You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ro...@apache.org on 2022/10/26 13:20:19 UTC

[sling-org-apache-sling-xss] branch issue/SLING-11610-better-reflection created (now 2cfa1fc)

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a change to branch issue/SLING-11610-better-reflection
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git


      at 2cfa1fc  SLING-11610 - Sling XSS API 2.3.0 does not work on Java 17

This branch includes the following new commits:

     new 2cfa1fc  SLING-11610 - Sling XSS API 2.3.0 does not work on Java 17

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[sling-org-apache-sling-xss] 01/01: SLING-11610 - Sling XSS API 2.3.0 does not work on Java 17

Posted by ro...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch issue/SLING-11610-better-reflection
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-xss.git

commit 2cfa1fc86e85116b8882a1d9c709b0abcf251f00
Author: Robert Munteanu <ro...@apache.org>
AuthorDate: Wed Oct 26 15:19:23 2022 +0200

    SLING-11610 - Sling XSS API 2.3.0 does not work on Java 17
    
    Use the reflection API in a way that is compatible with Java 17. This still requires
    invokers to use "-add-opens", see the updates surefire config.
---
 pom.xml                                            | 21 +++++++++++++++
 .../sling/xss/impl/AntiSamyPolicyAdapter.java      | 31 +++++++++++++++++-----
 2 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3e37d9e..d9c9d19 100644
--- a/pom.xml
+++ b/pom.xml
@@ -377,5 +377,26 @@
             <scope>test</scope>
         </dependency>
     </dependencies>
+    
+    <profiles>
+        <profile>
+            <id>java12-or-higher</id>
+            <activation>
+                <!-- starting with Java 12 some reflective operations require add-opens instructions -->
+                <jdk>[12,)</jdk>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <argLine>--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED</argLine>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 
 </project>
diff --git a/src/main/java/org/apache/sling/xss/impl/AntiSamyPolicyAdapter.java b/src/main/java/org/apache/sling/xss/impl/AntiSamyPolicyAdapter.java
index cb20842..20a8568 100644
--- a/src/main/java/org/apache/sling/xss/impl/AntiSamyPolicyAdapter.java
+++ b/src/main/java/org/apache/sling/xss/impl/AntiSamyPolicyAdapter.java
@@ -19,6 +19,7 @@
 package org.apache.sling.xss.impl;
 
 import java.lang.reflect.Field;
+import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -27,8 +28,8 @@ import java.util.Map;
 import java.util.regex.Pattern;
 
 import org.apache.sling.xss.impl.style.CssValidator;
-import org.apache.sling.xss.impl.xml.Attribute;
 import org.apache.sling.xss.impl.xml.AntiSamyPolicy;
+import org.apache.sling.xss.impl.xml.Attribute;
 import org.apache.sling.xss.impl.xml.Tag;
 import org.jetbrains.annotations.Nullable;
 import org.owasp.html.AttributePolicy;
@@ -222,6 +223,7 @@ public class AntiSamyPolicyAdapter {
 
     private static Predicate<String> matchesPatternsOrLiterals(List<Pattern> patternList, boolean ignoreCase, List<String> literalList) {
         return new Predicate<String>() {
+            @Override
             public boolean apply(String s) {
                 // check if the string matches to the pattern or one of the literal
                 s = ignoreCase ? s.toLowerCase() : s;
@@ -261,13 +263,28 @@ public class AntiSamyPolicyAdapter {
         }
     }
 
-    private void letMeIn(Field field) throws ReflectiveOperationException {
-        if (!field.isAccessible())
-            field.setAccessible(true);
-        if ((field.getModifiers() & Modifier.FINAL) != 0) {
-            Field modifiersField = Field.class.getDeclaredField("modifiers");
+    private void letMeIn(Field inaccessible) throws ReflectiveOperationException {
+        if (!inaccessible.isAccessible())
+            inaccessible.setAccessible(true);
+        if ((inaccessible.getModifiers() & Modifier.FINAL) != 0) {
+            Field modifiersField = null;
+            try { 
+                modifiersField = Field.class.getDeclaredField("modifiers");
+            } catch ( NoSuchFieldException e ) {
+                // fallback for Java 12+
+                Method getDeclaredFields = Class.class.getDeclaredMethod("getDeclaredFields0", boolean.class);
+                getDeclaredFields.setAccessible(true);
+                Field[] fields = (Field[]) getDeclaredFields.invoke(Field.class, false);
+                for ( Field field : fields ) {
+                    if ( "modifiers".equals(field.getName()) ) {
+                        modifiersField = field;
+                    }
+                }
+            }
+            if ( modifiersField == null )
+                throw new IllegalAccessException("Unable to locate modifiers field " + Field.class.getName() + ", aborting setup");
             modifiersField.setAccessible(true);
-            modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
+            modifiersField.setInt(inaccessible, inaccessible.getModifiers() & ~Modifier.FINAL);
         }
     }
 }
\ No newline at end of file