SONAR-2824 Java Squid should use isolated ClassLoader for bytecode analysis

author: Evgeny Mandrikov <mandrikov@gmail.com> 2011-09-23 14:50:30 +0400
committer: Evgeny Mandrikov <mandrikov@gmail.com> 2011-09-23 17:00:34 +0400
commit: e00498300ccbe8f0381df2790e18f0188cd86eab (patch)
tree: c79d59137766c93fc716999c82df78e52e9f877e /plugins
parent: 553c0fcbd6433eed0e6e9f94e6e0c057a0de0b7c (diff)
download: sonarqube-e00498300ccbe8f0381df2790e18f0188cd86eab.tar.gz
sonarqube-e00498300ccbe8f0381df2790e18f0188cd86eab.zip
2 files changed, 21 insertions, 1 deletions
diff --git a/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java b/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java
index 4cc10aedce1..6a814c8499f 100644
--- a/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java
+++ b/plugins/sonar-squid-java-plugin/src/main/java/org/sonar/java/bytecode/ClassworldsClassLoader.java
@@ -45,7 +45,7 @@ public final class ClassworldsClassLoader {
   public static ClassLoader create(Collection<File> bytecodeFilesOrDirectories) {
     try {
       ClassWorld world = new ClassWorld();
-      ClassRealm realm = world.newRealm("squid.project");
+      ClassRealm realm = world.newRealm("squid.project", null /* explicit declaration that parent should be bootstrap class loader */);
 
       for (File bytecode : bytecodeFilesOrDirectories) {
         URL url = getURL(bytecode);
diff --git a/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java b/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java
index ea93533cffc..7f248c6eef3 100644
--- a/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java
+++ b/plugins/sonar-squid-java-plugin/src/test/java/org/sonar/java/bytecode/ClassworldsClassLoaderTest.java
@@ -19,6 +19,7 @@
  */
 package org.sonar.java.bytecode;
 
+import org.codehaus.classworlds.ClassWorld;
 import org.junit.Test;
 import org.sonar.java.ast.SquidTestUtils;
 
@@ -39,6 +40,25 @@ public class ClassworldsClassLoaderTest {
     assertThat(ClassworldsClassLoader.create(Collections.<File>emptyList()), not(nullValue()));
   }
 
+  /**
+   * See SONAR-2824:
+   * ClassLoader created by {@link ClassworldsClassLoader},
+   * should be able to load classes only from JDK and from provided list of JAR-files,
+   * thus it shouldn't be able to load class {@link ClassWorld}.
+   */
+  @Test
+  public void shouldBeIsolated() throws ClassNotFoundException {
+    ClassLoader classloader = ClassworldsClassLoader.create(Collections.EMPTY_LIST);
+    try {
+      classloader.loadClass(ClassWorld.class.getName());
+      fail();
+    } catch (ClassNotFoundException e) {
+      // ok
+    }
+    assertThat(classloader.loadClass("java.lang.Integer"), not(nullValue()));
+    assertThat(classloader.getResource("java/lang/Integer.class"), not(nullValue()));
+  }
+
   @Test
   public void createFromDirectory() throws ClassNotFoundException {
     File dir = SquidTestUtils.getFile("/bytecode/bin/");
author	Evgeny Mandrikov <mandrikov@gmail.com>	2011-09-23 14:50:30 +0400
committer	Evgeny Mandrikov <mandrikov@gmail.com>	2011-09-23 17:00:34 +0400
commit	e00498300ccbe8f0381df2790e18f0188cd86eab (patch)
tree	c79d59137766c93fc716999c82df78e52e9f877e /plugins
parent	553c0fcbd6433eed0e6e9f94e6e0c057a0de0b7c (diff)
download	sonarqube-e00498300ccbe8f0381df2790e18f0188cd86eab.tar.gz sonarqube-e00498300ccbe8f0381df2790e18f0188cd86eab.zip