river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject Re: Future of River
Date Sat, 08 Oct 2016 13:02:02 GMT
Who can guess what the appended tests are testing?

If you said ServiceDiscoveryManager, you'd be half right.

These are the ServiceDiscoveryManager conformance tests, they are 
testing SDM and LookupCache using a new ServiceRegistrar lookup method 
which allows the following:

   1. Delayed Unmarshalling.
   2. Authentication before attribute, codebase and service download.
   3. Local filtering based on attributes prior to service download
      (don't download services you don't need).
   4. Dynamic granting of DownloadPermission and
      DeserializationPermission to a service, prior to downloading that
      service.
   5. Input validation of deserialized data.

Regards,

Peter.

ant -f C:\\Users\\peter\\Documents\\NetBeansProjects\\river-internet\\qa 
run-categories
james-brown:
Deleting directory 
C:\Users\peter\Documents\NetBeansProjects\river-internet\qa\soul
Created dir: 
C:\Users\peter\Documents\NetBeansProjects\river-internet\qa\soul
Creating 
C:\Users\peter\Documents\NetBeansProjects\river-internet\qa\soul\soul.201610082115036508
run-categories:

-----------------------------------------
CONFIGURATION FILE:

    
C:\Users\peter\Documents\NetBeansProjects\river-internet\qa\src\org\apache\river\test\resources\qaHarness.prop

-----------------------------------------
SETTING UP THE TEST LIST:

    Adding test: 
org/apache/river/test/impl/servicediscovery/TerminateSemantics.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/cache/CacheTerminateSemantics.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/AddListenerEvent.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/DiscardDownReDiscover.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/DiscardServiceDown.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/DiscardServiceUp.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/LookupDropProxyTaskRace.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/LookupTaskRace.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/LookupTaskServiceIdMapRace.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/NotifyEventDropProxyTaskRace.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/ReRegisterBadEquals.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/ReRegisterGoodEquals.td
    Adding test: 
org/apache/river/test/impl/servicediscovery/event/ServiceDiscardCacheTerminate.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/DefaultDiscoverPublic.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/cache/AddListenerNPE.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/cache/CacheDiscard.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/cache/CacheLookup.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/cache/CacheLookupFilterFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/cache/CacheLookupFilterNoFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/cache/CacheLookupNoFilterFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/discovery/Locator.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/discovery/MulticastAnnouncement.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/discovery/MulticastRequest.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/discovery/Permission.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/event/AddAttrServiceChanged.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/event/ModifyAttrServiceChanged.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/event/SetAttrServiceChanged.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/Lookup.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMax.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMaxFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMinEqualsMax.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMinEqualsMaxFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMinLessMax.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMinLessMaxFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMinMaxNoBlock.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupMinMaxNoBlockFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupWait.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupWaitFilter.td
    Adding test: 
org/apache/river/test/spec/servicediscovery/lookup/LookupWaitNoBlock.td

-----------------------------------------
GENERAL HARNESS CONFIGURATION INFORMATION:

    Date started:
       Sat Oct 08 21:15:40 EST 2016
    Installation directory of the JSK:
       
org.apache.river.jsk.home=C:\Users\peter\Documents\NetBeansProjects\river-internet
    Installation directory of the harness:
       
org.apache.river.qa.home=C:\Users\peter\Documents\NetBeansProjects\river-internet\qa
    Categories being tested:
       categories=servicediscovery
-----------------------------------------
ENVIRONMENT PROPERTIES:

    JVM information:
       Java HotSpot(TM) Client VM, 25.0-b70, 32 bit VM mode
       Oracle Corporation
    OS information:
       Windows 7, 6.1, x86

-----------------------------------------
STARTING TO RUN THE TESTS

<SNIP>

SUMMARY =================================

org/apache/river/test/impl/servicediscovery/TerminateSemantics.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/cache/CacheTerminateSemantics.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/AddListenerEvent.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/DiscardDownReDiscover.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/DiscardServiceDown.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/DiscardServiceUp.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/LookupDropProxyTaskRace.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/LookupTaskRace.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/LookupTaskServiceIdMapRace.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/NotifyEventDropProxyTaskRace.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/ReRegisterBadEquals.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/ReRegisterGoodEquals.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/impl/servicediscovery/event/ServiceDiscardCacheTerminate.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/DefaultDiscoverPublic.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/cache/AddListenerNPE.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/cache/CacheDiscard.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/cache/CacheLookup.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/cache/CacheLookupFilterFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/cache/CacheLookupFilterNoFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/cache/CacheLookupNoFilterFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/discovery/Locator.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/discovery/MulticastAnnouncement.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/discovery/MulticastRequest.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/discovery/Permission.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/event/AddAttrServiceChanged.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/event/ModifyAttrServiceChanged.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/event/SetAttrServiceChanged.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/Lookup.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMax.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMaxFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMinEqualsMax.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMinEqualsMaxFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMinLessMax.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMinLessMaxFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMinMaxNoBlock.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupMinMaxNoBlockFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupWait.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupWaitFilter.td
Test Passed: OK

-----------------------------------------
org/apache/river/test/spec/servicediscovery/lookup/LookupWaitNoBlock.td
Test Passed: OK

-----------------------------------------

# of tests started   = 40
# of tests completed = 40
# of tests passed    = 40
# of tests failed    = 0

-----------------------------------------

    Date finished:
       Sat Oct 08 22:47:58 EST 2016
    Time elapsed:
       5539 seconds

collect-result:
BUILD SUCCESSFUL (total time: 92 minutes 22 seconds)


On 8/10/2016 10:35 PM, Peter wrote:
> Thanks Patricia.
>
> It would be nice if we could hear a little about what people want for 
> River going forward.
>
> Regards,
>
> Peter.
>
>
> On 7/10/2016 5:08 PM, Patricia Shanahan wrote:
>> This message is to change the subject line. These comments are far 
>> too important to be mistaken for being part of wrapping up the 3.0 
>> release.
>>
>> On 10/6/2016 10:57 PM, Peter wrote:
>>> To answer my own question, a list of items that require attention:
>>> 1. Modular build.
>>> 2. Improved IPv6 support
>>> 3. Update to TLS v1.2 and update constraints.
>>> 4. Investigate Maven codebase provisioning, do we need to use the 
>>> Maven ClassWorlds ClassLoaders, what about proxy identity?
>>> 5. Fix security.
>>> 6. Update website.
>>> 7. Development guide for River devs.
>>> 8. Redundancy?
>>> 9. Update user docs, perhaps update Jan Newmarch's book?
>>>
>>> Cheers,
>>>
>>> Peter.
>>>
>>>
>>>
>>>
>>> Sent from my Samsung device.
>>>
>>>   Include original message
>>> ---- Original message ----
>>> From: Peter <jini@zeus.net.au>
>>> Sent: 07/10/2016 12:25:01 pm
>>> To: dev@river.apache.org
>>> Subject: Re: [VOTE] Release Apache River 3.0.0
>>>
>>> The question is of course where to next?
>>>
>>> As people are aware I've been working on addressing security issues and
>>> how to make River better and more secure.  I've been working on this
>>> outside the project because my attempts to discuss it caused heated
>>> arguments.  I figured that if I could demonstrate a working example 
>>> that
>>> people could try out, it could allevieate any misunderstandings that 
>>> may
>>> have developed due to language or culture differences.
>>>
>>> River's approach to security (a result of the Jini Davis project) is
>>> quite complex and contains a flaw borne out of two limitations around
>>> the time it was developed:
>>>
>>>    1. The assumption that the Java sandbox and java serialization was
>>>       secure (we know today this isn't the case).
>>>    2. Interfaces cannot be changed (no longer true with java 8), in 
>>> this
>>>       case ServiceRegistrar was designed prior to the later added on
>>>       security features.
>>>
>>> What's wrong with River's approach?
>>>
>>> Answer:  It validates and authenticates after downloading code and
>>> deserializing untrusted data, using the proxy trust framework, by 
>>> asking
>>> an already downloaded and deserialized service proxy for a bootstrap
>>> proxy, the client code then uses the boostrap proxy to determine if the
>>> service proxy can be trusted.  Too little too late.  Why not instead
>>> recieve a bootstrap proxy, deserialized using input validation, without
>>> code download, authenticate the remote endpoint, then ask the bootstrap
>>> proxy for the service proxy?
>>>
>>> The trouble with the existing approach today is an attacker has
>>> opportunity to take control of a computer using deserialization alone.
>>> For those who think a network firewall is sufficient protection and the
>>> flawed security design isn't an issue on local networks, even in air
>>> gapped networks, an attacker can leave a USB key in a car park
>>> containing malware that looks for network transmissions that contain
>>> java serialized data, hoping that someone will pick it up and plug it
>>> into their pc, the malware will send serial data containing a gadget
>>> attack to a listening network port that accepts java serial data and
>>> take over the infected computer.
>>>
>>> All network communications using standard java serialization must be
>>> both authenticated and encrypted, prior to reading in any data to 
>>> ensure
>>> that the data is trusted.
>>>
>>> I think we can all accept that these vulnerabilities exist and googling
>>> java serialization gadget attacks should convince even the most 
>>> doubtful
>>> sceptic.
>>>
>>> Relevant links:
>>> https://www.apache.org/dev/committers.html#apache-way
>>> http://www.apache.org/security/committers.html
>>>
>>> I would like the opportunity to explain more, and go through working
>>> examples of solutions before we start arguing about whether we should
>>> solve these problems.  Anyone reading the Apache Way will realise that
>>> security is a mandatory feature of Apache Software and therefore we
>>> should consider how we should fix existing security issues in River and
>>> while doing so, take the opportunity to make security simpler to
>>> implement.  Arguments should not be about the relevance of security
>>> issues, but rather the suitablility of solutions.
>>>
>>> Regards,
>>>
>>> Peter.
>>>
>>> On 6/10/2016 2:04 PM, Bryan Thompson wrote:
>>>>  Excellent.  A great step.
>>>>  Bryan
>>>>
>>>>  On Wednesday, October 5, 2016, Peter 
>>>> Firmstone<peter.firmstone@zeus.net.au>
>>>>  wrote:
>>>>
>>>>>  Results:
>>>>>
>>>>>  3 binding votes
>>>>>  1 non binding
>>>>>
>>>>>  None against.
>>>>>
>>>>>  The artifacts have been published, we need to wait 24 hours before
>>>>>  announcing.
>>>>>
>>>>>  Regards,
>>>>>
>>>>>  Peter.
>>>>>
>>>>>  Sent from my Samsung device.
>>>>>
>>>>>
>>>
>>>
>>>
>>
>
>


Mime
View raw message