Whitelist builtin Java exceptions, rather than display any #1122
Comments
|
Overkill solution: For Java 8, use For Java 9+ which moved classes to the JRT "filesystem", use something like the code below: Main.javaimport java.util.*;
import java.nio.file.*;
import java.net.*;
public class Main {
private static void listFiles(Path dir) throws Exception {
try (DirectoryStream<Path> stream = Files.newDirectoryStream(dir)) {
for (Path entry : stream) {
if (Files.isDirectory(entry)) {
listFiles(entry);
} else {
String demangledName = demangleClassName(entry);
if (demangledName.endsWith("Exception") || demangledName.endsWith("Error")) {
System.out.println(demangledName);
}
}
}
}
}
private static String demangleClassName(Path filePath) {
String fileName = filePath.toString();
String withoutExtension = fileName.substring(0, fileName.lastIndexOf('.'));
String withoutLeadingPackages = withoutExtension.replaceFirst("^/packages/.*?/.*?/", "");
String demangledName = withoutLeadingPackages.replace('$', '.').replace('/', '.');
return demangledName;
}
public static void main(String[] args) throws java.lang.Exception {
FileSystem fs = FileSystems.getFileSystem(URI.create("jrt:/"));
Path rootPath = fs.getPath("/");
listFiles(rootPath);
}
}Maybe this should just live as a cronjob...? Not sure. |
|
Should we try dynamically loading the classes and checking if they extend |
|
If we're doing that then we should definitely do it as a cronjob, otherwise doing it on startup would take too long. |
|
I'm in favour of doing it as a cronjob via Github Actions since this list will only change when Java updates, which is relatively infrequent (and not really worth the overhead on startup). |
|
If by cronjob then we ought to do only the Java 9+ thing, since exceptions are unlikely to be removed, but may be added. |
|
And I guess to make this more likely, we should only whitelist |
No description provided.
The text was updated successfully, but these errors were encountered: