Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix NoClassDefFoundError due to OSGI/servlet issues in IAST #5446

Merged
merged 1 commit into from
Jun 22, 2023
Merged

Fix NoClassDefFoundError due to OSGI/servlet issues in IAST #5446

merged 1 commit into from
Jun 22, 2023

Conversation

manuel-alvarez-alvarez
Copy link
Member

@manuel-alvarez-alvarez manuel-alvarez-alvarez commented Jun 22, 2023
edited
Loading

What Does This Do

Separates call sites for javax.servlet.ServletRequest and javax.servlet.http.HttpServletRequest to prevent issues when classes are loaded in an OSGI environment.

Motivation

A customer reported an exception during initialization:

Caused by: java.lang.ClassNotFoundException: javax.servlet.ServletRequest not found by security-connector-oauth2-client [328]
	at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1585)
	at org.apache.felix.framework.BundleWiringImpl.access$300(BundleWiringImpl.java:79)
	at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1970)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
	... 78 more

The Apache Felix driven class loader of the instrumented class is only able to load classes in the javax.servlet.http package but the call site was forcing a reference to javax.servlet

Additional Notes

@manuel-alvarez-alvarez manuel-alvarez-alvarez added the comp: asm iast Application Security Management (IAST) label Jun 22, 2023
@smola smola changed the title Fix java.lang.NoClassDefFoundError due to OSGI issues in servlet requ… Fix NoClassDefFoundError due to OSGI/servlet issues in IAST Jun 22, 2023
@manuel-alvarez-alvarez manuel-alvarez-alvarez marked this pull request as ready for review June 22, 2023 10:38
@manuel-alvarez-alvarez manuel-alvarez-alvarez requested a review from a team as a code owner June 22, 2023 10:38
@pr-commenter
Copy link

pr-commenter bot commented Jun 22, 2023

Benchmarks

Parameters

Baseline Candidate
commit 1.17.0-SNAPSHOT~257827ef3e 1.17.0-SNAPSHOT~b603a75d40
config baseline candidate
See matching parameters
Baseline Candidate
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 22 cases.

@manuel-alvarez-alvarez manuel-alvarez-alvarez merged commit 0783f27 into master Jun 22, 2023
@manuel-alvarez-alvarez manuel-alvarez-alvarez deleted the malvarez/iast-fix-class-not-found branch June 22, 2023 16:14
@github-actions github-actions bot added this to the 1.17.0 milestone Jun 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandro996 jandro996 jandro996 approved these changes

@smola smola smola approved these changes

Assignees
No one assigned
Labels
comp: asm iast Application Security Management (IAST)
Projects
None yet
Milestone
1.17.0
Development

Successfully merging this pull request may close these issues.
3 participants
@manuel-alvarez-alvarez @smola @jandro996