Create ClassLoaders inside doPrivileged() + Auto-close the WAR file after exploding it

bootstrap/src/main/java/io/jenkins/jenkinsfile/runner/bootstrap/Bootstrap.java

@@ -18,6 +18,9 @@
 import java.net.URLClassLoader;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
@@ -41,7 +44,7 @@ public class Bootstrap {
 
     @Option(name = "-jv", aliases = { "--jenkins-version"}, usage = "jenkins version to use (only in case 'warDir' is not specified). Defaults to latest LTS.")
     public String version;
-    
+
     /**
      * Where to load plugins from?
      */
@@ -108,7 +111,7 @@ public class Bootstrap {
 
     @Option(name = "-v", aliases = { "--version" }, usage = "Prints the current Jenkinsfile Runner version")
     public boolean showVersion;
-  
+
     @Option(name = "-h", aliases = { "--help"}, usage = "Prints help information.", help = true, forbids = { "-v", "-w", "-p", "-f", "--runWorkspace" })
     public boolean help;
 
@@ -237,7 +240,7 @@ public void postConstruct(CmdLineParser parser) throws IOException {
         }
     }
 
-    private String getVersion() throws IOException {
+    private String getVersion() {
        return getClass().getPackage().getImplementationVersion();
     }
 
@@ -338,12 +341,12 @@ public int run() throws Throwable {
         }
     }
 
-    public ClassLoader createJenkinsWarClassLoader() throws IOException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
-        return new ClassLoaderBuilder(new SideClassLoader(getPlatformClassloader()))
-                .collectJars(new File(warDir,"WEB-INF/lib"))
+    public ClassLoader createJenkinsWarClassLoader() throws PrivilegedActionException {
+        return AccessController.doPrivileged((PrivilegedExceptionAction<ClassLoader>) () -> new ClassLoaderBuilder(new SideClassLoader(getPlatformClassloader()))
+                .collectJars(new File(warDir, "WEB-INF/lib"))
                 // servlet API needs to be visible to jenkins.war
-                .collectJars(new File(getAppRepo(),"javax/servlet"))
-                .make();
+                .collectJars(new File(getAppRepo(), "javax/servlet"))
+                .make());
     }
 
     public ClassLoader createSetupClassLoader(ClassLoader jenkins) throws IOException {

bootstrap/src/main/java/io/jenkins/jenkinsfile/runner/bootstrap/ClassLoaderBuilder.java

@@ -5,6 +5,8 @@
 import java.io.IOException;
 import java.net.URL;
 import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -43,6 +45,7 @@ public ClassLoaderBuilder collectJars(File dir) throws IOException {
     }
 
     public ClassLoader make() {
-        return new URLClassLoader(jars.toArray(new URL[jars.size()]),parent);
+        return AccessController.doPrivileged((PrivilegedAction<URLClassLoader>) () -> new URLClassLoader(jars.toArray(
+                new URL[jars.size()]), parent));
     }
 }

bootstrap/src/main/java/io/jenkins/jenkinsfile/runner/bootstrap/Util.java

@@ -15,35 +15,36 @@
 public class Util {
 
     public static File explodeWar(String jarPath) throws IOException {
-        JarFile jarfile = new JarFile(new File(jarPath));
-        Enumeration<JarEntry> enu = jarfile.entries();
+        try (JarFile jarfile = new JarFile(new File(jarPath))) {
+            Enumeration<JarEntry> enu = jarfile.entries();
 
-        // Get current working directory path
-        Path currentPath = FileSystems.getDefault().getPath("").toAbsolutePath();
-        //Create Temporary directory
-        Path path = Files.createTempDirectory(currentPath.toAbsolutePath(), "jenkinsfile-runner");
-        File destDir = path.toFile();
+            // Get current working directory path
+            Path currentPath = FileSystems.getDefault().getPath("").toAbsolutePath();
+            //Create Temporary directory
+            Path path = Files.createTempDirectory(currentPath.toAbsolutePath(), "jenkinsfile-runner");
+            File destDir = path.toFile();
 
-        while(enu.hasMoreElements()) {
-            JarEntry je = enu.nextElement();
-            File file = new File(destDir, je.getName());
-            if (!file.exists()) {
-                file.getParentFile().mkdirs();
-                file = new File(destDir, je.getName());
-            }
-            if (je.isDirectory()) {
-                continue;
-            }
-            InputStream is = jarfile.getInputStream(je);
+            while (enu.hasMoreElements()) {
+                JarEntry je = enu.nextElement();
+                File file = new File(destDir, je.getName());
+                if (!file.exists()) {
+                    file.getParentFile().mkdirs();
+                    file = new File(destDir, je.getName());
+                }
+                if (je.isDirectory()) {
+                    continue;
+                }
+                InputStream is = jarfile.getInputStream(je);
 
-            try (FileOutputStream fo = new FileOutputStream(file)) {
-                while (is.available() > 0) {
-                    fo.write(is.read());
+                try (FileOutputStream fo = new FileOutputStream(file)) {
+                    while (is.available() > 0) {
+                        fo.write(is.read());
+                    }
+                    fo.close();
+                    is.close();
                 }
-                fo.close();
-                is.close();
             }
+            return destDir;
         }
-        return destDir;
     }
 }