This is an automated email from the ASF dual-hosted git repository.
chaokunyang pushed a commit to branch releases-0.10
in repository https://gitbox.apache.org/repos/asf/fury.git
The following commit(s) were added to refs/heads/releases-0.10 by this push:
new cb11939b fix(java): fix disallowedlist filechekc on windows (#2129)
cb11939b is described below
commit cb11939bc01b2302293bb3e8381723f813c389ce
Author: Shawn Yang <[email protected]>
AuthorDate: Fri Mar 28 23:58:43 2025 +0800
fix(java): fix disallowedlist filechekc on windows (#2129)
## What does this PR do?
- add windows ci for java21
- Fix sha256 check error on windows:
## Related issues
Closes #2100
## Does this PR introduce any user-facing change?
<!--
If any user-facing interface changes, please [open an
issue](https://github.com/apache/fury/issues/new/choose) describing the
need to do so and update the document if necessary. -->
- [ ] Does this PR introduce any public API change?
- [ ] Does this PR introduce any binary protocol compatibility change?
## Benchmark
<!--
When the PR has an impact on performance (if you don't know whether the
PR will have an impact on performance, you can submit the PR first, and
if it will have impact on performance, the code reviewer will explain
it), be sure to attach a benchmark data here.
-->
<!--
**Thanks for contributing to Fury.**
**If this is your first time opening a PR on fury, you can refer to
[CONTRIBUTING.md](https://github.com/apache/fury/blob/main/CONTRIBUTING.md).**
Contribution Checklist
- The **Apache Fury (incubating)** community has restrictions on the
naming of pr titles. You can also find instructions in
[CONTRIBUTING.md](https://github.com/apache/fury/blob/main/CONTRIBUTING.md).
- Fury has a strong focus on performance. If the PR you submit will have
an impact on performance, please benchmark it first and provide the
benchmark result here.
-->
## What does this PR do?
<!-- Describe the purpose of this PR. -->
## Related issues
<!--
Is there any related issue? Please attach here.
- #xxxx0
- #xxxx1
- #xxxx2
-->
## Does this PR introduce any user-facing change?
<!--
If any user-facing interface changes, please [open an
issue](https://github.com/apache/fury/issues/new/choose) describing the
need to do so and update the document if necessary.
-->
- [ ] Does this PR introduce any public API change?
- [ ] Does this PR introduce any binary protocol compatibility change?
## Benchmark
<!--
When the PR has an impact on performance (if you don't know whether the
PR will have an impact on performance, you can submit the PR first, and
if it will have impact on performance, the code reviewer will explain
it), be sure to attach a benchmark data here.
-->
---
.github/workflows/ci.yml | 21 +++++++++++++
ci/run_ci.sh | 16 ++++++++++
.../org/apache/fury/resolver/DisallowedList.java | 23 ++++++++------
.../apache/fury/resolver/DisallowedListTest.java | 35 ++++++++++++++++++++++
4 files changed, 86 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 72201cff..4df0daa2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -94,6 +94,26 @@ jobs:
run: ./ci/run_ci.sh install_pyfury
- name: Run CI with Maven
run: ./ci/run_ci.sh java${{ matrix.java-version }}
+
+ java21_windows:
+ name: Windows Java 21 CI
+ runs-on: windows-2022
+ env:
+ MY_VAR: "PATH"
+ strategy:
+ matrix:
+ java-version: ["21"]
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up JDK ${{ matrix.java-version }}
+ uses: actions/setup-java@v4
+ with:
+ java-version: ${{ matrix.java-version }}
+ distribution: "temurin"
+ - name: Run CI with Maven
+ shell: bash
+ run: ./ci/run_ci.sh windows_java21
+
graalvm:
name: GraalVM CI
runs-on: ubuntu-latest
@@ -113,6 +133,7 @@ jobs:
with:
python-version: 3.8
- name: Build native image and run
+ shell: bash
run: ./ci/run_ci.sh graalvm_test
scala:
diff --git a/ci/run_ci.sh b/ci/run_ci.sh
index 14664e9b..adf62a6c 100755
--- a/ci/run_ci.sh
+++ b/ci/run_ci.sh
@@ -156,6 +156,19 @@ jdk17_plus_tests() {
echo "Executing latest_jdk_tests succeeds"
}
+windows_java21_test() {
+ java -version
+ echo "Executing fury java tests"
+ cd "$ROOT/java"
+ set +e
+ mvn -T10 --batch-mode --no-transfer-progress test
-Dtest=!org.apache.fury.CrossLanguageTest install -pl
'!fury-format,!fury-testsuite'
+ testcode=$?
+ if [[ $testcode -ne 0 ]]; then
+ exit $testcode
+ fi
+ echo "Executing fury java tests succeeds"
+}
+
case $1 in
java8)
echo "Executing fury java tests"
@@ -186,6 +199,9 @@ case $1 in
java21)
jdk17_plus_tests
;;
+ windows_java21)
+ windows_java21_test
+ ;;
integration_tests)
echo "Install jdk"
install_jdks
diff --git
a/java/fury-core/src/main/java/org/apache/fury/resolver/DisallowedList.java
b/java/fury-core/src/main/java/org/apache/fury/resolver/DisallowedList.java
index b6ea8840..b4808726 100644
--- a/java/fury-core/src/main/java/org/apache/fury/resolver/DisallowedList.java
+++ b/java/fury-core/src/main/java/org/apache/fury/resolver/DisallowedList.java
@@ -27,15 +27,20 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Set;
+import java.util.TreeSet;
import java.util.stream.Collectors;
import org.apache.fury.exception.InsecureException;
/** A class to record which classes are not allowed for serialization. */
class DisallowedList {
private static final String DISALLOWED_LIST_TXT_PATH = "fury/disallowed.txt";
- // when disallowed.txt changed, update this hash by result of `sha256sum
disallowed.txt`
+ // When the disallowed.txt file is modified, update this hash using the
following steps:
+ // 1. Run the DisallowedListTest#testCalculateSHA256 test method
+ // 2. Copy the output hash from the test result
+ // 3. Replace the value of SHA256_HASH below with the new hash
+ // 4. Rerun all tests to ensure everything is working correctly with the new
hash
private static final String SHA256_HASH =
- "30dc5228f52b02f61aff35a94d29ccd903abbf490d8231810c5e1c0321c56557";
+ "53ecb405085d795d45ce033cd4f1055ae06247a5dbaa617ecd20e4aac4303f60";
private static final Set<String> DEFAULT_DISALLOWED_LIST_SET;
static {
@@ -43,16 +48,16 @@ class DisallowedList {
DisallowedList.class.getClassLoader().getResourceAsStream(DISALLOWED_LIST_TXT_PATH))
{
if (is != null) {
byte[] fileBytes = readAllBytes(is);
- String calculatedHash = calculateSHA256(fileBytes);
- if (!SHA256_HASH.equals(calculatedHash)) {
- // add a check to avoid some malicious overwrite disallowed.txt
- throw new SecurityException("Disallowed list has been tampered");
- }
DEFAULT_DISALLOWED_LIST_SET =
Arrays.stream(
new String(fileBytes,
StandardCharsets.UTF_8).split(System.lineSeparator()))
.filter(line -> !line.isEmpty() && !line.startsWith("#"))
.collect(Collectors.toSet());
+ String calculatedHash = calculateSHA256(new
TreeSet<>(DEFAULT_DISALLOWED_LIST_SET));
+ if (!SHA256_HASH.equals(calculatedHash)) {
+ // add a check to avoid some malicious overwrite disallowed.txt
+ throw new SecurityException("Disallowed list has been tampered");
+ }
} else {
throw new IllegalStateException(
String.format("Read disallowed list %s failed",
DISALLOWED_LIST_TXT_PATH));
@@ -74,10 +79,10 @@ class DisallowedList {
return buffer.toByteArray();
}
- private static String calculateSHA256(byte[] input) {
+ private static String calculateSHA256(TreeSet<String> set) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
- byte[] hashBytes = digest.digest(input);
+ byte[] hashBytes = digest.digest(String.join(",",
set).getBytes(StandardCharsets.UTF_8));
StringBuilder hexString = new StringBuilder();
for (byte b : hashBytes) {
String hex = Integer.toHexString(0xff & b);
diff --git
a/java/fury-core/src/test/java/org/apache/fury/resolver/DisallowedListTest.java
b/java/fury-core/src/test/java/org/apache/fury/resolver/DisallowedListTest.java
index c2bd0c9a..09cd6059 100644
---
a/java/fury-core/src/test/java/org/apache/fury/resolver/DisallowedListTest.java
+++
b/java/fury-core/src/test/java/org/apache/fury/resolver/DisallowedListTest.java
@@ -19,7 +19,15 @@
package org.apache.fury.resolver;
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.nio.charset.StandardCharsets;
import java.rmi.server.UnicastRemoteObject;
+import java.security.MessageDigest;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.stream.Collectors;
import org.apache.fury.Fury;
import org.apache.fury.FuryTestBase;
import org.apache.fury.config.Language;
@@ -30,6 +38,33 @@ import org.testng.annotations.Test;
public class DisallowedListTest extends FuryTestBase {
+ @Test
+ public void testCalculateSHA256() throws Exception {
+ try (InputStream is =
+
DisallowedList.class.getClassLoader().getResourceAsStream("fury/disallowed.txt"))
{
+ assert is != null;
+ Set<String> set =
+ new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))
+ .lines()
+ .filter(line -> !line.isEmpty() && !line.startsWith("#"))
+ .collect(Collectors.toSet());
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
+ byte[] hashBytes =
+ digest.digest(String.join(",", new
TreeSet<>(set)).getBytes(StandardCharsets.UTF_8));
+ StringBuilder hexString = new StringBuilder();
+ for (byte b : hashBytes) {
+ String hex = Integer.toHexString(0xff & b);
+ if (hex.length() == 1) {
+ hexString.append('0');
+ }
+ hexString.append(hex);
+ }
+ System.out.println("SHA256 HASH for disallowed.txt is " + hexString);
+ Assert.assertEquals(
+ hexString.toString(),
"53ecb405085d795d45ce033cd4f1055ae06247a5dbaa617ecd20e4aac4303f60");
+ }
+ }
+
@Test
public void testCheckHitDisallowedList() {
// Hit the disallowed list.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
