Acasă Explorează Ajutor
Autentificare
lqb
/
elasticsearch
oglindă de https://gitee.com/mirrors/elasticsearch.git
1
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

[Entitlements] Deny setting global defaults for Locale / TimeZone (#120804) (#120878)

Part of #ES-10359
Moritz Mack 8 luni în urmă
părinte
250c32bc54
comite
2c8ccf7989
4 a modificat fișierele cu 44 adăugiri și 0 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 8 0
      libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java
  2. 4 0
      libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java
  3. 15 0
      libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/WritePropertiesCheckActions.java
  4. 17 0
      libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java

+ 8 - 0
libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java
Vizualizați fișierul 

@@ -42,7 +42,9 @@ import java.nio.channels.ServerSocketChannel;
 
 import java.nio.channels.SocketChannel;
 
 import java.security.cert.CertStoreParameters;
 
 import java.util.List;
 
+import java.util.Locale;
 
 import java.util.Properties;
 
+import java.util.TimeZone;
 
 
 import javax.net.ssl.HostnameVerifier;
 
 import javax.net.ssl.HttpsURLConnection;
 
@@ -188,6 +190,12 @@ public interface EntitlementChecker {
 
 
     void check$java_util_logging_LogManager$(Class<?> callerClass);
 
 
+    void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale locale);
 
+
 
+    void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale.Category category, Locale locale);
 
+
 
+    void check$java_util_TimeZone$$setDefault(Class<?> callerClass, TimeZone zone);
 
+
 
     void check$java_net_DatagramSocket$$setDatagramSocketImplFactory(Class<?> callerClass, DatagramSocketImplFactory fac);
 
 
     void check$java_net_HttpURLConnection$$setFollowRedirects(Class<?> callerClass, boolean set);

+ 4 - 0
libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java
Vizualizați fișierul 

@@ -123,6 +123,10 @@ public class RestEntitlementsCheckAction extends BaseRestHandler {
 
         entry("timeZoneNameProvider", alwaysDenied(RestEntitlementsCheckAction::timeZoneNameProvider$)),
 
         entry("logManager", alwaysDenied(RestEntitlementsCheckAction::logManager$)),
 
 
+        entry("locale_setDefault", alwaysDenied(WritePropertiesCheckActions::setDefaultLocale)),
 
+        entry("locale_setDefaultForCategory", alwaysDenied(WritePropertiesCheckActions::setDefaultLocaleForCategory)),
 
+        entry("timeZone_setDefault", alwaysDenied(WritePropertiesCheckActions::setDefaultTimeZone)),
 
+
 
         entry("system_setProperty", forPlugins(WritePropertiesCheckActions::setSystemProperty)),
 
         entry("system_clearProperty", forPlugins(WritePropertiesCheckActions::clearSystemProperty)),
 
         entry("system_setSystemProperties", alwaysDenied(WritePropertiesCheckActions::setSystemProperties)),

+ 15 - 0
libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/WritePropertiesCheckActions.java
Vizualizați fișierul 

@@ -11,6 +11,9 @@ package org.elasticsearch.entitlement.qa.test;
 
 
 import org.elasticsearch.core.SuppressForbidden;
 
 
+import java.util.Locale;
 
+import java.util.TimeZone;
 
+
 
 @SuppressForbidden(reason = "testing entitlements")
 
 class WritePropertiesCheckActions {
 
     private WritePropertiesCheckActions() {}
 
@@ -32,4 +35,16 @@ class WritePropertiesCheckActions {
 
     static void setSystemProperties() {
 
         System.setProperties(System.getProperties()); // no side effect in case if allowed (but shouldn't)
 
     }
 
+
 
+    static void setDefaultLocale() {
 
+        Locale.setDefault(Locale.getDefault());
 
+    }
 
+
 
+    static void setDefaultLocaleForCategory() {
 
+        Locale.setDefault(Locale.Category.DISPLAY, Locale.getDefault(Locale.Category.DISPLAY));
 
+    }
 
+
 
+    static void setDefaultTimeZone() {
 
+        TimeZone.setDefault(TimeZone.getDefault());
 
+    }
 
 }

+ 17 - 0
libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java
Vizualizați fișierul 

@@ -46,7 +46,9 @@ import java.nio.channels.ServerSocketChannel;
 
 import java.nio.channels.SocketChannel;
 
 import java.security.cert.CertStoreParameters;
 
 import java.util.List;
 
+import java.util.Locale;
 
 import java.util.Properties;
 
+import java.util.TimeZone;
 
 
 import javax.net.ssl.HostnameVerifier;
 
 import javax.net.ssl.HttpsURLConnection;
 
@@ -292,6 +294,21 @@ public class ElasticsearchEntitlementChecker implements EntitlementChecker {
 
         policyManager.checkChangeJVMGlobalState(callerClass);
 
     }
 
 
+    @Override
 
+    public void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale.Category category, Locale locale) {
 
+        policyManager.checkChangeJVMGlobalState(callerClass);
 
+    }
 
+
 
+    @Override
 
+    public void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale locale) {
 
+        policyManager.checkChangeJVMGlobalState(callerClass);
 
+    }
 
+
 
+    @Override
 
+    public void check$java_util_TimeZone$$setDefault(Class<?> callerClass, TimeZone zone) {
 
+        policyManager.checkChangeJVMGlobalState(callerClass);
 
+    }
 
+
 
     @Override
 
     public void check$java_net_DatagramSocket$$setDatagramSocketImplFactory(Class<?> callerClass, DatagramSocketImplFactory fac) {
 
         policyManager.checkChangeJVMGlobalState(callerClass);