Skip to content

Commit

Permalink
Merge pull request #19304 Grouping of fixes for 7.3.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@bot-gradle
bot-gradle committed Dec 14, 2021
2 parents 2b9a5f8 + 96f4039 commit cbe27b2
Show file tree
Hide file tree
Showing 14 changed files with 155 additions and 17 deletions.
12 changes: 9 additions & 3 deletions ...jects/core/src/main/java/org/gradle/api/internal/initialization/DefaultScriptHandler.java
View file
Expand Up @@ -39,6 +39,7 @@
import org.gradle.groovy.scripts.ScriptSource;
import org.gradle.internal.classloader.ClasspathUtil;
import org.gradle.internal.classpath.ClassPath;
import org.gradle.internal.logging.util.Log4jBannedVersion;
import org.gradle.internal.metaobject.BeanDynamicObject;
import org.gradle.internal.metaobject.DynamicObject;
import org.gradle.internal.resource.ResourceLocation;
Expand Down Expand Up @@ -98,9 +99,6 @@ public ClassPath getNonInstrumentedScriptClassPath() {
@Override
public DependencyHandler getDependencies() {
defineConfiguration();
if (dependencyHandler == null) {
dependencyHandler = dependencyResolutionServices.getDependencyHandler();
}
return dependencyHandler;
}

Expand Down Expand Up @@ -128,6 +126,9 @@ private void defineConfiguration() {
if (configContainer == null) {
configContainer = dependencyResolutionServices.getConfigurationContainer();
}
if (dependencyHandler == null) {
dependencyHandler = dependencyResolutionServices.getDependencyHandler();
}
if (classpathConfiguration == null) {
classpathConfiguration = configContainer.create(CLASSPATH_CONFIGURATION);
// should ideally reuse the `JvmEcosystemUtilities` but this code is too low level
Expand All @@ -139,6 +140,11 @@ private void defineConfiguration() {
attributes.attribute(Bundling.BUNDLING_ATTRIBUTE, instantiator.named(Bundling.class, Bundling.EXTERNAL));
attributes.attribute(TargetJvmVersion.TARGET_JVM_VERSION_ATTRIBUTE, Integer.parseInt(JavaVersion.current().getMajorVersion()));
attributes.attribute(GradlePluginApiVersion.GRADLE_PLUGIN_API_VERSION_ATTRIBUTE, instantiator.named(GradlePluginApiVersion.class, GradleVersion.current().getVersion()));

classpathConfiguration.getDependencyConstraints().add(dependencyHandler.getConstraints().create(Log4jBannedVersion.LOG4J2_CORE_COORDINATES, constraint -> constraint.version(version -> {
version.strictly(Log4jBannedVersion.LOG4J2_CORE_STRICT_VERSION_RANGE);
version.prefer(Log4jBannedVersion.LOG4J2_CORE_PREFERRED_VERSION);
})));
}
}

Expand Down
24 changes: 23 additions & 1 deletion ...re/src/test/groovy/org/gradle/api/internal/initialization/DefaultScriptHandlerTest.groovy
View file
Expand Up @@ -17,6 +17,8 @@ package org.gradle.api.internal.initialization

import org.gradle.api.artifacts.Configuration
import org.gradle.api.artifacts.ConfigurationContainer
import org.gradle.api.artifacts.DependencyConstraintSet
import org.gradle.api.artifacts.dsl.DependencyConstraintHandler
import org.gradle.api.artifacts.dsl.DependencyHandler
import org.gradle.api.artifacts.dsl.RepositoryHandler
import org.gradle.api.attributes.Bundling
Expand All @@ -35,6 +37,8 @@ import spock.lang.Specification
class DefaultScriptHandlerTest extends Specification {
def repositoryHandler = Mock(RepositoryHandler)
def dependencyHandler = Mock(DependencyHandler)
def dependencyConstraintHandler = Mock(DependencyConstraintHandler)
def dependencyConstraintSet = Mock(DependencyConstraintSet)
def configurationContainer = Mock(ConfigurationContainer)
def configuration = Mock(Configuration)
def scriptSource = Stub(ScriptSource)
Expand All @@ -57,11 +61,16 @@ class DefaultScriptHandlerTest extends Specification {

then:
1 * depMgmtServices.configurationContainer >> configurationContainer
1 * depMgmtServices.dependencyHandler >> dependencyHandler
1 * configurationContainer.create('classpath') >> configuration
1 * configuration.attributes >> attributes
1 * attributes.attribute(Usage.USAGE_ATTRIBUTE, _ as Usage)
1 * attributes.attribute(Bundling.BUNDLING_ATTRIBUTE, _ as Bundling)
1 * attributes.attribute(TargetJvmVersion.TARGET_JVM_VERSION_ATTRIBUTE, _)
1 * configuration.getDependencyConstraints() >> dependencyConstraintSet
1 * dependencyConstraintSet.add(_)
1 * dependencyHandler.getConstraints() >> dependencyConstraintHandler
1 * dependencyConstraintHandler.create(_, _)
0 * configurationContainer._
0 * depMgmtServices._
}
Expand All @@ -73,12 +82,16 @@ class DefaultScriptHandlerTest extends Specification {

then:
1 * depMgmtServices.configurationContainer >> configurationContainer
1 * depMgmtServices.dependencyHandler >> dependencyHandler
1 * configurationContainer.create('classpath') >> configuration
1 * configuration.attributes >> attributes
1 * attributes.attribute(Usage.USAGE_ATTRIBUTE, _ as Usage)
1 * attributes.attribute(Bundling.BUNDLING_ATTRIBUTE, _ as Bundling)
1 * attributes.attribute(TargetJvmVersion.TARGET_JVM_VERSION_ATTRIBUTE, _)
1 * depMgmtServices.dependencyHandler >> dependencyHandler
1 * configuration.getDependencyConstraints() >> dependencyConstraintSet
1 * dependencyConstraintSet.add(_)
1 * dependencyHandler.getConstraints() >> dependencyConstraintHandler
1 * dependencyConstraintHandler.create(_, _)
0 * configurationContainer._
0 * depMgmtServices._
}
Expand Down Expand Up @@ -107,11 +120,16 @@ class DefaultScriptHandlerTest extends Specification {

and:
1 * depMgmtServices.configurationContainer >> configurationContainer
1 * depMgmtServices.dependencyHandler >> dependencyHandler
1 * configurationContainer.create('classpath') >> configuration
1 * configuration.attributes >> attributes
1 * attributes.attribute(Usage.USAGE_ATTRIBUTE, _ as Usage)
1 * attributes.attribute(TargetJvmVersion.TARGET_JVM_VERSION_ATTRIBUTE, _)
1 * attributes.attribute(Bundling.BUNDLING_ATTRIBUTE, _ as Bundling)
1 * configuration.getDependencyConstraints() >> dependencyConstraintSet
1 * dependencyConstraintSet.add(_)
1 * dependencyHandler.getConstraints() >> dependencyConstraintHandler
1 * dependencyConstraintHandler.create(_, _)
1 * classpathResolver.resolveClassPath(configuration) >> classpath
}

Expand Down Expand Up @@ -151,6 +169,10 @@ class DefaultScriptHandlerTest extends Specification {
1 * attributes.attribute(Usage.USAGE_ATTRIBUTE, _ as Usage)
1 * attributes.attribute(Bundling.BUNDLING_ATTRIBUTE, _ as Bundling)
1 * attributes.attribute(TargetJvmVersion.TARGET_JVM_VERSION_ATTRIBUTE, _)
1 * configuration.getDependencyConstraints() >> dependencyConstraintSet
1 * dependencyConstraintSet.add(_)
1 * dependencyHandler.getConstraints() >> dependencyConstraintHandler
1 * dependencyConstraintHandler.create(_, _)
1 * dependencyHandler.add('config', 'dep')
}
}
29 changes: 29 additions & 0 deletions ...egTest/groovy/org/gradle/integtests/resolve/ScriptDependencyResolveIntegrationTest.groovy
View file
Expand Up @@ -89,4 +89,33 @@ rootProject.name = 'testproject'
fails "help"
failureHasCause("Conflict(s) found for the following module(s):")
}

def 'carries implicit constraint for log4j-core'() {
given:
mavenRepo().module('org.apache.logging.log4j', 'log4j-core', '2.15.0').publish()

and:
settingsFile << """
buildscript {
repositories { maven { url "${mavenRepo().uri}" } }
dependencies {
classpath "org.apache.logging.log4j:log4j-core"
}
}
rootProject.name = 'testproject'
"""

buildFile << """
buildscript {
repositories { maven { url "${mavenRepo().uri}" } }
dependencies {
classpath "org.apache.logging.log4j:log4j-core"
}
}
"""

expect:
succeeds 'help'
}
}
4 changes: 2 additions & 2 deletions ...ppets/dependencyManagement/declaringRepositories-multipleRepositories/groovy/build.gradle
View file
Expand Up @@ -5,7 +5,7 @@ repositories {
url "https://repo.spring.io/release"
}
maven {
url "https://maven.restlet.com"
url "https://repository.jboss.org/maven2"
}
}
// end::multiple-repositories[]
Expand All @@ -15,7 +15,7 @@ configurations {
}

dependencies {
libs "com.restlet.client:commons:2.0.0"
libs 'jboss:jboss-system:4.2.2.GA'
}

tasks.register('copyLibs', Copy) {
Expand Down
4 changes: 2 additions & 2 deletions ...s/dependencyManagement/declaringRepositories-multipleRepositories/kotlin/build.gradle.kts
View file
Expand Up @@ -5,15 +5,15 @@ repositories {
url = uri("https://repo.spring.io/release")
}
maven {
url = uri("https://maven.restlet.com")
url = uri("https://repository.jboss.org/maven2")
}
}
// end::multiple-repositories[]

val libs by configurations.creating

dependencies {
libs("com.restlet.client:commons:2.0.0")
libs("jboss:jboss-system:4.2.2.GA")
}

tasks.register<Copy>("copyLibs") {
Expand Down
1 change: 0 additions & 1 deletion ...l-integ-testing/src/main/groovy/org/gradle/integtests/fixtures/RepoScriptBlockUtil.groovy
View file
Expand Up @@ -55,7 +55,6 @@ class RepoScriptBlockUtil {
LIGHTBEND_IVY("https://repo.lightbend.com/lightbend/ivy-releases", System.getProperty('org.gradle.integtest.mirrors.lightbendivy'), "ivy"),
SPRING_RELEASES('https://repo.spring.io/release', System.getProperty('org.gradle.integtest.mirrors.springreleases'), 'maven'),
SPRING_SNAPSHOTS('https://repo.spring.io/snapshot/', System.getProperty('org.gradle.integtest.mirrors.springsnapshots'), 'maven'),
RESTLET('https://maven.restlet.com', System.getProperty('org.gradle.integtest.mirrors.restlet'), 'maven'),
GRADLE('https://repo.gradle.org/gradle/repo', System.getProperty('org.gradle.integtest.mirrors.gradle'), 'maven'),
JBOSS('https://repository.jboss.org/maven2/', System.getProperty('org.gradle.integtest.mirrors.jboss'), 'maven'),
GRADLE_PLUGIN("https://plugins.gradle.org/m2", System.getProperty('org.gradle.integtest.mirrors.gradle-prod-plugins'), 'maven'),
Expand Down
2 changes: 1 addition & 1 deletion ...rg/gradle/java/compile/incremental/AbstractJavaGroovyIncrementalCompilationSupport.groovy
View file
Expand Up @@ -29,7 +29,7 @@ abstract class AbstractJavaGroovyIncrementalCompilationSupport extends AbstractI
File source(String... classBodies) {
File out
for (String body : classBodies) {
def className = (body =~ /(?s).*?(?:class|interface|enum) (\w+) .*/)[0][1]
def className = (body =~ /(?s).*?(?:class|interface|enum) ([\w$]+) .*/)[0][1]
assert className: "unable to find class name"
def f = file("src/main/${language.name}/${className}.${language.name}")
f.createFile()
Expand Down
17 changes: 17 additions & 0 deletions ...radle/java/compile/incremental/AbstractSourceIncrementalCompilationIntegrationTest.groovy
View file
Expand Up @@ -492,4 +492,21 @@ sourceSets {
then:
failureCauseContains('Compilation failed')
}

@Issue("https://github.com/gradle/gradle/issues/19257")
def "recompiles classes with \$ in class name after rename"() {
def firstSource = source "class Class\$Name {}"
source "class Main { public static void main(String[] args) { new Class\$Name(); } }"
outputs.snapshot { run language.compileTaskName }

when:
firstSource.delete()
source "class Class\$Name1 {}",
"class Main { public static void main(String[] args) { new Class\$Name1(); } }"
run language.compileTaskName

then:
outputs.deletedClasses("Class\$Name")
outputs.recompiledClasses("Class\$Name1", "Main")
}
}
18 changes: 16 additions & 2 deletions ...dle/api/internal/tasks/compile/incremental/recomp/FileNameDerivingClassNameConverter.java
View file
Expand Up @@ -56,9 +56,23 @@ public Set<String> getRelativeSourcePaths(String className) {
return sourcePaths;
}

Set<String> paths = fileExtensions.stream()
.map(fileExtension -> classNameToRelativePath(className, fileExtension))
.collect(Collectors.toSet());

// Classes with $ may be inner classes
int innerClassIdx = className.indexOf("$");
String baseName = innerClassIdx > 0 ? className.substring(0, innerClassIdx) : className;
return fileExtensions.stream().map(fileExtension -> baseName.replace('.', '/') + fileExtension).collect(Collectors.toSet());
if (innerClassIdx > 0) {
String baseName = className.substring(0, innerClassIdx);
fileExtensions.stream()
.map(fileExtension -> classNameToRelativePath(baseName, fileExtension))
.forEach(paths::add);
}

return paths;
}

private String classNameToRelativePath(String className, String fileExtension) {
return className.replace('.', '/') + fileExtension;
}
}
27 changes: 27 additions & 0 deletions subprojects/logging/src/main/java/org/gradle/internal/logging/util/Log4jBannedVersion.java
View file
@@ -0,0 +1,27 @@
/*
* Copyright 2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.gradle.internal.logging.util;

/**
* This class contains references to log4j-core which had a critical vulnerability,
* see <a url="https://nvd.nist.gov/vuln/detail/CVE-2021-44228">CVE-2021-44228</a>.
*/
public class Log4jBannedVersion {
public static final String LOG4J2_CORE_COORDINATES = "org.apache.logging.log4j:log4j-core";
public static final String LOG4J2_CORE_STRICT_VERSION_RANGE = "[2.15, 3[";
public static final String LOG4J2_CORE_PREFERRED_VERSION = "2.15.0";
}
6 changes: 2 additions & 4 deletions ...ntegtests/samples/dependencymanagement/SamplesDeclaringRepositoriesIntegrationTest.groovy
View file
Expand Up @@ -20,9 +20,7 @@ import org.gradle.integtests.fixtures.AbstractIntegrationSpec
import org.gradle.integtests.fixtures.Sample
import org.gradle.integtests.fixtures.UsesSample
import org.junit.Rule
import spock.lang.Ignore

@Ignore("Ignored as repository used in test has expired certificate")
class SamplesDeclaringRepositoriesIntegrationTest extends AbstractIntegrationSpec {

@Rule
Expand All @@ -40,9 +38,9 @@ class SamplesDeclaringRepositoriesIntegrationTest extends AbstractIntegrationSpe
succeeds('copyLibs')

then:
sample.dir.file("$dsl/build/libs/commons-2.0.0.jar").isFile()
sample.dir.file("$dsl/build/libs/jboss-system-4.2.2.GA.jar").isFile()

where:
dsl << ['groovy']
dsl << ['groovy', 'kotlin']
}
}
4 changes: 3 additions & 1 deletion subprojects/scala/build.gradle.kts
View file
Expand Up @@ -27,7 +27,9 @@ dependencies {
implementation(libs.guava)
implementation(libs.inject)

compileOnly("org.scala-sbt:zinc_2.12:1.3.5")
compileOnly("org.scala-sbt:zinc_2.12:1.3.5") {
exclude(module="log4j-core") // Because not needed and vulnerable
}

testImplementation(project(":base-services-groovy"))
testImplementation(project(":files"))
Expand Down
18 changes: 18 additions & 0 deletions subprojects/scala/src/integTest/groovy/org/gradle/scala/ScalaPluginIntegrationTest.groovy
View file
Expand Up @@ -242,4 +242,22 @@ task someTask
succeeds("assemble")
succeeds("dependencyInsight", "--configuration", "zinc", "--dependency", "zinc")
}

@ToBeFixedForConfigurationCache(because = ":dependencies")
def 'show that log4j-core, if present, is 2_15_0 at the minimum'() {
given:
file('build.gradle') << """
apply plugin: 'scala'
${mavenCentralRepository()}
"""

def versionPattern = ~/.*-> 2\.(\d+).*/
expect:
succeeds('dependencies', '--configuration', 'zinc')
def log4jOutput = result.getOutputLineThatContains("log4j-core:{strictly [2.15, 3[; prefer 2.15.0}")
def matcher = log4jOutput =~ versionPattern
matcher.find()
Integer.valueOf(matcher.group(1)) >= 15
}
}
6 changes: 6 additions & 0 deletions subprojects/scala/src/main/java/org/gradle/api/plugins/scala/ScalaBasePlugin.java
View file
Expand Up @@ -56,6 +56,7 @@
import org.gradle.api.tasks.scala.ScalaCompile;
import org.gradle.api.tasks.scala.ScalaDoc;
import org.gradle.internal.deprecation.DeprecatableConfiguration;
import org.gradle.internal.logging.util.Log4jBannedVersion;
import org.gradle.jvm.tasks.Jar;
import org.gradle.jvm.toolchain.JavaToolchainService;
import org.gradle.jvm.toolchain.JavaToolchainSpec;
Expand Down Expand Up @@ -154,6 +155,11 @@ private void configureConfigurations(final Project project, final Usage incremen
});
});

zinc.getDependencyConstraints().add(dependencyHandler.getConstraints().create(Log4jBannedVersion.LOG4J2_CORE_COORDINATES, constraint -> constraint.version(version -> {
version.strictly(Log4jBannedVersion.LOG4J2_CORE_STRICT_VERSION_RANGE);
version.prefer(Log4jBannedVersion.LOG4J2_CORE_PREFERRED_VERSION);
})));

final Configuration incrementalAnalysisElements = project.getConfigurations().create("incrementalScalaAnalysisElements");
incrementalAnalysisElements.setVisible(false);
incrementalAnalysisElements.setDescription("Incremental compilation analysis files");
Expand Down

0 comments on commit cbe27b2

Please sign in to comment.