Skip to content

Adjust jarHell and 3rd party audit exclusions #51733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jkakavas merged 1 commit into from
Jan 31, 2020
Merged

Adjust jarHell and 3rd party audit exclusions #51733

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions distribution/tools/plugin-cli/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,6 @@ test {
systemProperty 'tests.security.manager', 'false'
}

thirdPartyAudit.onlyIf {
// FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,
// rather than provide a long list of exclusions, disable the check on FIPS.
BuildParams.inFipsJvm == false
}

/*
* these two classes intentionally use the following JDK internal APIs in order to offer the necessary
* functionality
Expand Down
8 changes: 0 additions & 8 deletions modules/transport-netty4/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,11 +195,3 @@ thirdPartyAudit {
'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator'
)
}

if (BuildParams.inFipsJvm == false) {
// BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
// a FIPS JVM with BouncyCastleFIPS Provider
thirdPartyAudit.ignoreMissingClasses(
'org.bouncycastle.asn1.x500.X500Name'
)
}
2 changes: 1 addition & 1 deletion plugins/ingest-attachment/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ thirdPartyAudit {
ignoreMissingClasses()
}

thirdPartyAudit.onlyIf {
jarHell.onlyIf {
// FIPS JVM includes many classes from bouncycastle which count as jar hell for the third party audit,
// rather than provide a long list of exclusions, disable the check on FIPS.
BuildParams.inFipsJvm == false
Expand Down
8 changes: 0 additions & 8 deletions plugins/transport-nio/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,11 +156,3 @@ thirdPartyAudit {
)
}

if (BuildParams.inFipsJvm == false) {
// BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
// a FIPS JVM with BouncyCastleFIPS Provider
thirdPartyAudit.ignoreMissingClasses(
'org.bouncycastle.asn1.x500.X500Name'
)
}

5 changes: 1 addition & 4 deletions x-pack/plugin/security/cli/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,11 @@ forbiddenPatterns {

if (BuildParams.inFipsJvm) {
test.enabled = false
jarHell.enabled = false
testingConventions.enabled = false
// Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
// not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
tasks.withType(CheckForbiddenApis) {
bundledSignatures -= "jdk-non-portable"
}
// FIPS JVM includes many classes from bouncycastle which count as jar hell for the third party audit,
// rather than provide a long list of exclusions, disable the check on FIPS.
thirdPartyAudit.enabled = false

}