Open
Description
Elasticsearch Version
8.18.2
Installed Plugins
No response
Java Version
bundled
OS Version
Darwin Kernel Version 24.5.0: Tue Apr 22 19:54:49 PDT 2025; root:xnu-11417.121.6~2/RELEASE_ARM64_T6000 arm64
Problem Description
The document: https://www.elastic.co/guide/en/elasticsearch/plugins/8.18/_entitlements.html said that
A plugin is always granted read access to the Elasticsearch config directory and read_write access to the temp directory.
But I can't use File.createTempFile in my plugin. Because the PolicyManager has an logic in verifying the file path in line 527.
@SuppressForbidden(reason = "Explicitly checking File apis")
public void checkFileWrite(Class<?> callerClass, File file) {
checkFileWrite(callerClass, file.toPath());
}
The Java File.createTempFile could use null directory for creating the temp file. The code in verifying the file path could cause null pointer issue which leads the plugin logic crash.
Steps to Reproduce
N/A
Logs (if relevant)
ava.lang.NullPointerException: Cannot invoke "java.io.File.toPath()" because "file" is null
at org.elasticsearch.entitlement.runtime.policy.PolicyManager.checkFileWrite(PolicyManager.java:527) ~[elasticsearch-entitlement-8.18.2.jar:?]
at org.elasticsearch.entitlement.runtime.api.ElasticsearchEntitlementChecker.check$java_io_File$$createTempFile(ElasticsearchEntitlementChecker.java:1436) ~[elasticsearch-entitlement-8.18.2.jar:?]
at java.io.File.createTempFile(File.java) ~[?:?]