public boolean isBlacklisted()

in core/src/main/java/jenkins/security/ClassFilterImpl.java [127:188]

• 61 lines of code
• 19 McCabe index (conditional complexity)

    public boolean isBlacklisted(Class _c) {
        for (CustomClassFilter f : ExtensionList.lookup(CustomClassFilter.class)) {
            Boolean r = f.permits(_c);
            if (r != null) {
                if (r) {
                    LOGGER.log(Level.FINER, "{0} specifies a policy for {1}: {2}", new Object[] {f, _c.getName(), true});
                } else {
                    notifyRejected(_c, _c.getName(), String.format("%s specifies a policy for %s: %s ", f, _c.getName(), r));
                }
                return !r;
            }
        }
        return cache.computeIfAbsent(_c, c -> {
            String name = c.getName();
            if (Main.isUnitTest && (name.contains("$$EnhancerByMockitoWithCGLIB$$") || name.contains("$$FastClassByMockitoWithCGLIB$$") || name.startsWith("org.mockito."))) {
                mockOff();
                return false;
            }
            if (ClassFilter.STANDARD.isBlacklisted(c)) { // currently never true, but may issue diagnostics
                notifyRejected(_c, _c.getName(), String.format("%s is not permitted ", _c.getName()));
                return true;
            }
            if (c.isArray()) {
                LOGGER.log(Level.FINE, "permitting {0} since it is an array", name);
                return false;
            }
            if (Throwable.class.isAssignableFrom(c)) {
                LOGGER.log(Level.FINE, "permitting {0} since it is a throwable", name);
                return false;
            }
            if (Enum.class.isAssignableFrom(c)) { // Class.isEnum seems to be false for, e.g., java.util.concurrent.TimeUnit$6
                LOGGER.log(Level.FINE, "permitting {0} since it is an enum", name);
                return false;
            }
            String location = codeSource(c);
            if (location != null) {
                if (isLocationWhitelisted(location)) {
                    LOGGER.log(Level.FINE, "permitting {0} due to its location in {1}", new Object[] {name, location});
                    return false;
                }
            } else {
                ClassLoader loader = c.getClassLoader();
                if (loader != null && loader.getClass().getName().equals("hudson.remoting.RemoteClassLoader")) {
                    LOGGER.log(Level.FINE, "permitting {0} since it was loaded by a remote class loader", name);
                    return false;
                }
            }
            if (WHITELISTED_CLASSES.contains(name)) {
                LOGGER.log(Level.FINE, "tolerating {0} by whitelist", name);
                return false;
            }
            if (SUPPRESS_WHITELIST || SUPPRESS_ALL) {
                notifyRejected(_c, null,
                        String.format("%s in %s might be dangerous, so would normally be rejected; see https://jenkins.io/redirect/class-filter/", name, location != null ?location : "JRE"));

                return false;
            }
            notifyRejected(_c, null,
                    String.format("%s in %s might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/", name, location != null ?location : "JRE"));
            return true;
        });
    }