Candidates to be included as default allowances
mschmnet opened this issue · comments
Motivation
After integrating BlockHound in a project, we've got these two detections (among others). They look like good candidates to be included in the BlockHound#allowances:
io.netty.util.internal.NativeLibraryLoader#load: This looks like a similar case asClassLoader#classjava.util.ServiceLoader$LazyClassPathLookupIterator#hasNext
Desired solution
In case these are considered safe methods to be whitelisted, they could be included in the default list of BlockHound#allowances as they look like potentially common detections.
Considered alternatives
Not including them if assumption is not correct, or they don't seem to be common.
Additional context
One of them is detected when using BlobServiceAsyncClient (Azure):
Suppressed: reactor.blockhound.BlockingOperationError: Blocking call! java.io.RandomAccessFile#readBytes
at java.base/java.io.RandomAccessFile.readBytes(RandomAccessFile.java)
at java.base/java.io.RandomAccessFile.read(RandomAccessFile.java:405)
at java.base/java.io.RandomAccessFile.readFully(RandomAccessFile.java:469)
at java.base/java.util.zip.ZipFile$Source.readFullyAt(ZipFile.java:1348)
at java.base/java.util.zip.ZipFile$ZipFileInputStream.initDataOffset(ZipFile.java:915)
at java.base/java.util.zip.ZipFile$ZipFileInputStream.read(ZipFile.java:931)
at java.base/java.util.zip.ZipFile$ZipFileInflaterInputStream.fill(ZipFile.java:448)
at java.base/java.util.zip.InflaterInputStream.read(InflaterInputStream.java:158)
at java.base/java.io.InputStream.readNBytes(InputStream.java:506)
at java.base/java.util.jar.JarFile.getBytes(JarFile.java:812)
at java.base/java.util.jar.JarFile.checkForSpecialAttributes(JarFile.java:1002)
at java.base/java.util.jar.JarFile.isMultiRelease(JarFile.java:389)
at java.base/java.util.jar.JarFile.getEntry(JarFile.java:511)
at java.base/sun.net.www.protocol.jar.URLJarFile.getEntry(URLJarFile.java:131)
at java.base/sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:135)
at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:175)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.parse(ServiceLoader.java:1172)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1213)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1228)
at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273)
at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309)
at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393)
at java.xml/javax.xml.stream.FactoryFinder$1.run(FactoryFinder.java:350)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at java.xml/javax.xml.stream.FactoryFinder.findServiceProvider(FactoryFinder.java:339)
at java.xml/javax.xml.stream.FactoryFinder.find(FactoryFinder.java:310)
at java.xml/javax.xml.stream.XMLInputFactory.newFactory(XMLInputFactory.java:288)
at com.fasterxml.jackson.dataformat.xml.util.StaxUtil.defaultInputFactory(StaxUtil.java:144)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:123)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:110)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:103)
at com.fasterxml.jackson.dataformat.xml.XmlFactory.<init>(XmlFactory.java:87)
at com.fasterxml.jackson.dataformat.xml.XmlMapper.<init>(XmlMapper.java:135)
at com.fasterxml.jackson.dataformat.xml.XmlMapper.builder(XmlMapper.java:226)
at com.azure.core.implementation.jackson.XmlMapperFactory.createXmlMapper(XmlMapperFactory.java:62)
at com.azure.core.implementation.jackson.ObjectMapperFactory.createXmlMapper(ObjectMapperFactory.java:43)
at com.azure.core.implementation.jackson.ObjectMapperShim.createXmlMapper(ObjectMapperShim.java:79)
at com.azure.core.util.serializer.JacksonAdapter$GlobalXmlMapper.<clinit>(JacksonAdapter.java:40)
at com.azure.core.util.serializer.JacksonAdapter.getXmlMapper(JacksonAdapter.java:306)
at com.azure.core.util.serializer.JacksonAdapter.lambda$deserialize$8(JacksonAdapter.java:276)
at com.azure.core.util.serializer.JacksonAdapter.useAccessHelper(JacksonAdapter.java:327)
at com.azure.core.util.serializer.JacksonAdapter.deserialize(JacksonAdapter.java:275)
at com.azure.core.implementation.serializer.HttpResponseBodyDecoder.deserialize(HttpResponseBodyDecoder.java:159)
at com.azure.core.implementation.serializer.HttpResponseBodyDecoder.deserializeBody(HttpResponseBodyDecoder.java:132)
at com.azure.core.implementation.serializer.HttpResponseBodyDecoder.decodeByteArray(HttpResponseBodyDecoder.java:56)
at com.azure.core.implementation.serializer.HttpResponseDecoder$HttpDecodedResponse.getDecodedBody(HttpResponseDecoder.java:93)
at com.azure.core.implementation.http.rest.AsyncRestProxy.lambda$ensureExpectedStatus$1(AsyncRestProxy.java:116)
at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:113)
And this is the other one:
java.lang.Exception: Disallowed blocking call: java.io.RandomAccessFile#readBytes
[...]
at reactor.blockhound.BlockHound$Builder.lambda$install$8(BlockHound.java:472)
at reactor.blockhound.BlockHoundRuntime.checkBlocking(BlockHoundRuntime.java:89)
at java.base/java.io.RandomAccessFile.readBytes(RandomAccessFile.java)
at java.base/java.io.RandomAccessFile.read(RandomAccessFile.java:405)
at java.base/java.util.zip.ZipFile$Source.readAt(ZipFile.java:1361)
at java.base/java.util.zip.ZipFile$ZipFileInputStream.read(ZipFile.java:941)
at java.base/java.util.zip.ZipFile$ZipFileInflaterInputStream.fill(ZipFile.java:448)
at java.base/java.util.zip.InflaterInputStream.read(InflaterInputStream.java:158)
at java.base/java.io.InputStream.readNBytes(InputStream.java:506)
at java.base/java.util.jar.JarFile.getBytes(JarFile.java:812)
at java.base/java.util.jar.JarFile.checkForSpecialAttributes(JarFile.java:1002)
at java.base/java.util.jar.JarFile.isMultiRelease(JarFile.java:389)
at java.base/java.util.jar.JarFile.getEntry(JarFile.java:511)
at java.base/sun.net.www.protocol.jar.URLJarFile.getEntry(URLJarFile.java:131)
at java.base/sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:135)
at java.base/sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:175)
at java.base/java.net.URL.openStream(URL.java:1161)
at io.netty.util.internal.NativeLibraryLoader.load(NativeLibraryLoader.java:197)
at io.netty.resolver.dns.macos.MacOSDnsServerAddressStreamProvider.loadNativeLibrary(MacOSDnsServerAddressStreamProvider.java:92)
at io.netty.resolver.dns.macos.MacOSDnsServerAddressStreamProvider.<clinit>(MacOSDnsServerAddressStreamProvider.java:77)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:467)
at io.netty.resolver.dns.DnsServerAddressStreamProviders$1.run(DnsServerAddressStreamProviders.java:50)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
at io.netty.resolver.dns.DnsServerAddressStreamProviders.<clinit>(DnsServerAddressStreamProviders.java:46)
at io.netty.resolver.dns.DnsNameResolverBuilder.<init>(DnsNameResolverBuilder.java:61)