db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r470434 - in /db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests: tests/lang/RoutineSecurityTest.java tests/lang/_Suite.java util/derby_tests.policy
Date Thu, 02 Nov 2006 17:26:45 GMT
Author: djd
Date: Thu Nov  2 09:26:44 2006
New Revision: 470434

URL: http://svn.apache.org/viewvc?view=rev&rev=470434
Log:
DERBY-467 Add a new test for tesing security issues related to server side Java procedures
and functions.
New test is lang.RoutineSecurityTest.

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
  (with props)
Modified:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java?view=auto&rev=470434
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
Thu Nov  2 09:26:44 2006
@@ -0,0 +1,188 @@
+/*
+
+   Derby - Class org.apache.derbyTesting.functionTests.tests.lang.RoutineSecurityTest
+
+       Licensed to the Apache Software Foundation (ASF) under one
+       or more contributor license agreements.  See the NOTICE file
+       distributed with this work for additional information
+       regarding copyright ownership.  The ASF licenses this file
+       to you under the Apache License, Version 2.0 (the
+       "License"); you may not use this file except in compliance
+       with the License.  You may obtain a copy of the License at
+
+         http://www.apache.org/licenses/LICENSE-2.0
+
+       Unless required by applicable law or agreed to in writing,
+       software distributed under the License is distributed on an
+       "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+       KIND, either express or implied.  See the License for the
+       specific language governing permissions and limitations
+       under the License
+*/
+package org.apache.derbyTesting.functionTests.tests.lang;
+
+import java.sql.CallableStatement;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import junit.framework.Test;
+
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.CleanDatabaseTestSetup;
+import org.apache.derbyTesting.junit.TestConfiguration;
+
+/**
+ * Set of tests that ensure SQL routines implemented in Java are
+ * correctly restricted in their actions when a security manager
+ * is in place. Assumption is that the standard running of this
+ * test will setup a security manager.
+ *
+ */
+public class RoutineSecurityTest extends BaseJDBCTestCase {
+    
+    public RoutineSecurityTest(String name)
+    {
+        super(name);
+    }
+    
+    /**
+     * Test only runs in embedded as it is testing server
+     * side SQL routines implemented in Java.
+     */
+    public static Test suite()
+    {
+        Test suite = TestConfiguration.embeddedSuite(RoutineSecurityTest.class);
+        
+        // Create all the routines we need up front.
+        return new CleanDatabaseTestSetup(suite)
+            {
+              protected void decorateSQL(Statement s) throws SQLException {
+                  s.executeUpdate(
+                    "CREATE FUNCTION GET_SYS_PROP(PROPERTY_KEY VARCHAR(60)) " +
+                    "RETURNS VARCHAR(255) " +
+                    "EXTERNAL NAME 'java.lang.System.getProperty' " +
+                    "LANGUAGE JAVA PARAMETER STYLE JAVA");
+                  
+                  s.executeUpdate(
+                    "CREATE PROCEDURE DENIAL_OF_SERVICE(RC INT) " +
+                    "EXTERNAL NAME 'java.lang.System.exit' " +
+                    "LANGUAGE JAVA PARAMETER STYLE JAVA");
+                  
+                  s.executeUpdate(
+                     "CREATE PROCEDURE FORCEGC() " +
+                     "EXTERNAL NAME 'java.lang.System.gc' " +
+                     "LANGUAGE JAVA PARAMETER STYLE JAVA");
+
+               }
+             };
+    }
+    
+    /**
+     * Test obtaining a system property using the Java library
+     * method System.getProperty() directly. Note that since
+     * the system method is called directly there is no
+     * privilege block and so to read a property the permission
+     * must have been granted all the way up the stack *including*
+     * the generated class. This can only occur for a generic
+     * grant entry in the policy file (with no code URL). 
+     * 
+     * @throws SQLException
+     */
+    public void testGetSystemProperty() throws SQLException
+    {
+        PreparedStatement ps = prepareStatement("VALUES GET_SYS_PROP(?)");
+        
+        String[] restricted = {
+                "derby.system.home", // not granted to all code on the stack
+                "user.dir",  // restricted by jvm
+                // "user.home",  // restricted by jvm
+                "java.class.path", // restricted by jvm
+                "java.home",  // restricted by jvm
+                "derbyRoutineSecurityTest.no", // not granted at all
+                "derbyTesting.fred" // only granted to derbyTesting.jar
+                };
+        
+        for (int i = 0; i < restricted.length; i++)
+        {
+            ps.setString(1, restricted[i]);
+            try {
+                ResultSet rs =ps.executeQuery();
+                rs.next(); 
+                fail("Succeeded reading " + restricted[i] + rs.getString(1));
+            } catch (SQLException e) {
+                assertSecurityException(e);
+            }
+        }
+        
+        // Should be ok to read these unrestricted or
+        // granted_to_all_code properties.
+        String[] notRestrictedAndGranted = {
+           "java.version", // open to all readers
+           "java.specification.name", // open to all readers
+           "derbyRoutineSecurityTest.yes" // granted to all code in the policy file
+        };
+        for (int i = 0; i < notRestrictedAndGranted.length; i++)
+        {
+            ps.setString(1, notRestrictedAndGranted[i]);
+            ResultSet rs =ps.executeQuery();
+            rs.next(); 
+            rs.getString(1);
+            rs.close();
+        }
+        ps.close();
+    }
+    
+    /**
+     * Check that System.exit() cannot be called directly from a procedure.
+     * @throws SQLException
+     */
+    public void testSystemExit() throws SQLException
+    {
+        CallableStatement cs = prepareCall("CALL DENIAL_OF_SERVICE(?)");
+        
+        cs.setInt(1, -1);
+        try {
+            cs.executeUpdate();
+            fail("Tough to get here since exit would have been called.");
+        } catch (SQLException e) {
+            assertSecurityException(e);
+        }
+        cs.setInt(1, 0);
+        try {
+            cs.executeUpdate();
+            fail("Tough to get here since exit would have been called.");
+        } catch (SQLException e) {
+            assertSecurityException(e);
+        }
+        cs.close();
+    }
+    /**
+     * Check that System.gc() can be called directly from a procedure.
+     * @throws SQLException
+     */
+    public void testSystemGC() throws SQLException
+    {
+        CallableStatement cs = prepareCall("CALL FORCEGC()");
+        cs.executeUpdate();
+        cs.close();
+    }
+    
+    /**
+     * Test for a security exception within a routine.
+     * Current test is that the SQLException returned
+     * to the client has SQLState 38000 and wraps a
+     * SQLException with SQLState XJ001 which corresponds
+     * to wrapped Java exception.
+     * @param e
+     */
+    private void assertSecurityException(SQLException e)
+    {
+        assertSQLState("38000", e);
+        e = e.getNextException();
+        assertNotNull(e);
+        assertSQLState("XJ001", e);
+}
+
+}

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java?view=diff&rev=470434&r1=470433&r2=470434
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
Thu Nov  2 09:26:44 2006
@@ -58,10 +58,13 @@
         // the nightly runs.
         // suite.addTest(largeCodeGen.suite());
 
-		suite.addTest(PrepareExecuteDDL.suite());
-		suite.addTest(LangScripts.suite());
+
         suite.addTest(GroupByExpressionTest.suite());
+		suite.addTest(LangScripts.suite());
         suite.addTest(MathTrigFunctionsTest.suite());
+        suite.addTest(PrepareExecuteDDL.suite());
+        suite.addTest(RoutineSecurityTest.suite());
+        suite.addTest(SQLAuthorizationPropTest.suite());
         suite.addTest(TimeHandlingTest.suite());
         suite.addTest(VTITest.suite());
         suite.addTest(XMLTypeAndOpsTest.suite());
@@ -70,12 +73,7 @@
         // Add the NIST suite in from the nist package since
         // it is a SQL language related test.
         suite.addTest(NistScripts.suite());
-        
-        // This test internally sets derby.database.sqlAuthorization to true
-        // This property is not resettable and hence may affect other tests 
-        // using it and sharing the same database.
-        suite.addTest(SQLAuthorizationPropTest.suite());
-		
+        		
 		// Tests that are compiled using 1.4 target need to
 		// be added this way, otherwise creating the suite
 		// will throw an invalid class version error

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?view=diff&rev=470434&r1=470433&r2=470434
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Thu Nov  2 09:26:44 2006
@@ -168,3 +168,10 @@
     permission java.util.PropertyPermission "user.home", "read";
     permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
 };
+
+// functionTests.tests.lang.RoutineSecurityTest requires this grant
+// to check to see if permissions are granted through generated code
+// through this mechanism.
+grant {
+    permission java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read";
+};



Mime
View raw message