Use checked exceptions in entitlement constructor rules#145234
Merged
jdconrad merged 12 commits intoelastic:mainfrom Mar 31, 2026
Merged
Use checked exceptions in entitlement constructor rules#145234jdconrad merged 12 commits intoelastic:mainfrom
jdconrad merged 12 commits intoelastic:mainfrom
Conversation
Update constructor entitlement rules in FileInstrumentation and NetworkInstrumentation to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). File constructors now throw FileNotFoundException (for constructors declared to throw it) or IOException (for those with broader checked exceptions). Network constructors throw IOException for Socket and ServerSocket, SocketException for DatagramSocket, and MalformedURLException for URL constructors. Method references (e.g. IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists (FileNotFoundException, MalformedURLException, SocketException). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Collaborator
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughUpdates to entitlement instrumentation in libs/entitlement modify failure handling to throw domain-specific exceptions instead of a generic entitlement denial. FileInstrumentation now maps denied file/stream APIs to either FileNotFoundException or IOException (preserving the original exception as the cause). NetworkInstrumentation maps denied URL construction to MalformedURLException, socket and server socket constructions to IOException, and datagram socket construction to SocketException. Corresponding entitlement tests in FileCheckActions and NetworkAccessCheckActions were updated to expect these specific exception types. No public API signatures were changed. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
…ctor rules Update @EntitlementTest annotations in FileCheckActions and NetworkAccessCheckActions to set expectedExceptionIfDenied to match the checked exceptions now thrown by the updated constructor rules: - FileInputStream, FileOutputStream, RandomAccessFile, FileReader(File/String), PrintWriter(File/String), Scanner(File) → FileNotFoundException - FileReader(File/String+Charset), FileWriter, JarFile, ZipFile, Scanner(File+Charset), FileHandler → IOException - URL(…, URLStreamHandler) → MalformedURLException - DatagramSocket(SocketAddress) → SocketException Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
libs/entitlement/src/main/java/org/elasticsearch/entitlement/config/NetworkInstrumentation.java (1)
281-298:⚠️ Potential issue | 🟠 MajorUse
initCause()pattern for Java 17 compatibility.The new
SocketException(message, cause)calls on lines 283, 286, 289, 292, and 298 use a constructor available only since Java 19. SinceNetworkInstrumentation.javais in the base source set (src/main/java), not a version-specific set, this code runs on Java 17+ and will fail at linkage on Java 17. Replace with theinitCause()pattern:Recommended fix
- rule.callingStatic(DatagramSocket::new) - .enforce(Policies::allNetworkAccess) - .elseThrow(e -> new SocketException(e.getMessage(), e)); + rule.callingStatic(DatagramSocket::new) + .enforce(Policies::allNetworkAccess) + .elseThrow(e -> { + var ex = new SocketException(e.getMessage()); + ex.initCause(e); + return ex; + });Apply the same pattern to all five occurrences of
new SocketException(e.getMessage(), e).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@libs/entitlement/src/main/java/org/elasticsearch/entitlement/config/NetworkInstrumentation.java` around lines 281 - 298, Replace the Java-19-only SocketException(message, cause) usages in NetworkInstrumentation with the Java-17-compatible initCause pattern: for each elseThrow lambda that currently returns new SocketException(e.getMessage(), e) (e.g., the rules for DatagramSocket constructors and bind in rule.callingStatic(...), rule.callingVoid(...)), return a SocketException created with the message and call initCause(e) on it before returning; do the same for all five occurrences referenced in the DatagramSocket rules so linkage works on Java 17.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In
`@libs/entitlement/src/main/java/org/elasticsearch/entitlement/config/NetworkInstrumentation.java`:
- Around line 281-298: Replace the Java-19-only SocketException(message, cause)
usages in NetworkInstrumentation with the Java-17-compatible initCause pattern:
for each elseThrow lambda that currently returns new
SocketException(e.getMessage(), e) (e.g., the rules for DatagramSocket
constructors and bind in rule.callingStatic(...), rule.callingVoid(...)), return
a SocketException created with the message and call initCause(e) on it before
returning; do the same for all five occurrences referenced in the DatagramSocket
rules so linkage works on Java 17.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: c3f08f1e-6c43-4cad-8f31-ff5f48961bde
📒 Files selected for processing (2)
libs/entitlement/src/main/java/org/elasticsearch/entitlement/config/FileInstrumentation.javalibs/entitlement/src/main/java/org/elasticsearch/entitlement/config/NetworkInstrumentation.java
…enied FileImageInputStream(File) internally calls new RandomAccessFile(File, "r"), which now throws FileNotFoundException when denied by the entitlement framework. Update the test annotation accordingly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jdconrad
added a commit
to jdconrad/elasticsearch
that referenced
this pull request
Mar 31, 2026
Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
jdconrad
added a commit
to jdconrad/elasticsearch
that referenced
this pull request
Mar 31, 2026
Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
jdconrad
added a commit
to jdconrad/elasticsearch
that referenced
this pull request
Mar 31, 2026
Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
Collaborator
szybia
added a commit
to szybia/elasticsearch
that referenced
this pull request
Mar 31, 2026
…rics
* upstream/main: (21 commits)
Mute org.elasticsearch.xpack.esql.qa.mixed.MixedClusterEsqlSpecIT test {csv-spec:external-basic.topSnippetsFunction} elastic#145353
Mute org.elasticsearch.xpack.esql.qa.mixed.MixedClusterEsqlSpecIT test {csv-spec:external-basic.scoreFunction} elastic#145352
[DiskBBQ] Fix bug in NeighborQueue#popRawAndAddRaw (elastic#145324)
Fix dense_vector default index options when using BFLOAT16 (elastic#145202)
Use checked exceptions in entitlement constructor rules (elastic#145234)
ESQL: DS: datasource file plugins should not return TEXT types (elastic#145334)
Plumb DLM error store through to DlmFrozenTransition classes (elastic#145243)
Make Settings.Builder.remove() fluent (elastic#145294)
Add FLS tests for METRICS_INFO and TS_INFO (elastic#145211)
Fix flaky SecurityFeatureResetTests (elastic#145063)
[DOCS] Fix conflict markers in ESQL processing command list (elastic#145338)
Skip certain metric assertions on Windows (elastic#144933)
[ES|QL] Add schema reconciliation for multi-file external sources (elastic#145220)
Simplify DiskBBQ dynamic visit ratio to linear (elastic#142784)
ESQL: Disallow unmapped_fields=load with partial non-KEYWORD (elastic#144109)
[Transform] Track Linked Projects (elastic#144399)
Fix bulk scoring to process last batch instead of falling through to scalar tail (elastic#145316)
Clean up TickerScheduleEngineTests (elastic#145303)
[CI] ShardBulkInferenceActionFilterIT testRestart - Ensuring that secrets-inference index is available after full restart and unmuting test (elastic#145317)
Add CRUD doc to the DistributedArchitectureGuide (elastic#144710)
...
elasticsearchmachine
pushed a commit
that referenced
this pull request
Mar 31, 2026
…45349) Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
elasticsearchmachine
pushed a commit
that referenced
this pull request
Mar 31, 2026
…45351) Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
elasticsearchmachine
pushed a commit
that referenced
this pull request
Mar 31, 2026
…) (#145350) * Use checked exceptions in entitlement constructor rules (#145234) Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists. * Fix SocketException construction to use initCause for Java 11 compatibility SocketException(String, Throwable) was added in Java 16. Replace the two-arg constructor with the initCause pattern so the code compiles on Java 11 (used by the 8.x branches). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ncordon
pushed a commit
to ncordon/elasticsearch
that referenced
this pull request
Apr 1, 2026
Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
mromaios
pushed a commit
to mromaios/elasticsearch
that referenced
this pull request
Apr 9, 2026
Constructor entitlement rules updated to throw appropriate checked exceptions instead of NotEntitledException (a RuntimeException). Method references (IOException::new) are used where the exception has a (Throwable) constructor; lambdas with initCause are used where no such constructor exists.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Constructor entitlement rules updated to throw appropriate checked exceptions instead of
NotEntitledException(aRuntimeException). Method references (IOException::new) are used where the exception has a(Throwable)constructor; lambdas withinitCauseare used where no such constructor exists.FileInstrumentationRandomAccessFile(File, String)NotEntitledExceptionFileNotFoundExceptionRandomAccessFile(String, String)NotEntitledExceptionFileNotFoundExceptionFileInputStream(String)NotEntitledExceptionFileNotFoundExceptionFileInputStream(File)NotEntitledExceptionFileNotFoundExceptionFileOutputStream(String)NotEntitledExceptionFileNotFoundExceptionFileOutputStream(String, boolean)NotEntitledExceptionFileNotFoundExceptionFileOutputStream(File)NotEntitledExceptionFileNotFoundExceptionFileOutputStream(File, boolean)NotEntitledExceptionFileNotFoundExceptionFileReader(String)NotEntitledExceptionFileNotFoundExceptionFileReader(File)NotEntitledExceptionFileNotFoundExceptionFileReader(File, Charset)NotEntitledExceptionIOExceptionFileReader(String, Charset)NotEntitledExceptionIOExceptionFileWriter(String)NotEntitledExceptionIOExceptionFileWriter(String, boolean)NotEntitledExceptionIOExceptionFileWriter(File)NotEntitledExceptionIOExceptionFileWriter(File, Charset)NotEntitledExceptionIOExceptionFileWriter(File, Charset, boolean)NotEntitledExceptionIOExceptionFileWriter(File, boolean)NotEntitledExceptionIOExceptionFileWriter(String, Charset)NotEntitledExceptionIOExceptionFileWriter(String, Charset, boolean)NotEntitledExceptionIOExceptionJarFile(String)NotEntitledExceptionIOExceptionJarFile(File)NotEntitledExceptionIOExceptionJarFile(String, boolean)NotEntitledExceptionIOExceptionJarFile(File, boolean)NotEntitledExceptionIOExceptionJarFile(File, boolean, int)NotEntitledExceptionIOExceptionJarFile(File, boolean, int, Runtime.Version)NotEntitledExceptionIOExceptionZipFile(String)NotEntitledExceptionIOExceptionZipFile(File)NotEntitledExceptionIOExceptionZipFile(File, int)NotEntitledExceptionIOExceptionZipFile(String, Charset)NotEntitledExceptionIOExceptionZipFile(File, int, Charset)NotEntitledExceptionIOExceptionZipFile(File, Charset)NotEntitledExceptionIOExceptionPrintWriter(File)NotEntitledExceptionFileNotFoundExceptionPrintWriter(File, String)NotEntitledExceptionFileNotFoundExceptionPrintWriter(String)NotEntitledExceptionFileNotFoundExceptionPrintWriter(String, String)NotEntitledExceptionFileNotFoundExceptionScanner(File)NotEntitledExceptionFileNotFoundExceptionScanner(File, String)NotEntitledExceptionFileNotFoundExceptionScanner(File, Charset)NotEntitledExceptionIOExceptionFileHandler()NotEntitledExceptionIOExceptionFileHandler(String)NotEntitledExceptionIOExceptionFileHandler(String, boolean)NotEntitledExceptionIOExceptionFileHandler(String, int, int)NotEntitledExceptionIOExceptionFileHandler(String, int, int, boolean)NotEntitledExceptionIOExceptionFileHandler(String, long, int, boolean)NotEntitledExceptionIOExceptionNetworkInstrumentationURL(String, String, int, String, URLStreamHandler)NotEntitledExceptionMalformedURLExceptionURL(URL, String, URLStreamHandler)NotEntitledExceptionMalformedURLExceptionSocket(String, int)NotEntitledExceptionIOExceptionSocket(String, int, InetAddress, int)NotEntitledExceptionIOExceptionSocket(InetAddress, int)NotEntitledExceptionIOExceptionSocket(InetAddress, int, InetAddress, int)NotEntitledExceptionIOExceptionSocket(String, int, boolean)NotEntitledExceptionIOExceptionSocket(InetAddress, int, boolean)NotEntitledExceptionIOExceptionServerSocket()NotEntitledExceptionIOExceptionServerSocket(int)NotEntitledExceptionIOExceptionServerSocket(int, int)NotEntitledExceptionIOExceptionServerSocket(int, int, InetAddress)NotEntitledExceptionIOExceptionDatagramSocket()NotEntitledExceptionSocketExceptionDatagramSocket(int)NotEntitledExceptionSocketExceptionDatagramSocket(int, InetAddress)NotEntitledExceptionSocketExceptionDatagramSocket(SocketAddress)NotEntitledExceptionSocketException