mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31720 Commits
59 Branches
Tree: a53007e824
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a53007e824'
${ noResults }
sonarqube/sonar-scanner-engine/src/main/java/org/sonar/scanner/bootstrap/PluginFiles.java

PluginFiles.java 9.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2022 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.scanner.bootstrap;

  21. 

  22. import java.io.BufferedInputStream;

  23. import java.io.BufferedOutputStream;

  24. import java.io.File;

  25. import java.io.IOException;

  26. import java.io.InputStream;

  27. import java.net.HttpURLConnection;

  28. import java.nio.file.Files;

  29. import java.util.Objects;

  30. import java.util.Optional;

  31. import java.util.jar.JarOutputStream;

  32. import java.util.jar.Pack200;

  33. import java.util.stream.Stream;

  34. import java.util.zip.GZIPInputStream;

  35. import org.apache.commons.codec.digest.DigestUtils;

  36. import org.apache.commons.io.FileUtils;

  37. import org.sonar.api.config.Configuration;

  38. import org.sonar.api.utils.log.Logger;

  39. import org.sonar.api.utils.log.Loggers;

  40. import org.sonar.scanner.bootstrap.ScannerPluginInstaller.InstalledPlugin;

  41. import org.sonarqube.ws.client.GetRequest;

  42. import org.sonarqube.ws.client.HttpException;

  43. import org.sonarqube.ws.client.WsResponse;

  44. 

  45. import static java.lang.String.format;

  46. 

  47. public class PluginFiles {

  48. 

  49.   private static final Logger LOGGER = Loggers.get(PluginFiles.class);

  50.   private static final String MD5_HEADER = "Sonar-MD5";

  51.   private static final String COMPRESSION_HEADER = "Sonar-Compression";

  52.   private static final String PACK200 = "pack200";

  53.   private static final String UNCOMPRESSED_MD5_HEADER = "Sonar-UncompressedMD5";

  54. 

  55.   private final DefaultScannerWsClient wsClient;

  56.   private final File cacheDir;

  57.   private final File tempDir;

  58. 

  59.   public PluginFiles(DefaultScannerWsClient wsClient, Configuration configuration) {

  60.     this.wsClient = wsClient;

  61.     File home = locateHomeDir(configuration);

  62.     this.cacheDir = mkdir(new File(home, "cache"), "user cache");

  63.     this.tempDir = mkdir(new File(home, "_tmp"), "temp dir");

  64.     LOGGER.info("User cache: {}", cacheDir.getAbsolutePath());

  65.   }

  66. 

  67.   public File createTempDir() {

  68.     try {

  69.       return Files.createTempDirectory(tempDir.toPath(), "plugins").toFile();

  70.     } catch (IOException e) {

  71.       throw new IllegalStateException("Fail to create temp directory in " + tempDir, e);

  72.     }

  73.   }

  74. 

  75.   /**

  76.    * Get the JAR file of specified plugin. If not present in user local cache,

  77.    * then it's downloaded from server and added to cache.

  78.    *

  79.    * @return the file, or {@link Optional#empty()} if plugin not found (404 HTTP code)

  80.    * @throws IllegalStateException if the plugin can't be downloaded (not 404 nor 2xx HTTP codes)

  81.    * or can't be cached locally.

  82.    */

  83.   public Optional<File> get(InstalledPlugin plugin) {

  84.     // Does not fail if another process tries to create the directory at the same time.

  85.     File jarInCache = jarInCache(plugin.key, plugin.hash);

  86.     if (jarInCache.exists() && jarInCache.isFile()) {

  87.       return Optional.of(jarInCache);

  88.     }

  89.     return download(plugin);

  90.   }

  91. 

  92.   private Optional<File> download(InstalledPlugin plugin) {

  93.     GetRequest request = new GetRequest("api/plugins/download")

  94.       .setParam("plugin", plugin.key)

  95.       .setTimeOutInMs(5 * 60_000);

  96. 

  97.     try {

  98.       Class.forName("java.util.jar.Pack200");

  99.       request.setParam("acceptCompressions", PACK200);

  100.     } catch (ClassNotFoundException e) {

  101.       // ignore and don't use any compression

  102.     }

  103. 

  104.     File downloadedFile = newTempFile();

  105.     LOGGER.debug("Download plugin '{}' to '{}'", plugin.key, downloadedFile);

  106. 

  107.     try (WsResponse response = wsClient.call(request)) {

  108.       Optional<String> expectedMd5 = response.header(MD5_HEADER);

  109.       if (!expectedMd5.isPresent()) {

  110.         throw new IllegalStateException(format(

  111.           "Fail to download plugin [%s]. Request to %s did not return header %s", plugin.key, response.requestUrl(), MD5_HEADER));

  112.       }

  113. 

  114.       downloadBinaryTo(plugin, downloadedFile, response);

  115. 

  116.       // verify integrity

  117.       String effectiveTempMd5 = computeMd5(downloadedFile);

  118.       if (!expectedMd5.get().equals(effectiveTempMd5)) {

  119.         throw new IllegalStateException(format(

  120.           "Fail to download plugin [%s]. File %s was expected to have checksum %s but had %s", plugin.key, downloadedFile, expectedMd5.get(), effectiveTempMd5));

  121.       }

  122. 

  123.       // un-compress if needed

  124.       String cacheMd5;

  125.       File tempJar;

  126.       Optional<String> compression = response.header(COMPRESSION_HEADER);

  127.       if (compression.isPresent() && PACK200.equals(compression.get())) {

  128.         tempJar = unpack200(plugin.key, downloadedFile);

  129.         cacheMd5 = response.header(UNCOMPRESSED_MD5_HEADER).orElseThrow(() -> new IllegalStateException(format(

  130.           "Fail to download plugin [%s]. Request to %s did not return header %s.", plugin.key, response.requestUrl(), UNCOMPRESSED_MD5_HEADER)));

  131.       } else {

  132.         tempJar = downloadedFile;

  133.         cacheMd5 = expectedMd5.get();

  134.       }

  135. 

  136.       // put in cache

  137.       File jarInCache = jarInCache(plugin.key, cacheMd5);

  138.       mkdir(jarInCache.getParentFile());

  139.       moveFile(tempJar, jarInCache);

  140.       return Optional.of(jarInCache);

  141. 

  142.     } catch (HttpException e) {

  143.       if (e.code() == HttpURLConnection.HTTP_NOT_FOUND) {

  144.         // Plugin was listed but not longer available. It has probably been

  145.         // uninstalled.

  146.         return Optional.empty();

  147.       }

  148. 

  149.       // not 2xx nor 404

  150.       throw new IllegalStateException(format("Fail to download plugin [%s]. Request to %s returned code %d.", plugin.key, e.url(), e.code()));

  151.     }

  152.   }

  153. 

  154.   private static void downloadBinaryTo(InstalledPlugin plugin, File downloadedFile, WsResponse response) {

  155.     try (InputStream stream = response.contentStream()) {

  156.       FileUtils.copyInputStreamToFile(stream, downloadedFile);

  157.     } catch (IOException e) {

  158.       throw new IllegalStateException(format("Fail to download plugin [%s] into %s", plugin.key, downloadedFile), e);

  159.     }

  160.   }

  161. 

  162.   private File jarInCache(String pluginKey, String hash) {

  163.     File hashDir = new File(cacheDir, hash);

  164.     File file = new File(hashDir, format("sonar-%s-plugin.jar", pluginKey));

  165.     if (!file.getParentFile().toPath().equals(hashDir.toPath())) {

  166.       // vulnerability - attempt to create a file outside the cache directory

  167.       throw new IllegalStateException(format("Fail to download plugin [%s]. Key is not valid.", pluginKey));

  168.     }

  169.     return file;

  170.   }

  171. 

  172.   private File newTempFile() {

  173.     try {

  174.       return File.createTempFile("fileCache", null, tempDir);

  175.     } catch (IOException e) {

  176.       throw new IllegalStateException("Fail to create temp file in " + tempDir, e);

  177.     }

  178.   }

  179. 

  180.   private File unpack200(String pluginKey, File compressedFile) {

  181.     LOGGER.debug("Unpacking plugin {}", pluginKey);

  182.     File jar = newTempFile();

  183.     try (InputStream input = new GZIPInputStream(new BufferedInputStream(FileUtils.openInputStream(compressedFile)));

  184.       JarOutputStream output = new JarOutputStream(new BufferedOutputStream(FileUtils.openOutputStream(jar)))) {

  185.       Pack200.newUnpacker().unpack(input, output);

  186.     } catch (IOException e) {

  187.       throw new IllegalStateException(format("Fail to download plugin [%s]. Pack200 error.", pluginKey), e);

  188.     }

  189.     return jar;

  190.   }

  191. 

  192.   private static String computeMd5(File file) {

  193.     try (InputStream fis = new BufferedInputStream(FileUtils.openInputStream(file))) {

  194.       return DigestUtils.md5Hex(fis);

  195.     } catch (IOException e) {

  196.       throw new IllegalStateException("Fail to compute md5 of " + file, e);

  197.     }

  198.   }

  199. 

  200.   private static void moveFile(File sourceFile, File targetFile) {

  201.     boolean rename = sourceFile.renameTo(targetFile);

  202.     // Check if the file was cached by another process during download

  203.     if (!rename && !targetFile.exists()) {

  204.       LOGGER.warn("Unable to rename {} to {}", sourceFile.getAbsolutePath(), targetFile.getAbsolutePath());

  205.       LOGGER.warn("A copy/delete will be tempted but with no guarantee of atomicity");

  206.       try {

  207.         Files.move(sourceFile.toPath(), targetFile.toPath());

  208.       } catch (IOException e) {

  209.         throw new IllegalStateException("Fail to move " + sourceFile.getAbsolutePath() + " to " + targetFile, e);

  210.       }

  211.     }

  212.   }

  213. 

  214.   private static void mkdir(File dir) {

  215.     try {

  216.       Files.createDirectories(dir.toPath());

  217.     } catch (IOException e) {

  218.       throw new IllegalStateException("Fail to create cache directory: " + dir, e);

  219.     }

  220.   }

  221. 

  222.   private static File mkdir(File dir, String debugTitle) {

  223.     if (!dir.isDirectory() || !dir.exists()) {

  224.       LOGGER.debug("Create : {}", dir.getAbsolutePath());

  225.       try {

  226.         Files.createDirectories(dir.toPath());

  227.       } catch (IOException e) {

  228.         throw new IllegalStateException("Unable to create " + debugTitle + dir.getAbsolutePath(), e);

  229.       }

  230.     }

  231.     return dir;

  232.   }

  233. 

  234.   private static File locateHomeDir(Configuration configuration) {

  235.     return Stream.of(

  236.       configuration.get("sonar.userHome").orElse(null),

  237.       System.getenv("SONAR_USER_HOME"),

  238.       System.getProperty("user.home") + File.separator + ".sonar")

  239.       .filter(Objects::nonNull)

  240.       .findFirst()

  241.       .map(File::new)

  242.       .get();

  243.   }

  244. }