Skip to content

8254090: Collectors.toUnmodifiableList exposes shared secret #569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stuart-marks wants to merge 6 commits into from
Closed

8254090: Collectors.toUnmodifiableList exposes shared secret #569

stuart-marks wants to merge 6 commits into from

Conversation

@stuart-marks
Copy link
Member

@stuart-marks stuart-marks commented Oct 8, 2020
edited by openjdk bot
Loading

Add check for ArrayList.class before passing it to the shared secret.

Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Testing

Linux x64 Windows x64 macOS x64
Build ✔️ (5/5 passed) ✔️ (2/2 passed) ✔️ (2/2 passed)
Test (tier1) ✔️ (9/9 passed) ✔️ (9/9 passed) ✔️ (9/9 passed)

Issue

  • JDK-8254090: Collectors.toUnmodifiableList exposes shared secret

Reviewers

Contributors

  • Tagir F. Valeev <tvaleev@openjdk.org>

Download

$ git fetch https://git.openjdk.java.net/jdk pull/569/head:pull/569
$ git checkout pull/569

@bridgekeeper
Copy link

bridgekeeper bot commented Oct 8, 2020

👋 Welcome back smarks! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Oct 8, 2020
@stuart-marks
Copy link
Member Author

stuart-marks commented Oct 8, 2020

/contributor add @amaembo

@openjdk
Copy link

openjdk bot commented Oct 8, 2020

@stuart-marks
Contributor Tagir F. Valeev <tvaleev@openjdk.org> successfully added.

@openjdk
Copy link

openjdk bot commented Oct 8, 2020

@stuart-marks The following label will be automatically applied to this pull request:

  • core-libs

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the core-libs core-libs-dev@openjdk.org label Oct 8, 2020
@mlbridge
Copy link

mlbridge bot commented Oct 8, 2020
edited
Loading

Webrevs

PaulSandoz
PaulSandoz approved these changes Oct 8, 2020
View reviewed changes
src/java.base/share/classes/java/util/stream/Collectors.java Outdated
.listFromTrustedArray(list.toArray()),
list -> {
if (list.getClass() == ArrayList.class) { // ensure it's trusted
return (List<T>)SharedSecrets.getJavaUtilCollectionAccess()
Copy link
Member

@PaulSandoz PaulSandoz Oct 8, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we are in this method i think it should be possible to remove the all casts and the @SuppressWarnings (javac's type inference got better after this method was added?).

Copy link
Member Author

@stuart-marks stuart-marks Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated this PR to clean this up. Not sure where this came from in the first place. It might have been left over from an intermediate edit.

@openjdk
Copy link

openjdk bot commented Oct 8, 2020
edited
Loading

@stuart-marks This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8254090: Collectors.toUnmodifiableList exposes shared secret

Co-authored-by: Tagir F. Valeev <tvaleev@openjdk.org>
Reviewed-by: psandoz

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 2 new commits pushed to the master branch:

  • a2f6519: 8233685: Test tools/javac/modules/AddLimitMods.java fails
  • 70be8c7: 8253965: Delete the outdated java.awt.PeerFixer class

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Oct 8, 2020
@stuart-marks
Copy link
Member Author

stuart-marks commented Oct 9, 2020

/test

@openjdk
Copy link

openjdk bot commented Oct 9, 2020

Could not create test job

@stuart-marks
Copy link
Member Author

stuart-marks commented Oct 9, 2020

/test tier1

@openjdk
Copy link

openjdk bot commented Oct 9, 2020

Could not create test job

@stuart-marks
Copy link
Member Author

stuart-marks commented Oct 9, 2020

/test builds

@openjdk
Copy link

openjdk bot commented Oct 9, 2020

Could not create test job

@stuart-marks
Copy link
Member Author

stuart-marks commented Oct 12, 2020

/integrate

@openjdk openjdk bot closed this Oct 12, 2020
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Oct 12, 2020
@openjdk
Copy link

openjdk bot commented Oct 12, 2020

@stuart-marks Since your change was applied there have been 46 commits pushed to the master branch:

  • df1f132: 8253563: Change sun.security.jca.Providers.threadLists to be ThreadLocal
  • c7f0064: 8253899: Make IsClassUnloadingEnabled signature match specification
  • aad3cf4: 8254234: Add test library stream object builder
  • 4184959: 8252374: Add a new factory method to concatenate a sequence of BodyPublisher instances into a single publisher.
  • 05459df: 8253765: C2: Control randomization in StressLCM and StressGCM
  • 6620b61: 8254573: Shenandoah: Streamline/inline native-LRB entry point
  • a6c23b7: 8253923: C2 doesn't always run loop opts for compilations that include loops
  • dfe8ba6: 8254320: Shenandoah: C2 native LRB should activate for non-cset objects
  • 295a44a: 8254558: Remove unimplemented Arguments::do_pd_flag_adjustments
  • 0fab73e: 8254560: Shenandoah: Concurrent Strong Roots logging is incorrect
  • ... and 36 more: https://git.openjdk.java.net/jdk/compare/ced46b19f70382d50a45fb54a58bcb9f742fb008...master

Your commit was automatically rebased without conflicts.

Pushed as commit d7128e7.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@turbanoff turbanoff mentioned this pull request Sep 25, 2021
Closed
3 tasks
@lfoltan lfoltan mentioned this pull request May 21, 2025
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@cl4es cl4es cl4es left review comments

@PaulSandoz PaulSandoz PaulSandoz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core-libs core-libs-dev@openjdk.org integrated Pull request has been integrated

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stuart-marks @PaulSandoz @cl4es