Scan jars found in `drivers` and `jarDirs` - and only allow jdbc and hsm drivers

Description

Currently nodes can add anything to the system classpath using the `drivers` and `jarDirs` folders.

This has subtle unintended consequences because it impacts how transaction verification is run.
(Tx verification is run in a classloader who's parent is the system classloader.)

The proposal is to scan these extra jars.
If anything other then jdbc drivers or hsm drivers (on enterprise) is found, then log a warning and also expose this to the health check tool.
Maybe add a default setting to stop the node in such a case, and nodes can opt-in if they need for some reason to add something.

To make it even more tight we could only allow the jdbc driver and hsm driver actually in use by the node.

CVSS Vector

None

Status

Assignee

Unassigned

Reporter

Tudor Malene

Labels

None

Feature Team

Select team

Story Points

None

Fix versions

None

Ported to...

None

Priority

Medium
Configure