Skip to content

Commit

Permalink
stash
Browse files Browse the repository at this point in the history
  • Loading branch information
@rjernst
rjernst committed Jan 14, 2025
1 parent 371cd9d commit 9bb0925
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 0 deletions.
13 changes: 13 additions & 0 deletions ...tlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

package org.elasticsearch.entitlement.bridge;

import java.io.File;
import java.io.InputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
Expand All @@ -27,6 +28,8 @@
import java.net.URL;
import java.net.URLStreamHandler;
import java.net.URLStreamHandlerFactory;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.util.List;

import javax.net.ssl.HostnameVerifier;
Expand Down Expand Up @@ -219,4 +222,14 @@ public interface EntitlementChecker {
void check$java_net_MulticastSocket$leaveGroup(Class<?> callerClass, MulticastSocket that, SocketAddress addr, NetworkInterface ni);

void check$java_net_MulticastSocket$send(Class<?> callerClass, MulticastSocket that, DatagramPacket p, byte ttl);

////////////////////
//
// File access
//

void check$java_util_Scanner$(Class<?> callerClass, File source);
void check$java_util_Scanner$(Class<?> callerClass, File source, String charsetName);
void check$java_util_Scanner$(Class<?> callerClass, File source, Charset charset);
void check$java_util_Scanner$(Class<?> callerClass, File source, CharsetDecoder charsetDecoder);
}
11 changes: 11 additions & 0 deletions ...on/src/main/java/org/elasticsearch/entitlement/qa/common/RestEntitlementsCheckAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
Expand All @@ -55,6 +57,7 @@
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Map;
import java.util.Scanner;
import java.util.Set;
import java.util.stream.Collectors;

Expand Down Expand Up @@ -419,6 +422,14 @@ private static void receiveDatagramSocket() throws IOException {
}
}

private static void createScanner1() throws FileNotFoundException {
new Scanner(new File(""));
}

private static void createScanner2() throws FileNotFoundException {
new Scanner(new File(""));
}

public RestEntitlementsCheckAction(String prefix) {
this.prefix = prefix;
}
Expand Down
1 change: 1 addition & 0 deletions ...ment/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ public class EntitlementsAllowedIT extends ESRestTestCase {
.module("entitlement-allowed")
.module("entitlement-allowed-nonmodular")
.systemProperty("es.entitlements.enabled", "true")
.systemProperty("entitlements.dummyfile", )
.setting("xpack.security.enabled", "false")
.build();

Expand Down
23 changes: 23 additions & 0 deletions .../main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import org.elasticsearch.entitlement.runtime.policy.NetworkEntitlement;
import org.elasticsearch.entitlement.runtime.policy.PolicyManager;

import java.io.File;
import java.io.InputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
Expand All @@ -31,6 +32,8 @@
import java.net.URL;
import java.net.URLStreamHandler;
import java.net.URLStreamHandlerFactory;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.util.List;

import javax.net.ssl.HostnameVerifier;
Expand Down Expand Up @@ -420,4 +423,24 @@ public ElasticsearchEntitlementChecker(PolicyManager policyManager) {
public void check$java_net_MulticastSocket$send(Class<?> callerClass, MulticastSocket that, DatagramPacket p, byte ttl) {
policyManager.checkNetworkAccess(callerClass, NetworkEntitlement.CONNECT_ACTION | NetworkEntitlement.ACCEPT_ACTION);
}

@Override
public void check$java_util_Scanner$(Class<?> callerClass, File source) {
policyManager.checkFileRead(callerClass, source);
}

@Override
public void check$java_util_Scanner$(Class<?> callerClass, File source, String charsetName) {
policyManager.checkFileRead(callerClass, source);
}

@Override
public void check$java_util_Scanner$(Class<?> callerClass, File source, Charset charset) {
policyManager.checkFileRead(callerClass, source);
}

@Override
public void check$java_util_Scanner$(Class<?> callerClass, File source, CharsetDecoder charsetDecoder) {
policyManager.checkFileRead(callerClass, source);
}
}

0 comments on commit 9bb0925

Please sign in to comment.