Work to stop accidentally bundling tools.jar and enable on JDK11 (requires command line options)

2025-01-17 02:09:50 +00:00 · 2023-04-14 14:56:32 +01:00 · 2023-04-14 14:56:32 +01:00 · f63d5501a1
commit f63d5501a1
parent 65b92f43d0
13 changed files with 34 additions and 26 deletions
--- a/tools/aegis4j/build.gradle
+++ b/tools/aegis4j/build.gradle
@ -53,7 +53,7 @@ test {
    jvmArgs "-javaagent:${shadowJar.archiveFile.get()}=dynamic"
    useJUnitPlatform()
    systemProperty 'jdk.attach.allowAttachSelf', 'true' // tests attach agent to local VM
-    systemProperty 'aegis4j.projectRoot', "${project.rootDir.toString()}"
+    systemProperty 'aegis4j.projectDir', "${project.projectDir.toString()}"
    forkEvery 1 // tests cannot undo class modifications to clean up after themselves
    testLogging {
        events 'passed', 'skipped', 'failed'
--- a/tools/aegis4j/src/main/java/net/gredler/aegis4j/AegisAgent.java
+++ b/tools/aegis4j/src/main/java/net/gredler/aegis4j/AegisAgent.java
@ -97,6 +97,7 @@ public final class AegisAgent {
    }

    static void dynamicLoad(String args) {
+        if (instrumentation == null) throw new IllegalStateException("Cannot dynamically load agent if pre-initialised.");
        agentmain(args, instrumentation);
    }

--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentCommandLineTest.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentCommandLineTest.java
@ -37,7 +37,7 @@ public class AegisAgentCommandLineTest {
        testStaticAttach(jar, "foo", "ERROR: unrecognised parameters foo");
        testStaticAttach(jar, "dynamic", "");

-        Path path = Paths.get(System.getProperty("aegis4j.projectRoot") + "/tools/aegis4j/src/main/resources/net/gredler/aegis4j/mods.properties");
+        Path path = Paths.get(System.getProperty("aegis4j.projectDir") + "/src/main/resources/net/gredler/aegis4j/mods.properties");
        testStaticAttach(jar, "path=" + path, "Java serialization blocked by aegis4j");
        testStaticAttach(jar, "path=" + path + ";unblock=serialization", "");
        testStaticAttach(jar, "path=/foo/bar", "java.io.FileNotFoundException: /foo/bar");
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentSystemPropertyTest.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentSystemPropertyTest.java
@ -34,7 +34,7 @@ public class AegisAgentSystemPropertyTest {
    @Test
    public void testSystemPropertyWithNonEmptyExistingArgs() throws Exception {
        System.setProperty("aegis4j.additional.args", "unblock=jndi,rmi,scripting");
-        TestUtils.installAgent("path=../resources/main/net/gredler/aegis4j/mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/main/resources/net/gredler/aegis4j/mods.properties");
        assertEquals("serialization,process,httpserver", System.getProperty("aegis4j.blocked.features"));
    }
 }
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2018_10054.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2018_10054.java
@ -20,7 +20,7 @@ public class CVE_2018_10054 {

    @Test
    public void test() throws Exception {
-        TestUtils.installAgent("path=../resources/test/h2-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/h2-mods.properties");
        try {
            new WebServlet();
            fail("Exception expected");
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_16869.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_16869.java
@ -20,7 +20,7 @@ public class CVE_2019_16869 {

    @Test
    public void test() throws Exception {
-        TestUtils.installAgent("path=../resources/test/netty-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/netty-mods.properties");
        try {
            new HttpRequestDecoder();
            fail("Exception expected");
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2020_29582.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2020_29582.java
@ -19,7 +19,7 @@ public class CVE_2020_29582 {

    @Test
    public void testDir() throws Exception {
-        TestUtils.installAgent("path=../resources/test/kotlin-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/kotlin-mods.properties");
        try {
            new KotlinStdLibUtils().kotlinCreateTempDir();
            fail("Exception expected");
@ -30,7 +30,7 @@ public class CVE_2020_29582 {

    @Test
    public void testFile() throws Exception {
-        TestUtils.installAgent("path=../resources/test/kotlin-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/kotlin-mods.properties");
        try {
            new KotlinStdLibUtils().kotlinCreateTempFile();
            fail("Exception expected");
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2020_8908.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2020_8908.java
@ -19,7 +19,7 @@ public class CVE_2020_8908 {

    @Test
    public void test() throws Exception {
-        TestUtils.installAgent("path=../resources/test/guava-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/guava-mods.properties");
        try {
            com.google.common.io.Files.createTempDir();
            fail("Exception expected");
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_23463.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_23463.java
@ -29,7 +29,7 @@ public class CVE_2021_23463 {

    @Test
    public void test() throws Exception {
-        TestUtils.installAgent("path=../resources/test/h2-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/h2-mods.properties");
        try {
            SessionInterface session = new SessionInterface() {
                @Override
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2022_1471.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2022_1471.java
@ -20,7 +20,7 @@ public class CVE_2022_1471 {

    @Test
    public void test() throws Exception {
-        TestUtils.installAgent("path=../resources/test/snakeyaml-mods.properties");
+        TestUtils.installAgent("path=" + System.getProperty("aegis4j.projectDir") + "/src/test/resources/snakeyaml-mods.properties");
        try {
            Constructor banned = new Constructor(this.getClass());
            fail("Exception expected");
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/TestUtils.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/TestUtils.java
@ -126,16 +126,9 @@ public final class TestUtils {
    }

    /**
-     * Requires {@code -Djdk.attach.allowAttachSelf=true} on the command line.
+     * Requires {@code -Djdk.attach.allowAttachSelf=true} on the command line for JDK9+.
     */
    public static void installAgent(String options) throws Exception {
-        /*
-        long pid = ProcessHandle.current().pid();
-        VirtualMachine jvm = VirtualMachine.attach(String.valueOf(pid));
-        jvm.loadAgent(createAgentJar(), options);
-        jvm.detach();
-        */
-        //AgentLoader.loadAgentClass(AegisAgent.class.getName(), options);
        AegisAgent.dynamicLoad(options);
    }

--- a/tools/cliutils/build.gradle
+++ b/tools/cliutils/build.gradle
@ -18,9 +18,6 @@ dependencies {

    compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"

-    // Need the JDK
-    compile files(org.gradle.internal.jvm.Jvm.current().toolsJar)
-
    // Aegis4J
    compile project(':tools:aegis4j')
 }
--- a/tools/cliutils/src/main/kotlin/net/corda/cliutils/AttachAegis4j.kt
+++ b/tools/cliutils/src/main/kotlin/net/corda/cliutils/AttachAegis4j.kt
@ -1,8 +1,9 @@
 package net.corda.cliutils

-import com.sun.tools.attach.VirtualMachine
 import net.gredler.aegis4j.AegisAgent
 import java.lang.management.ManagementFactory
+import java.net.URL
+import java.net.URLClassLoader
 import java.nio.file.Files
 import java.util.jar.JarEntry
 import java.util.jar.JarOutputStream
@ -40,9 +41,25 @@ object AttachAegis4j {
    }

    init {
-        val pid = ManagementFactory.getRuntimeMXBean().getName().substringBefore('@')
-        var jvm = VirtualMachine.attach(pid)
-        jvm.loadAgent(createAgentJar(), "resource=mods.properties")
-        jvm.detach()
+        try {
+            val pid = ManagementFactory.getRuntimeMXBean().getName().substringBefore('@')
+            /*
+            The reflective code that follows implements this once the JDK tools.jar is added to the classpath:
+
+            var jvm = VirtualMachine.attach(pid)
+            jvm.loadAgent(createAgentJar(), "resource=mods.properties")
+            jvm.detach()
+            */
+            val toolsJar = "file:${System.getProperty("java.home")}/../lib/tools.jar"
+            val classLoader = URLClassLoader(arrayOf(URL(toolsJar)), this.javaClass.classLoader)
+            val virtualMachineClass: Class<*> = classLoader.loadClass("com.sun.tools.attach.VirtualMachine")
+            val jvm = virtualMachineClass.getDeclaredMethod("attach", String::class.java).invoke(null, pid)
+            val loadAgentMethod = jvm.javaClass.getMethod("loadAgent", String::class.java, String::class.java)
+            loadAgentMethod.invoke(jvm, createAgentJar(), "resource=mods.properties")
+            val detachMethod = jvm.javaClass.getMethod("detach")
+            detachMethod.invoke(jvm)
+        } catch (e: Exception) {
+            System.err.println("Aegis4j Unable to activate - JDK 9+ without system property jdk.attach.allowAttachSelf=true")
+        }
    }
 }