trimUnimportantClassInfo(info, trimmed)); + + // Sort classes by class name and return + workflowClasses.sort(Comparator.comparing(c -> c.name)); + return workflowClasses; + } + + private void trimUnimportantClassInfo(ClassInfo info, Set done) { + done.add(info); + // Remove non-final static fields, they are only needed during processing + info.nonFinalStaticFields = null; + // Remove unimportant methods (i.e. without workflow info and are valid), + // and remove entire list if none left + info.methods + .entrySet() + .removeIf( + methods -> { + methods + .getValue() + .removeIf( + method -> { + // If the method has an impl and decl class not already trimmed, trim it + if (method.workflowImpl != null + && !done.contains(method.workflowImpl.declClassInfo)) { + trimUnimportantClassInfo(method.workflowImpl.declClassInfo, done); + } + // Recursively trim classes on calls too for each not already done + if (method.invalidMemberAccesses != null) { + for (ClassInfo.MethodInvalidMemberAccessInfo access : + method.invalidMemberAccesses) { + if (access.resolvedInvalidClass != null + && !done.contains(access.resolvedInvalidClass)) { + trimUnimportantClassInfo(access.resolvedInvalidClass, done); + } + } + } + // Set to remove if nothing important on it + return method.workflowDecl == null + && method.workflowImpl == null + && (method.configuredInvalid == null || method.configuredInvalid) + && method.invalidMemberAccesses == null; + }); + return methods.getValue().isEmpty(); + }); + } +} diff --git a/temporal-workflowcheck/src/main/resources/io/temporal/workflowcheck/workflowcheck.properties b/temporal-workflowcheck/src/main/resources/io/temporal/workflowcheck/workflowcheck.properties new file mode 100644 index 000000000..048679827 --- /dev/null +++ b/temporal-workflowcheck/src/main/resources/io/temporal/workflowcheck/workflowcheck.properties @@ -0,0 +1,184 @@ +# +# Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. +# +# Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Modifications copyright (C) 2017 Uber Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this material except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#### Invalid Calls #### +# Rules for this file: +# * Every section is separated by a ### heading +# * Groups within those sections just have a simple # heading for comments +# * Should alphabetize where reasonable +# * Always fully qualify classes of methods +### Random ### + +temporal.workflowcheck.invalid.java/lang/Math.random=true +temporal.workflowcheck.invalid.java/security/SecureRandom=true +temporal.workflowcheck.invalid.java/util/Random.()=true +temporal.workflowcheck.invalid.java/util/UUID.randomUUID=true + +### Time ### + +# All Clock and InstantSource calls disallowed +temporal.workflowcheck.invalid.java/time/Clock=true +temporal.workflowcheck.invalid.java/time/InstantSource=true + +# Any accessing current time is disallowed +temporal.workflowcheck.invalid.java/lang/System.currentTimeMillis=true +temporal.workflowcheck.invalid.java/lang/System.nanoTime=true +temporal.workflowcheck.invalid.java/time/Clock.system=true +temporal.workflowcheck.invalid.java/time/Clock.systemDefaultZone=true +temporal.workflowcheck.invalid.java/time/Clock.systemUTC=true +temporal.workflowcheck.invalid.java/time/Clock.tickMillis=true +temporal.workflowcheck.invalid.java/time/Clock.tickMinutes=true +temporal.workflowcheck.invalid.java/time/Clock.tickSeconds=true +temporal.workflowcheck.invalid.java/time/Instant.now=true +temporal.workflowcheck.invalid.java/time/LocalDate.now=true +temporal.workflowcheck.invalid.java/time/LocalDateTime.now=true +temporal.workflowcheck.invalid.java/time/LocalTime.now=true +temporal.workflowcheck.invalid.java/time/OffsetDateTime.now=true +temporal.workflowcheck.invalid.java/time/OffsetTime.now=true +temporal.workflowcheck.invalid.java/time/ZonedDateTime.now=true +temporal.workflowcheck.invalid.java/util/Calendar.getInstance=true +temporal.workflowcheck.invalid.java/util/Date.()=true + +### Collections ### + +# Disallow iteration over high-level collection without it being a safer type. +# We expect many may disable this overly strict rule. We also expect +# LinkedHashSet/Map and SortedSet/Map to be those specific types when asking +# for iterators. + +temporal.workflowcheck.invalid.java/lang/Iterable.forEach=true +temporal.workflowcheck.invalid.java/lang/Iterable.iterator=true +temporal.workflowcheck.invalid.java/lang/Iterable.spliterator=true +temporal.workflowcheck.invalid.java/util/Collection.parallelStream=true +temporal.workflowcheck.invalid.java/util/Collection.stream=true +temporal.workflowcheck.invalid.java/util/Collection.toArray=true + +# Many collections are safe +temporal.workflowcheck.invalid.java/util/ArrayDeque=false +temporal.workflowcheck.invalid.java/util/LinkedHashMap=false +temporal.workflowcheck.invalid.java/util/LinkedHashSet=false +temporal.workflowcheck.invalid.java/util/List=false +temporal.workflowcheck.invalid.java/util/SortedMap=false +temporal.workflowcheck.invalid.java/util/SortedSet=false + +### System (disk, network, OS, etc) ### + +temporal.workflowcheck.invalid.java/io/File=true +temporal.workflowcheck.invalid.java/io/FileInputStream=true +temporal.workflowcheck.invalid.java/io/FileOutputStream=true +temporal.workflowcheck.invalid.java/io/FileReader=true +temporal.workflowcheck.invalid.java/io/FileWriter=true +temporal.workflowcheck.invalid.java/io/RandomAccessFile=true +temporal.workflowcheck.invalid.java/lang/ClassLoader.getResourceAsStream=true +temporal.workflowcheck.invalid.java/lang/System.clearProperty=true +temporal.workflowcheck.invalid.java/lang/System.console=true +temporal.workflowcheck.invalid.java/lang/System.err=true +temporal.workflowcheck.invalid.java/lang/System.exit=true +temporal.workflowcheck.invalid.java/lang/System.getProperties=true +temporal.workflowcheck.invalid.java/lang/System.getProperty=true +temporal.workflowcheck.invalid.java/lang/System.getenv=true +# We usually would disallow identityHashCode since it's non-deterministic +# across processes, but a lot of simple libraries use it internally +# temporal.workflowcheck.invalid.java/lang/System.identityHashCode=true +temporal.workflowcheck.invalid.java/lang/System.in=true +temporal.workflowcheck.invalid.java/lang/System.load=true +temporal.workflowcheck.invalid.java/lang/System.loadLibrary=true +temporal.workflowcheck.invalid.java/lang/System.mapLibraryName=true +temporal.workflowcheck.invalid.java/lang/System.out=true +temporal.workflowcheck.invalid.java/lang/System.setErr=true +temporal.workflowcheck.invalid.java/lang/System.setIn=true +temporal.workflowcheck.invalid.java/lang/System.setOut=true +temporal.workflowcheck.invalid.java/lang/System.setProperties=true +temporal.workflowcheck.invalid.java/lang/System.setProperty=true +temporal.workflowcheck.invalid.java/net/DatagramSocket=true +temporal.workflowcheck.invalid.java/net/ServerSocket=true +temporal.workflowcheck.invalid.java/net/Socket=true +temporal.workflowcheck.invalid.java/net/URL.openConnection=true +temporal.workflowcheck.invalid.java/net/URL.openStream=true +temporal.workflowcheck.invalid.java/nio/channels/AsynchronousChannel=true +temporal.workflowcheck.invalid.java/nio/channels/FileChannel=true +temporal.workflowcheck.invalid.java/nio/channels/NetworkChannel=true +temporal.workflowcheck.invalid.java/nio/file/FileSystem=true +temporal.workflowcheck.invalid.java/nio/file/Files=true +temporal.workflowcheck.invalid.java/nio/file/Path.toAbsolutePath=true +temporal.workflowcheck.invalid.java/nio/file/Path.toRealPath=true +temporal.workflowcheck.invalid.java/nio/file/WatchService=true + +### Threading/concurrency ### + +temporal.workflowcheck.invalid.java/lang/Object.notify=true +temporal.workflowcheck.invalid.java/lang/Object.notifyAll=true +temporal.workflowcheck.invalid.java/lang/Object.wait=true +temporal.workflowcheck.invalid.java/lang/Thread=true +# We intentionally don't include many concurrent collections here because that +# something is thread-safe doesn't mean it's non-deterministic. There are +# plenty of non-deterministic calls (e.g. BlockingQueue.poll) that can be used +# in deterministic ways, but we are not strictly enforcing this either. +temporal.workflowcheck.invalid.java/util/concurrent/CompletableFuture=true +temporal.workflowcheck.invalid.java/util/concurrent/CountDownLatch=true +temporal.workflowcheck.invalid.java/util/concurrent/CyclicBarrier=true +temporal.workflowcheck.invalid.java/util/concurrent/Executor=true +temporal.workflowcheck.invalid.java/util/concurrent/ExecutorService=true +temporal.workflowcheck.invalid.java/util/concurrent/Executors=true +temporal.workflowcheck.invalid.java/util/concurrent/Future=true +temporal.workflowcheck.invalid.java/util/concurrent/Phaser=true +temporal.workflowcheck.invalid.java/util/concurrent/Semaphore=true +# We are being lazy and just disallowing all locks. Users can override specific +# things as needed. +temporal.workflowcheck.invalid.java/util/concurrent/locks=true + +### Specific overrides ### + +# Temporal workflow package is ok +temporal.workflowcheck.invalid.io/temporal/workflow=false + +# We're whitelisting java.util.logging due to its heavy use +temporal.workflowcheck.invalid.java/util/logging=false + +# Consider everything on Class, Throwable, and String to be acceptable due to +# so many transitive false positives (even though many times the calls are in +# fact not safe) +temporal.workflowcheck.invalid.java/lang/Class=false +temporal.workflowcheck.invalid.java/lang/String=false +temporal.workflowcheck.invalid.java/lang/Throwable=false + +# In newer Java, HashMap init invokes StringBuilder to append a float which +# does jdk.internal.math.FloatingDecimal.getBinaryToASCIIBuffer() which uses +# thread local. We'll just make all uses of string builder safe. +temporal.workflowcheck.invalid.java/lang/StringBuilder=false + +# After much thought, we are going to allow reflection by default. So many +# deterministic Java libraries use it, and we want this tool to not be so +# strict that people are constantly overriding false positives. +temporal.workflowcheck.invalid.java/lang/reflect=false + +# Quite a few internal libraries catch interrupts just to re-interrupt, so we +# will mark thread interrupt as safe (other thread stuff is not) +temporal.workflowcheck.invalid.java/lang/Thread.currentThread=false +temporal.workflowcheck.invalid.java/lang/Thread.interrupt=false + +# While technically line separators are platform specific, in practice many +# people don't run workers across platforms and this is used by lots of string +# building code. +temporal.workflowcheck.invalid.java/lang/System.lineSeparator=false + +# Technically path making does some low-level filesystem calls, but we can +# consider it ok for most workflow use +temporal.workflowcheck.invalid.java/nio/file/Paths.get=false \ No newline at end of file diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/ClassPathTest.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/ClassPathTest.java new file mode 100644 index 000000000..268130984 --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/ClassPathTest.java @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import static org.junit.Assert.*; + +import java.io.File; +import org.junit.Test; + +public class ClassPathTest { + @Test + public void testClassPath() throws Exception { + // We need to test a file-based classpath and a JAR based one (including + // built-in classes) and confirm all loaded properly. We have confirmed + // with Gradle tests that we have the proper pieces, but we assert again. + String testClassDirEntry = null; + String asmJarEntry = null; + for (String maybeEntry : System.getProperty("java.class.path").split(File.pathSeparator)) { + String url = new File(maybeEntry).toURI().toURL().toString(); + if (url.endsWith("classes/java/test/")) { + assertNull(testClassDirEntry); + testClassDirEntry = maybeEntry; + } else { + String fileName = url.substring(url.lastIndexOf('/') + 1); + if (fileName.startsWith("asm-") && fileName.endsWith(".jar")) { + assertNull(asmJarEntry); + asmJarEntry = maybeEntry; + } + } + } + assertNotNull(testClassDirEntry); + assertNotNull(asmJarEntry); + + // Now use these to load all classes and confirm it has the proper ones + // present + try (ClassPath classPath = + new ClassPath(testClassDirEntry + File.pathSeparator + asmJarEntry)) { + assertTrue( + classPath.classes.contains("io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl")); + assertTrue(classPath.classes.contains("org/objectweb/asm/ClassReader")); + } + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/LoggingCaptureHandler.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/LoggingCaptureHandler.java new file mode 100644 index 000000000..7afa4899e --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/LoggingCaptureHandler.java @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import java.util.ArrayList; +import java.util.List; +import java.util.logging.Handler; +import java.util.logging.LogRecord; +import java.util.logging.SimpleFormatter; + +public class LoggingCaptureHandler extends Handler { + private final List records = new ArrayList<>(); + + public LoggingCaptureHandler() { + setFormatter(new SimpleFormatter()); + } + + @Override + public synchronized void publish(LogRecord record) { + records.add(record); + } + + @Override + public void flush() {} + + @Override + public void close() throws SecurityException {} + + public synchronized List collectRecords() { + return new ArrayList<>(records); + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/WorkflowCheckTest.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/WorkflowCheckTest.java new file mode 100644 index 000000000..fb8efbd9f --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/WorkflowCheckTest.java @@ -0,0 +1,373 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck; + +import static org.junit.Assert.*; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.*; +import java.util.logging.Level; +import java.util.logging.LogManager; +import java.util.logging.LogRecord; +import java.util.logging.Logger; +import java.util.stream.Collectors; +import javax.annotation.Nullable; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +public class WorkflowCheckTest { + static { + try (InputStream is = + WorkflowCheckTest.class.getClassLoader().getResourceAsStream("logging.properties")) { + LogManager.getLogManager().readConfiguration(is); + } catch (IOException e) { + throw new ExceptionInInitializerError(e); + } + } + + private final LoggingCaptureHandler classInfoVisitorLogs = new LoggingCaptureHandler(); + + @Before + public void beforeEach() { + ClassInfoVisitor.logger.addHandler(classInfoVisitorLogs); + } + + @After + public void afterEach() { + Logger.getLogger(ClassInfoVisitor.class.getName()).removeHandler(classInfoVisitorLogs); + } + + @Test + public void testWorkflowCheck() throws IOException { + // Load properties + Properties configProps = new Properties(); + try (InputStream is = getClass().getResourceAsStream("testdata/workflowcheck.properties")) { + configProps.load(is); + } + // Collect infos + Config config = Config.fromProperties(Config.defaultProperties(), configProps); + List infos = + new WorkflowCheck(config).findWorkflowClasses(System.getProperty("java.class.path")); + for (ClassInfo info : infos) { + info.methods.entrySet().stream() + .sorted(Map.Entry.comparingByKey()) + .forEach( + entry -> { + for (ClassInfo.MethodInfo method : entry.getValue()) { + if (method.workflowImpl != null) { + System.out.println(Printer.methodText(info, entry.getKey(), method)); + } + } + }); + } + + // Collect actual/expected lists (we accept perf penalty of not being sets) + List actual = InvalidMemberAccessAssertion.fromClassInfos(infos); + SourceAssertions expected = SourceAssertions.fromTestSource(); + + // Check differences in both directions + List diff = new ArrayList<>(actual); + diff.removeAll(expected.invalidAccesses); + for (InvalidMemberAccessAssertion v : diff) { + fail("Unexpected invalid access: " + v); + } + diff = new ArrayList<>(expected.invalidAccesses); + diff.removeAll(actual); + for (InvalidMemberAccessAssertion v : diff) { + fail("Missing expected invalid call: " + v); + } + + // Check that all logs are present + List actualLogs = classInfoVisitorLogs.collectRecords(); + for (LogAssertion expectedLog : expected.logs) { + assertTrue( + "Cannot find " + expectedLog.level + " log with message: " + expectedLog.message, + actualLogs.stream() + .anyMatch( + actualLog -> + actualLog.getLevel().equals(expectedLog.level) + && classInfoVisitorLogs + .getFormatter() + .formatMessage(actualLog) + .equals(expectedLog.message))); + } + } + + private static class SourceAssertions { + private static final String[] SOURCE_FILES = + new String[] { + "io/temporal/workflowcheck/testdata/BadCalls.java", + "io/temporal/workflowcheck/testdata/Configured.java", + "io/temporal/workflowcheck/testdata/Suppression.java", + "io/temporal/workflowcheck/testdata/UnsafeIteration.java" + }; + + static SourceAssertions fromTestSource() { + List invalidAccesses = new ArrayList<>(); + List logAsserts = new ArrayList<>(); + for (String resourcePath : SOURCE_FILES) { + String[] fileParts = resourcePath.split("/"); + String fileName = fileParts[fileParts.length - 1]; + // Load lines + List lines; + try (InputStream is = + Thread.currentThread().getContextClassLoader().getResourceAsStream(resourcePath)) { + assertNotNull(is); + BufferedReader reader = + new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8)); + lines = reader.lines().collect(Collectors.toList()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + // Add asserts + invalidAccesses.addAll(InvalidMemberAccessAssertion.fromJavaLines(fileName, lines)); + logAsserts.addAll(LogAssertion.fromJavaLines(lines)); + } + return new SourceAssertions(invalidAccesses, logAsserts); + } + + final List invalidAccesses; + final List logs; + + private SourceAssertions( + List invalidAccesses, List logs) { + this.invalidAccesses = invalidAccesses; + this.logs = logs; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + SourceAssertions that = (SourceAssertions) o; + return Objects.equals(invalidAccesses, that.invalidAccesses) + && Objects.equals(logs, that.logs); + } + + @Override + public int hashCode() { + return Objects.hash(invalidAccesses, logs); + } + } + + private static class InvalidMemberAccessAssertion { + static List fromClassInfos(List infos) { + List assertions = new ArrayList<>(); + for (ClassInfo info : infos) { + for (Map.Entry> methods : info.methods.entrySet()) { + for (ClassInfo.MethodInfo method : methods.getValue()) { + // Only invalid workflow impls with invalid accesses + if (method.workflowImpl != null && method.invalidMemberAccesses != null) { + for (ClassInfo.MethodInvalidMemberAccessInfo access : method.invalidMemberAccesses) { + // Find first cause + ClassInfo.MethodInvalidMemberAccessInfo causeAccess = null; + if (access.resolvedInvalidMethod != null + && access.resolvedInvalidMethod.invalidMemberAccesses != null) { + causeAccess = access.resolvedInvalidMethod.invalidMemberAccesses.get(0); + } + assertions.add( + new InvalidMemberAccessAssertion( + info.fileName, + Objects.requireNonNull(access.line), + info.name, + methods.getKey() + method.descriptor, + access.className, + access.operation + == ClassInfo.MethodInvalidMemberAccessInfo.Operation.METHOD_CALL + ? access.memberName + access.memberDescriptor + : access.memberName, + causeAccess == null ? null : causeAccess.className, + causeAccess == null + ? null + : causeAccess.operation + == ClassInfo.MethodInvalidMemberAccessInfo.Operation.METHOD_CALL + ? causeAccess.memberName + causeAccess.memberDescriptor + : causeAccess.memberName)); + } + } + } + } + } + return assertions; + } + + static List fromJavaLines(String fileName, List lines) { + List assertions = new ArrayList<>(); + for (int lineIdx = 0; lineIdx < lines.size(); lineIdx++) { + String line = lines.get(lineIdx).trim(); + // Confirm INVALID + if (!line.startsWith("// INVALID")) { + continue; + } + // Collect indented bullets + Map bullets = new HashMap<>(6); + while (lines.get(lineIdx + 1).trim().startsWith("// * ")) { + lineIdx++; + line = lines.get(lineIdx).substring(lines.get(lineIdx).indexOf("/") + 7); + int colonIndex = line.indexOf(":"); + assertTrue(colonIndex > 0); + bullets.put(line.substring(0, colonIndex).trim(), line.substring(colonIndex + 1).trim()); + } + assertions.add( + new InvalidMemberAccessAssertion( + fileName, + lineIdx + 2, + Objects.requireNonNull(bullets.get("class")), + Objects.requireNonNull(bullets.get("method")), + Objects.requireNonNull(bullets.get("accessedClass")), + Objects.requireNonNull(bullets.get("accessedMember")), + bullets.get("accessedCauseClass"), + bullets.get("accessedCauseMethod"))); + } + return assertions; + } + + final String fileName; + final int line; + final String className; + final String member; + final String accessedClass; + final String accessedMember; + // Cause info can be null + @Nullable final String accessedCauseClass; + @Nullable final String accessedCauseMethod; + + private InvalidMemberAccessAssertion( + String fileName, + int line, + String className, + String member, + String accessedClass, + String accessedMember, + @Nullable String accessedCauseClass, + @Nullable String accessedCauseMethod) { + this.fileName = fileName; + this.line = line; + this.className = className; + this.member = member; + this.accessedClass = accessedClass; + this.accessedMember = accessedMember; + this.accessedCauseClass = accessedCauseClass; + this.accessedCauseMethod = accessedCauseMethod; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + InvalidMemberAccessAssertion that = (InvalidMemberAccessAssertion) o; + return line == that.line + && Objects.equals(fileName, that.fileName) + && Objects.equals(className, that.className) + && Objects.equals(member, that.member) + && Objects.equals(accessedClass, that.accessedClass) + && Objects.equals(accessedMember, that.accessedMember) + && Objects.equals(accessedCauseClass, that.accessedCauseClass) + && Objects.equals(accessedCauseMethod, that.accessedCauseMethod); + } + + @Override + public int hashCode() { + return Objects.hash( + fileName, + line, + className, + member, + accessedClass, + accessedMember, + accessedCauseClass, + accessedCauseMethod); + } + + @Override + public String toString() { + return "InvalidMemberAccessAssertion{" + + "fileName='" + + fileName + + '\'' + + ", line=" + + line + + ", className='" + + className + + '\'' + + ", member='" + + member + + '\'' + + ", accessedClass='" + + accessedClass + + '\'' + + ", accessedMember='" + + accessedMember + + '\'' + + ", accessedCauseClass='" + + accessedCauseClass + + '\'' + + ", accessedCauseMethod='" + + accessedCauseMethod + + '\'' + + '}'; + } + } + + private static class LogAssertion { + static List fromJavaLines(List lines) { + return lines.stream() + .map(String::trim) + .filter(line -> line.startsWith("// LOG: ")) + .map( + line -> { + int dashIndex = line.indexOf('-'); + assertTrue(dashIndex > 0); + return new LogAssertion( + Level.parse(line.substring(8, dashIndex).trim()), + line.substring(dashIndex + 1).trim()); + }) + .collect(Collectors.toList()); + } + + final Level level; + final String message; + + private LogAssertion(Level level, String message) { + this.level = level; + this.message = message; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + LogAssertion that = (LogAssertion) o; + return Objects.equals(level, that.level) && Objects.equals(message, that.message); + } + + @Override + public int hashCode() { + return Objects.hash(level, message); + } + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/BadCalls.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/BadCalls.java new file mode 100644 index 000000000..86ed88757 --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/BadCalls.java @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck.testdata; + +import com.google.common.io.MoreFiles; +import io.temporal.workflow.*; +import java.nio.file.Paths; +import java.time.Instant; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.Random; + +@WorkflowInterface +public interface BadCalls { + @WorkflowMethod + void doWorkflow() throws Exception; + + @SignalMethod + void doSignal(); + + @QueryMethod + long doQuery(); + + @UpdateMethod + void doUpdate(); + + @UpdateValidatorMethod(updateName = "doUpdate") + void doUpdateValidate(); + + class BadCallsImpl implements BadCalls { + private static final String FIELD_FINAL = "foo"; + private static String FIELD_NON_FINAL = "bar"; + + @Override + @SuppressWarnings("all") + public void doWorkflow() throws Exception { + // INVALID: Direct invalid call in workflow + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: java/time/Instant + // * accessedMember: now()Ljava/time/Instant; + Instant.now(); + + // INVALID: Indirect invalid call via local method + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * accessedMember: currentInstant()V + // * accessedCauseClass: java/util/Date + // * accessedCauseMethod: ()V + currentInstant(); + + // INVALID: Indirect invalid call via stdlib method + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: java/util/Collections + // * accessedMember: shuffle(Ljava/util/List;)V + // * accessedCauseClass: java/util/Random + // * accessedCauseMethod: ()V + Collections.shuffle(new ArrayList<>()); + + // But this is an acceptable call because we are passing in a seeded random + Collections.shuffle(new ArrayList<>(), new Random(123)); + + // INVALID: Configured invalid field + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: java/lang/System + // * accessedMember: out + System.out.println("foo"); + + // INVALID: Setting static non-final field + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * accessedMember: FIELD_NON_FINAL + FIELD_NON_FINAL = "blah"; + + // INVALID: Getting static non-final field + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * accessedMember: FIELD_NON_FINAL + new StringBuilder(FIELD_NON_FINAL); + + // It's ok to access a final static field though + new StringBuilder(FIELD_FINAL); + + // We want reflection to be considered safe + getClass().getField("FIELD_NON_FINAL").get(null); + + // INVALID: Indirect invalid call to third party library + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doWorkflow()V + // * accessedClass: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * accessedMember: touchFile()V + // * accessedCauseClass: com/google/common/io/MoreFiles + // * accessedCauseMethod: touch(Ljava/nio/file/Path;)V + touchFile(); + } + + @Override + public void doSignal() { + // INVALID: Direct invalid call in signal + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doSignal()V + // * accessedClass: java/lang/System + // * accessedMember: nanoTime()J + System.nanoTime(); + } + + @Override + public long doQuery() { + // INVALID: Direct invalid call in query + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doQuery()J + // * accessedClass: java/lang/System + // * accessedMember: currentTimeMillis()J + return System.currentTimeMillis(); + } + + @Override + @SuppressWarnings("all") + public void doUpdate() { + // INVALID: Direct invalid call in update + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doUpdate()V + // * accessedClass: java/time/LocalDate + // * accessedMember: now()Ljava/time/LocalDate; + LocalDate.now(); + } + + @Override + @SuppressWarnings("all") + public void doUpdateValidate() { + // INVALID: Direct invalid call in update validator + // * class: io/temporal/workflowcheck/testdata/BadCalls$BadCallsImpl + // * method: doUpdateValidate()V + // * accessedClass: java/time/LocalDateTime + // * accessedMember: now()Ljava/time/LocalDateTime; + LocalDateTime.now(); + } + + private void currentInstant() { + new Date(); + } + + private void touchFile() throws Exception { + MoreFiles.touch(Paths.get("tmp", "does-not-exist")); + } + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/Configured.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/Configured.java new file mode 100644 index 000000000..46da3045b --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/Configured.java @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck.testdata; + +import io.temporal.workflow.WorkflowInterface; +import io.temporal.workflow.WorkflowMethod; + +@WorkflowInterface +public interface Configured { + @WorkflowMethod + void configured(); + + class ConfiguredImpl implements Configured { + @Override + public void configured() { + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedMember: configuredInvalidFull()V + new SomeCalls().configuredInvalidFull(); + + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedMember: configuredInvalidALlButDescriptor()V + new SomeCalls().configuredInvalidALlButDescriptor(); + + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedMember: configuredInvalidClassAndMethod()V + new SomeCalls().configuredInvalidClassAndMethod(); + + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedMember: configuredInvalidJustName()V + new SomeCalls().configuredInvalidJustName(); + + // INVALID: Calls configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedMember: callsConfiguredInvalid()V + // * accessedCauseClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedCauseMethod: configuredInvalidJustName()V + new SomeCalls().callsConfiguredInvalid(); + + // This overload is ok + new SomeCalls().configuredInvalidOverload(""); + + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeCalls + // * accessedMember: configuredInvalidOverload(I)V + new SomeCalls().configuredInvalidOverload(0); + + // spotless:off + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$SomeInterface$SomeInterfaceImpl + // * accessedMember: configuredInvalidIface()V + new SomeInterface.SomeInterfaceImpl().configuredInvalidIface(); + // spotless:on + + // INVALID: Configured invalid + // * class: io/temporal/workflowcheck/testdata/Configured$ConfiguredImpl + // * method: configured()V + // * accessedClass: io/temporal/workflowcheck/testdata/Configured$ConfiguredInvalidClass + // * accessedMember: someMethod()V + ConfiguredInvalidClass.someMethod(); + } + } + + class SomeCalls { + void configuredInvalidFull() {} + + void configuredInvalidALlButDescriptor() {} + + void configuredInvalidClassAndMethod() {} + + void configuredInvalidJustName() {} + + void callsConfiguredInvalid() { + configuredInvalidJustName(); + } + + void configuredInvalidOverload(String param) {} + + void configuredInvalidOverload(int param) {} + } + + interface SomeInterface { + void configuredInvalidIface(); + + class SomeInterfaceImpl implements SomeInterface { + @Override + public void configuredInvalidIface() {} + } + } + + class ConfiguredInvalidClass { + static void someMethod() {} + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/Suppression.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/Suppression.java new file mode 100644 index 000000000..82c4a10a9 --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/Suppression.java @@ -0,0 +1,171 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck.testdata; + +import io.temporal.workflow.WorkflowInterface; +import io.temporal.workflow.WorkflowMethod; +import io.temporal.workflowcheck.WorkflowCheck; +import java.util.Date; + +@WorkflowInterface +public interface Suppression { + @WorkflowMethod + void suppression(); + + class SuppressionImpl implements Suppression { + @Override + public void suppression() { + // INVALID: Indirect invalid call + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * method: suppression()V + // * accessedClass: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * accessedMember: badThing()V + // * accessedCauseClass: java/util/Date + // * accessedCauseMethod: ()V + badThing(); + + // Suppressed + badThingSuppressed(); + + // INVALID: Indirect invalid call after suppression + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * method: suppression()V + // * accessedClass: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * accessedMember: badThing()V + // * accessedCauseClass: java/util/Date + // * accessedCauseMethod: ()V + badThing(); + + // INVALID: Partially suppressed + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * method: suppression()V + // * accessedClass: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * accessedMember: badThingPartiallySuppressed()V + // * accessedCauseClass: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * accessedCauseMethod: badThing()V + badThingPartiallySuppressed(); + + // Suppress all warnings + WorkflowCheck.suppressWarnings(); + badThing(); + new Date(); + WorkflowCheck.restoreWarnings(); + + // Suppress only warnings for badThing + WorkflowCheck.suppressWarnings("badThing"); + badThing(); + // INVALID: Not suppressed + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * method: suppression()V + // * accessedClass: java/util/Date + // * accessedMember: ()V + new Date(); + WorkflowCheck.restoreWarnings(); + + // Suppress only warnings for date init + WorkflowCheck.suppressWarnings("Date."); + // INVALID: Not suppressed + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * method: suppression()V + // * accessedClass: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * accessedMember: badThing()V + // * accessedCauseClass: java/util/Date + // * accessedCauseMethod: ()V + badThing(); + new Date(); + WorkflowCheck.restoreWarnings(); + + // Suppress nested + WorkflowCheck.suppressWarnings("Date."); + WorkflowCheck.suppressWarnings("badThing"); + badThing(); + new Date(); + WorkflowCheck.restoreWarnings(); + WorkflowCheck.restoreWarnings(); + + // spotless:off + // LOG: WARNING - 1 warning suppression(s) not restored in io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl.suppression + WorkflowCheck.suppressWarnings("never-restored"); + // spotless:on + + // spotless:off + // LOG: WARNING - WorkflowCheck.suppressWarnings call not using string literal at io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl.suppression (Suppression.java:112) + String warningVar = "not-literal"; + WorkflowCheck.suppressWarnings(warningVar); + // spotless:on + } + + public static void badThing() { + new Date(); + } + + @WorkflowCheck.SuppressWarnings + private static void badThingSuppressed() { + new Date(); + } + + @WorkflowCheck.SuppressWarnings(invalidMembers = "Date.") + private static void badThingPartiallySuppressed() { + new Date(); + badThing(); + } + } + + @WorkflowCheck.SuppressWarnings + class SuppressionImpl2 implements Suppression { + @Override + public void suppression() { + SuppressionImpl.badThing(); + new Date(); + } + } + + // We just added another param here to confirm annotation array handling + @WorkflowCheck.SuppressWarnings(invalidMembers = {"badThing", "some-other-param"}) + class SuppressionImpl3 implements Suppression { + @Override + public void suppression() { + SuppressionImpl.badThing(); + // INVALID: Not suppressed + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl3 + // * method: suppression()V + // * accessedClass: java/util/Date + // * accessedMember: ()V + new Date(); + } + } + + @WorkflowCheck.SuppressWarnings(invalidMembers = "Date.") + class SuppressionImpl4 implements Suppression { + @Override + public void suppression() { + // INVALID: Not suppressed + // * class: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl4 + // * method: suppression()V + // * accessedClass: io/temporal/workflowcheck/testdata/Suppression$SuppressionImpl + // * accessedMember: badThing()V + // * accessedCauseClass: java/util/Date + // * accessedCauseMethod: ()V + SuppressionImpl.badThing(); + new Date(); + } + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/UnsafeIteration.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/UnsafeIteration.java new file mode 100644 index 000000000..8511f8979 --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/UnsafeIteration.java @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck.testdata; + +import io.temporal.workflow.WorkflowInterface; +import io.temporal.workflow.WorkflowMethod; +import java.util.*; +import java.util.stream.Stream; + +@WorkflowInterface +public interface UnsafeIteration { + @WorkflowMethod + void unsafeIteration(); + + class UnsafeIterationImpl implements UnsafeIteration { + @Override + @SuppressWarnings("all") + public void unsafeIteration() { + // INVALID: Set iteration + // * class: io/temporal/workflowcheck/testdata/UnsafeIteration$UnsafeIterationImpl + // * method: unsafeIteration()V + // * accessedClass: java/util/Set + // * accessedMember: iterator()Ljava/util/Iterator; + for (Map.Entry kv : Collections.singletonMap("a", "b").entrySet()) { + kv.getKey(); + } + + Set> sortedMapEntries = + new TreeMap<>(Collections.singletonMap("a", "b")).entrySet(); + // INVALID: Set iteration, sadly even if the map is deterministic + // * class: io/temporal/workflowcheck/testdata/UnsafeIteration$UnsafeIterationImpl + // * method: unsafeIteration()V + // * accessedClass: java/util/Set + // * accessedMember: iterator()Ljava/util/Iterator; + for (Map.Entry kv : sortedMapEntries) { + kv.getKey(); + } + + Set mySet = new HashSet<>(2); + mySet.add("a"); + mySet.add("b"); + + // SortedSet iteration is safe + for (String v : new TreeSet<>(mySet)) { + v.length(); + } + + // So is LinkedHashSet + for (String v : new LinkedHashSet<>(mySet)) { + v.length(); + } + + // ArrayDeque is safe + for (String v : new ArrayDeque<>(mySet)) { + v.length(); + } + + // Most streams are safe, except for sets + Stream.of("a", "b"); + Arrays.asList("a", "b").stream(); + // INVALID: Set streams + // * class: io/temporal/workflowcheck/testdata/UnsafeIteration$UnsafeIterationImpl + // * method: unsafeIteration()V + // * accessedClass: java/util/Set + // * accessedMember: stream()Ljava/util/stream/Stream; + mySet.stream().forEach(a -> {}); + } + } +} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/separatepackage/SeparateClass.java b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/separatepackage/SeparateClass.java new file mode 100644 index 000000000..924c59508 --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/separatepackage/SeparateClass.java @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. + * + * Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Modifications copyright (C) 2017 Uber Technologies, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this material except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.temporal.workflowcheck.testdata.separatepackage; + +public class SeparateClass {} diff --git a/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/workflowcheck.properties b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/workflowcheck.properties new file mode 100644 index 000000000..e7defb7eb --- /dev/null +++ b/temporal-workflowcheck/src/test/java/io/temporal/workflowcheck/testdata/workflowcheck.properties @@ -0,0 +1,31 @@ +# +# Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. +# +# Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Modifications copyright (C) 2017 Uber Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this material except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +temporal.workflowcheck.invalid.io/temporal/workflowcheck/testdata/Configured$SomeCalls.configuredInvalidFull()=true +temporal.workflowcheck.invalid.io/temporal/workflowcheck/testdata/Configured$SomeCalls.configuredInvalidALlButDescriptor=true +temporal.workflowcheck.invalid.Configured$SomeCalls.configuredInvalidClassAndMethod=true +temporal.workflowcheck.invalid.configuredInvalidJustName=true +temporal.workflowcheck.invalid.Configured$SomeCalls.configuredInvalidOverload(I)=true +temporal.workflowcheck.invalid.Configured$SomeInterface.configuredInvalidIface=true +temporal.workflowcheck.invalid.Configured$ConfiguredInvalidClass=true + +# We will make the collections static fields as allowed so we can properly test +# the calls themselves +temporal.workflowcheck.invalid.java/util/Collections.r=false \ No newline at end of file diff --git a/temporal-workflowcheck/src/test/resources/logging.properties b/temporal-workflowcheck/src/test/resources/logging.properties new file mode 100644 index 000000000..56ad7ce1a --- /dev/null +++ b/temporal-workflowcheck/src/test/resources/logging.properties @@ -0,0 +1,23 @@ +# +# Copyright (C) 2022 Temporal Technologies, Inc. All Rights Reserved. +# +# Copyright (C) 2012-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Modifications copyright (C) 2017 Uber Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this material except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +.level=FINEST +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.level=FINE \ No newline at end of file