hbase-shaded/hbase-shaded-check-invariants/src/test/resources/ensure-jars-have-correct-contents.sh - hbase - Git at Google

 #!/usr/bin/env bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 set -e
 function usage {
   echo "Usage: ${0} [options] [/path/to/some/example.jar:/path/to/another/example/created.jar]"
   echo ""
   echo "  accepts a single command line argument with a colon separated list of"
   echo "  paths to jars to check. Iterates through each such passed jar and checks"
   echo "  all the contained paths to make sure they follow the below constructed"
   echo "  safe list."
   echo ""
   echo "    --allow-hadoop     Include stuff from the Apache Hadoop project in the list"
   echo "                       of allowed jar contents. default: false"
   echo "    --debug            print more info to stderr"
   exit 1
 }
 # if no args specified, show usage
 if [ $# -lt 1 ]; then
   usage
 fi

 # Get arguments
 declare allow_hadoop
 declare debug
 while [ $# -gt 0 ]
 do
   case "$1" in
     --allow-hadoop) shift; allow_hadoop="true";;
     --debug) shift; debug="true";;
     --) shift; break;;
     -*) usage ;;
     *)  break;;  # terminate while loop
   esac
 done

 # should still have jars to check.
 if [ $# -lt 1 ]; then
   usage
 fi
 if [ -n "${debug}" ]; then
   echo "[DEBUG] Checking on jars: $*" >&2
   echo "jar command is: $(which jar)" >&2
   echo "grep command is: $(which grep)" >&2
   grep -V >&2 || true
 fi

 IFS=: read -r -d '' -a artifact_list < <(printf '%s\0' "$1")

 # we have to allow the directories that lead to the hbase dirs
 allowed_expr="(^org/$|^org/apache/$|^org/apache/hadoop/$"
 # We allow the following things to exist in our client artifacts:
 #   * classes in packages that start with org.apache.hadoop.hbase, which by
 #     convention should be in a path that looks like org/apache/hadoop/hbase
 allowed_expr+="|^org/apache/hadoop/hbase"
 #   * classes in packages that start with org.apache.hbase
 allowed_expr+="|^org/apache/hbase/"
 #   * whatever in the "META-INF" directory
 allowed_expr+="|^META-INF/"
 #   * the folding tables from jcodings
 allowed_expr+="|^tables/"
 #   * contents of hbase-webapps
 allowed_expr+="|^hbase-webapps/"
 #   * HBase's default configuration files, which have the form
 #     "_module_-default.xml"
 allowed_expr+="|^hbase-default.xml$"
 # public suffix list used by httpcomponents
 allowed_expr+="|^mozilla/$"
 allowed_expr+="|^mozilla/public-suffix-list.txt$"
 # Comes from commons-configuration, not sure if relocatable.
 allowed_expr+="|^digesterRules.xml$"
 allowed_expr+="|^properties.dtd$"
 allowed_expr+="|^PropertyList-1.0.dtd$"


 if [ -n "${allow_hadoop}" ]; then
   #   * classes in packages that start with org.apache.hadoop, which by
   #     convention should be in a path that looks like org/apache/hadoop
   allowed_expr+="|^org/apache/hadoop/"
   #   * Hadoop's default configuration files, which have the form
   #     "_module_-default.xml"
   allowed_expr+="|^[^-]*-default.xml$"
   #   * Hadoop's versioning properties files, which have the form
   #     "_module_-version-info.properties"
   allowed_expr+="|^[^-]*-version-info.properties$"
   #   * Hadoop's application classloader properties file.
   allowed_expr+="|^org.apache.hadoop.application-classloader.properties$"
 else
   # We have some classes for integrating with the Hadoop Metrics2 system
   # that have to be in a particular package space due to access rules.
   allowed_expr+="|^org/apache/hadoop/metrics2"
 fi


 allowed_expr+=")"
 declare -i bad_artifacts=0
 declare -a bad_contents
 for artifact in "${artifact_list[@]}"; do
   bad_contents=($(jar tf "${artifact}" | grep -v -E "${allowed_expr}" || true))
   if [ ${#bad_contents[@]} -gt 0 ]; then
     echo "[ERROR] Found artifact with unexpected contents: '${artifact}'"
     echo "    Please check the following and either correct the build or update"
     echo "    the allowed list with reasoning."
     echo ""
     for bad_line in "${bad_contents[@]}"; do
       echo "    ${bad_line}"
     done
     bad_artifacts=${bad_artifacts}+1
   else
     echo "[INFO] Artifact looks correct: '$(basename "${artifact}")'"
   fi
 done

 # if there was atleast one bad artifact, exit with failure
 if [ "${bad_artifacts}" -gt 0 ]; then
   exit 1
 fi
	#!/usr/bin/env bash
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	set -e
	function usage {
	echo "Usage: ${0} [options] [/path/to/some/example.jar:/path/to/another/example/created.jar]"
	echo ""
	echo " accepts a single command line argument with a colon separated list of"
	echo " paths to jars to check. Iterates through each such passed jar and checks"
	echo " all the contained paths to make sure they follow the below constructed"
	echo " safe list."
	echo ""
	echo " --allow-hadoop Include stuff from the Apache Hadoop project in the list"
	echo " of allowed jar contents. default: false"
	echo " --debug print more info to stderr"
	exit 1
	}
	# if no args specified, show usage
	if [ $# -lt 1 ]; then
	usage
	fi

	# Get arguments
	declare allow_hadoop
	declare debug
	while [ $# -gt 0 ]
	do
	case "$1" in
	--allow-hadoop) shift; allow_hadoop="true";;
	--debug) shift; debug="true";;
	--) shift; break;;
	-*) usage ;;
	*) break;; # terminate while loop
	esac
	done

	# should still have jars to check.
	if [ $# -lt 1 ]; then
	usage
	fi
	if [ -n "${debug}" ]; then
	echo "[DEBUG] Checking on jars: $*" >&2
	echo "jar command is: $(which jar)" >&2
	echo "grep command is: $(which grep)" >&2
	grep -V >&2 \|\| true
	fi

	IFS=: read -r -d '' -a artifact_list < <(printf '%s\0' "$1")

	# we have to allow the directories that lead to the hbase dirs
	allowed_expr="(^org/$\|^org/apache/$\|^org/apache/hadoop/$"
	# We allow the following things to exist in our client artifacts:
	# * classes in packages that start with org.apache.hadoop.hbase, which by
	# convention should be in a path that looks like org/apache/hadoop/hbase
	allowed_expr+="\|^org/apache/hadoop/hbase"
	# * classes in packages that start with org.apache.hbase
	allowed_expr+="\|^org/apache/hbase/"
	# * whatever in the "META-INF" directory
	allowed_expr+="\|^META-INF/"
	# * the folding tables from jcodings
	allowed_expr+="\|^tables/"
	# * contents of hbase-webapps
	allowed_expr+="\|^hbase-webapps/"
	# * HBase's default configuration files, which have the form
	# "_module_-default.xml"
	allowed_expr+="\|^hbase-default.xml$"
	# public suffix list used by httpcomponents
	allowed_expr+="\|^mozilla/$"
	allowed_expr+="\|^mozilla/public-suffix-list.txt$"
	# Comes from commons-configuration, not sure if relocatable.
	allowed_expr+="\|^digesterRules.xml$"
	allowed_expr+="\|^properties.dtd$"
	allowed_expr+="\|^PropertyList-1.0.dtd$"


	if [ -n "${allow_hadoop}" ]; then
	# * classes in packages that start with org.apache.hadoop, which by
	# convention should be in a path that looks like org/apache/hadoop
	allowed_expr+="\|^org/apache/hadoop/"
	# * Hadoop's default configuration files, which have the form
	# "_module_-default.xml"
	allowed_expr+="\|^[^-]*-default.xml$"
	# * Hadoop's versioning properties files, which have the form
	# "_module_-version-info.properties"
	allowed_expr+="\|^[^-]*-version-info.properties$"
	# * Hadoop's application classloader properties file.
	allowed_expr+="\|^org.apache.hadoop.application-classloader.properties$"
	else
	# We have some classes for integrating with the Hadoop Metrics2 system
	# that have to be in a particular package space due to access rules.
	allowed_expr+="\|^org/apache/hadoop/metrics2"
	fi


	allowed_expr+=")"
	declare -i bad_artifacts=0
	declare -a bad_contents
	for artifact in "${artifact_list[@]}"; do
	bad_contents=($(jar tf "${artifact}" \| grep -v -E "${allowed_expr}" \|\| true))
	if [ ${#bad_contents[@]} -gt 0 ]; then
	echo "[ERROR] Found artifact with unexpected contents: '${artifact}'"
	echo " Please check the following and either correct the build or update"
	echo " the allowed list with reasoning."
	echo ""
	for bad_line in "${bad_contents[@]}"; do
	echo " ${bad_line}"
	done
	bad_artifacts=${bad_artifacts}+1
	else
	echo "[INFO] Artifact looks correct: '$(basename "${artifact}")'"
	fi
	done

	# if there was atleast one bad artifact, exit with failure
	if [ "${bad_artifacts}" -gt 0 ]; then
	exit 1
	fi