Skip to content

Commit 783ecee

Browse files
jdconradjdconrad
authored
Use checked exceptions in entitlement constructor rules (#145234) (#145349)
Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
1 parent ca61f77 commit 783ecee

4 files changed

Lines changed: 211 additions & 125 deletions

File tree

libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/FileCheckActions.java

Lines changed: 47 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -238,7 +238,7 @@ static boolean fileSetWritableOwner() {
238238
return readWriteFile().toFile().setWritable(true, false);
239239
}
240240

241-
@EntitlementTest(expectedAccess = PLUGINS)
241+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
242242
static void createFileInputStreamFile() throws IOException {
243243
new FileInputStream(readFile().toFile()).close();
244244
}
@@ -248,27 +248,27 @@ static void createFileInputStreamFileDescriptor() throws IOException {
248248
new FileInputStream(FileDescriptor.in).close();
249249
}
250250

251-
@EntitlementTest(expectedAccess = PLUGINS)
251+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
252252
static void createFileInputStreamString() throws IOException {
253253
new FileInputStream(readFile().toString()).close();
254254
}
255255

256-
@EntitlementTest(expectedAccess = PLUGINS)
256+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
257257
static void createFileOutputStreamString() throws IOException {
258258
new FileOutputStream(readWriteFile().toString()).close();
259259
}
260260

261-
@EntitlementTest(expectedAccess = PLUGINS)
261+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
262262
static void createFileOutputStreamStringWithAppend() throws IOException {
263263
new FileOutputStream(readWriteFile().toString(), false).close();
264264
}
265265

266-
@EntitlementTest(expectedAccess = PLUGINS)
266+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
267267
static void createFileOutputStreamFile() throws IOException {
268268
new FileOutputStream(readWriteFile().toFile()).close();
269269
}
270270

271-
@EntitlementTest(expectedAccess = PLUGINS)
271+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
272272
static void createFileOutputStreamFileWithAppend() throws IOException {
273273
new FileOutputStream(readWriteFile().toFile(), false).close();
274274
}
@@ -278,12 +278,12 @@ static void createFileOutputStreamFileDescriptor() throws IOException {
278278
new FileOutputStream(FileDescriptor.out).close();
279279
}
280280

281-
@EntitlementTest(expectedAccess = PLUGINS)
281+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
282282
static void createFileReaderFile() throws IOException {
283283
new FileReader(readFile().toFile()).close();
284284
}
285285

286-
@EntitlementTest(expectedAccess = PLUGINS)
286+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
287287
static void createFileReaderFileCharset() throws IOException {
288288
new FileReader(readFile().toFile(), StandardCharsets.UTF_8).close();
289289
}
@@ -293,27 +293,27 @@ static void createFileReaderFileDescriptor() throws IOException {
293293
new FileReader(FileDescriptor.in).close();
294294
}
295295

296-
@EntitlementTest(expectedAccess = PLUGINS)
296+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
297297
static void createFileReaderString() throws IOException {
298298
new FileReader(readFile().toString()).close();
299299
}
300300

301-
@EntitlementTest(expectedAccess = PLUGINS)
301+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
302302
static void createFileReaderStringCharset() throws IOException {
303303
new FileReader(readFile().toString(), StandardCharsets.UTF_8).close();
304304
}
305305

306-
@EntitlementTest(expectedAccess = PLUGINS)
306+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
307307
static void createFileWriterFile() throws IOException {
308308
new FileWriter(readWriteFile().toFile()).close();
309309
}
310310

311-
@EntitlementTest(expectedAccess = PLUGINS)
311+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
312312
static void createFileWriterFileWithAppend() throws IOException {
313313
new FileWriter(readWriteFile().toFile(), false).close();
314314
}
315315

316-
@EntitlementTest(expectedAccess = PLUGINS)
316+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
317317
static void createFileWriterFileCharsetWithAppend() throws IOException {
318318
new FileWriter(readWriteFile().toFile(), StandardCharsets.UTF_8, false).close();
319319
}
@@ -323,42 +323,42 @@ static void createFileWriterFileDescriptor() throws IOException {
323323
new FileWriter(FileDescriptor.out).close();
324324
}
325325

326-
@EntitlementTest(expectedAccess = PLUGINS)
326+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
327327
static void createFileWriterString() throws IOException {
328328
new FileWriter(readWriteFile().toString()).close();
329329
}
330330

331-
@EntitlementTest(expectedAccess = PLUGINS)
331+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
332332
static void createFileWriterStringWithAppend() throws IOException {
333333
new FileWriter(readWriteFile().toString(), false).close();
334334
}
335335

336-
@EntitlementTest(expectedAccess = PLUGINS)
336+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
337337
static void createFileWriterStringCharset() throws IOException {
338338
new FileWriter(readWriteFile().toString(), StandardCharsets.UTF_8).close();
339339
}
340340

341-
@EntitlementTest(expectedAccess = PLUGINS)
341+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
342342
static void createFileWriterStringCharsetWithAppend() throws IOException {
343343
new FileWriter(readWriteFile().toString(), StandardCharsets.UTF_8, false).close();
344344
}
345345

346-
@EntitlementTest(expectedAccess = PLUGINS)
346+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
347347
static void createRandomAccessFileStringRead() throws IOException {
348348
new RandomAccessFile(readFile().toString(), "r").close();
349349
}
350350

351-
@EntitlementTest(expectedAccess = PLUGINS)
351+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
352352
static void createRandomAccessFileStringReadWrite() throws IOException {
353353
new RandomAccessFile(readWriteFile().toString(), "rw").close();
354354
}
355355

356-
@EntitlementTest(expectedAccess = PLUGINS)
356+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
357357
static void createRandomAccessFileRead() throws IOException {
358358
new RandomAccessFile(readFile().toFile(), "r").close();
359359
}
360360

361-
@EntitlementTest(expectedAccess = PLUGINS)
361+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
362362
static void createRandomAccessFileReadWrite() throws IOException {
363363
new RandomAccessFile(readWriteFile().toFile(), "rw").close();
364364
}
@@ -395,82 +395,82 @@ static void keystoreBuilderNewInstance() {
395395
throw new AssertionError("Expected an exception");
396396
}
397397

398-
@EntitlementTest(expectedAccess = PLUGINS)
398+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
399399
static void zipFile_String() throws IOException {
400400
expectZipException(() -> new ZipFile(readFile().toString()).close());
401401
}
402402

403-
@EntitlementTest(expectedAccess = PLUGINS)
403+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
404404
static void zipFile_StringCharset() throws IOException {
405405
expectZipException(() -> new ZipFile(readFile().toString(), defaultCharset()).close());
406406
}
407407

408-
@EntitlementTest(expectedAccess = PLUGINS)
408+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
409409
static void zipFile_File() throws IOException {
410410
expectZipException(() -> new ZipFile(readFile().toFile()).close());
411411
}
412412

413-
@EntitlementTest(expectedAccess = PLUGINS)
413+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
414414
static void zipFile_FileCharset() throws IOException {
415415
expectZipException(() -> new ZipFile(readFile().toFile(), defaultCharset()).close());
416416
}
417417

418-
@EntitlementTest(expectedAccess = PLUGINS)
418+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
419419
static void zipFile_FileReadOnly() throws IOException {
420420
expectZipException(() -> new ZipFile(readFile().toFile(), OPEN_READ).close());
421421
}
422422

423-
@EntitlementTest(expectedAccess = PLUGINS)
423+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
424424
static void zipFile_FileReadAndDelete() throws IOException {
425425
expectZipException(() -> new ZipFile(createTempFileForWrite().toFile(), OPEN_READ | OPEN_DELETE).close());
426426
}
427427

428-
@EntitlementTest(expectedAccess = PLUGINS)
428+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
429429
static void zipFile_ReadOnlyCharset() throws IOException {
430430
expectZipException(() -> new ZipFile(readFile().toFile(), OPEN_READ, defaultCharset()).close());
431431
}
432432

433-
@EntitlementTest(expectedAccess = PLUGINS)
433+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
434434
static void zipFile_ReadAndDeleteCharset() throws IOException {
435435
expectZipException(() -> new ZipFile(createTempFileForWrite().toFile(), OPEN_READ | OPEN_DELETE, defaultCharset()).close());
436436
}
437437

438-
@EntitlementTest(expectedAccess = PLUGINS)
438+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
439439
static void jarFile_String() throws IOException {
440440
expectZipException(() -> new JarFile(readFile().toString()).close());
441441
}
442442

443-
@EntitlementTest(expectedAccess = PLUGINS)
443+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
444444
static void jarFile_StringBoolean() throws IOException {
445445
expectZipException(() -> new JarFile(readFile().toString(), false).close());
446446
}
447447

448-
@EntitlementTest(expectedAccess = PLUGINS)
448+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
449449
static void jarFile_FileReadOnly() throws IOException {
450450
expectZipException(() -> new JarFile(readFile().toFile(), false, OPEN_READ).close());
451451
}
452452

453-
@EntitlementTest(expectedAccess = PLUGINS)
453+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
454454
static void jarFile_FileReadAndDelete() throws IOException {
455455
expectZipException(() -> new JarFile(createTempFileForWrite().toFile(), false, OPEN_READ | OPEN_DELETE).close());
456456
}
457457

458-
@EntitlementTest(expectedAccess = PLUGINS)
458+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
459459
static void jarFile_FileBooleanReadOnlyVersion() throws IOException {
460460
expectZipException(() -> new JarFile(readFile().toFile(), false, OPEN_READ, Runtime.version()).close());
461461
}
462462

463-
@EntitlementTest(expectedAccess = PLUGINS)
463+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
464464
static void jarFile_FileBooleanReadAndDeleteOnlyVersion() throws IOException {
465465
expectZipException(() -> new JarFile(createTempFileForWrite().toFile(), false, OPEN_READ | OPEN_DELETE, Runtime.version()).close());
466466
}
467467

468-
@EntitlementTest(expectedAccess = PLUGINS)
468+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
469469
static void jarFile_File() throws IOException {
470470
expectZipException(() -> new JarFile(readFile().toFile()).close());
471471
}
472472

473-
@EntitlementTest(expectedAccess = PLUGINS)
473+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
474474
static void jarFileFileBoolean() throws IOException {
475475
expectZipException(() -> new JarFile(readFile().toFile(), false).close());
476476
}
@@ -484,47 +484,47 @@ private static void expectZipException(CheckedRunnable<IOException> action) thro
484484
throw new AssertionError("Expected an exception");
485485
}
486486

487-
@EntitlementTest(expectedAccess = PLUGINS)
487+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
488488
static void createScannerFile() throws FileNotFoundException {
489489
new Scanner(readFile().toFile());
490490
}
491491

492-
@EntitlementTest(expectedAccess = PLUGINS)
492+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = IOException.class)
493493
static void createScannerFileWithCharset() throws IOException {
494494
new Scanner(readFile().toFile(), StandardCharsets.UTF_8);
495495
}
496496

497-
@EntitlementTest(expectedAccess = PLUGINS)
497+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = FileNotFoundException.class)
498498
static void createScannerFileWithCharsetName() throws FileNotFoundException {
499499
new Scanner(readFile().toFile(), "UTF-8");
500500
}
501501

502-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
502+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = IOException.class)
503503
static void fileHandler() throws IOException {
504504
new FileHandler();
505505
}
506506

507-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
507+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = IOException.class)
508508
static void fileHandler_String() throws IOException {
509509
new FileHandler(readFile().toString());
510510
}
511511

512-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
512+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = IOException.class)
513513
static void fileHandler_StringBoolean() throws IOException {
514514
new FileHandler(readFile().toString(), false);
515515
}
516516

517-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
517+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = IOException.class)
518518
static void fileHandler_StringIntInt() throws IOException {
519519
new FileHandler(readFile().toString(), 1, 2);
520520
}
521521

522-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
522+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = IOException.class)
523523
static void fileHandler_StringIntIntBoolean() throws IOException {
524524
new FileHandler(readFile().toString(), 1, 2, false);
525525
}
526526

527-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
527+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = IOException.class)
528528
static void fileHandler_StringLongIntBoolean() throws IOException {
529529
new FileHandler(readFile().toString(), 1L, 2, false);
530530
}
@@ -640,7 +640,7 @@ static void writeAccessSourcePath() throws IOException, URISyntaxException {
640640
Files.createFile(file);
641641
}
642642

643-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
643+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = FileNotFoundException.class)
644644
static void javaDesktopFileAccess() throws Exception {
645645
// Test file access from a java.desktop class. We explicitly exclude that module from the "system modules", so we expect
646646
// any sensitive operation from java.desktop to fail.

libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/NetworkAccessCheckActions.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -313,7 +313,7 @@ public URLStreamHandler createURLStreamHandler(String protocol) {
313313
};
314314
}
315315

316-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
316+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = MalformedURLException.class)
317317
static void createURLWithURLStreamHandler() throws MalformedURLException {
318318
var x = new URL("http", "host", 1234, "file", new URLStreamHandler() {
319319
@Override
@@ -323,7 +323,7 @@ protected URLConnection openConnection(URL u) {
323323
});
324324
}
325325

326-
@EntitlementTest(expectedAccess = ALWAYS_DENIED)
326+
@EntitlementTest(expectedAccess = ALWAYS_DENIED, expectedExceptionIfDenied = MalformedURLException.class)
327327
static void createURLWithURLStreamHandler2() throws MalformedURLException {
328328
var x = new URL(null, "spec", new URLStreamHandler() {
329329
@Override
@@ -444,7 +444,7 @@ static boolean setHttpsConnectionProperties() {
444444
URLConnection.setContentHandlerFactory(__ -> { throw new IllegalStateException(); });
445445
}
446446

447-
@EntitlementTest(expectedAccess = PLUGINS)
447+
@EntitlementTest(expectedAccess = PLUGINS, expectedExceptionIfDenied = SocketException.class)
448448
static void bindDatagramSocket() throws SocketException {
449449
try (var socket = new DatagramSocket(null)) {
450450
socket.bind(null);

0 commit comments

Comments
 (0)