lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From uschind...@apache.org
Subject svn commit: r1380391 - in /lucene/dev/trunk/lucene: common-build.xml test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
Date Mon, 03 Sep 2012 22:46:04 GMT
Author: uschindler
Date: Mon Sep  3 22:46:04 2012
New Revision: 1380391

URL: http://svn.apache.org/viewvc?rev=1380391&view=rev
Log:
LUCENE-4352: Only the test runner should be able to System.exit()

Added:
    lucene/dev/trunk/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
  (with props)
Modified:
    lucene/dev/trunk/lucene/common-build.xml

Modified: lucene/dev/trunk/lucene/common-build.xml
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/lucene/common-build.xml?rev=1380391&r1=1380390&r2=1380391&view=diff
==============================================================================
--- lucene/dev/trunk/lucene/common-build.xml (original)
+++ lucene/dev/trunk/lucene/common-build.xml Mon Sep  3 22:46:04 2012
@@ -799,7 +799,7 @@
             <!-- Restrict access to certain Java features and install security manager:
-->
             <sysproperty key="tests.sandbox.dir" value="${build.dir}" />
             <sysproperty key="clover.db.dir" value="${clover.db.dir}" />
-            <sysproperty key="java.security.manager" value="java.lang.SecurityManager"
/>
+            <sysproperty key="java.security.manager" value="org.apache.lucene.util.TestSecurityManager"
/>
             <sysproperty key="java.security.policy" value="${common.dir}/tools/junit4/tests.policy"
/>
 
             <sysproperty key="lucene.version" value="${dev.version}"/>

Added: lucene/dev/trunk/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
URL: http://svn.apache.org/viewvc/lucene/dev/trunk/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java?rev=1380391&view=auto
==============================================================================
--- lucene/dev/trunk/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
(added)
+++ lucene/dev/trunk/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
Mon Sep  3 22:46:04 2012
@@ -0,0 +1,90 @@
+package org.apache.lucene.util;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * A {@link SecurityManager} that prevents tests calling {@link System#exit(int)}.
+ * Only the test runner itself is allowed to exit the JVM.
+ * All other security checks are handled by the default security policy.
+ * <p>
+ * Use this with {@code -Djava.security.manager=org.apache.lucene.util.TestSecurityManager}.
+ */ 
+public final class TestSecurityManager extends SecurityManager {
+  
+  static final String TEST_RUNNER_PACKAGE = "com.carrotsearch.ant.tasks.junit4.";
+
+  /**
+   * Creates a new TestSecurityManager. This ctor is called on JVM startup,
+   * when {@code -Djava.security.manager=org.apache.lucene.util.TestSecurityManager}
+   * is passed to JVM.
+   */
+  public TestSecurityManager() {
+    super();
+  }
+
+  /**
+   * {@inheritDoc}
+   * <p>This method inspects the stack trace and checks who is calling
+   * {@link System#exit(int)} and similar methods
+   * @throws SecurityException if the caller of this method is not the test runner itself.
+   */
+  @Override
+  public void checkExit(final int status) {
+    AccessController.doPrivileged(new PrivilegedAction<Void>() {
+      @Override
+      public Void run() {
+        final String systemClassName = System.class.getName(),
+            runtimeClassName = Runtime.class.getName();
+        String exitMethodHit = null;
+        for (final StackTraceElement se : Thread.currentThread().getStackTrace()) {
+          final String className = se.getClassName(), methodName = se.getMethodName();
+          if (
+            ("exit".equals(methodName) || "halt".equals(methodName)) &&
+            (systemClassName.equals(className) || runtimeClassName.equals(className))
+          ) {
+            exitMethodHit = className + '#' + methodName + '(' + status + ')';
+            continue;
+          }
+          
+          if (exitMethodHit != null) {
+            if (className.startsWith(TEST_RUNNER_PACKAGE)) {
+              // this exit point is allowed, we return normally from closure:
+              return /*void*/ null;
+            } else {
+              // anything else in stack trace is not allowed, break and throw SecurityException
below:
+              break;
+            }
+          }
+        }
+        
+        if (exitMethodHit == null) {
+          // should never happen, only if JVM hides stack trace - replace by generic:
+          exitMethodHit = "JVM exit method";
+        }
+        throw new SecurityException(exitMethodHit + " calls are not allowed because they
terminate the test runner's JVM.");
+      }
+    });
+    
+    // we passed the stack check, delegate to super, so default policy can still deny permission:
+    super.checkExit(status);
+  }
+
+}



Mime
View raw message