groovy-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul King (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (GROOVY-7842) MarkupTemplateEngine totally broken when used with a Security Manager
Date Thu, 30 Jun 2016 15:28:10 GMT

     [ https://issues.apache.org/jira/browse/GROOVY-7842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Paul King updated GROOVY-7842:
------------------------------
    Summary: MarkupTemplateEngine totally broken when used with a Security Manager  (was:
MarkupTemplateEngine Totally Broken )

> MarkupTemplateEngine totally broken when used with a Security Manager
> ---------------------------------------------------------------------
>
>                 Key: GROOVY-7842
>                 URL: https://issues.apache.org/jira/browse/GROOVY-7842
>             Project: Groovy
>          Issue Type: Bug
>          Components: Templating
>    Affects Versions: 2.4.5, 2.4.6
>            Reporter: Scott Murphy
>            Priority: Blocker
>
> {code:title=TemplateServlet.java|borderStyle=solid}
> TemplateServer.createAndStoreTemplate(String key, InputStream inputStream, File file)
> // ...
>     Template template = engine.createTemplate(reader);
> {code}
> {code:title=MarkupTemplateEngine.java|borderStyle=solid}
>     public Template createTemplate(final Reader reader) throws CompilationFailedException,
ClassNotFoundException, IOException {
>         return new MarkupTemplateMaker(reader, null, null);
>     }
> {code}
> Calls MarkupTemplateEngine.MarkupTemplateMaker
> {code:title=MarkupTemplateEngine.java|borderStyle=solid}
>         public MarkupTemplateMaker(final Reader reader, String sourceName, Map<String,
String> modelTypes) {
>             String name = sourceName != null ? sourceName : "GeneratedMarkupTemplate"
+ counter.getAndIncrement();
>             templateClass = groovyClassLoader.parseClass(new GroovyCodeSource(reader,
name, ""), modelTypes);
>             this.modeltypes = modelTypes;
>         }
> {code}
> Note: GroovyCodeSource(reader, name, "")
> {code:title=GroovyCodeSource.java|borderStyle=solid}
>     public GroovyCodeSource(Reader reader, String name, String codeBase) {
>         this.name = name;
>         this.codeSource = createCodeSource(codeBase);
> {code}
> Note: createCodeSource(codeBase); -> createCodeSource("");
> {code:title=GroovyCodeSource.java|borderStyle=solid}
>     private static CodeSource createCodeSource(final String codeBase) {
>         SecurityManager sm = System.getSecurityManager();
>         if (sm != null) {
>             sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
>         }
> {code}
> Note: GroovyCodeSourcePermission(codeBase) -> GroovyCodeSourcePermission("")
> {code:title=GroovyCodeSourcePermission.java|borderStyle=solid}
> public final class GroovyCodeSourcePermission extends BasicPermission {
>     public GroovyCodeSourcePermission(String name) {
>         super(name);
>     }
>     public BasicPermission(String name)
>     {
>         super(name);
>         init(name);
>     }
>     /**
>      * initialize a BasicPermission object. Common to all constructors.
>      *
>      */
>     private void init(String name)
>     {
>         if (name == null)
>             throw new NullPointerException("name can't be null");
>         int len = name.length();
>         if (len == 0) {
>             throw new IllegalArgumentException("name can't be empty");
>         }
> {code}
> BOOM -> IllegalArgumentException
> In summary: MarkupTemplateMaker creates a GroovyCodeSource where codeBase is equal to
"".  BasicPermission does not allow names to have zero length thus causing an exception.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message