Skip to content

Commit

Permalink
Move project to Forge namespace, and rename to SecureModules
Browse files Browse the repository at this point in the history
Rewrite the ClassLoader to properly find resources from parent layers, support supplying a parent class loader and be easier to understand.
Compatibility with cpw land SecureJarHandler is kept until next major breaking window. Targeting MC 1.21 if I don't forget.
This project will need to be re-evaluated on if it even is necessary in the MC runtime at all.
Yes, Jar signatures/code signers are great. However we exist in a world of coremods and runtime bytecode manipulation. There is no possible runtime security need for this.
Things should be addressed in the MC universe using static analysis of the jar files themselves not runtime. Which can be done in a FAR simpler manor.
  • Loading branch information
LexManos committed Oct 18, 2023
1 parent 3c9a263 commit 6178dbc
Show file tree
Hide file tree
Showing 56 changed files with 1,135 additions and 618 deletions.
72 changes: 72 additions & 0 deletions .github/workflows/aggregate-jmh-results.groovy
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
import groovy.json.JsonSlurper
import net.steppschuh.markdowngenerator.table.Table

import java.nio.file.Files
import java.nio.file.Path
import java.math.RoundingMode

@GrabResolver(name='jitpack.io', root='https://jitpack.io/')
@GrabResolver(name = 'central', root='https://repo1.maven.org/maven2/')
@Grapes([
@Grab('org.apache.groovy:groovy-json:4.0.13'),
@Grab('com.github.Steppschuh:Java-Markdown-Generator:1.3.2')
])

final versions = [] as SortedSet
final javas = [:] as TreeMap
final results = [:] as TreeMap

final resultsPath = Path.of('build/test_artifacts')
for (def dir : Files.list(Path.of('build/test_artifacts'))) {
def dirName = dir.fileName.toString()
def file = dir.resolve('jmh_results.json')
if (!dirName.startsWith('jmh-') || !Files.exists(file))
continue
(javaName,javaVersion) = dirName.substring('jmh-'.length()).split('-')
javas.computeIfAbsent(javaName, { [] }).add(javaVersion)
versions.add(javaVersion)

def json = new JsonSlurper().parse(file.toFile())
for (def bench : json) {
def byJava = results.computeIfAbsent(bench.benchmark, { [:] })
def byVersion = byJava.computeIfAbsent(javaName, { [:] })

def result = bench.primaryMetric.score.setScale(3, RoundingMode.CEILING)
if (!bench.primaryMetric.scoreError.equals('NaN'))
result += ' ± ' + bench.primaryMetric.scoreError.setScale(3, RoundingMode.CEILING)
//result += bench.primaryMetric.scoreUnit

byVersion.put(javaVersion, result)
}
}
def output = ""
results.forEach { bench, byJava ->
final table = new Table.Builder()
.withAlignments(Table.ALIGN_RIGHT, Table.ALIGN_RIGHT)
.addRow((['Vendor'] + versions).toArray())

javas.forEach { javaName, javaVersions ->
def row = [javaName]
if (!byJava.containsKey(javaName)) {
versions.forEach { javaVersion ->
row.add(javaVersions.contains(javaVersion) ? "MISSING" : "")
}
} else {
def byVersion = byJava.get(javaName)
versions.forEach { javaVersion ->
if (javaVersions.contains(javaVersion)) {
row.add(byVersion.containsKey(javaVersion) ? byVersion.get(javaVersion) : "MISSING")
} else {
row.add("")
}
}
}
table.addRow(row.toArray())
}

output += '### `' + bench + '` results\n' +
table.build() + '\n' +
'\n'
}

new File('jmh_results.md').text = output
44 changes: 0 additions & 44 deletions .github/workflows/collect_jmh_results.groovy

This file was deleted.

46 changes: 24 additions & 22 deletions .github/workflows/test_jvms.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,28 +48,29 @@ jobs:
run: chmod +x ./gradlew

- name: Run Jmh
run: ./gradlew --console=plain --continue :sjh-jmh:jmh -PjavaVendor=${{ matrix.jdk }} -PjavaVersion=${{ matrix.jvm_version }}
run: ./gradlew --console=plain --continue :sm-jmh:jmh -PjavaVendor=${{ matrix.jdk }} -PjavaVersion=${{ matrix.jvm_version }}

- name: Upload JMH Results
uses: actions/upload-artifact@v3
with:
name: jmh-${{ matrix.jdk }}-${{ matrix.jvm_version }}
path: build/jmh_results.json

- name: Run Tests
run: ./gradlew --console=plain --continue :sjh-test:test -PjavaVendor=${{ matrix.jdk }} -PjavaVersion=${{ matrix.jvm_version }}

- name: Upload Test Reports
uses: actions/upload-artifact@v3
with:
name: test-reports-${{ matrix.jdk }}-${{ matrix.jvm_version }}
path: build/reports/

- name: Upload Test Results
uses: actions/upload-artifact@v3
with:
name: test-results-${{ matrix.jdk }}-${{ matrix.jvm_version }}
path: build/test-results/

# It's faster to just run the tests locally.
#- name: Run Tests
# run: ./gradlew --console=plain --continue :sm-test:test -PjavaVendor=${{ matrix.jdk }} -PjavaVersion=${{ matrix.jvm_version }}
#
#- name: Upload Test Reports
# uses: actions/upload-artifact@v3
# with:
# name: test-reports-${{ matrix.jdk }}-${{ matrix.jvm_version }}
# path: build/reports/
#
#- name: Upload Test Results
# uses: actions/upload-artifact@v3
# with:
# name: test-results-${{ matrix.jdk }}-${{ matrix.jvm_version }}
# path: build/test-results/

upload_results:
name: Upload Jmh results
Expand All @@ -92,16 +93,17 @@ jobs:
path: build/test_artifacts

- name: Collect JMH results
run: groovy .github/workflows/collect_jmh_results.groovy
run: groovy .github/workflows/aggregate-jmh-results.groovy

- name: Collect JUnit results
run: groovy .github/workflows/aggregate-junit-tests.groovy
#- name: Collect JUnit results
# run: groovy .github/workflows/aggregate-junit-tests.groovy

- name: Upload Final Results
uses: actions/upload-artifact@v3
with:
name: aggregate-results
path: |
jmh_results.md
test_results.html
path: jmh_results.md
#path: |
# jmh_results.md
# test_results.html

11 changes: 2 additions & 9 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,11 @@
/*/.gradle

#misc
/out/
/forge-1.16.5-36.1.16.jar
/tmp/
/repo/
/Bookshelf-1.16.4-9.0.7-TAMPERED.jar
/Bookshelf-1.16.4-9.0.7-UNTAMPERED.jar
/inventorysorter-1.16.1-18.0.0.jar
/modlauncher-9.0.1.jar
/test.jar
*.jfr
*.factorypath
/sjh-jmh/.apt_generated/
/sm-jmh/.apt_generated/
/jmh_results.md
/test_results.html
/artifacts/
/test_artifacts.zip
5 changes: 3 additions & 2 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ plugins {
id 'net.minecraftforge.gradleutils' version '2.+'
}

group = 'net.minecraftforge'
version = gradleutils.getTagOffsetVersion()
logger.lifecycle('Version: ' + version)

Expand Down Expand Up @@ -36,7 +37,7 @@ changelog {
jar {
manifest {
attributes([
'Specification-Title': 'securejarhandler',
'Specification-Title': 'securemodules',
'Specification-Vendor': 'forge',
'Specification-Version': gradleutils.gitInfo.tag,
'Implementation-Title': project.name,
Expand All @@ -51,7 +52,7 @@ publishing {
mavenJava(MavenPublication) {
from components.java
pom {
name = 'Secure Modular Jar handler'
name = 'Secure Modular handler'
description = 'Making the Java modular system provide security information'
}
}
Expand Down
4 changes: 3 additions & 1 deletion run_workflow_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,6 @@ cd artifacts/1/; zip -r ../../test_artifacts.zip *; cd -

# Grab jmh results
mv artifacts/1/aggregate-results/jmh_results.md .
mv artifacts/1/aggregate-results/test_results.html .

# Build JUnit Tests
./gradlew --continue test collectTests
6 changes: 3 additions & 3 deletions settings.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@ dependencyResolutionManagement {
}
}

rootProject.name = 'securejarhandler'
include 'sjh-jmh'
include 'sjh-test'
rootProject.name = 'securemodules'
include 'sm-jmh'
include 'sm-test'
5 changes: 0 additions & 5 deletions sjh-jmh/src/main/java/module-info.java

This file was deleted.

10 changes: 0 additions & 10 deletions sjh-test/src/test/java/module-info.java

This file was deleted.

This file was deleted.

File renamed without changes.
5 changes: 5 additions & 0 deletions sm-jmh/src/main/java/module-info.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module net.minecraftforge.securemodules.jmh {
requires cpw.mods.securejarhandler; // TODO: [SM][Deprecation] Remove CPW compatibility
requires jmh.core;
requires jdk.unsupported; // Needed by jmh.core
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
package net.minecraftforge.securejarhandler.jmh.benchmarks;
package net.minecraftforge.securemodules.jmh.benchmarks;

import cpw.mods.cl.JarModuleFinder;
import cpw.mods.jarhandling.SecureJar;
import net.minecraftforge.securemodules.SecureModuleFinder;

import org.openjdk.jmh.annotations.Benchmark;
import org.openjdk.jmh.infra.Blackhole;

Expand All @@ -16,7 +17,7 @@ public void benchJarModuleFinderOf(Blackhole blackhole) {
var path3 = Paths.get("./src/testjars/testjar3.jar");
var secureJar1 = SecureJar.from(path1, path2);
var secureJar2 = SecureJar.from(path3);
var jarModuleFinder = JarModuleFinder.of(secureJar1, secureJar2);
var jarModuleFinder = SecureModuleFinder.of(secureJar1, secureJar2);

blackhole.consume(jarModuleFinder);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package net.minecraftforge.securejarhandler.jmh.benchmarks;
package net.minecraftforge.securemodules.jmh.benchmarks;

// This is needed because eclipse doesn't allow for the main to be outside the module in module builds 0.o?
public class Main {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package net.minecraftforge.securejarhandler.jmh.benchmarks;
package net.minecraftforge.securemodules.jmh.benchmarks;

import cpw.mods.niofs.union.UnionFileSystem;
import cpw.mods.niofs.union.UnionFileSystemProvider;
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
12 changes: 12 additions & 0 deletions sm-test/src/test/java/module-info.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
module net.minecraftforge.securemodules.test {
requires cpw.mods.securejarhandler; // TODO: [SM][Deprecation] Remove CPW compatibility

requires jdk.unsupported;
requires java.base;
requires org.junit.jupiter.api;
requires org.objectweb.asm;
requires org.objectweb.asm.tree;
requires net.minecraftforge.unsafe;

opens net.minecraftforge.securemodules.test to org.junit.platform.commons;
}
Loading

0 comments on commit 6178dbc

Please sign in to comment.