From 45ad8db76a65f55db923ac1a9a210c8b2ea8fecc Mon Sep 17 00:00:00 2001
From: Dominik Stadler <dominik.stadler@gmx.at>
Date: Sun, 8 Nov 2015 11:59:55 +0100
Subject: [PATCH 1/3] Add a bundle 'jdk-reflection' which allows to forbid
 certain reflection calls which are usually blocked by SecurityManagers

---
 build.xml                                     |   3 +-
 .../signatures/jdk-reflection.txt             |  19 ++++++++
 src/test/antunit/OracleReflection.class       | Bin 0 -> 1087 bytes
 src/test/antunit/OracleReflection.java        |  42 ++++++++++++++++++
 src/test/antunit/TestOracleReflection.xml     |  31 +++++++++++++
 5 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100644 src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt
 create mode 100644 src/test/antunit/OracleReflection.class
 create mode 100644 src/test/antunit/OracleReflection.java
 create mode 100644 src/test/antunit/TestOracleReflection.xml

diff --git a/build.xml b/build.xml
index 24acd02f..a550b4d0 100644
--- a/build.xml
+++ b/build.xml
@@ -477,6 +477,7 @@
       <bundledsignatures name="jdk-unsafe-${build.java.runtime}"/>
       <bundledsignatures name="jdk-deprecated-${build.java.runtime}"/>
       <bundledsignatures name="jdk-system-out"/>
+      <bundledsignatures name="jdk-reflection"/>
     </forbiddenapis>
   </target>
 
@@ -649,4 +650,4 @@
   </target>
 
   <target name="jenkins" depends="clean,dist,test,documentation,-stage.snapshots" description="Runs Jenkins Nightly"/>
-</project>
\ No newline at end of file
+</project>
diff --git a/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt b/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt
new file mode 100644
index 00000000..a4c31f27
--- /dev/null
+++ b/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt
@@ -0,0 +1,19 @@
+# (C) Copyright Uwe Schindler (Generics Policeman) and others.
+# Parts of this work are licensed to the Apache Software Foundation (ASF)
+# under one or more contributor license agreements.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9
+java.lang.reflect.AccessibleObject#setAccessible(boolean) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9
+java.lang.reflect.Method#invoke(java.lang.Object, java.lang.Object[]) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9
diff --git a/src/test/antunit/OracleReflection.class b/src/test/antunit/OracleReflection.class
new file mode 100644
index 0000000000000000000000000000000000000000..10d84d4c8a031da10f9f9863547f1dea1d6abe46
GIT binary patch
literal 1087
zcmaJ=?M@R>5IwhDyLG!2C?cgrsQA&A0u}sDjnSYa#v+LrjQVT4T*~6IHM<M(4SXH_
zQxc6nfDdInw=L~T8?x!%nKN@|&YbD~`TOHHfHgcckivBxH<Cyj&~ekiEfkX|=qM?_
zY+w;Z12L6UQO=S;V$YH8?yA6K{lGf5s;=cVt1rD!Hl<%<__5<T;S+&)sk|egt+#fi
zz*yb!<m;ouhV<WB4VOr!-m)!s$MPNJ_dqS&cLEjL@-5qyZ{(gU?a*m?EUbkx2nF(`
za-^@{&8TiDPD~QEz(gdz?pi^h@I8T<2tIW0P#`xVzA3}~mMUz#_+rb?ib|kknZ9Dv
zjndg}9r?E0aMWN^XSuH^nM{mfTwwfc(8LO=I&Pa-#Ts=QNZO%p;tuZWxW}7=$X4Tk
zs+hQs2i(E{?^9%UQ-;r_?OMLv?Pw#gT#C%M9r}*fteq$2^q}y6Y6+wR89uXZ83aye
zm0Ib8TJ=Pv=czJJM>PEy;nCgCC>nj`v%@@2t0x@qxb=yeKZ>^L%2SKB=|RyxJqQK<
zyHorc1kW@s(TelOWf7U6RplvoURXSV_)a5+4Bv?kn8hS*vzvg+n4*`&6-+ZrUH-~q
zs@!TO_G&Q`Z$qnBv^HyH67gTq+emIM(Z9I#6S4OvFbJmFFyB?a@lv<Z9KS;#$1-^s
zm?g70dh>h=<hIZuQ0TN-K^8O2HBe+mo}_XlGK;IMG)G(`GEckEpRGbv%{DYwIWm{%
M%_VS+sWB}41EPlaH2?qr

literal 0
HcmV?d00001

diff --git a/src/test/antunit/OracleReflection.java b/src/test/antunit/OracleReflection.java
new file mode 100644
index 00000000..17000ae0
--- /dev/null
+++ b/src/test/antunit/OracleReflection.java
@@ -0,0 +1,42 @@
+/*
+ * (C) Copyright Uwe Schindler (Generics Policeman) and others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* The binary class file is packaged together with the source distribution.
+ */
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.util.*;
+
+class OracleReflection {
+  static Field test() throws Exception {
+    Class c = OracleReflection.class;
+    Field f = c.getDeclaredField("field1");
+    f.setAccessible(true);
+    
+    Method m = c.getDeclaredMethod("testMethod");
+    m.setAccessible(true);
+    m.invoke(new OracleReflection());
+    
+    return f;
+  }
+  
+  private Integer field1;
+
+  private void testMethod() {
+    // nothing to do here
+  }
+}
diff --git a/src/test/antunit/TestOracleReflection.xml b/src/test/antunit/TestOracleReflection.xml
new file mode 100644
index 00000000..1447289c
--- /dev/null
+++ b/src/test/antunit/TestOracleReflection.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ * (C) Copyright Uwe Schindler (Generics Policeman) and others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+-->
+<project xmlns:au="antlib:org.apache.ant.antunit">
+
+  <target name="testReflection">
+    <au:expectfailure expectedMessage="Check for forbidden API calls failed, see log">
+      <forbiddenapis>
+        <bundledsignatures name="jdk-reflection"/>
+        <file file="OracleReflection.class"/>
+      </forbiddenapis>
+    </au:expectfailure>
+    <au:assertLogContains level="error" text="java.lang.reflect.AccessibleObject#setAccessible(boolean) [Reflection usage fails with SecurityManagers"/>
+    <au:assertLogContains level="error" text="java.lang.reflect.Method#invoke(java.lang.Object, java.lang.Object[]) [Reflection usage fails with SecurityManagers"/>
+    <au:assertLogContains level="error" text=" 3 error(s)"/> 
+  </target>
+
+</project>
\ No newline at end of file

From 2015c7eb862a7b66a8f4e05e770400e742ee0072 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <dominik.stadler@gmx.at>
Date: Wed, 11 Nov 2015 22:18:21 +0100
Subject: [PATCH 2/3] Remove warning on Method.invoke(), just keep the
 AccessibleObject.setAccessible() checks

---
 .../de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt  | 1 -
 src/test/antunit/TestOracleReflection.xml                    | 5 ++---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt b/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt
index a4c31f27..4010807d 100644
--- a/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt
+++ b/src/main/resources/de/thetaphi/forbiddenapis/signatures/jdk-reflection.txt
@@ -16,4 +16,3 @@
 
 java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9
 java.lang.reflect.AccessibleObject#setAccessible(boolean) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9
-java.lang.reflect.Method#invoke(java.lang.Object, java.lang.Object[]) @ Reflection usage fails with SecurityManagers and likely will not work any more in Java 9
diff --git a/src/test/antunit/TestOracleReflection.xml b/src/test/antunit/TestOracleReflection.xml
index 1447289c..5294db66 100644
--- a/src/test/antunit/TestOracleReflection.xml
+++ b/src/test/antunit/TestOracleReflection.xml
@@ -24,8 +24,7 @@
       </forbiddenapis>
     </au:expectfailure>
     <au:assertLogContains level="error" text="java.lang.reflect.AccessibleObject#setAccessible(boolean) [Reflection usage fails with SecurityManagers"/>
-    <au:assertLogContains level="error" text="java.lang.reflect.Method#invoke(java.lang.Object, java.lang.Object[]) [Reflection usage fails with SecurityManagers"/>
-    <au:assertLogContains level="error" text=" 3 error(s)"/> 
+    <au:assertLogContains level="error" text=" 2 error(s)"/> 
   </target>
 
-</project>
\ No newline at end of file
+</project>

From 5eecb1817e848f5542f190a2c1c74576a2596223 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <dominik.stadler@gmx.at>
Date: Thu, 12 Nov 2015 20:35:02 +0100
Subject: [PATCH 3/3] Rename OracleReflection to Java6Reflection

---
 src/test/antunit/Java6Reflection.class           | Bin 0 -> 1084 bytes
 ...racleReflection.java => Java6Reflection.java} |   6 +++---
 src/test/antunit/OracleReflection.class          | Bin 1087 -> 0 bytes
 ...cleReflection.xml => TestJava6Reflection.xml} |   0
 4 files changed, 3 insertions(+), 3 deletions(-)
 create mode 100644 src/test/antunit/Java6Reflection.class
 rename src/test/antunit/{OracleReflection.java => Java6Reflection.java} (91%)
 delete mode 100644 src/test/antunit/OracleReflection.class
 rename src/test/antunit/{TestOracleReflection.xml => TestJava6Reflection.xml} (100%)

diff --git a/src/test/antunit/Java6Reflection.class b/src/test/antunit/Java6Reflection.class
new file mode 100644
index 0000000000000000000000000000000000000000..91eb84318465396b9f6866253cbe7e08c42d3a31
GIT binary patch
literal 1084
zcmaJ=?M@R>5IwhDyLH(L6qNEIRQ%{Ct)QZ&#%NFywP+#+qyE}%Z_DDcHM<M(4SXH_
zQxc6nfDdInw=Hy~#5CJGb7t<DGc&ut|9t-iU=8;SjNz(|Ye}RG=(uj+269Pcb>x*_
zFi=F!Kujf-lv5T+v>fR+R|Tf(d)A><buF)5eddL-E&Uq94;;@49}2|tg&hHHqtlcE
z<8{ZAFAw$`(tl$$Tq5au$F|%Z%XgGN0JU(}2?QqV&&j<0TDDwihfc>MuNKN66qwH!
zB4z!4Ms-t3Vv?}c<)N$%*9roKw*+P*_{hC|fw?o{TQc13C}QL3XIp+!QUV<-^p%=^
zl+JeNz_;b5qxzaYCB355m>9<dr*JA}qJpZ9n<iGV#_%cOCT`)jjynPq!^o?~9%o`=
z9e25cA$}r|*=-p<k+y63ve}!Az)C*S-FE0ZUc2_cLCy?`|CyCQDv;r0+m=D#^!BLb
z->W@OMrt0<<<S{MKSXr&w{w<^leuR`bsV!N9PhC6krTfkEz=)QEm~#(Me7V8Wcg~3
z@ly~yQ@B7Y&WF1qGD)k-Q}8@jJc9T}BZf5p6Fo44DcWW~0n@lhFNsT-VV1i5g=C6u
zH643VOvk&>>Lsm9u5=>)6M7fPtup=d<sXQ>JAy%QtPAsP=_@bw3oY^^1m;LH4+9HS
zwn%S@zbv&a_XK2nWh%&EmbnIU%$TRBISN_8Wil-i*N809&YtvEBC2{D>8lXwi|=!<
LFM%sejbZsO1#k6O

literal 0
HcmV?d00001

diff --git a/src/test/antunit/OracleReflection.java b/src/test/antunit/Java6Reflection.java
similarity index 91%
rename from src/test/antunit/OracleReflection.java
rename to src/test/antunit/Java6Reflection.java
index 17000ae0..c55c8926 100644
--- a/src/test/antunit/OracleReflection.java
+++ b/src/test/antunit/Java6Reflection.java
@@ -21,15 +21,15 @@
 import java.lang.reflect.Method;
 import java.util.*;
 
-class OracleReflection {
+class Java6Reflection {
   static Field test() throws Exception {
-    Class c = OracleReflection.class;
+    Class c = Java6Reflection.class;
     Field f = c.getDeclaredField("field1");
     f.setAccessible(true);
     
     Method m = c.getDeclaredMethod("testMethod");
     m.setAccessible(true);
-    m.invoke(new OracleReflection());
+    m.invoke(new Java6Reflection());
     
     return f;
   }
diff --git a/src/test/antunit/OracleReflection.class b/src/test/antunit/OracleReflection.class
deleted file mode 100644
index 10d84d4c8a031da10f9f9863547f1dea1d6abe46..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1087
zcmaJ=?M@R>5IwhDyLG!2C?cgrsQA&A0u}sDjnSYa#v+LrjQVT4T*~6IHM<M(4SXH_
zQxc6nfDdInw=L~T8?x!%nKN@|&YbD~`TOHHfHgcckivBxH<Cyj&~ekiEfkX|=qM?_
zY+w;Z12L6UQO=S;V$YH8?yA6K{lGf5s;=cVt1rD!Hl<%<__5<T;S+&)sk|egt+#fi
zz*yb!<m;ouhV<WB4VOr!-m)!s$MPNJ_dqS&cLEjL@-5qyZ{(gU?a*m?EUbkx2nF(`
za-^@{&8TiDPD~QEz(gdz?pi^h@I8T<2tIW0P#`xVzA3}~mMUz#_+rb?ib|kknZ9Dv
zjndg}9r?E0aMWN^XSuH^nM{mfTwwfc(8LO=I&Pa-#Ts=QNZO%p;tuZWxW}7=$X4Tk
zs+hQs2i(E{?^9%UQ-;r_?OMLv?Pw#gT#C%M9r}*fteq$2^q}y6Y6+wR89uXZ83aye
zm0Ib8TJ=Pv=czJJM>PEy;nCgCC>nj`v%@@2t0x@qxb=yeKZ>^L%2SKB=|RyxJqQK<
zyHorc1kW@s(TelOWf7U6RplvoURXSV_)a5+4Bv?kn8hS*vzvg+n4*`&6-+ZrUH-~q
zs@!TO_G&Q`Z$qnBv^HyH67gTq+emIM(Z9I#6S4OvFbJmFFyB?a@lv<Z9KS;#$1-^s
zm?g70dh>h=<hIZuQ0TN-K^8O2HBe+mo}_XlGK;IMG)G(`GEckEpRGbv%{DYwIWm{%
M%_VS+sWB}41EPlaH2?qr

diff --git a/src/test/antunit/TestOracleReflection.xml b/src/test/antunit/TestJava6Reflection.xml
similarity index 100%
rename from src/test/antunit/TestOracleReflection.xml
rename to src/test/antunit/TestJava6Reflection.xml