From a520f7075cc25710dd1bf82013d75cb593cfad88 Mon Sep 17 00:00:00 2001 From: Evgeny Mandrikov Date: Fri, 23 Sep 2011 14:50:30 +0400 Subject: [PATCH] SONAR-2824 Java Squid should use isolated ClassLoader for bytecode analysis --- .../java/bytecode/ClassworldsClassLoader.java | 2 +- .../bytecode/ClassworldsClassLoaderTest.java | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java b/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java index 4cc10aedce1..6a814c8499f 100644 --- a/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java +++ b/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java @@ -45,7 +45,7 @@ public final class ClassworldsClassLoader { public static ClassLoader create(Collection bytecodeFilesOrDirectories) { try { ClassWorld world = new ClassWorld(); - ClassRealm realm = world.newRealm("squid.project"); + ClassRealm realm = world.newRealm("squid.project", null /* explicit declaration that parent should be bootstrap class loader */); for (File bytecode : bytecodeFilesOrDirectories) { URL url = getURL(bytecode); diff --git a/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java b/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java index ea93533cffc..7f248c6eef3 100644 --- a/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java +++ b/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java @@ -19,6 +19,7 @@ */ package org.sonar.java.bytecode; +import org.codehaus.classworlds.ClassWorld; import org.junit.Test; import org.sonar.java.ast.SquidTestUtils; @@ -39,6 +40,25 @@ public class ClassworldsClassLoaderTest { assertThat(ClassworldsClassLoader.create(Collections.emptyList()), not(nullValue())); } + /** + * See SONAR-2824: + * ClassLoader created by {@link ClassworldsClassLoader}, + * should be able to load classes only from JDK and from provided list of JAR-files, + * thus it shouldn't be able to load class {@link ClassWorld}. + */ + @Test + public void shouldBeIsolated() throws ClassNotFoundException { + ClassLoader classloader = ClassworldsClassLoader.create(Collections.EMPTY_LIST); + try { + classloader.loadClass(ClassWorld.class.getName()); + fail(); + } catch (ClassNotFoundException e) { + // ok + } + assertThat(classloader.loadClass("java.lang.Integer"), not(nullValue())); + assertThat(classloader.getResource("java/lang/Integer.class"), not(nullValue())); + } + @Test public void createFromDirectory() throws ClassNotFoundException { File dir = SquidTestUtils.getFile("/bytecode/bin/"); -- 2.39.5