ban dangerous methods in java.net

rmuir · rmuir · commit 4f9389dcf1e8 · 2015-08-19T21:26:52.000-04:00
diff --git a/core/src/main/java/org/elasticsearch/common/network/MulticastChannel.java b/core/src/main/java/org/elasticsearch/common/network/MulticastChannel.java
@@ -20,7 +20,9 @@
 package org.elasticsearch.common.network;
 
 import com.google.common.collect.Maps;
+
 import org.apache.lucene.util.IOUtils;
+import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.logging.ESLogger;
@@ -257,6 +259,7 @@ protected void close(Listener listener) {
     /**
      * Simple implementation of a channel.
      */
+    @SuppressForbidden(reason = "I bind to wildcard addresses. I am a total nightmare")
     private static class Plain extends MulticastChannel {
         private final ESLogger logger;
         private final Config config;
diff --git a/core/src/test/java/org/elasticsearch/benchmark/transport/netty/NettyEchoBenchmark.java b/core/src/test/java/org/elasticsearch/benchmark/transport/netty/NettyEchoBenchmark.java
@@ -59,7 +59,7 @@ public ChannelPipeline getPipeline() throws Exception {
         });
 
         // Bind and start to accept incoming connections.
-        serverBootstrap.bind(new InetSocketAddress(9000));
+        serverBootstrap.bind(new InetSocketAddress(InetAddress.getLoopbackAddress(), 9000));
 
         ClientBootstrap clientBootstrap = new ClientBootstrap(
                 new NioClientSocketChannelFactory(
@@ -79,7 +79,7 @@ public ChannelPipeline getPipeline() throws Exception {
         });
 
         // Start the connection attempt.
-        ChannelFuture future = clientBootstrap.connect(new InetSocketAddress(InetAddress.getByName("localhost"), 9000));
+        ChannelFuture future = clientBootstrap.connect(new InetSocketAddress(InetAddress.getLoopbackAddress(), 9000));
         future.awaitUninterruptibly();
         Channel clientChannel = future.getChannel();
 
diff --git a/core/src/test/java/org/elasticsearch/discovery/zen/ping/multicast/MulticastZenPingIT.java b/core/src/test/java/org/elasticsearch/discovery/zen/ping/multicast/MulticastZenPingIT.java
@@ -23,6 +23,7 @@
 import org.elasticsearch.cluster.ClusterName;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.node.DiscoveryNodes;
+import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
@@ -130,7 +131,7 @@ public boolean nodeHasJoinedClusterOnce() {
         }
     }
 
-    @Test
+    @Test @SuppressForbidden(reason = "I bind to wildcard addresses. I am a total nightmare")
     public void testExternalPing() throws Exception {
         Settings settings = Settings.EMPTY;
         settings = buildRandomMulticast(settings);
diff --git a/core/src/test/java/org/elasticsearch/transport/NettySizeHeaderFrameDecoderTests.java b/core/src/test/java/org/elasticsearch/transport/NettySizeHeaderFrameDecoderTests.java
@@ -20,6 +20,7 @@
 package org.elasticsearch.transport;
 
 import com.google.common.base.Charsets;
+
 import org.elasticsearch.Version;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.network.NetworkService;
@@ -39,6 +40,7 @@
 
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
+import java.net.InetAddress;
 import java.net.Socket;
 
 import static org.elasticsearch.common.settings.Settings.settingsBuilder;
@@ -55,7 +57,7 @@ public class NettySizeHeaderFrameDecoderTests extends ESTestCase {
     private ThreadPool threadPool;
     private NettyTransport nettyTransport;
     private int port;
-    private String host;
+    private InetAddress host;
 
     @Before
     public void startThreadPool() {
@@ -70,7 +72,7 @@ public void startThreadPool() {
 
         InetSocketTransportAddress transportAddress = (InetSocketTransportAddress) nettyTransport.boundAddress().boundAddress();
         port = transportAddress.address().getPort();
-        host = transportAddress.address().getHostString();
+        host = transportAddress.address().getAddress();
 
     }
 
diff --git a/core/src/test/java/org/elasticsearch/transport/netty/NettyTransportMultiPortTests.java b/core/src/test/java/org/elasticsearch/transport/netty/NettyTransportMultiPortTests.java
@@ -170,7 +170,7 @@ private int[] getRandomPorts(int numberOfPorts) {
                         // Set SO_REUSEADDR as we may bind here and not be able
                         // to reuse the address immediately without it.
                         serverSocket.setReuseAddress(NetworkUtils.defaultReuseAddress());
-                        serverSocket.bind(new InetSocketAddress(nextPort));
+                        serverSocket.bind(new InetSocketAddress(InetAddress.getLoopbackAddress(), nextPort));
 
                         // bind was a success
                         logger.debug("port [{}] available.", nextPort);
diff --git a/dev-tools/src/main/resources/forbidden/all-signatures.txt b/dev-tools/src/main/resources/forbidden/all-signatures.txt
@@ -60,4 +60,16 @@ java.nio.file.Files#isHidden(java.nio.file.Path) @ Dependent on the operating sy
 java.nio.file.Files#getFileStore(java.nio.file.Path) @ Use Environment.getFileStore() instead, impacted by JDK-8034057
 java.nio.file.Files#isWritable(java.nio.file.Path) @ Use Environment.isWritable() instead, impacted by JDK-8034057
 
-java.net.InetSocketAddress#<init>(java.lang.String,int) @ Resolve host explicitly to the address(es) you want with InetAddress, and without leniency
+@defaultMessage Resolve hosts explicitly to the address(es) you want with InetAddress.
+java.net.InetSocketAddress#<init>(java.lang.String,int)
+java.net.Socket#<init>(java.lang.String,int)
+java.net.Socket#<init>(java.lang.String,int,java.net.InetAddress,int)
+
+@defaultMessage Don't bind to wildcard addresses. Be specific.
+java.net.DatagramSocket#<init>()
+java.net.DatagramSocket#<init>(int)
+java.net.InetSocketAddress#<init>(int)
+java.net.MulticastSocket#<init>()
+java.net.MulticastSocket#<init>(int)
+java.net.ServerSocket#<init>(int)
+java.net.ServerSocket#<init>(int,int)
