| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overhaul ClassLoaderWeavingAdaptor to use statically initialised Unsafe
instances and method handles pointing to their 'defineClass' methods.
Those now work universally on JDKs 8-21. In older JDKs, the method used
to be in sun.misc.Unsafe, in more recent ones on jdk.internal.misc.Unsafe.
It is challenging to fetch instances, especially as reflection
protection and module boundaries have been increased in the JDK
progressively. But finally, a solution was adapted from Byte Buddy (BB).
Kudos to BB author Rafael Winterhalter. The previous solution to use
ClassLoader::defineClass and require '--add-opens' is no longer
necessary for the first time since it became necessary in AspectJ 1.9.7
with Java 16 support.
Add org.ow2.asm:asm-common as a dependency everywhere org.ow2.asm:asm
was used before. Maybe that is too many places, but no worse than before.
Add missing dependency on loadtime to aspectjweaver. This kept a build
like "mvn install -am -pl aspectjweaver" from picking up changed
loadtime classes.
Fixes #117.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
Also move two more release-related documents.
All referenced images are now in a common subdirectory.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
Also rename references. E.g.
- RELEASE-11 -> RELEASE-1.1
- RELEASE-1810 -> RELEASE-1.8.10
- RELEASE-1921 -> RELEASE-1.9.21
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- AspectJ Browser (ajbrowser)
- Forte IDE integration
- JBuilder IDE integration
- Emacs integration
All this information was old and outdated. Ajbrowser was removed from
AspectJ a while ago. If the other tools even still exist, any possibly
existing AspectJ support is not part of AspectJ itself.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
Improve the regex splitting lines to actually remove CR characters on
Windows.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
The tests and their XML definitions are still copy & paste and need to
be cleaned up. Separate Java 21 feature tests do not exist yet.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In JDK 21, the prefix has changed once again, no longer being a JVM
specifier like "OpenJDK 64-Bit Server VM" or "Java HotSpot(TM) 64-Bit
Server VM" but rather something like "[0.016s][warning][cds]".
Even worse, before J21, the warning appears on stdErr, but in J21+, it
appears on stdOut.
Fixes LTWTests.testJ14LTWWithXML, which started failing on Java 21.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vmVersionRanges might be a single version like "9", a list of versions
like "1.2,1.3,1.4,1.5", an equivalent range of "1.2-1.5", an open range
like "-1.8", "9-" (equivalent to "9+") or a more complex list of ranges
like "-1.6,9-11,13-14,17-" or "8,11,16+".
Empty ranges like in "", " ", "8,,14", ",5", "6-," will be ignored.
I.e., they will not yield a positive match.
Bogus ranges like "9-11-14" will be ignored, too.
Existing XML test specs using '<line text="..." vm="v,v2,...,vn"/>
have been adjusted to use version ranges rather than long lists of
consecutive versions. Furthermore, ranges with a trailing '+' like '14+'
were replaced by using the new canonical format '14-', even though the
parser still correctly recognises '14+'.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
For now, only the "pattern matching for switch" tests from previews 1
and 2 were adjusted to work in preview 3, because guarded patterns were
replaced by 'when' clauses in 'switch' blocks. Therefore, existing test
classes did not compile anymore and had to be replaced by syntactically
upgraded versions with content merged from preview 1 and 2 classes.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a partial path traversal vulnerability.
Replaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.
To demonstrate this vulnerability, consider `"/usr/outnot".startsWith("/usr/out")`.
The check is bypassed although `/outnot` is not under the `/out` directory.
It's important to understand that the terminating slash may be removed when using various `String` representations of the `File` object.
For example, on Linux, `println(new File("/var"))` will print `/var`, but `println(new File("/var", "/")` will print `/var/`;
however, `println(new File("/var", "/").getCanonicalPath())` will print `/var`.
Weakness: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Severity: Medium
CVSSS: 6.1
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.PartialPathTraversalVulnerability)
Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/13
Co-authored-by: Moderne <team@moderne.io>
|
|
|
|
| |
This reverts commit 63d5e3e893bd149245465de1610716930998dec8.
|
|\
| |
| |
| |
| |
| | |
# Conflicts:
# tests/src/test/java/org/aspectj/systemtest/ajc198/Bugs198Tests.java
# tests/src/test/resources/org/aspectj/systemtest/ajc198/ajc198.xml
|
| |
| |
| |
| |
| |
| |
| | |
Previously 'ordered="no"' was only permitted for 'stderr'. We need this
for tests with asynchronous log output on standard error.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| | |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
JEP 411: Deprecate the Security Manager for Removal,
see https://openjdk.java.net/jeps/411.
As of Java 18, the new API for blocking System.exit is not available
yet, see https://bugs.openjdk.java.net/browse/JDK-8199704.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- JDT Core dependency in pom.xml
- Constants.java
- LangUtil.java
- AjcTask.java
- messages_aspectj.properties
- XMLBasedAjcTestCaseForJava17Only.java
- XMLBasedAjcTestCaseForJava18*.java
- tests/bugs199
- tests/features199
- JavaVersionCompatibility.md
- README-199.html
- GitHub CI build
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|\
| |
| | |
Cleanup redundant boxing.
|
| |
| |
| |
| |
| | |
Methods Integer.parseInt/Boolean.parseBoolean should be preferred over Integer.valueOf/Boolean.valueOf/ if final result is primitive.
They are generally faster and generate less garbage.
|
|\ \
| | |
| | | |
Replace uses of StringBuffer with StringBuilder.
|
| |/
| |
| |
| | |
StringBuffer is a legacy synchronized class. StringBuilder is a direct replacement to StringBuffer which generally have better performance.
|
|/
|
|
|
|
| |
by this abstract pathname exists and is a directory.
It means that separate File.exists() check before File.isDirectory() check is redundant.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix one fault sanity test configuration
- Deactivate Java 16 preview tests (no longer supported by Java 17
compiler)
- Test sealed classes as final on Java 17 (no longer preview)
- Add tests for JEP 406, pattern matching for switch (preview). At
present, the beta 17 branch of JDT Core does not handle the tested
features and expected compile errors correctly yet, so I had to
temporarily deactivate test execution, only printing TODO messages.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Methods AjcTest.runTest was logging something like "TEST: ...."
(4 dots), i.e. one dot per performed test step. Not only did this not
add much value, but due to usage of PrintStream.print for line
continuation it also messed up test step logging by scattering seemingly
random dot characters across test step logs. This looked quite ugly, so
I simply removed it.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
This was required by the Eclipse team as one precondition for the next
release.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to JEP 260 (Encapsulate Most Internal APIs), aspect weaving on
Java 16 now requires '--add-opens java.base/java.lang=ALL-UNNAMED' on
the command line. Otherwise there will be illegal access exceptions for
some internal API calls AspectJ needs, most prominently when trying to
define classes in other packages or modules.
This had to be done on several levels:
- Maven Surefire: running tests in a JVM directly forked by Surefire.
In order to make this backwards compatible, I added two profiles
with JDK-level-dependent auto-activation, one 8-15 and one 16+. In
the latter a property containing the JVM parameter is defined, in
the former it is empty, i.e. the JVM is started without the
parameter. In Java 8 the parameter did not even exist, in Java 9+ we
could use it, but we need to test how users use AspectJ.
- RunSpec: Whenever an XML test is declared to use '<run>', we need to
determine the current JVM version and again dynamically add the
parameter when forking the target JVM.
- AntSpec: Whenever an XML test is declared to use '<ant>', we need to
determine the current JVM version dynamically add two properties
usable from within Ant scripts: 'aj.addOpensKey' and
'aj.addOpensValue'. Unfortunately, Ant needs to use two '<argLine>'
parameters, because the two parts of the option are separated by a
space character.
- Ant scripts: When triggered by an AntSpec, each Ant target using LTW
needs to manually set
<jvmarg value="${aj.addOpensKey}"/>
<jvmarg value="${aj.addOpensValue}"/>
for each '<java>' task. It was quite tedious to find all(?) of them.
TODO: In the AspectJ 1.9.7 release notes we need to document that this
parameter is now needed for LTW.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
After Ajc usage text output is filtered into its own category
IMessage.USAGE now - see commit @31b2d60b - some tests in module
'org.aspectj.ajdt.core' were failing. I fixed and also improved them a
bit.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Test all features which were preview in 14+15 and are now final in 16,
compiling them with language level 16.
- For Java 15 we only have sanity tests (and of course the Java <14
tests), compiling Java 16 features to target 15 does not seem to work.
- Test remaining Java 16 preview feature (sealed classes).
- Instead of overriding runTest(String) in several base classes like
XMLBasedAjcTestCaseForJava*Only or XMLBasedAjcTestCaseForJava*OrLater,
we now override setUp() from JUnit's TestCase base class. This will
run before runTest(String) and make the tests fail much faster, if a
user tries to run them on the wrong VM.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The line in which warnings like "Archived non-system classes are
disabled because the java.system.class.loader property is specified"
appears can start with e.g."OpenJDK 64-Bit Server VM" or "Java
HotSpot(TM) 64-Bit Server VM". Therefore, an exact match on the former
worked on Linux, but not on Windows, or maybe the difference is
generally between Oracle and OpenJDK. anyway, I use Oracle on Windows
and my build failed. Now it is fixed because I made the match more
generic using a regex.
I also removed a now obsolete check for the occurrence of the stripped
line in test "JDK14 LTW with XML".
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Usage texts are now printed to stdOut, no longer stdErr.
- 'java ...Main -?' no longer prints usage text twice (once to stdOut
and then again to stdErr).
- AjdtCommand.inferKind: Usage texts are no longer mis-identified as
warnings or errors just because they contain substrings "warning" or
"error". Matching is now more precise, looking for "[warning]" and
"[error]". But in that case the method would not be called anyway
because errors and warnings are identified in other ways already. As a
fall-back, the categories IMessage.ERROR and IMessage.WARNING still
exist in the method.
- In case of compile errors, no usage message is printed anymore,
because previously the user had to scroll up a lot in order to see the
actual messages. This is also in line with ECJ. The same is true for
warnings, but it was like this in Ajc already.
- AjdtCommand.inferKind: There is a new category IMessage.USAGE
especially for AspectJ usage texts, which will be identified by string
matching and then correctly handled (i.e. printed to stdOut, not
stdErr).
- Usage text printing is no longer done in AspectJ but in the AspectJ
"shadows" fork of JDT. This helps to get rid of some now obsolete code
here.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Also fix some minor details in Java 14 suite
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These tests need a Java 14 level AspectJ compiler, because they use
version-specific preview features. This compiler has been upgraded
to a Java 15 compliant JDT Core already, i.e. it does not support
preview features of a previous version anymore.
An error message similar to the above explanation will appear when
trying to run any XMLBasedAjcTestCaseForJava14Only subclass, such as
Ajc196PreviewFeaturesTests (currently the only one).
When running AllTestsAspectJ196, Ajc196PreviewFeaturesTests will not be
added to the test suite anymore.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
Now there should be no more inspection warnings when working with XML
test definitions. Only the strangely looking XML files used by
PureJavaTests and KnownLimitationsTests are left to be analysed and
fixed.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Some Ajc196 tests are using preview features (see .../ajc196.xml), i.e.
they will fail on Java 15+ because code compiled with '--enable-preview'
can only run on the same JVM version, not on a more recent one. Hence,
the preview-using tests are now being excluded in order to make the
build run on Java 15, even though no Java 15 features are present in the
current 1.9.7 snapshot.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some Java 14 text block tests failed on Windows because a
StringTokenizer was used to split by LF, but the Windows line
separator is CR+LF. Because a multi-line string ending with CR+LF is
printed via 'System.out.println' in the test code, another CR+LF is
added to the output, resulting in trailing CR+LF+CR+LF. Hence, between
the two LFs, the tokenizer actually found an additional line consisting
of CR (only on Windows, of course). Despite each line token actually
containing a trailing CR token, that did not matter much because
'String.trim' was used everywhere before comparing values.
Anyway, the improved OutputSpec uses text.trim().split("\\s*\n\\s*"),
which takes care of leading/trailing whitespace both around the whole
output and for each separate line.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tests in ajc150.xml and ajc190_from150.xml contain '<weave ...>'
build steps with 'xlintfile="..."' parameters. Those parameters were
passed through to Java and aspect code building steps, but not to the
final weaving step, sometimes leading to spurious "type not exposed to
weaver" warnings which occurred for some local and CI builds, but not
always. Very strange indeed. Anyway, by making method
WeaveSpec.buildWeaveArgs() pass on this parameter, the tests seem to run
reliably now.
TODO: Why does Ajc report that warning if the application JAR is on the
inpath and the aspect JAR is on the aspectpath? Is it because a marker
annotation is defined within the aspect JAR? But actually, that should
not matter, especially not work once and fail at other times. I guess
there is a class loading order problem or similar involved.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace directory separator '/' and surrogate path separator ',' by
platform-specific separators File.separatorChar and
File.pathSeparatorChar, respectively. Also make sure that replacement
occurs during write access, not read access. This was handled
differently in both sibling classes.
I am not sure if that helps to fix any Linux CI tests, but it is worth a
try.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Lars Grefer <eclipse@larsgrefer.de>
|