Consider multi release jars when running third party audit (#33206)

Exclude classes meant for newer versions than what we are auditing against, those classes won't be found. There's no reason to exclude JDK classes from newer versions, with this PR, we will not extract them in the first place.

Author: alpar-t

buildSrc/src/main/groovy/org/elasticsearch/gradle/precommit/PrecommitTasks.groovy

@@ -87,6 +87,7 @@ class PrecommitTasks {
             dependsOn(buildResources)
             signatureFile = buildResources.copy("forbidden/third-party-audit.txt")
             javaHome = project.runtimeJavaHome
+            targetCompatibility = project.runtimeJavaVersion
         }
         return thirdPartyAuditTask
     }

buildSrc/src/main/java/org/elasticsearch/gradle/precommit/ThirdPartyAuditTask.java

@@ -23,6 +23,7 @@
 import org.elasticsearch.test.NamingConventionsCheck;
 import org.gradle.api.DefaultTask;
 import org.gradle.api.GradleException;
+import org.gradle.api.JavaVersion;
 import org.gradle.api.artifacts.Configuration;
 import org.gradle.api.file.FileCollection;
 import org.gradle.api.tasks.Input;
@@ -66,6 +67,17 @@ public class ThirdPartyAuditTask extends DefaultTask {
 
     private String javaHome;
 
+    private JavaVersion targetCompatibility;
+
+    @Input
+    public JavaVersion getTargetCompatibility() {
+        return targetCompatibility;
+    }
+
+    public void setTargetCompatibility(JavaVersion targetCompatibility) {
+        this.targetCompatibility = targetCompatibility;
+    }
+
     @InputFiles
     public Configuration getForbiddenAPIsConfiguration() {
         return getProject().getConfigurations().getByName("forbiddenApisCliJar");
@@ -157,10 +169,19 @@ public void runThirdPartyAudit() throws IOException {
 
     private void extractJars(FileCollection jars) {
         File jarExpandDir = getJarExpandDir();
+        // We need to clean up to make sure old dependencies don't linger
+        getProject().delete(jarExpandDir);
         jars.forEach(jar ->
             getProject().copy(spec -> {
                 spec.from(getProject().zipTree(jar));
                 spec.into(jarExpandDir);
+                // Exclude classes for multi release jars above target
+                for (int i = Integer.parseInt(targetCompatibility.getMajorVersion()) + 1;
+                     i <= Integer.parseInt(JavaVersion.VERSION_HIGHER.getMajorVersion());
+                     i++
+                ) {
+                  spec.exclude("META-INF/versions/" + i + "/**");
+                }
             })
         );
     }

server/build.gradle

@@ -304,21 +304,6 @@ thirdPartyAudit.excludes = [
   'com.google.common.geometry.S2LatLng',
 ]
 
-if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
-          // Used by Log4J 2.11.1
-            'java.io.ObjectInputFilter',
-            'java.io.ObjectInputFilter$Config',
-            'java.io.ObjectInputFilter$FilterInfo',
-            'java.io.ObjectInputFilter$Status',
-          // added in 9
-            'java.lang.ProcessHandle',
-            'java.lang.StackWalker',
-            'java.lang.StackWalker$Option',
-            'java.lang.StackWalker$StackFrame'
-  ]
-}
-
 if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
   thirdPartyAudit.excludes += ['javax.xml.bind.DatatypeConverter']
 }

test/logger-usage/build.gradle

@@ -42,23 +42,4 @@ thirdPartyAudit.excludes = [
   'org.osgi.framework.SynchronousBundleListener',
   'org.osgi.framework.wiring.BundleWire',
   'org.osgi.framework.wiring.BundleWiring'
-]
-
-if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-  // Used by Log4J 2.11.1
-  thirdPartyAudit.excludes += [
-    'java.io.ObjectInputFilter',
-    'java.io.ObjectInputFilter$Config',
-    'java.io.ObjectInputFilter$FilterInfo',
-    'java.io.ObjectInputFilter$Status'
-  ]
-}
-
-if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
-  thirdPartyAudit.excludes += [
-     'java.lang.ProcessHandle',
-     'java.lang.StackWalker',
-     'java.lang.StackWalker$Option',
-     'java.lang.StackWalker$StackFrame'
-  ]
-}
+]

x-pack/plugin/sql/sql-action/build.gradle

@@ -138,23 +138,4 @@ thirdPartyAudit.excludes = [
         'org.zeromq.ZMQ$Context',
         'org.zeromq.ZMQ$Socket',
         'org.zeromq.ZMQ'
-]
-
-if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
-    // Used by Log4J 2.11.1
-    thirdPartyAudit.excludes += [
-      'java.io.ObjectInputFilter',
-      'java.io.ObjectInputFilter$Config',
-      'java.io.ObjectInputFilter$FilterInfo',
-      'java.io.ObjectInputFilter$Status'
-    ]
-}
-
-if (project.runtimeJavaVersion == JavaVersion.VERSION_1_8) {
-    thirdPartyAudit.excludes += [
-      'java.lang.ProcessHandle',
-      'java.lang.StackWalker',
-      'java.lang.StackWalker$Option',
-      'java.lang.StackWalker$StackFrame'
-    ]
-}
+]