From axis-cvs-return-29984-apmail-ws-axis-cvs-archive=ws.apache.org@ws.apache.org Sun May 24 19:25:23 2009 Return-Path: Delivered-To: apmail-ws-axis-cvs-archive@www.apache.org Received: (qmail 68994 invoked from network); 24 May 2009 19:25:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 24 May 2009 19:25:22 -0000 Received: (qmail 2801 invoked by uid 500); 24 May 2009 19:25:35 -0000 Delivered-To: apmail-ws-axis-cvs-archive@ws.apache.org Received: (qmail 2621 invoked by uid 500); 24 May 2009 19:25:34 -0000 Mailing-List: contact axis-cvs-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-cvs@ws.apache.org Received: (qmail 2612 invoked by uid 500); 24 May 2009 19:25:34 -0000 Delivered-To: apmail-ws-axis2-cvs@ws.apache.org Received: (qmail 2609 invoked by uid 99); 24 May 2009 19:25:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 May 2009 19:25:34 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 May 2009 19:25:32 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id A84B3238889D; Sun, 24 May 2009 19:25:12 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r778216 - in /webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader: ./ JarFileClassLoaderTest.java Date: Sun, 24 May 2009 19:25:12 -0000 To: axis2-cvs@ws.apache.org From: veithen@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090524192512.A84B3238889D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: veithen Date: Sun May 24 19:25:12 2009 New Revision: 778216 URL: http://svn.apache.org/viewvc?rev=778216&view=rev Log: Added a regression test for AXIS2-4282. Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/JarFileClassLoaderTest.java (with props) Added: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/JarFileClassLoaderTest.java URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/JarFileClassLoaderTest.java?rev=778216&view=auto ============================================================================== --- webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/JarFileClassLoaderTest.java (added) +++ webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/JarFileClassLoaderTest.java Sun May 24 19:25:12 2009 @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.axis2.classloader; + +import java.io.File; +import java.net.URL; + +import junit.framework.TestCase; + +import org.apache.commons.io.FileUtils; + +public class JarFileClassLoaderTest extends TestCase { + private File tmpDir; + + @Override + protected void setUp() throws Exception { + tmpDir = new File(System.getProperty("java.io.tmpdir"), getClass().getName()); + if (tmpDir.exists()) { + FileUtils.deleteDirectory(tmpDir); + } + // Create the following files in the tmp directory: + // outside + // root/a + // root/dir/b + FileUtils.touch(new File(tmpDir, "outside")); + File root = new File(tmpDir, "root"); + root.mkdir(); + FileUtils.touch(new File(root, "a")); + File dir = new File(root, "dir"); + dir.mkdir(); + FileUtils.touch(new File(dir, "b")); + } + + @Override + protected void tearDown() throws Exception { + FileUtils.deleteDirectory(tmpDir); + } + + /** + * Test that if one of the URLs is a directory, the class loader doesn't allow access to files + * outside of that directory (by using ".." in the resource name). See AXIS2-4282. + *

+ * Note that while + * {@linkplain http://java.sun.com/j2se/1.4.2/docs/guide/resources/resources.html} suggests + * that ".." should be prohibited altogether, Sun's URLClassLoader implementation allows this, + * as long as the resource name doesn't specify a file outside of the directory. E.g. + * "dir/../a" is an allowed resource name (equivalent to "a"). + * + * @throws Exception + */ + public void testConfinement() throws Exception { + ClassLoader cl = new JarFileClassLoader(new URL[] { new File(tmpDir, "root").toURL() }); + assertNull(cl.getResource("../outside")); + assertNotNull(cl.getResource("a")); + assertNotNull(cl.getResource("dir/b")); + } +} Propchange: webservices/axis2/trunk/java/modules/kernel/test/org/apache/axis2/classloader/JarFileClassLoaderTest.java ------------------------------------------------------------------------------ svn:eol-style = native