-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Whitelist builtin Java exceptions, rather than display any #1122
Comments
Overkill solution: For Java 8, use For Java 9+ which moved classes to the JRT "filesystem", use something like the code below: Main.javaimport java.util.*;
import java.nio.file.*;
import java.net.*;
public class Main {
private static void listFiles(Path dir) throws Exception {
try (DirectoryStream<Path> stream = Files.newDirectoryStream(dir)) {
for (Path entry : stream) {
if (Files.isDirectory(entry)) {
listFiles(entry);
} else {
String demangledName = demangleClassName(entry);
if (demangledName.endsWith("Exception") || demangledName.endsWith("Error")) {
System.out.println(demangledName);
}
}
}
}
}
private static String demangleClassName(Path filePath) {
String fileName = filePath.toString();
String withoutExtension = fileName.substring(0, fileName.lastIndexOf('.'));
String withoutLeadingPackages = withoutExtension.replaceFirst("^/packages/.*?/.*?/", "");
String demangledName = withoutLeadingPackages.replace('$', '.').replace('/', '.');
return demangledName;
}
public static void main(String[] args) throws java.lang.Exception {
FileSystem fs = FileSystems.getFileSystem(URI.create("jrt:/"));
Path rootPath = fs.getPath("/");
listFiles(rootPath);
}
} Maybe this should just live as a cronjob...? Not sure. |
Should we try dynamically loading the classes and checking if they extend |
If we're doing that then we should definitely do it as a cronjob, otherwise doing it on startup would take too long. |
I'm in favour of doing it as a cronjob via Github Actions since this list will only change when Java updates, which is relatively infrequent (and not really worth the overhead on startup). |
If by cronjob then we ought to do only the Java 9+ thing, since exceptions are unlikely to be removed, but may be added. |
And I guess to make this more likely, we should only whitelist |
No description provided.
The text was updated successfully, but these errors were encountered: