Add methods requiring connect to forbidden apis (#22964)

This is related to #22116. This commit adds calls that require SocketPermission connect to forbidden APIs. The following calls are now forbidden: - java.net.URL#openStream() - java.net.URLConnection#connect() - java.net.URLConnection#getInputStream() - java.net.Socket#connect(java.net.SocketAddress) - java.net.Socket#connect(java.net.SocketAddress, int) - java.nio.channels.SocketChannel#open(java.net.SocketAddress) - java.nio.channels.SocketChannel#connect(java.net.SocketAddress)
elastic · Feb 7, 2017 · fcc568f · fcc568f
1 parent ba06c14
commit fcc568f
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 0 deletions.
diff --git a/buildSrc/src/main/resources/forbidden/es-all-signatures.txt b/buildSrc/src/main/resources/forbidden/es-all-signatures.txt
@@ -36,3 +36,12 @@ org.apache.lucene.document.FieldType#numericType()
 java.lang.invoke.MethodHandle#invoke(java.lang.Object[])
 java.lang.invoke.MethodHandle#invokeWithArguments(java.lang.Object[])
 java.lang.invoke.MethodHandle#invokeWithArguments(java.util.List)
+
+@defaultMessage Don't open socket connections
+java.net.URL#openStream()
+java.net.URLConnection#connect()
+java.net.URLConnection#getInputStream()
+java.net.Socket#connect(java.net.SocketAddress)
+java.net.Socket#connect(java.net.SocketAddress, int)
+java.nio.channels.SocketChannel#open(java.net.SocketAddress)
+java.nio.channels.SocketChannel#connect(java.net.SocketAddress)
diff --git a/core/src/main/java/org/elasticsearch/common/io/FileSystemUtils.java b/core/src/main/java/org/elasticsearch/common/io/FileSystemUtils.java
@@ -22,6 +22,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.util.IOUtils;
 import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.SuppressForbidden;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -119,6 +120,7 @@ public static boolean isAccessibleDirectory(Path directory, Logger logger) {
     /**
      * Returns an InputStream the given url if the url has a protocol of 'file' or 'jar', no host, and no port.
      */
+    @SuppressForbidden(reason = "Will only open url streams for local files")
     public static InputStream openFileURLStream(URL url) throws IOException {
         String protocol = url.getProtocol();
         if ("file".equals(protocol) == false && "jar".equals(protocol) == false) {

diff --git a/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java b/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java
@@ -30,6 +30,7 @@
 import org.elasticsearch.cli.EnvironmentAwareCommand;
 import org.elasticsearch.cli.Terminal;
 import org.elasticsearch.cli.UserException;
+import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.collect.Tuple;
 import org.elasticsearch.common.hash.MessageDigests;
 import org.elasticsearch.common.io.FileSystemUtils;
@@ -265,6 +266,7 @@ private List<String> checkMisspelledPlugin(String pluginId) {
     }
 
     /** Downloads a zip from the url, into a temp file under the given temp dir. */
+    @SuppressForbidden(reason = "We use getInputStream to download plugins")
     private Path downloadZip(Terminal terminal, String urlString, Path tmpDir) throws IOException {
         terminal.println(VERBOSE, "Retrieving zip from " + urlString);
         URL url = new URL(urlString);
@@ -314,6 +316,7 @@ public void onProgress(int percent) {
     }
 
     /** Downloads a zip from the url, as well as a SHA1 checksum, and checks the checksum. */
+    @SuppressForbidden(reason = "We use openStream to download plugins")
     private Path downloadZipAndChecksum(Terminal terminal, String urlString, Path tmpDir) throws Exception {
         Path zip = downloadZip(terminal, urlString, tmpDir);
         pathsToDeleteOnShutdown.add(zip);

diff --git a/...repository-url/src/main/java/org/elasticsearch/common/blobstore/url/URLBlobContainer.java b/...repository-url/src/main/java/org/elasticsearch/common/blobstore/url/URLBlobContainer.java
@@ -19,6 +19,7 @@
 
 package org.elasticsearch.common.blobstore.url;
 
+import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.blobstore.BlobMetaData;
 import org.elasticsearch.common.blobstore.BlobPath;
 import org.elasticsearch.common.blobstore.support.AbstractBlobContainer;
@@ -116,6 +117,7 @@ public void writeBlob(String blobName, InputStream inputStream, long blobSize) t
         throw new UnsupportedOperationException("URL repository doesn't support this operation");
     }
 
+    @SuppressForbidden(reason = "We call connect in doPrivileged and provide SocketPermission")
     private static InputStream getInputStream(URL url) throws IOException {
         try {
             return AccessController.doPrivileged((PrivilegedExceptionAction<InputStream>) url::openStream);

diff --git a/plugins/discovery-ec2/src/main/java/org/elasticsearch/cloud/aws/network/Ec2NameResolver.java b/plugins/discovery-ec2/src/main/java/org/elasticsearch/cloud/aws/network/Ec2NameResolver.java
@@ -22,6 +22,7 @@
 import org.apache.lucene.util.IOUtils;
 import org.elasticsearch.cloud.aws.AwsEc2ServiceImpl;
 import org.elasticsearch.cloud.aws.util.SocketAccess;
+import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.network.NetworkService.CustomNameResolver;
 import org.elasticsearch.common.settings.Settings;
@@ -92,6 +93,7 @@ public Ec2NameResolver(Settings settings) {
      * @return the appropriate host resolved from ec2 meta-data, or null if it cannot be obtained.
      * @see CustomNameResolver#resolveIfPossible(String)
      */
+    @SuppressForbidden(reason = "We call getInputStream in doPrivileged and provide SocketPermission")
     public InetAddress[] resolve(Ec2HostnameType type) throws IOException {
         InputStream in = null;
         String metadataUrl = AwsEc2ServiceImpl.EC2_METADATA_URL + type.ec2Name;

diff --git a/...iscovery-ec2/src/main/java/org/elasticsearch/plugin/discovery/ec2/Ec2DiscoveryPlugin.java b/...iscovery-ec2/src/main/java/org/elasticsearch/plugin/discovery/ec2/Ec2DiscoveryPlugin.java
@@ -46,6 +46,7 @@
 import org.elasticsearch.cloud.aws.network.Ec2NameResolver;
 import org.elasticsearch.cloud.aws.util.SocketAccess;
 import org.elasticsearch.cluster.service.ClusterService;
+import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.logging.DeprecationLogger;
 import org.elasticsearch.common.logging.Loggers;
@@ -179,6 +180,7 @@ public Settings additionalSettings() {
     }
 
     // pkg private for testing
+    @SuppressForbidden(reason = "We call getInputStream in doPrivileged and provide SocketPermission")
     static Settings getAvailabilityZoneNodeAttributes(Settings settings, String azMetadataUrl) {
         if (AwsEc2Service.AUTO_ATTRIBUTE_SETTING.get(settings) == false) {
             return Settings.EMPTY;