| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
and enable LangUtil to parse Java versions like '19+36-2238'.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Firstly, Batik is not needed for running AspectJ tests.
Secondly, the fixed Windows path separators led to GitHub CI/CD tests
failing under Java 18+ on GitHub. Replacing ';' by 'File.pathSeparator'
would have fixed the problem, but removing the paths altogether is the
cleaner solution.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a partial path traversal vulnerability.
Replaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.
To demonstrate this vulnerability, consider `"/usr/outnot".startsWith("/usr/out")`.
The check is bypassed although `/outnot` is not under the `/out` directory.
It's important to understand that the terminating slash may be removed when using various `String` representations of the `File` object.
For example, on Linux, `println(new File("/var"))` will print `/var`, but `println(new File("/var", "/")` will print `/var/`;
however, `println(new File("/var", "/").getCanonicalPath())` will print `/var`.
Weakness: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Severity: Medium
CVSSS: 6.1
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.PartialPathTraversalVulnerability)
Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/13
Co-authored-by: Moderne <team@moderne.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, the signature was:
void aboutToCompareClasspaths(
List oldClasspath, List newClasspath);
Now it is:
void aboutToCompareClasspaths(
List<String> oldClasspath, List<String> newClasspath);
AJDT will also use the typed version after generics refactoring.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
This reverts commit 63d5e3e893bd149245465de1610716930998dec8.
|
|
|
|
| |
This reverts commit 5288ef1c1c8be2df85e59740f41622f4cfb9d899.
|
|
|
|
| |
This reverts commit 8c15d83a466843b5dba8ba454329baaca0080cc5.
|
|
|
|
|
|
|
| |
in order to show that the compiler options basically work. The test
cases are by no means exhaustive and simply verify that it works at all.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
I am expecting the test case to pass, but other tests to fail. This
temporary commit is meant to create feedback from GitHub CI test runs.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|\
| |
| |
| |
| |
| | |
# Conflicts:
# tests/src/test/java/org/aspectj/systemtest/ajc198/Bugs198Tests.java
# tests/src/test/resources/org/aspectj/systemtest/ajc198/ajc198.xml
|
| |
| |
| |
| |
| |
| | |
Out of scope for PR #132, future work for issue #141.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Trying to find the difference between byte code generated by AJC for
functionally identical annotation vs native style aspect, I move the
aspects into subdirectories in order to be able to name them
identically. This way, when decompiling them with javap or Fernflower it
is easier to diff them later.
Why the decompilation? Because for the thread pool testing scenario
native syntax passes while annotation syntax fails. I.e., we need to
find the difference. That can be done by reading source code, if you
know where to look, or by starting with reverse engineering in order to
first understand more and look at the code later.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. @AspectJ syntax, threads created inside advice code
2. @AspectJ syntax, submit runnable to thread pool
3. native syntax, threads created inside advice code
4. native syntax, submit runnable to thread pool
Scenarios 1, 3 and 4 are passing, while 2 is failing.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| |
| |
| | |
Relates to #128.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| | |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| | |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
| |
| |
| |
| |
| |
| |
| | |
After the Java 18 JDT Core upgrade, some LTW tests are failing and
have to be switched from in-process to full LTW mode due to them now
obviously calling some code paths which need '--add-opens'.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- JDT Core dependency in pom.xml
- Constants.java
- LangUtil.java
- AjcTask.java
- messages_aspectj.properties
- XMLBasedAjcTestCaseForJava17Only.java
- XMLBasedAjcTestCaseForJava18*.java
- tests/bugs199
- tests/features199
- JavaVersionCompatibility.md
- README-199.html
- GitHub CI build
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test fails when run against AspectJ 1.9.8 with JDT Core 1.9.8.RC3.
It passes when using the latest JDT Core 1.9.9-SNAPSHOT. It sets system
property 'org.aspectj.weaver.openarchives=20', provoking open classpath
JAR file exhaustion when compiling a simple class with AJC, i.e. JARs
are being forcibly closed and automatically re-opened, as soon as they
are needed. Before the JDT Core bugfix, this test causes:
java.lang.NullPointerException
at ....compiler.batch.ClasspathJmod.getModulesDeclaringPackage
With the bugfix incorporated into AspectJ Tools, the problem is gone.
Note: New test dependency 'io.github.bmuskalla:scoped-system-properties'
helps to test compilation with the temporarily changed global system
property in isolation, saving the environment in a thread-local
variable and later cleanly restoring the original values again. If we
ever switch to parallel test execution, this would otherwise influence
other tests and potentially cause weird side effects. Better safe than
sorry.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
They were accidentally stored in thw wrong test class, not just because
they are bug regression tests, not 1.9.8 features, but also because they
are meant to work on Java 5+, not on Java 17+ like the ones in
Ajc198TestsJava.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
This fixes:
- negating annotation style if() pointcuts doesn't work
- annotation style if() pointcut not able to use a binding
that is not exposed
Fixes #120,#122
|
|
|
|
|
|
|
|
|
|
| |
The documentation specifies annotation style pointcuts
can use if(false) or if(true) and not require a boolean
return value and body for the @Pointcut annotated
method but it doesn't work without this change to validation
that recognizes the situation.
Fixes #115
|
|
|
|
|
|
| |
Relates to #68.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|\
| |
| | |
Trim trailing whitespaces.
|
| |
| |
| |
| |
| | |
Trailing whitespaces are useless. Most of code-styles forbids them. Most of editors always trim them on save.
I propose to clean up project from trailing whitespaces in all java files at once.
|
|\ \
| | |
| | | |
Replace uses of StringBuffer with StringBuilder.
|
| |/
| |
| |
| | |
StringBuffer is a legacy synchronized class. StringBuilder is a direct replacement to StringBuffer which generally have better performance.
|
| |
| |
| |
| | |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|/
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
The test worked on my local workstation with German locale, but not on
GitHub with English locale.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
After JDT Core (ECJ) was updated to the final Java 17 feature set, the
tests now pass as expected.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix one fault sanity test configuration
- Deactivate Java 16 preview tests (no longer supported by Java 17
compiler)
- Test sealed classes as final on Java 17 (no longer preview)
- Add tests for JEP 406, pattern matching for switch (preview). At
present, the beta 17 branch of JDT Core does not handle the tested
features and expected compile errors correctly yet, so I had to
temporarily deactivate test execution, only printing TODO messages.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Relates to #70
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
This was required by the Eclipse team as one precondition for the next
release.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to JEP 260 (Encapsulate Most Internal APIs), aspect weaving on
Java 16 now requires '--add-opens java.base/java.lang=ALL-UNNAMED' on
the command line. Otherwise there will be illegal access exceptions for
some internal API calls AspectJ needs, most prominently when trying to
define classes in other packages or modules.
This had to be done on several levels:
- Maven Surefire: running tests in a JVM directly forked by Surefire.
In order to make this backwards compatible, I added two profiles
with JDK-level-dependent auto-activation, one 8-15 and one 16+. In
the latter a property containing the JVM parameter is defined, in
the former it is empty, i.e. the JVM is started without the
parameter. In Java 8 the parameter did not even exist, in Java 9+ we
could use it, but we need to test how users use AspectJ.
- RunSpec: Whenever an XML test is declared to use '<run>', we need to
determine the current JVM version and again dynamically add the
parameter when forking the target JVM.
- AntSpec: Whenever an XML test is declared to use '<ant>', we need to
determine the current JVM version dynamically add two properties
usable from within Ant scripts: 'aj.addOpensKey' and
'aj.addOpensValue'. Unfortunately, Ant needs to use two '<argLine>'
parameters, because the two parts of the option are separated by a
space character.
- Ant scripts: When triggered by an AntSpec, each Ant target using LTW
needs to manually set
<jvmarg value="${aj.addOpensKey}"/>
<jvmarg value="${aj.addOpensValue}"/>
for each '<java>' task. It was quite tedious to find all(?) of them.
TODO: In the AspectJ 1.9.7 release notes we need to document that this
parameter is now needed for LTW.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before Java 16, JDK proxies were given a virtual package name of
'com.sun.proxy'. Now the packages are numbered 'jdk.proxy[n]', i.e.
'jdk.proxy1', 'jdk.proxy2' etc. This makes the package-name-derived path
name here less predictable. In our simple runtime scenario, we can be
pretty sure than the counter starts at 1 because it is the first and
only proxy we create.
TODO: A better solution would be a recursive filtered search via
Files.walk, ideally added as a recursive search option for
CountingFilenameFilter.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Test all features which were preview in 14+15 and are now final in 16,
compiling them with language level 16.
- For Java 15 we only have sanity tests (and of course the Java <14
tests), compiling Java 16 features to target 15 does not seem to work.
- Test remaining Java 16 preview feature (sealed classes).
- Instead of overriding runTest(String) in several base classes like
XMLBasedAjcTestCaseForJava*Only or XMLBasedAjcTestCaseForJava*OrLater,
we now override setUp() from JUnit's TestCase base class. This will
run before runTest(String) and make the tests fail much faster, if a
user tries to run them on the wrong VM.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
It failed with "RuntimeException: I never heard about what kind of build
it was!!" on my (@kriegaex) Windows machine, mostly because in case of a
failing full build the corresponding status is never set.
TODO: Ensure that 'MyStateListener.informedAboutKindOfBuild' is set for
failed builds, too.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
This is a follow-up on commit @31b2d60b. Some tests were actually
expecting usage texts as failure outputs. Because that was fixed, the
tests no longer see those failures, hence they should no longer expect
them.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The line in which warnings like "Archived non-system classes are
disabled because the java.system.class.loader property is specified"
appears can start with e.g."OpenJDK 64-Bit Server VM" or "Java
HotSpot(TM) 64-Bit Server VM". Therefore, an exact match on the former
worked on Linux, but not on Windows, or maybe the difference is
generally between Oracle and OpenJDK. anyway, I use Oracle on Windows
and my build failed. Now it is fixed because I made the match more
generic using a regex.
I also removed a now obsolete check for the occurrence of the stripped
line in test "JDK14 LTW with XML".
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Also fix some minor details in Java 14 suite
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These tests need a Java 14 level AspectJ compiler, because they use
version-specific preview features. This compiler has been upgraded
to a Java 15 compliant JDT Core already, i.e. it does not support
preview features of a previous version anymore.
An error message similar to the above explanation will appear when
trying to run any XMLBasedAjcTestCaseForJava14Only subclass, such as
Ajc196PreviewFeaturesTests (currently the only one).
When running AllTestsAspectJ196, Ajc196PreviewFeaturesTests will not be
added to the test suite anymore.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|