| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A change made to ajc162.xml in commit 43cb1e2f has been reverted
and improved after the recent negated type pattern fix. Relates to #257.
The pointcut 'call(!void *.*(..)) && this(src) && target(dst)' actually
does match method call 'payloadClass.getPayload()' within the
around-advice in GenericClassInAdvice itself.
Improvement: Activate '-showWeaveInfo' and verify weaving message.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Relates to #257.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using a pre-generated JAR, the source code generating the
class with reordered methods (bridge method first) is now compiled
directly before usage. This is possible, because in the previous commit
ASM was put on the Ajc classpath for tests.
Relates to #256.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
Relates to spring-projects/spring-framework#27761.
The test needs an ASM-generated class file with reordered methods in
order to reproduce the issue in plain AspectJ. The test fails now, but
should pass after the fix.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, I had intended to release a minor 1.9.19.1 release to fix
some bugs. But then, Java 20 support was implemented and merged, so the
next release will be 1.9.20. Therefore, I moved some bug regression
tests to the 1.9.20 suite.
Relates to #254.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Since JDK 20, targets older than 1.8 are no longer supported by Javac.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
Make sure to create one ajc$inlineAccessMethod per identically named
(overloaded) private aspect method in
BcelAccessForInlineMunger.createOrGetInlineAccessorForMethod.
Fixes #250.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Reproduces #250.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
This also fixes a bug. Previously, ResolvedType.equals was used for
equality check, and in there is a '==' comparison, which does not work
for two different ArrayReferenceType instances, even if the component
type is the same.
Relates to #246.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
See:
https://github.com/eclipse-jdt/eclipse.jdt.core/issues/919
https://github.com/eclipse-jdt/eclipse.jdt.core/commit/b681dfb5
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
- Fix quotation error in console output
- Throw RuntimeException instead of Error. Maybe this helps to avoid
the prominent error message listing in the GitHub build log, which
always looks like something bad happened, even though it is simply an
expected error.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Javac 20+ no longer supports 1.7.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test started breaking on GitHub, but ran fine locally, which implied
some kind of classpath ordering issue. As it turned out, for XML tests
all JARs found in the sandbox directory are added to the classpath
automatically. So if we do not want them on the classpath, we need to
delete or rename them before running.
In this case, however, it was enough to make sure the classpath order is
correct, so that the duplicate 'Application' class is found in the woven
version, not in the unwoven one by chance. We therefore need to use the
correct syntax,
1. separating classpath entries by comma, not space,
2. prepending '$sandbox/' to the JAR name.
Now the test reliably does what it should have done from the start: run
the woven code. Until now, the output assertions were adjusted to the
weird result of no aspect logs being present on the console, which was
wrong right from the start.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New constants:
JEM_MODULAR_CLASSFILE - '\'' (single quote)
ANNOTATION - '}'
LAMBDA_EXPRESSION - ')'
LAMBDA_METHOD - '&'
STRING - '"'
MODULE - '`'
DELIMITER_ESCAPE - '='
Updated AspectJ constants due to JDT Core using constants previously
used by AspectJ:
ADVICE - '&' to '§'
ASPECT_TYPE - '\'' to '>'
ITD_METHOD - ')' to '°'
DECLARE - '`' to '´'
POINTCUT - '"' to '©'
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A pointcut like
execution(*..Collection<?>[] *(..))
leads to an AJ core dump, which is something I noticed while fixing a
test in the previous commit. I am going to create a new issue for it and
link to this commit later.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
| |
After the changes, the weaver's behaviour is now slightly different, but
not actually buggy. Actually, in one case there is now a weaver warning
for a non-matching pointcut which should have been there before, but was
not. I.e., things have improved and the tests are even a bit better now.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Especially 'hashCode' did not correspond to 'equals', disregarding
several fields, array dimension information being only one of them. This
led to parts of pointcuts being ignored, because they were regarded as
duplicates. Example:
execution(Foo* *(..)) && !execution(Foo*[] *(..))
Here, the negated pattern was falsely regarded as equal to the first
pattern, leading to an "A && !A" situation, i.e. no match at all.
Furthermore, 'toString' did not print array strings, i.e. instead of
"Foo*[][]" something like "Foo*" was printed. This false information was
also present in annotations generated by the weaver.
FuzzilyMatchingAspect was adjusted to actually match exactly once, as
expected, for the "Foo*" return types, i.e. exclusions for the array
return types have been added.
Relates to #24.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
More test cases were added for
- multi-dimensional arrays,
- primitive type arrays.
Relates to https://github.com/eclipse/org.aspectj/issues/24.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Relates to https://github.com/eclipse/org.aspectj/issues/24.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
This test was always inactive and did not add any value other than
during development. No it runs, passes and documents the status quo of
- what was fixed (regression for AJC 1.8.2 core dump fixed in 1.8.3),
- the current limitations of @DeclareParents and @DeclareMixin
regarding generic interfaces.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Relates to #198. Now, we create a delegate method body which basically
looks as follows:
public void methodOne() {
if (this.ajc$instance$MyAspect$MyMixin == null) {
synchronized(this) {
if (this.ajc$instance$MyAspect$MyMixin == null) {
this.ajc$instance$MyAspect$MyMixin = MyAspect.aspectOf().createImplementation(this);
}
}
}
this.ajc$instance$MyAspect$MyMixin.methodOne();
}
The idea for the outer null check is from @aclement, see
https://github.com/eclipse/org.aspectj/pull/205#issuecomment-1371556080.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
Fixes #162. Contains regression test
Bugs1919Tests.testInterfaceInnerAspectImplicitlyStatic.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
Fixes #20. Needs JDT Core grammar fix.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See https://bugs.eclipse.org/bugs/show_bug.cgi?id=366085.
See https://stackoverflow.com/q/74618269/1082681.
The issue described in the Bugzilla issue is about 'declare @type', but
similar issues also existed for 'declare @field', 'declare @method',
'declare @constructor'. This fix is rather superficial and leaves
things to be desired, because it is rather hacky and simply ignores
errors source retention annotation declarations during weaving. A better
fix would drop the corresponding declarations while parsing and also
issue compiler warnings in each case.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vmVersionRanges might be a single version like "9", a list of versions
like "1.2,1.3,1.4,1.5", an equivalent range of "1.2-1.5", an open range
like "-1.8", "9-" (equivalent to "9+") or a more complex list of ranges
like "-1.6,9-11,13-14,17-" or "8,11,16+".
Empty ranges like in "", " ", "8,,14", ",5", "6-," will be ignored.
I.e., they will not yield a positive match.
Bogus ranges like "9-11-14" will be ignored, too.
Existing XML test specs using '<line text="..." vm="v,v2,...,vn"/>
have been adjusted to use version ranges rather than long lists of
consecutive versions. Furthermore, ranges with a trailing '+' like '14+'
were replaced by using the new canonical format '14-', even though the
parser still correctly recognises '14+'.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
| |
For now, only the "pattern matching for switch" tests from previews 1
and 2 were adjusted to work in preview 3, because guarded patterns were
replaced by 'when' clauses in 'switch' blocks. Therefore, existing test
classes did not compile anymore and had to be replaced by syntactically
upgraded versions with content merged from preview 1 and 2 classes.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
| |
and enable LangUtil to parse Java versions like '19+36-2238'.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Firstly, Batik is not needed for running AspectJ tests.
Secondly, the fixed Windows path separators led to GitHub CI/CD tests
failing under Java 18+ on GitHub. Replacing ';' by 'File.pathSeparator'
would have fixed the problem, but removing the paths altogether is the
cleaner solution.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
| |
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
| |
It makes sense to indicate the Java version in the minor-minor of
AspectJ artifacts.
Signed-off-by: Alexander Kriegisch <Alexander@Kriegisch.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a partial path traversal vulnerability.
Replaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath())`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.
To demonstrate this vulnerability, consider `"/usr/outnot".startsWith("/usr/out")`.
The check is bypassed although `/outnot` is not under the `/out` directory.
It's important to understand that the terminating slash may be removed when using various `String` representations of the `File` object.
For example, on Linux, `println(new File("/var"))` will print `/var`, but `println(new File("/var", "/")` will print `/var/`;
however, `println(new File("/var", "/").getCanonicalPath())` will print `/var`.
Weakness: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Severity: Medium
CVSSS: 6.1
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.PartialPathTraversalVulnerability)
Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/13
Co-authored-by: Moderne <team@moderne.io>
|