diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index da8ad788164d2..82b1d8525b101 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -106,6 +106,7 @@ dependencies { compile 'org.apache.rat:apache-rat:0.11' compile "org.elasticsearch:jna:4.5.1" compile 'com.github.jengelman.gradle.plugins:shadow:2.0.4' + compile 'de.thetaphi:forbiddenapis:2.6' testCompile "junit:junit:${props.getProperty('junit')}" } diff --git a/buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy b/buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy index e89d05e850817..0e706aa5956f1 100644 --- a/buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy +++ b/buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy @@ -19,7 +19,10 @@ package org.elasticsearch.gradle.precommit import com.github.jengelman.gradle.plugins.shadow.ShadowPlugin +import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis +import de.thetaphi.forbiddenapis.gradle.ForbiddenApisPlugin import org.elasticsearch.gradle.ExportElasticsearchBuildResourcesTask +import org.gradle.api.JavaVersion import org.gradle.api.Project import org.gradle.api.Task import org.gradle.api.plugins.JavaBasePlugin @@ -33,7 +36,7 @@ class PrecommitTasks { public static Task create(Project project, boolean includeDependencyLicenses) { project.configurations.create("forbiddenApisCliJar") project.dependencies { - forbiddenApisCliJar ('de.thetaphi:forbiddenapis:2.5') + forbiddenApisCliJar ('de.thetaphi:forbiddenapis:2.6') } List precommitTasks = [ @@ -109,47 +112,43 @@ class PrecommitTasks { } private static Task configureForbiddenApisCli(Project project) { - Task forbiddenApisCli = project.tasks.create('forbiddenApis') - project.sourceSets.all { sourceSet -> - forbiddenApisCli.dependsOn( - project.tasks.create(sourceSet.getTaskName('forbiddenApis', null), ForbiddenApisCliTask) { - ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources') - dependsOn(buildResources) - it.sourceSet = sourceSet - javaHome = project.runtimeJavaHome - targetCompatibility = project.compilerJavaVersion - bundledSignatures = [ - "jdk-unsafe", "jdk-deprecated", "jdk-non-portable", "jdk-system-out" - ] - signaturesFiles = project.files( - buildResources.copy("forbidden/jdk-signatures.txt"), - buildResources.copy("forbidden/es-all-signatures.txt") - ) - suppressAnnotations = ['**.SuppressForbidden'] - if (sourceSet.name == 'test') { - signaturesFiles += project.files( - buildResources.copy("forbidden/es-test-signatures.txt"), - buildResources.copy("forbidden/http-signatures.txt") - ) - } else { - signaturesFiles += project.files(buildResources.copy("forbidden/es-server-signatures.txt")) - } - dependsOn sourceSet.classesTaskName - classesDirs = sourceSet.output.classesDirs - ext.replaceSignatureFiles = { String... names -> - signaturesFiles = project.files( - names.collect { buildResources.copy("forbidden/${it}.txt") } - ) - } - ext.addSignatureFiles = { String... names -> - signaturesFiles += project.files( - names.collect { buildResources.copy("forbidden/${it}.txt") } - ) - } - } + project.pluginManager.apply(ForbiddenApisPlugin) + ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources') + project.tasks.withType(CheckForbiddenApis) { + dependsOn(buildResources) + targetCompatibility = project.runtimeJavaVersion >= JavaVersion.VERSION_1_9 ? + project.runtimeJavaVersion.getMajorVersion() : + project.runtimeJavaVersion + bundledSignatures = [ + "jdk-unsafe", "jdk-deprecated", "jdk-non-portable", "jdk-system-out" + ] + signaturesFiles = project.files( + buildResources.copy("forbidden/jdk-signatures.txt"), + buildResources.copy("forbidden/es-all-signatures.txt") ) + suppressAnnotations = ['**.SuppressForbidden'] + if (name.endsWith('Test')) { + signaturesFiles += project.files( + buildResources.copy("forbidden/es-test-signatures.txt"), + buildResources.copy("forbidden/http-signatures.txt") + ) + } else { + signaturesFiles += project.files(buildResources.copy("forbidden/es-server-signatures.txt")) + } + ext.replaceSignatureFiles = { String... names -> + signaturesFiles = project.files( + names.collect { buildResources.copy("forbidden/${it}.txt") } + ) + } + ext.addSignatureFiles = { String... names -> + signaturesFiles += project.files( + names.collect { buildResources.copy("forbidden/${it}.txt") } + ) + } } - return forbiddenApisCli + Task forbiddenApis = project.tasks.getByName("forbiddenApis") + forbiddenApis.group = "" + return forbiddenApis } private static Task configureCheckstyle(Project project) { diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ForbiddenApisCliTask.java b/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ForbiddenApisCliTask.java deleted file mode 100644 index f88fff24be511..0000000000000 --- a/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ForbiddenApisCliTask.java +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Licensed to Elasticsearch under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.elasticsearch.gradle.precommit; - -import org.elasticsearch.gradle.LoggedExec; -import org.gradle.api.JavaVersion; -import org.gradle.api.artifacts.Configuration; -import org.gradle.api.file.FileCollection; -import org.gradle.api.logging.Logger; -import org.gradle.api.logging.Logging; -import org.gradle.api.tasks.Input; -import org.gradle.api.tasks.InputFiles; -import org.gradle.api.tasks.SkipWhenEmpty; -import org.gradle.api.tasks.SourceSet; -import org.gradle.api.tasks.TaskAction; -import org.gradle.process.JavaExecSpec; - -import java.io.File; -import java.util.ArrayList; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Set; - -public class ForbiddenApisCliTask extends PrecommitTask { - - private final Logger logger = Logging.getLogger(ForbiddenApisCliTask.class); - private FileCollection signaturesFiles; - private List signatures = new ArrayList<>(); - private Set bundledSignatures = new LinkedHashSet<>(); - private Set suppressAnnotations = new LinkedHashSet<>(); - private JavaVersion targetCompatibility; - private FileCollection classesDirs; - private SourceSet sourceSet; - // This needs to be an object so it can hold Groovy GStrings - private Object javaHome; - - @Input - public JavaVersion getTargetCompatibility() { - return targetCompatibility; - } - - public void setTargetCompatibility(JavaVersion targetCompatibility) { - if (targetCompatibility.compareTo(JavaVersion.VERSION_1_10) > 0) { - logger.warn( - "Target compatibility is set to {} but forbiddenapis only supports up to 10. Will cap at 10.", - targetCompatibility - ); - this.targetCompatibility = JavaVersion.VERSION_1_10; - } else { - this.targetCompatibility = targetCompatibility; - } - } - - @InputFiles - @SkipWhenEmpty - public FileCollection getClassesDirs() { - return classesDirs.filter(File::exists); - } - - public void setClassesDirs(FileCollection classesDirs) { - this.classesDirs = classesDirs; - } - - @InputFiles - public FileCollection getSignaturesFiles() { - return signaturesFiles; - } - - public void setSignaturesFiles(FileCollection signaturesFiles) { - this.signaturesFiles = signaturesFiles; - } - - @Input - public List getSignatures() { - return signatures; - } - - public void setSignatures(List signatures) { - this.signatures = signatures; - } - - @Input - public Set getBundledSignatures() { - return bundledSignatures; - } - - public void setBundledSignatures(Set bundledSignatures) { - this.bundledSignatures = bundledSignatures; - } - - @Input - public Set getSuppressAnnotations() { - return suppressAnnotations; - } - - public void setSuppressAnnotations(Set suppressAnnotations) { - this.suppressAnnotations = suppressAnnotations; - } - - @InputFiles - public FileCollection getClassPathFromSourceSet() { - return getProject().files( - sourceSet.getCompileClasspath(), - sourceSet.getRuntimeClasspath() - ); - } - - public void setSourceSet(SourceSet sourceSet) { - this.sourceSet = sourceSet; - } - - @InputFiles - public Configuration getForbiddenAPIsConfiguration() { - return getProject().getConfigurations().getByName("forbiddenApisCliJar"); - } - - @Input - public Object getJavaHome() { - return javaHome; - } - - public void setJavaHome(Object javaHome) { - this.javaHome = javaHome; - } - - @TaskAction - public void runForbiddenApisAndWriteMarker() { - LoggedExec.javaexec(getProject(), (JavaExecSpec spec) -> { - spec.classpath( - getForbiddenAPIsConfiguration(), - getClassPathFromSourceSet() - ); - spec.setExecutable(getJavaHome() + "/bin/java"); - spec.setMain("de.thetaphi.forbiddenapis.cli.CliMain"); - // build the command line - getSignaturesFiles().forEach(file -> spec.args("-f", file.getAbsolutePath())); - getSuppressAnnotations().forEach(annotation -> spec.args("--suppressannotation", annotation)); - getBundledSignatures().forEach(bundled -> { - // there's no option for target compatibility so we have to interpret it - final String prefix; - if (bundled.equals("jdk-system-out") || - bundled.equals("jdk-reflection") || - bundled.equals("jdk-non-portable")) { - prefix = ""; - } else { - prefix = "-" + ( - getTargetCompatibility().compareTo(JavaVersion.VERSION_1_9) >= 0 ? - getTargetCompatibility().getMajorVersion() : - "1." + getTargetCompatibility().getMajorVersion()) - ; - } - spec.args("-b", bundled + prefix); - } - ); - getClassesDirs().forEach(dir -> - spec.args("-d", dir) - ); - }); - } - -} diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java b/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java index bffa011cb7be2..cd6326693eef3 100644 --- a/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java +++ b/buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java @@ -52,7 +52,7 @@ public class ThirdPartyAuditTask extends DefaultTask { private static final Pattern MISSING_CLASS_PATTERN = Pattern.compile( - "WARNING: The referenced class '(.*)' cannot be loaded\\. Please fix the classpath!" + "WARNING: Class '(.*)' cannot be loaded \\(.*\\)\\. Please fix the classpath!" ); private static final Pattern VIOLATION_PATTERN = Pattern.compile( diff --git a/client/rest/build.gradle b/client/rest/build.gradle index 273836a31f0cb..f07ff4240ba4b 100644 --- a/client/rest/build.gradle +++ b/client/rest/build.gradle @@ -1,4 +1,4 @@ -import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask +import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis /* * Licensed to Elasticsearch under one or more contributor @@ -52,7 +52,7 @@ dependencies { testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}" } -tasks.withType(ForbiddenApisCliTask) { +tasks.withType(CheckForbiddenApis) { //client does not depend on server, so only jdk and http signatures should be checked replaceSignatureFiles ('jdk-signatures', 'http-signatures') } diff --git a/distribution/tools/launchers/build.gradle b/distribution/tools/launchers/build.gradle index ca1aa6bcac9d6..f933c04278e7b 100644 --- a/distribution/tools/launchers/build.gradle +++ b/distribution/tools/launchers/build.gradle @@ -16,10 +16,7 @@ * specific language governing permissions and limitations * under the License. */ - - - -import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask +import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis apply plugin: 'elasticsearch.build' @@ -32,7 +29,7 @@ dependencies { archivesBaseName = 'elasticsearch-launchers' -tasks.withType(ForbiddenApisCliTask) { +tasks.withType(CheckForbiddenApis) { replaceSignatureFiles 'jdk-signatures' } diff --git a/libs/core/build.gradle b/libs/core/build.gradle index 9c90837bd80ed..50b1b88bc6136 100644 --- a/libs/core/build.gradle +++ b/libs/core/build.gradle @@ -48,8 +48,7 @@ if (!isEclipse && !isIdea) { forbiddenApisJava9 { if (project.runtimeJavaVersion < JavaVersion.VERSION_1_9) { - targetCompatibility = JavaVersion.VERSION_1_9 - javaHome = project.java9Home + targetCompatibility = JavaVersion.VERSION_1_9.getMajorVersion() } replaceSignatureFiles 'jdk-signatures' } diff --git a/plugins/analysis-icu/build.gradle b/plugins/analysis-icu/build.gradle index a42a28cad4e25..315dcc5f6cb1b 100644 --- a/plugins/analysis-icu/build.gradle +++ b/plugins/analysis-icu/build.gradle @@ -1,4 +1,4 @@ -import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask +import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis /* * Licensed to Elasticsearch under one or more contributor @@ -25,7 +25,7 @@ esplugin { hasClientJar = true } -tasks.withType(ForbiddenApisCliTask) { +tasks.withType(CheckForbiddenApis) { signatures += [ "com.ibm.icu.text.Collator#getInstance() @ Don't use default locale, use getInstance(ULocale) instead" ] diff --git a/server/build.gradle b/server/build.gradle index c01fb92b05080..85c7f45cf7efe 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -61,8 +61,7 @@ if (!isEclipse && !isIdea) { forbiddenApisJava9 { if (project.runtimeJavaVersion < JavaVersion.VERSION_1_9) { - targetCompatibility = JavaVersion.VERSION_1_9 - javaHome = project.java9Home + targetCompatibility = JavaVersion.VERSION_1_9.getMajorVersion() } } diff --git a/x-pack/plugin/security/cli/build.gradle b/x-pack/plugin/security/cli/build.gradle index 377d10ec7f203..9c76f1758a363 100644 --- a/x-pack/plugin/security/cli/build.gradle +++ b/x-pack/plugin/security/cli/build.gradle @@ -1,4 +1,4 @@ -import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask +import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis apply plugin: 'elasticsearch.build' @@ -26,7 +26,7 @@ if (project.inFipsJvm) { test.enabled = false // Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are // not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS. - tasks.withType(ForbiddenApisCliTask) { + tasks.withType(CheckForbiddenApis) { bundledSignatures -= "jdk-non-portable" } // FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit, diff --git a/x-pack/plugin/sql/sql-cli/build.gradle b/x-pack/plugin/sql/sql-cli/build.gradle index 0b2559c6a84aa..f0022040b4909 100644 --- a/x-pack/plugin/sql/sql-cli/build.gradle +++ b/x-pack/plugin/sql/sql-cli/build.gradle @@ -1,4 +1,4 @@ -import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask +import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis /* * This project is named sql-cli because it is in the "org.elasticsearch.plugin" @@ -75,7 +75,7 @@ artifacts { } -tasks.withType(ForbiddenApisCliTask) { +tasks.withType(CheckForbiddenApis) { signaturesFiles += files('src/forbidden/cli-signatures.txt') }