Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49994

Report uses of anonymous classes in outgoing Remoting packets

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      JENKINS-49795 issues warnings about both reads and writes of anonymous (and similar) classes for XStream, because XStream2.BlacklistedTypesConverter calls ClassFilter.DEFAULT in both directions. But currently these warnings are issued only for incoming Remoting packets—either slave → master callables, or return types of master → slave callables. The much more common case of anonymous (etc.) classes being used for master → slave callables is not detected.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            content/redirect/serialization-of-anonymous-classes.adoc
            http://jenkins-ci.org/commit/jenkins.io/11e02be65d669320d023a97bbefd3eb7f3ecbef9
            Log:
            JENKINS-49994 Getting a redirect in place.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: content/redirect/serialization-of-anonymous-classes.adoc http://jenkins-ci.org/commit/jenkins.io/11e02be65d669320d023a97bbefd3eb7f3ecbef9 Log: JENKINS-49994 Getting a redirect in place.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: R. Tyler Croy
            Path:
            content/redirect/serialization-of-anonymous-classes.adoc
            http://jenkins-ci.org/commit/jenkins.io/30592f98d9aa1a982f39220013e60286e6f7c1b5
            Log:
            Merge pull request #1439 from jglick/anonymous-warning-JENKINS-49994

            JENKINS-49994 Set up a redirect for messages about serialization of anonymous classes

            Compare: https://github.com/jenkins-infra/jenkins.io/compare/a178b2b2c2b4...30592f98d9aa

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: R. Tyler Croy Path: content/redirect/serialization-of-anonymous-classes.adoc http://jenkins-ci.org/commit/jenkins.io/30592f98d9aa1a982f39220013e60286e6f7c1b5 Log: Merge pull request #1439 from jglick/anonymous-warning- JENKINS-49994 JENKINS-49994 Set up a redirect for messages about serialization of anonymous classes Compare: https://github.com/jenkins-infra/jenkins.io/compare/a178b2b2c2b4...30592f98d9aa
            Hide
            danielbeck Daniel Beck added a comment -

            Motivation explained in https://github.com/jenkinsci/jenkins/pull/3312#issuecomment-368713851

            Note that this will issue warnings when encountering anonymous (etc.) classes either in Remoting or XStream. For XStream cases, these are always plainly bugs. For Remoting, it is not necessarily a problem—RemoteClassLoader ensures that the same bytecode version is used on either side—but there are still reasons to really prefer named classes:

            • After jenkinsci/remoting#204, you will get more meaningful logging. See an example in #3071.
            • It is all too easy to accidentally pull in crazy stuff via Callable this$0 (jenkinsci/packer-plugin#22 for just the most recent example). If you are lucky, all that implicit data will be small and (safely) Serializable.
            Show
            danielbeck Daniel Beck added a comment - Motivation explained in https://github.com/jenkinsci/jenkins/pull/3312#issuecomment-368713851 Note that this will issue warnings when encountering anonymous (etc.) classes either in Remoting or XStream. For XStream cases, these are always plainly bugs. For Remoting, it is not necessarily a problem— RemoteClassLoader ensures that the same bytecode version is used on either side—but there are still reasons to really prefer named classes: After jenkinsci/remoting#204 , you will get more meaningful logging. See an example in #3071 . It is all too easy to accidentally pull in crazy stuff via Callable this$0 ( jenkinsci/packer-plugin#22 for just the most recent example). If you are lucky , all that implicit data will be small and (safely) Serializable .
            Hide
            danielbeck Daniel Beck added a comment -

            Merged into core towards 2.112.

            Show
            danielbeck Daniel Beck added a comment - Merged into core towards 2.112.

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: