Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't run jgit junit tests testing jgit behavior with SecurityManager using bazel #11146

Open
msohn opened this issue Apr 18, 2020 · 7 comments
Open

Can't run jgit junit tests testing jgit behavior with SecurityManager using bazel #11146

msohn opened this issue Apr 18, 2020 · 7 comments
Labels
area-java-toolchains javabase, java_toolchain flags, JDK selection, java_toolchain rules, java_tools repository not stale Issues or PRs that are inactive but not considered stale P3 We're not considering working on this, but happy to review a PR. (No assignee) team-Rules-Java Issues for Java rules type: bug

Comments

@msohn
Copy link

msohn commented Apr 18, 2020

ATTENTION! Please read and follow:

  • if this is a question about how to build / test / query / deploy using Bazel, or a discussion starter, send it to bazel-discuss@googlegroups.com
  • if this is a bug or feature request, fill the form below as best as you can.

Description of the problem / feature request:

Cannot run the following jgit junit tests with bazel:

https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/master/org.eclipse.jgit.test/tst/org/eclipse/jgit/api/SecurityManagerTest.java
https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/+/master/org.eclipse.jgit.test/tst/org/eclipse/jgit/api/SecurityManagerMissingPermissionsTest.java

Feature requests: what underlying problem are you trying to solve with this feature?

enable running tests using a SecurityManager in bazel

Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.

Run the jgit tests using bazel (general instructions are described in https://wiki.eclipse.org/EGit/Contributor_Guide#JGit_Bazel_Build):

$ git clone https://git.eclipse.org/r/jgit/jgit
$ git fetch https://git.eclipse.org/r/jgit/jgit refs/changes/64/161164/2 && git checkout FETCH_HEAD
$ cd jgit

comment out the content of list EXCLUDED in the file org.eclipse.jgit.test/BUILD in the local jgit worktree
then run the following tests:

$ bazel test //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest
$ bazel test //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest

What operating system are you running Bazel on?

Mac OS 10.15.4

What's the output of bazel info release?

$ bazel info release
INFO: Invocation ID: 6ec905e0-25d1-4908-a318-4a79481ec92d
release 3.0.0

If bazel info release returns "development version" or "(@non-git)", tell us how you built Bazel.

n/a

What's the output of git remote get-url origin ; git rev-parse master ; git rev-parse HEAD ?

$ git remote get-url origin ; git rev-parse master ; git rev-parse HEAD
https://git.eclipse.org/r/jgit/jgit.git
f5be334a44f29734ae4dac69dfed155a8448d967
9883ab398e85dded0157fe9c7b59dd975eb89a8d

Have you found anything relevant by searching the web?

We tried to switch off the bazel sandbox by configuring a tag "local" for the execution of these tests but this didn't disable the sandboxing. It looks like bazel unconditionally sets its own SecurityManager which seems to break our tests, see

bazel/src/java_tools/junitrunner/javatests/com/google/testing/junit/runner/TestRunner.java

Lines 41 to 44 in 1f684e1

SecurityManager previousSecurityManager = setGoogleTestSecurityManager();
Request request = createRequest(args);
Result result = junitCore.run(request);
restorePreviousSecurityManager(previousSecurityManager);

hence David for now excluded these tests from the bazel test run in the latest patchset of
https://git.eclipse.org/r/#/c/161164/

Any other information, logs, or outputs that you want to share?

$ bazel test //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest
INFO: Invocation ID: 883eef98-14ce-4084-bc26-9ea057a6b486
INFO: Analyzed target //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest (0 packages loaded, 0 targets configured).
INFO: Found 1 test target...
FAIL: //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest (see /private/var/tmp/_bazel_d029788/b645215973ac043930fa5900e337e822/execroot/jgit/bazel-out/darwin-fastbuild/testlogs/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerTest/test.log)
INFO: From Testing //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest:
==================== Test output for //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest:
JUnit4 Test Runner
.EE
Time: 0.151
There were 2 failures:

  1. testInitAndClone(org.eclipse.jgit.api.SecurityManagerTest)
    java.lang.SecurityException: GoogleTestSecurityManager is not designed to handle other security managers.
    at com.google.testing.junit.runner.util.GoogleTestSecurityManager.checkPermission(GoogleTestSecurityManager.java:58)
    at java.lang.System.setSecurityManager0(System.java:302)
    at java.lang.System.setSecurityManager(System.java:293)
    at org.eclipse.jgit.api.SecurityManagerTest.setUp(SecurityManagerTest.java:122)
  2. testInitAndClone(org.eclipse.jgit.api.SecurityManagerTest)
    java.lang.SecurityException: GoogleTestSecurityManager is not designed to handle other security managers.
    at com.google.testing.junit.runner.util.GoogleTestSecurityManager.checkPermission(GoogleTestSecurityManager.java:58)
    at java.lang.System.setSecurityManager0(System.java:302)
    at java.lang.System.setSecurityManager(System.java:293)
    at org.eclipse.jgit.api.SecurityManagerTest.tearDown(SecurityManagerTest.java:139)

FAILURES!!!
Tests run: 1, Failures: 2

BazelTestRunner exiting with a return value of 1
JVM shutdown hooks (if any) will run now.
The JVM will exit once they complete.

-- JVM shutdown starting at 2020-04-18 13:36:09 --

================================================================================
Target //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest up-to-date:
bazel-bin/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerTest.jar
bazel-bin/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerTest
INFO: Elapsed time: 1.175s, Critical Path: 0.92s
INFO: 1 process: 1 darwin-sandbox.
INFO: Build completed, 1 test FAILED, 2 total actions
//org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerTest FAILED in 0.8s
/private/var/tmp/_bazel_d029788/b645215973ac043930fa5900e337e822/execroot/jgit/bazel-out/darwin-fastbuild/testlogs/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerTest/test.log

INFO: Build completed, 1 test FAILED, 2 total actions

$ bazel test //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest
INFO: Invocation ID: dd2289a5-488b-4bad-b134-602207a15757
INFO: Analyzed target //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest (0 packages loaded, 0 targets configured).
INFO: Found 1 test target...
FAIL: //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest (see /private/var/tmp/_bazel_d029788/b645215973ac043930fa5900e337e822/execroot/jgit/bazel-out/darwin-fastbuild/testlogs/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest/test.log)
INFO: From Testing //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest:
==================== Test output for //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest:
JUnit4 Test Runner
.EE
Time: 0.126
There were 2 failures:

  1. testCreateNewRepos_MissingPermissions(org.eclipse.jgit.api.SecurityManagerMissingPermissionsTest)
    java.lang.SecurityException: GoogleTestSecurityManager is not designed to handle other security managers.
    at com.google.testing.junit.runner.util.GoogleTestSecurityManager.checkPermission(GoogleTestSecurityManager.java:58)
    at java.lang.System.setSecurityManager0(System.java:302)
    at java.lang.System.setSecurityManager(System.java:293)
    at org.eclipse.jgit.api.SecurityManagerMissingPermissionsTest.setUp(SecurityManagerMissingPermissionsTest.java:62)
  2. testCreateNewRepos_MissingPermissions(org.eclipse.jgit.api.SecurityManagerMissingPermissionsTest)
    java.lang.SecurityException: GoogleTestSecurityManager is not designed to handle other security managers.
    at com.google.testing.junit.runner.util.GoogleTestSecurityManager.checkPermission(GoogleTestSecurityManager.java:58)
    at java.lang.System.setSecurityManager0(System.java:302)
    at java.lang.System.setSecurityManager(System.java:293)
    at org.eclipse.jgit.api.SecurityManagerMissingPermissionsTest.tearDown(SecurityManagerMissingPermissionsTest.java:94)

FAILURES!!!
Tests run: 1, Failures: 2

BazelTestRunner exiting with a return value of 1
JVM shutdown hooks (if any) will run now.
The JVM will exit once they complete.

-- JVM shutdown starting at 2020-04-18 13:37:10 --

================================================================================
Target //org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest up-to-date:
bazel-bin/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest.jar
bazel-bin/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest
INFO: Elapsed time: 0.992s, Critical Path: 0.73s
INFO: 1 process: 1 darwin-sandbox.
INFO: Build completed, 1 test FAILED, 2 total actions
//org.eclipse.jgit.test:org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest FAILED in 0.6s
/private/var/tmp/_bazel_d029788/b645215973ac043930fa5900e337e822/execroot/jgit/bazel-out/darwin-fastbuild/testlogs/org.eclipse.jgit.test/org_eclipse_jgit_api_SecurityManagerMissingPermissionsTest/test.log

INFO: Build completed, 1 test FAILED, 2 total actions
lucamilanesio pushed a commit to GerritCodeReview/jgit that referenced this issue Apr 18, 2020
@davido @msohn
Bazel: Disable SecurityManagerMissingPermissionsTest test
9b2f8ce 
In Id5376f09f0d a test with dependency on log4j library was added, but
the library was missed to be added to the Bazel build tool chain.

Given that Bazel test runner doesn't suport custom security manager the
test wouldn't pass even if the missing dependency would be added. The
only solution we have for now is to exclude that test from Bazel tool
chain.

Filed a feature request for bazel to support such tests at
bazelbuild/bazel#11146

Bug: 562274
Change-Id: I873a0e09addc583455b68122f66cd3952e485f0e
Signed-off-by: David Ostrovsky <david@ostrovsky.org>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
@jin jin added team-Rules-Java Issues for Java rules untriaged labels Apr 19, 2020
@ulfjack
Copy link
Contributor

ulfjack commented May 4, 2020

As a workaround, you may be able to set main_class on the test to the vanilla JUnit runner - that doesn't have some of the additional features provided by the Bazel test runner like test sharding and test filtering, but it should work. I'm not sure how best to fix this - I think we'd want to add a mechanism to disable the security manager in the java_test rule, maybe through the jvm_args attribute?

@davido
Copy link
Contributor

davido commented May 4, 2020

I think we'd want to add a mechanism to disable the security manager in the java_test rule, maybe through the jvm_args attribute?

This should be easily doable. I can look into creating a PR, to unblock JGit project.

@msohn
Copy link
Author

msohn commented May 4, 2020

thanks @davido

@comius comius added P3 We're not considering working on this, but happy to review a PR. (No assignee) area-java-toolchains javabase, java_toolchain flags, JDK selection, java_toolchain rules, java_tools repository and removed untriaged labels Nov 21, 2020
@agusti-t
Copy link

Can you give an example of how the workaround would look like @ulfjack ? I'm having a similar, I'd almost say the same, issue trying to run a SpringBootTest with EmbeddedCassandra as described here.

@davido davido mentioned this issue Jan 2, 2022
Closed
@github-actions
Copy link

Thank you for contributing to the Bazel repository! This issue has been marked as stale since it has not had any activity in the last 2+ years. It will be closed in the next 14 days unless any other activity occurs or one of the following labels is added: "not stale", "awaiting-bazeler". Please reach out to the triage team (@bazelbuild/triage) if you think this issue is still relevant or you are interested in getting the issue resolved.

@github-actions github-actions bot added the stale Issues or PRs that are stale (no activity for 30 days) label Apr 12, 2023
@github-actions
Copy link

This issue has been automatically closed due to inactivity. If you're still interested in pursuing this, please reach out to the triage team (@bazelbuild/triage). Thanks!

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 27, 2023
@davido
Copy link
Contributor

davido commented Apr 27, 2023

@bazelbuild/triage not stale.

@Wyverald Wyverald reopened this Apr 27, 2023
@Wyverald Wyverald added not stale Issues or PRs that are inactive but not considered stale and removed stale Issues or PRs that are stale (no activity for 30 days) labels Apr 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-java-toolchains javabase, java_toolchain flags, JDK selection, java_toolchain rules, java_tools repository not stale Issues or PRs that are inactive but not considered stale P3 We're not considering working on this, but happy to review a PR. (No assignee) team-Rules-Java Issues for Java rules type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@msohn @davido @jin @Wyverald @comius @lberki @ulfjack @agusti-t