Skip to content

Commit 2c8ccf7

Browse files
moschemosche
authored
[Entitlements] Deny setting global defaults for Locale / TimeZone (#120804) (#120878)
Part of #ES-10359
1 parent 250c32b commit 2c8ccf7

File tree

4 files changed

+44
-0
lines changed

4 files changed

+44
-0
lines changed

libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,9 @@
4242
import java.nio.channels.SocketChannel;
4343
import java.security.cert.CertStoreParameters;
4444
import java.util.List;
45+
import java.util.Locale;
4546
import java.util.Properties;
47+
import java.util.TimeZone;
4648

4749
import javax.net.ssl.HostnameVerifier;
4850
import javax.net.ssl.HttpsURLConnection;
@@ -188,6 +190,12 @@ public interface EntitlementChecker {
188190

189191
void check$java_util_logging_LogManager$(Class<?> callerClass);
190192

193+
void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale locale);
194+
195+
void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale.Category category, Locale locale);
196+
197+
void check$java_util_TimeZone$$setDefault(Class<?> callerClass, TimeZone zone);
198+
191199
void check$java_net_DatagramSocket$$setDatagramSocketImplFactory(Class<?> callerClass, DatagramSocketImplFactory fac);
192200

193201
void check$java_net_HttpURLConnection$$setFollowRedirects(Class<?> callerClass, boolean set);

libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,10 @@ static CheckAction alwaysDenied(CheckedRunnable<Exception> action) {
123123
entry("timeZoneNameProvider", alwaysDenied(RestEntitlementsCheckAction::timeZoneNameProvider$)),
124124
entry("logManager", alwaysDenied(RestEntitlementsCheckAction::logManager$)),
125125

126+
entry("locale_setDefault", alwaysDenied(WritePropertiesCheckActions::setDefaultLocale)),
127+
entry("locale_setDefaultForCategory", alwaysDenied(WritePropertiesCheckActions::setDefaultLocaleForCategory)),
128+
entry("timeZone_setDefault", alwaysDenied(WritePropertiesCheckActions::setDefaultTimeZone)),
129+
126130
entry("system_setProperty", forPlugins(WritePropertiesCheckActions::setSystemProperty)),
127131
entry("system_clearProperty", forPlugins(WritePropertiesCheckActions::clearSystemProperty)),
128132
entry("system_setSystemProperties", alwaysDenied(WritePropertiesCheckActions::setSystemProperties)),

libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/WritePropertiesCheckActions.java

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@
1111

1212
import org.elasticsearch.core.SuppressForbidden;
1313

14+
import java.util.Locale;
15+
import java.util.TimeZone;
16+
1417
@SuppressForbidden(reason = "testing entitlements")
1518
class WritePropertiesCheckActions {
1619
private WritePropertiesCheckActions() {}
@@ -32,4 +35,16 @@ static void clearSystemProperty() {
3235
static void setSystemProperties() {
3336
System.setProperties(System.getProperties()); // no side effect in case if allowed (but shouldn't)
3437
}
38+
39+
static void setDefaultLocale() {
40+
Locale.setDefault(Locale.getDefault());
41+
}
42+
43+
static void setDefaultLocaleForCategory() {
44+
Locale.setDefault(Locale.Category.DISPLAY, Locale.getDefault(Locale.Category.DISPLAY));
45+
}
46+
47+
static void setDefaultTimeZone() {
48+
TimeZone.setDefault(TimeZone.getDefault());
49+
}
3550
}

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,9 @@
4646
import java.nio.channels.SocketChannel;
4747
import java.security.cert.CertStoreParameters;
4848
import java.util.List;
49+
import java.util.Locale;
4950
import java.util.Properties;
51+
import java.util.TimeZone;
5052

5153
import javax.net.ssl.HostnameVerifier;
5254
import javax.net.ssl.HttpsURLConnection;
@@ -292,6 +294,21 @@ public ElasticsearchEntitlementChecker(PolicyManager policyManager) {
292294
policyManager.checkChangeJVMGlobalState(callerClass);
293295
}
294296

297+
@Override
298+
public void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale.Category category, Locale locale) {
299+
policyManager.checkChangeJVMGlobalState(callerClass);
300+
}
301+
302+
@Override
303+
public void check$java_util_Locale$$setDefault(Class<?> callerClass, Locale locale) {
304+
policyManager.checkChangeJVMGlobalState(callerClass);
305+
}
306+
307+
@Override
308+
public void check$java_util_TimeZone$$setDefault(Class<?> callerClass, TimeZone zone) {
309+
policyManager.checkChangeJVMGlobalState(callerClass);
310+
}
311+
295312
@Override
296313
public void check$java_net_DatagramSocket$$setDatagramSocketImplFactory(Class<?> callerClass, DatagramSocketImplFactory fac) {
297314
policyManager.checkChangeJVMGlobalState(callerClass);

0 commit comments

Comments
 (0)