db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1951) Missing directory separator in path construction in 'NetworkServerTestSetup.setUp'
Date Tue, 10 Oct 2006 17:12:23 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1951?page=comments#action_12441211 ] 
Bryan Pendleton commented on DERBY-1951:

Your patch seems reasonable to me. If it were me, I would probably write the additional lines
of code to omit the "extra" separator, something like:

  String fileName = System.getProperty("derby.system.home");
  if (!fileName.endsWith(FILESEPARATOR))
      fileName = fileName + FILESEPARATOR;
  fileName = fileName + "serverConsoleOutput.log";

The reason I would do this is that it doesn't seem like that much more code, and it avoids
the possibility that somebody down the road in the future will be crawling through things
and see something like /home/bpendleton/derby//serverConsoleOutput.log and think,
even if just for a second, that "something is missing between 'derby' and 'serverConsoleOutput.log'".

Writing the extra code to avoid this now seems like it might save people time in the
future by making the fileName string self-evidently correct.

> Missing directory separator in path construction in 'NetworkServerTestSetup.setUp'
> ----------------------------------------------------------------------------------
>                 Key: DERBY-1951
>                 URL: http://issues.apache.org/jira/browse/DERBY-1951
>             Project: Derby
>          Issue Type: Bug
>          Components: Test
>    Affects Versions:
>            Reporter: Kristian Waagan
>         Assigned To: Kristian Waagan
>         Attachments: derby-1951-1a.diff
> When constructing the path for the server output file, the directory separator (typically
'/') is omitted, causing a security violation when running under the security manager. Here's
a sample stack trace for a JUnit run:
> 1) AllPackagesjava.security.AccessControlException: access denied
> (java.io.FilePermission /some/pathserverConsoleOutput.log write)
>        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
>        at java.security.AccessController.checkPermission(AccessController.java:401)
>        at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
>        at java.lang.SecurityManager.checkWrite(SecurityManager.java:954)
>        at java.io.FileOutputStream.<init>(FileOutputStream.java:169)
>        at java.io.FileOutputStream.<init>(FileOutputStream.java:70)
>        at org.apache.derbyTesting.junit.NetworkServerTestSetup$1.run(NetworkServerTestSetup.java:72
> )
>        at java.security.AccessController.doPrivileged(Native Method)
>        at org.apache.derbyTesting.junit.NetworkServerTestSetup.setUp(NetworkServerTestSetup.java:65
> )
>        at junit.extensions.TestSetup$1.protect(TestSetup.java:18)
>        at junit.extensions.TestSetup.run(TestSetup.java:23)
>        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
>        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
>        at junit.extensions.TestSetup.run(TestSetup.java:23) 

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message