Skip to content

Allowlist known blocking methods from BlockHound #2897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Dec 8, 2021
Merged

Allowlist known blocking methods from BlockHound #2897

merged 6 commits into from
Dec 8, 2021

Conversation

Bennett-Lynch
Copy link
Contributor

@Bennett-Lynch Bennett-Lynch commented Dec 7, 2021
edited
Loading

There are two known occurrences where the SDK may currently block from within a Netty EventLoop:

  1. Blocking call inside of a software.amazon.awssdk.http.nio.netty.internal.BetterSimpleChannelPool.close #2145
  2. Blocking call while resolving credentials inside an EKS cluster using DynamoDB async client (Blockhound) #2360

Allowing BlockHound to forbid these operations may fail existing integration and stability tests. While we have outstanding issues to fix these items, until they are resolved, we need to allow our existing integration tests to continue to pass. We should explicitly allow-list these methods so that they do not interfere with existing tests and so that we maintain visibility on future regression detection.

License

  • I confirm that this pull request can be released under the Apache 2 license

Bennett Lynch added 2 commits December 7, 2021 13:24
Allow-list known blocking methods from BlockHound
8ca82d5 
There are two known occurrences where the SDK may currently block from
within a Netty EventLoop:

1. aws#2145
2. aws#2360

Allowing BlockHound to forbid these operations may fail existing
integration and stability tests. While we have outstanding issues to fix
these items, until they are resolved, we need to allow our existing
integration tests to continue to pass. We should explicitly allow-list
these methods so that they do not interfere with existing tests and so
that we maintain visibility on future regression detection.
Add change log entry
bd8c48c
@Bennett-Lynch Bennett-Lynch requested a review from a team as a code owner December 7, 2021 21:27
@Bennett-Lynch Bennett-Lynch changed the title Blockhound allow Allow-list known blocking methods from BlockHound Dec 7, 2021
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 8, 2021

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@Bennett-Lynch Bennett-Lynch changed the title Allow-list known blocking methods from BlockHound Allowlist known blocking methods from BlockHound Dec 8, 2021
@Bennett-Lynch Bennett-Lynch merged commit cdb293b into aws:master Dec 8, 2021
aws-sdk-java-automation pushed a commit that referenced this pull request Feb 9, 2024
@cenedhryn
Merge pull request #2897 from aws/salande/bump-minor-version-2.24.0
9e6ca78 
Bumping minor version to 2.24.0 due to core refactoring and moving aw…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zoewangg zoewangg zoewangg approved these changes

@joviegas joviegas joviegas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Bennett-Lynch @zoewangg @joviegas