Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49994

Report uses of anonymous classes in outgoing Remoting packets

    XMLWordPrintable

Details

    Description

      JENKINS-49795 issues warnings about both reads and writes of anonymous (and similar) classes for XStream, because XStream2.BlacklistedTypesConverter calls ClassFilter.DEFAULT in both directions. But currently these warnings are issued only for incoming Remoting packets—either slave → master callables, or return types of master → slave callables. The much more common case of anonymous (etc.) classes being used for master → slave callables is not detected.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-53619 Attempt to (de-)serialize anonymous class jenkins.plugins.nodejs.tools.NodeJSInstallation$1

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link core PR 3333

          Web Link remoting PR 259

          mentioned in

          Page Loading...

          Activity

            Ascending order - Click to sort in descending order
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            content/redirect/serialization-of-anonymous-classes.adoc
            http://jenkins-ci.org/commit/jenkins.io/11e02be65d669320d023a97bbefd3eb7f3ecbef9
            Log:
            JENKINS-49994 Getting a redirect in place.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: content/redirect/serialization-of-anonymous-classes.adoc http://jenkins-ci.org/commit/jenkins.io/11e02be65d669320d023a97bbefd3eb7f3ecbef9 Log: JENKINS-49994 Getting a redirect in place.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: R. Tyler Croy
            Path:
            content/redirect/serialization-of-anonymous-classes.adoc
            http://jenkins-ci.org/commit/jenkins.io/30592f98d9aa1a982f39220013e60286e6f7c1b5
            Log:
            Merge pull request #1439 from jglick/anonymous-warning-JENKINS-49994

            JENKINS-49994 Set up a redirect for messages about serialization of anonymous classes

            Compare: https://github.com/jenkins-infra/jenkins.io/compare/a178b2b2c2b4...30592f98d9aa

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: R. Tyler Croy Path: content/redirect/serialization-of-anonymous-classes.adoc http://jenkins-ci.org/commit/jenkins.io/30592f98d9aa1a982f39220013e60286e6f7c1b5 Log: Merge pull request #1439 from jglick/anonymous-warning- JENKINS-49994 JENKINS-49994 Set up a redirect for messages about serialization of anonymous classes Compare: https://github.com/jenkins-infra/jenkins.io/compare/a178b2b2c2b4...30592f98d9aa
            danielbeck Daniel Beck added a comment -

            Motivation explained in https://github.com/jenkinsci/jenkins/pull/3312#issuecomment-368713851

            Note that this will issue warnings when encountering anonymous (etc.) classes either in Remoting or XStream. For XStream cases, these are always plainly bugs. For Remoting, it is not necessarily a problem—RemoteClassLoader ensures that the same bytecode version is used on either side—but there are still reasons to really prefer named classes:

            • After jenkinsci/remoting#204, you will get more meaningful logging. See an example in #3071.
            • It is all too easy to accidentally pull in crazy stuff via Callable this$0 (jenkinsci/packer-plugin#22 for just the most recent example). If you are lucky, all that implicit data will be small and (safely) Serializable.
            danielbeck Daniel Beck added a comment - Motivation explained in https://github.com/jenkinsci/jenkins/pull/3312#issuecomment-368713851 Note that this will issue warnings when encountering anonymous (etc.) classes either in Remoting or XStream. For XStream cases, these are always plainly bugs. For Remoting, it is not necessarily a problem— RemoteClassLoader ensures that the same bytecode version is used on either side—but there are still reasons to really prefer named classes: After jenkinsci/remoting#204 , you will get more meaningful logging. See an example in #3071 . It is all too easy to accidentally pull in crazy stuff via Callable this$0 ( jenkinsci/packer-plugin#22 for just the most recent example). If you are lucky , all that implicit data will be small and (safely) Serializable .
            danielbeck Daniel Beck added a comment -

            Merged into core towards 2.112.

            danielbeck Daniel Beck added a comment - Merged into core towards 2.112.

            People

              jglick Jesse Glick
              jglick Jesse Glick
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: