Test with --sun-misc-unsafe-memory-access=deny

trask · trask · commit efd8b2dff8e8 · 2025-09-19T13:06:03.000-07:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -70,11 +70,13 @@ jobs:
 
       - name: Set up gradle
         uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
+
       - name: Build
         run: >
             ./gradlew build
             ${{ matrix.coverage && 'jacocoTestReport' || '' }}
             -PtestJavaVersion=${{ matrix.test-java-version }}
+            ${{ matrix.test-java-version == 23 && '-PdenyUnsafe=true' || '' }}
             "-Porg.gradle.java.installations.paths=${{ steps.setup-java-test.outputs.path }}"
             "-Porg.gradle.java.installations.auto-download=false"
         env:
diff --git a/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts b/buildSrc/src/main/kotlin/otel.java-conventions.gradle.kts
@@ -70,6 +70,7 @@ dependencyCheck {
 }
 
 val testJavaVersion = gradle.startParameter.projectProperties.get("testJavaVersion")?.let(JavaVersion::toVersion)
+val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
 
 tasks {
   withType<JavaCompile>().configureEach {
@@ -114,6 +115,11 @@ tasks {
       )
     }
 
+    // Add JVM arguments when denyUnsafe property is set
+    if (denyUnsafe) {
+      jvmArgs("--sun-misc-unsafe-memory-access=deny")
+    }
+
     val defaultMaxRetries = if (System.getenv().containsKey("CI")) 2 else 0
     val maxTestRetries = gradle.startParameter.projectProperties["maxTestRetries"]?.toInt() ?: defaultMaxRetries
 
diff --git a/exporters/common/build.gradle.kts b/exporters/common/build.gradle.kts
@@ -76,6 +76,13 @@ testing {
 }
 
 tasks {
+  // Use custom Security Manager to prevent UnsafeUtil from accessing sun.misc.Unsafe
+  withType<Test>().configureEach {
+    val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+    if (denyUnsafe) {
+      jvmArgs("-Djava.security.manager=io.opentelemetry.exporter.internal.unsafe.ProtobufWorkaroundSecurityManager")
+    }
+  }
   check {
     dependsOn(testing.suites)
   }
diff --git a/exporters/common/src/test/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/common/src/test/java/io/opentelemetry/exporter/internal/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+    
+    @Override
+    public void checkPermission(Permission perm) {
+        // Block access to sun.misc.Unsafe fields
+        if (perm instanceof java.lang.reflect.ReflectPermission) {
+            if ("suppressAccessChecks".equals(perm.getName())) {
+                // Get the stack trace to see what's trying to access
+                StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+                for (StackTraceElement element : stack) {
+                    if (element.getClassName().contains("UnsafeUtil") && 
+                        element.getMethodName().contains("getUnsafe")) {
+                        throw new SecurityException("Access to sun.misc.Unsafe denied");
+                    }
+                }
+            }
+        }
+        // Allow everything else
+    }
+    
+    @Override
+    public void checkPermission(Permission perm, Object context) {
+        checkPermission(perm);
+    }
+}
diff --git a/exporters/otlp/common/build.gradle.kts b/exporters/otlp/common/build.gradle.kts
@@ -41,6 +41,14 @@ dependencies {
   jmhImplementation("io.grpc:grpc-netty")
 }
 
+tasks.withType<Test>().configureEach {
+  val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+  if (denyUnsafe) {
+    // Use Security Manager to handle protobuf unsafe access
+    jvmArgs("-Djava.security.manager=io.opentelemetry.exporter.internal.otlp.unsafe.ProtobufWorkaroundSecurityManager")
+  }
+}
+
 testing {
   suites {
     register<JvmTestSuite>("testIncubating") {
diff --git a/exporters/otlp/common/src/test/java/io/opentelemetry/exporter/internal/otlp/unsafe/ProtobufWorkaroundSecurityManager.java b/exporters/otlp/common/src/test/java/io/opentelemetry/exporter/internal/otlp/unsafe/ProtobufWorkaroundSecurityManager.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.exporter.internal.otlp.unsafe;
+
+import java.security.Permission;
+
+public class ProtobufWorkaroundSecurityManager extends SecurityManager {
+    
+    @Override
+    public void checkPermission(Permission perm) {
+        // Block access to sun.misc.Unsafe fields
+        if (perm instanceof java.lang.reflect.ReflectPermission) {
+            if ("suppressAccessChecks".equals(perm.getName())) {
+                // Get the stack trace to see what's trying to access
+                StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+                for (StackTraceElement element : stack) {
+                    if (element.getClassName().contains("UnsafeUtil") && 
+                        element.getMethodName().contains("getUnsafe")) {
+                        throw new SecurityException("Access to sun.misc.Unsafe denied");
+                    }
+                }
+            }
+        }
+        // Allow everything else
+    }
+    
+    @Override
+    public void checkPermission(Permission perm, Object context) {
+        checkPermission(perm);
+    }
+}
diff --git a/opencensus-shim/build.gradle.kts b/opencensus-shim/build.gradle.kts
@@ -30,4 +30,11 @@ tasks.named<Test>("test") {
   // methods available.
   setForkEvery(1)
   maxParallelForks = 3
+  
+  // OpenCensus uses LMAX Disruptor 3.4.2 which requires unsafe memory access
+  // Override the global --sun-misc-unsafe-memory-access=deny setting for this module
+  val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false
+  if (denyUnsafe) {
+    jvmArgs("--sun-misc-unsafe-memory-access=allow")
+  }
 }
diff --git a/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java b/sdk/trace-shaded-deps/src/test/java/io/opentelemetry/sdk/trace/internal/JcToolsTest.java
@@ -43,7 +43,7 @@ void drain_ArrayBlockingQueue() {
   void drain_MessagePassingQueue() {
     // Arrange
     batch.add("Test3");
-    Queue<String> queue = new MpscArrayQueue<>(10);
+    Queue<String> queue = JcTools.newFixedSizeQueue(10);
     queue.add("Test1");
     queue.add("Test2");
 
@@ -58,7 +58,7 @@ void drain_MessagePassingQueue() {
   @Test
   void drain_MaxBatch() {
     // Arrange
-    Queue<String> queue = new MpscArrayQueue<>(10);
+    Queue<String> queue = JcTools.newFixedSizeQueue(10);
     queue.add("Test1");
     queue.add("Test2");
 
@@ -79,7 +79,10 @@ void newFixedSize_MpscQueue() {
     Queue<Object> objects = JcTools.newFixedSizeQueue(capacity);
 
     // Assert
-    assertThat(objects).isInstanceOf(MpscArrayQueue.class);
+    assertThat(objects).satisfiesAnyOf(
+        queue -> assertThat(queue).isInstanceOf(MpscArrayQueue.class),
+        queue -> assertThat(queue).isInstanceOf(ArrayBlockingQueue.class)
+    );
   }
 
   @Test
@@ -92,7 +95,7 @@ void capacity_MpscQueue() {
     long queueSize = JcTools.capacity(queue);
 
     // Assert
-    assertThat(queueSize).isGreaterThan(capacity);
+    assertThat(queueSize).isGreaterThanOrEqualTo(capacity);
   }
 
   @Test

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ dependencyCheck {`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`val testJavaVersion = gradle.startParameter.projectProperties.get("testJavaVersion")?.let(JavaVersion::toVersion)`
	`73`	`+val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false`
`73`	`74`
`74`	`75`	`tasks {`
`75`	`76`	`withType<JavaCompile>().configureEach {`
`@@ -114,6 +115,11 @@ tasks {`
`114`	`115`	`)`
`115`	`116`	`}`
`116`	`117`
	`118`	`+ // Add JVM arguments when denyUnsafe property is set`
	`119`	`+ if (denyUnsafe) {`
	`120`	`+ jvmArgs("--sun-misc-unsafe-memory-access=deny")`
	`121`	`+ }`
	`122`	`+`
`117`	`123`	`val defaultMaxRetries = if (System.getenv().containsKey("CI")) 2 else 0`
`118`	`124`	`val maxTestRetries = gradle.startParameter.projectProperties["maxTestRetries"]?.toInt() ?: defaultMaxRetries`
`119`	`125`
Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,13 @@ testing {`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`tasks {`
	`79`	`+ // Use custom Security Manager to prevent UnsafeUtil from accessing sun.misc.Unsafe`
	`80`	`+ withType<Test>().configureEach {`
	`81`	`+ val denyUnsafe = gradle.startParameter.projectProperties.get("denyUnsafe")?.toBoolean() ?: false`
	`82`	`+ if (denyUnsafe) {`
	`83`	`+ jvmArgs("-Djava.security.manager=io.opentelemetry.exporter.internal.unsafe.ProtobufWorkaroundSecurityManager")`
	`84`	`+ }`
	`85`	`+ }`
`79`	`86`	`check {`
`80`	`87`	`dependsOn(testing.suites)`
`81`	`88`	`}`