Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

testDeserializationOfNotWhiteListedClassThrowsError sometimes fails #4441

Open
vladak opened this issue Oct 17, 2023 · 3 comments
Open

testDeserializationOfNotWhiteListedClassThrowsError sometimes fails #4441

vladak opened this issue Oct 17, 2023 · 3 comments
Labels
bug testing

Comments

@vladak
Copy link
Member

vladak commented Oct 17, 2023

The ConfigurationTest.testDeserializationOfNotWhiteListedClassThrowsError test sometimes fails on Windows, specifically with the 2 parameter:

Error:  Tests run: 6, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.657 s <<< FAILURE! - in org.opengrok.indexer.configuration.ConfigurationTest
Error:  org.opengrok.indexer.configuration.ConfigurationTest.testDeserializationOfNotWhiteListedClassThrowsError(String)[2]  Time elapsed: 0.047 s  <<< FAILURE!
org.opentest4j.AssertionFailedError: Unexpected exception type thrown, expected: <java.lang.IllegalAccessError> but was: <java.io.IOException>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertThrows.assertThrows(AssertThrows.java:67)
	at org.junit.jupiter.api.AssertThrows.assertThrows(AssertThrows.java:35)
	at org.junit.jupiter.api.Assertions.assertThrows(Assertions.java:3111)
	at org.opengrok.indexer.configuration.ConfigurationTest.testDeserializationOfNotWhiteListedClassThrowsError(ConfigurationTest.java:223)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
	at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:276)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
	at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:276)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
	at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
Caused by: java.io.IOException: Not a valid config file
	at org.opengrok.indexer.configuration.Configuration.decodeObject(Configuration.java:1545)
	at org.opengrok.indexer.configuration.Configuration.makeXMLStringAsConfiguration(Configuration.java:1529)
	at org.opengrok.indexer.configuration.ConfigurationTest.lambda$testDeserializationOfNotWhiteListedClassThrowsError$0(ConfigurationTest.java:223)
	at org.junit.jupiter.api.AssertThrows.assertThrows(AssertThrows.java:53)
	... 42 more

Looks like the class loader actually allows the configuration to pass and the Configuration deserialization then fails with IOException.
@vladak
Copy link
Member Author

vladak commented Oct 17, 2023

The 2nd string contains curl invocation:

opengrok/opengrok-indexer/src/test/java/org/opengrok/indexer/configuration/ConfigurationTest.java

Line 201 in f8a4c2e

" <string>/usr/bin/curl https://oracle.com</string>\n" +

@vladak vladak changed the title testDeserializationOfNotWhiteListedClassThrowsError sometimes fails on Windows testDeserializationOfNotWhiteListedClassThrowsError sometimes fails Oct 25, 2023
@vladak
Copy link
Member Author

vladak commented Oct 25, 2023

I have seen this on Linux build as well.

@vladak
Copy link
Member Author

vladak commented Oct 27, 2023

Once the configuration is converted to some other serialization scheme, preferably one that does not allow code injection (#2329), this test can be removed, however my feeling is that this will take some time.

@vladak vladak mentioned this issue Jul 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug testing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vladak