Candidates to be included as default allowances
mschmnet opened this issue · comments
Manuel Schmidt commented
Motivation
After integrating BlockHound in a project, we've got these two detections (among others). They look like good candidates to be included in the BlockHound#allowances
:
io.netty.util.internal.NativeLibraryLoader#load
: This looks like a similar case asClassLoader#class
java.util.ServiceLoader$LazyClassPathLookupIterator#hasNext
Desired solution
In case these are considered safe methods to be whitelisted, they could be included in the default list of BlockHound#allowances
as they look like potentially common detections.
Considered alternatives
Not including them if assumption is not correct, or they don't seem to be common.
Additional context
One of them is detected when using BlobServiceAsyncClient
(Azure):
Suppressed: reactor.blockhound.BlockingOperationError: Blocking call! java.io.RandomAccessFile#readBytes
at java.base/java.io.RandomAccessFile.readBytes(RandomAccessFile.java)
at java.base/java.io.RandomAccessFile.read(RandomAccessFile.java:405)
at java.base/java.io.RandomAccessFile.readFully(RandomAccessFile.java:469)
at java.base/java.util.zip.ZipFile$Source.readFullyAt(ZipFile.java:1348)
at java.base/java.util.zip.ZipFile$ZipFileInputStream.initDataOffset(ZipFile.java:915)
at java.base/java.util.zip.ZipFile$ZipFileInputStream.read(ZipFile.java:931)
at java.base/java.util.zip.ZipFile$ZipFileInflaterInputStream.fill(ZipFile.java:448)
at java.base/java.util.zip.InflaterInputStream.read(InflaterInputStream.java:158)
at java.base/java.io.InputStream.readNBytes(InputStream.java:506)
at java.base/java.util.jar.JarFile.getBytes(JarFile.java:812)
at java.base/java.util.jar.JarFile.checkForSpecialAttributes(JarFile.java:1002)
at java.base/java.util.jar.JarFile.isMultiRelease(JarFile.java:389)
at java.base/java.util.jar.JarFile.getEntry(JarFile.java:511)
at java.base/sun.net.www.protocol.jar.URLJarFile.getEntry(URLJarFile.java:131)
at java.base/sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:135)
at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:175)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.parse(ServiceLoader.java:1172)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1213)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1228)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273)
at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309)
at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393)
at java.xml/javax.xml.stream.FactoryFinder$1.run(FactoryFinder.java:350)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at java.xml/javax.xml.stream.FactoryFinder.findServiceProvider(FactoryFinder.java:339)
at java.xml/javax.xml.stream.FactoryFinder.find(FactoryFinder.java:310)
at java.xml/javax.xml.stream.XMLInputFactory.newFactory(XMLInputFactory.java:288)
at com.fasterxml.jackson.dataformat.xml.util.StaxUtil.defaultInputFactory(StaxUtil.java:144)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:123)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:110)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:103)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:87)
at com.fasterxml.jackson.dataformat.xml.XmlMapper.<init>(XmlMapper.java:135)
at com.fasterxml.jackson.dataformat.xml.XmlMapper.builder(XmlMapper.java:226)
at com.azure.core.implementation.jackson.XmlMapperFactory.createXmlMapper(XmlMapperFactory.java:62)
at com.azure.core.implementation.jackson.ObjectMapperFactory.createXmlMapper(ObjectMapperFactory.java:43)
at com.azure.core.implementation.jackson.ObjectMapperShim.createXmlMapper(ObjectMapperShim.java:79)
at com.azure.core.util.serializer.JacksonAdapter$GlobalXmlMapper.<clinit>(JacksonAdapter.java:40)
at com.azure.core.util.serializer.JacksonAdapter.getXmlMapper(JacksonAdapter.java:306)
at com.azure.core.util.serializer.JacksonAdapter.lambda$deserialize$8(JacksonAdapter.java:276)
at com.azure.core.util.serializer.JacksonAdapter.useAccessHelper(JacksonAdapter.java:327)
at com.azure.core.util.serializer.JacksonAdapter.deserialize(JacksonAdapter.java:275)
at com.azure.core.implementation.serializer.HttpResponseBodyDecoder.deserialize(HttpResponseBodyDecoder.java:159)
at com.azure.core.implementation.serializer.HttpResponseBodyDecoder.deserializeBody(HttpResponseBodyDecoder.java:132)
at com.azure.core.implementation.serializer.HttpResponseBodyDecoder.decodeByteArray(HttpResponseBodyDecoder.java:56)
at com.azure.core.implementation.serializer.HttpResponseDecoder$HttpDecodedResponse.getDecodedBody(HttpResponseDecoder.java:93)
at com.azure.core.implementation.http.rest.AsyncRestProxy.lambda$ensureExpectedStatus$1(AsyncRestProxy.java:116)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:113)
And this is the other one:
java.lang.Exception: Disallowed blocking call: java.io.RandomAccessFile#readBytes
[...]
at reactor.blockhound.BlockHound$Builder.lambda$install$8(BlockHound.java:472)
at reactor.blockhound.BlockHoundRuntime.checkBlocking(BlockHoundRuntime.java:89)
at java.base/java.io.RandomAccessFile.readBytes(RandomAccessFile.java)
at java.base/java.io.RandomAccessFile.read(RandomAccessFile.java:405)
at java.base/java.util.zip.ZipFile$Source.readAt(ZipFile.java:1361)
at java.base/java.util.zip.ZipFile$ZipFileInputStream.read(ZipFile.java:941)
at java.base/java.util.zip.ZipFile$ZipFileInflaterInputStream.fill(ZipFile.java:448)
at java.base/java.util.zip.InflaterInputStream.read(InflaterInputStream.java:158)
at java.base/java.io.InputStream.readNBytes(InputStream.java:506)
at java.base/java.util.jar.JarFile.getBytes(JarFile.java:812)
at java.base/java.util.jar.JarFile.checkForSpecialAttributes(JarFile.java:1002)
at java.base/java.util.jar.JarFile.isMultiRelease(JarFile.java:389)
at java.base/java.util.jar.JarFile.getEntry(JarFile.java:511)
at java.base/sun.net.www.protocol.jar.URLJarFile.getEntry(URLJarFile.java:131)
at java.base/sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:135)
at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:175)
at java.base/java.net.URL.openStream(URL.java:1161)
at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:197)
at io.netty.resolver.dns.macos.MacOSDnsServerAddressStreamProvider.loadNativeLibrary(MacOSDnsServerAddressStreamProvider.java:92)
at io.netty.resolver.dns.macos.MacOSDnsServerAddressStreamProvider.<clinit>(MacOSDnsServerAddressStreamProvider.java:77)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:467)
at io.netty.resolver.dns.DnsServerAddressStreamProviders$1.run(DnsServerAddressStreamProviders.java:50)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at io.netty.resolver.dns.DnsServerAddressStreamProviders.<clinit>(DnsServerAddressStreamProviders.java:46)
at io.netty.resolver.dns.DnsNameResolverBuilder.<init>(DnsNameResolverBuilder.java:61)