vhardy 02/04/30 02:24:53
Modified: samples/tests/spec/scripting security.svg security2.svg
security2.jar
samples/tests/resources/script rhinoSecurity.js
samples/tests/resources/java/sources/com/untrusted/script
UntrustedScriptHandler.java
Log:
Improved security tests
Revision Changes Path
1.2 +15 -3 xml-batik/samples/tests/spec/scripting/security.svg
Index: security.svg
===================================================================
RCS file: /home/cvs/xml-batik/samples/tests/spec/scripting/security.svg,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- security.svg 30 Apr 2002 08:45:16 -0000 1.1
+++ security.svg 30 Apr 2002 09:24:52 -0000 1.2
@@ -25,7 +25,7 @@
<!-- - access to SSL is denied. -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
-<!-- @version $Id: security.svg,v 1.1 2002/04/30 08:45:16 vhardy Exp $ -->
+<!-- @version $Id: security.svg,v 1.2 2002/04/30 09:24:52 vhardy Exp $ -->
<!-- ========================================================================= -->
<?xml-stylesheet type="text/css" href="../../resources/style/test.css" ?>
@@ -93,7 +93,7 @@
<!-- ============================================================= -->
<g id="testContent">
<text x="225" y="30" class="title">
- Security Check
+ ECMA Script Security Check
</text>
<defs>
@@ -159,13 +159,25 @@
<!-- =========================================== -->
<!-- Button for starting the security check -->
<!-- =========================================== -->
- <g transform="translate(225, 470)" onmouseover="setAttribute('runTest',
'fill', 'gold')"
+ <g transform="translate(90, 470)" onmouseover="setAttribute('runTest',
'fill', 'gold')"
onmouseout="setAttribute('runTest', 'fill', 'lightgray')"
onclick="runEcmascriptSecurityTest()">
<rect id="runTest" x="-40" y="-10" width="80" height="20"
stroke="black" fill="lightgray" />
<text x="0" y="5" text-anchor="middle">Run Test</text>
+ </g>
+
+ <!-- =========================================== -->
+ <!-- Used to display the overall status -->
+ <!-- =========================================== -->
+ <g id="globalStatusGroup">
+ <rect x="380" y="460" width="20" height="20"
+ class="tableCell" />
+ <rect id="globalStatus"
+ x="383" y="463" width="14" height="14"
+ class="untested" />
+ <text id="successRatio" x="375" y="475" text-anchor="end">not
run</text>
</g>
</g>
1.2 +16 -3 xml-batik/samples/tests/spec/scripting/security2.svg
Index: security2.svg
===================================================================
RCS file: /home/cvs/xml-batik/samples/tests/spec/scripting/security2.svg,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- security2.svg 30 Apr 2002 08:45:16 -0000 1.1
+++ security2.svg 30 Apr 2002 09:24:52 -0000 1.2
@@ -28,7 +28,7 @@
<!-- This test is designed for Java Language scripting. -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
-<!-- @version $Id: security2.svg,v 1.1 2002/04/30 08:45:16 vhardy Exp $ -->
+<!-- @version $Id: security2.svg,v 1.2 2002/04/30 09:24:52 vhardy Exp $ -->
<!-- ========================================================================= -->
<?xml-stylesheet type="text/css" href="../../resources/style/test.css" ?>
@@ -100,7 +100,7 @@
<!-- ============================================================= -->
<g id="testContent">
<text x="225" y="30" class="title">
- Security Check
+ Java Jar-file Security Check
</text>
<defs>
@@ -166,13 +166,26 @@
<!-- =========================================== -->
<!-- Button for starting the security check -->
<!-- =========================================== -->
- <g transform="translate(225, 470)" onmouseover="setAttribute('runTest',
'fill', 'gold')"
+ <g transform="translate(90, 470)" onmouseover="setAttribute('runTest',
'fill', 'gold')"
onmouseout="setAttribute('runTest', 'fill', 'lightgray')">
<rect id="runTest" x="-40" y="-10" width="80" height="20"
stroke="black" fill="lightgray" />
<text x="0" y="5" text-anchor="middle">Run Test</text>
</g>
+
+ <!-- =========================================== -->
+ <!-- Used to display the overall status -->
+ <!-- =========================================== -->
+ <g id="globalStatusGroup">
+ <rect x="380" y="460" width="20" height="20"
+ class="tableCell" />
+ <rect id="globalStatus"
+ x="383" y="463" width="14" height="14"
+ class="untested" />
+ <text id="successRatio" x="375" y="475" text-anchor="end">not run</text>
+ </g>
+
</g>
1.2 +24 -27 xml-batik/samples/tests/spec/scripting/security2.jar
<<Binary file>>
1.2 +38 -1 xml-batik/samples/tests/resources/script/rhinoSecurity.js
Index: rhinoSecurity.js
===================================================================
RCS file: /home/cvs/xml-batik/samples/tests/resources/script/rhinoSecurity.js,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- rhinoSecurity.js 30 Apr 2002 08:45:16 -0000 1.1
+++ rhinoSecurity.js 30 Apr 2002 09:24:53 -0000 1.2
@@ -1,3 +1,24 @@
+/*****************************************************************************
+ * Copyright (C) The Apache Software Foundation. All rights reserved. *
+ * ------------------------------------------------------------------------- *
+ * This software is published under the terms of the Apache Software License *
+ * version 1.1, a copy of which has been included with this distribution in *
+ * the LICENSE file. *
+ *****************************************************************************/
+
+/**
+ * This ECMA Script file represents an example of untrusted code.
+ *
+ * It creates a number of Java Permissions and checks that access is denied.
+ * the tests fail if the Permissions are granted.
+ *
+ * The only thing that the class should be allowed to make is a connection
+ * back to the server that served the document containing this script.
+ *
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
+ * @version $Id: rhinoSecurity.js,v 1.2 2002/04/30 09:24:53 vhardy Exp $
+ */
+
importPackage(Packages.java.awt);
importPackage(Packages.java.io);
importPackage(Packages.java.lang.reflect);
@@ -151,10 +172,11 @@
function runEcmascriptSecurityTest(){
var sm = System.getSecurityManager();
-
+ var successCnt = 0;
if (sm == null){
for (var i=0; i<nGranted; i++) {
statusRects[i].setAttributeNS(null, "class", "passedTest");
+ successCnt++;
}
for (var i=nGranted; i<permissions.length; i++) {
statusRects[i].setAttributeNS(null, "class", "failedTest");
@@ -167,6 +189,7 @@
try {
sm.checkPermission(p);
statusRects[i].setAttributeNS(null, "class", "passedTest");
+ successCnt++;
} catch (se){
statusRects[i].setAttributeNS(null, "class", "failedTest");
se.printStackTrace();
@@ -180,7 +203,21 @@
statusRects[i].setAttributeNS(null, "class", "failedTest");
} catch (se){
statusRects[i].setAttributeNS(null, "class", "passedTest");
+ successCnt++;
}
}
}
+
+ // Update the global status
+ var globalStatus = document.getElementById("globalStatus");
+ if ( successCnt == (statusRects.length) ) {
+ globalStatus.setAttributeNS(null, "class", "passedTest");
+ } else {
+ globalStatus.setAttributeNS(null, "class", "failedTest");
+ }
+
+ var successRatioString = "Test Result: " + successCnt + " / " +
statusRects.length;
+ var successRatio = document.getElementById("successRatio");
+ successRatio.replaceChild(document.createTextNode(successRatioString),
+ successRatio.getFirstChild());
}
1.2 +19 -36
xml-batik/samples/tests/resources/java/sources/com/untrusted/script/UntrustedScriptHandler.java
Index: UntrustedScriptHandler.java
===================================================================
RCS file:
/home/cvs/xml-batik/samples/tests/resources/java/sources/com/untrusted/script/UntrustedScriptHandler.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- UntrustedScriptHandler.java 30 Apr 2002 08:45:16 -0000 1.1
+++ UntrustedScriptHandler.java 30 Apr 2002 09:24:53 -0000 1.2
@@ -41,7 +41,7 @@
* back to the server that served the document containing this script.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
- * @version $Id: UntrustedScriptHandler.java,v 1.1 2002/04/30 08:45:16 vhardy Exp $
+ * @version $Id: UntrustedScriptHandler.java,v 1.2 2002/04/30 09:24:53 vhardy Exp $
*/
public class UntrustedScriptHandler implements ScriptHandler {
public static final String svgNS = "http://www.w3.org/2000/svg";;
@@ -223,10 +223,12 @@
testButton.addEventListener("click", new EventListener() {
public void handleEvent(Event evt){
SecurityManager sm = System.getSecurityManager();
-
+ int successCnt = 0;
+
if (sm == null){
for (int i=0; i<nGranted; i++) {
statusRects[i].setAttributeNS(null, "class",
"passedTest");
+ successCnt++;
}
for (int i=nGranted; i<permissions.length; i++) {
statusRects[i].setAttributeNS(null, "class",
"failedTest");
@@ -239,19 +241,11 @@
try {
sm.checkPermission(p);
statusRects[i].setAttributeNS(null, "class",
"passedTest");
+ successCnt++;
} catch (SecurityException se){
statusRects[i].setAttributeNS(null, "class",
"failedTest");
System.out.println("*********************************************");
se.printStackTrace();
-
- /*Element tooltipDesc = doc.createElementNS(svgNS,
"desc");
-
tooltipDesc.appendChild(doc.createTextNode(se.getMessage()));
- Node curDesc = statusRects[i].getFirstChild();
- if (curDesc == null){
- statusRects[i].appendChild(tooltipDesc);
- } else {
- statusRects[i].replaceChild(tooltipDesc,
curDesc);
- }*/
}
}
@@ -263,39 +257,28 @@
statusRects[i].setAttributeNS(null, "class",
"failedTest");
} catch (SecurityException se){
statusRects[i].setAttributeNS(null, "class",
"passedTest");
+ successCnt++;
}
}
+
}
- }
- }, false);
- //
- // Register an event handler on elements
- //
- /* final EventTarget fileAccessTest =
(EventTarget)doc.getElementById("fileAccessTest");
- fileAccessTest.addEventListener("click", new EventListener() {
- public void handleEvent(Event evt){
- try {
- File f = new File("build.xml");
- long l = f.length();
-
- FileReader fr = new FileReader(f);
- char[] buf = new char[(int)l];
- fr.read(buf, 0, (int)l);
- String content = new String(buf);
- ((Element)fileAccessTest).setAttributeNS(null, "fill",
"rgb(255,0,0)");
- } catch (Exception e){
- ((Element)fileAccessTest).setAttributeNS(null, "fill",
"rgb(0,255,0)");
+ // Update the global status
+ Element globalStatus = doc.getElementById("globalStatus");
+ if ( successCnt == (statusRects.length) ) {
+ globalStatus.setAttributeNS(null, "class", "passedTest");
+ } else {
+ globalStatus.setAttributeNS(null, "class", "failedTest");
}
+
+ String successRatioString = "Test Result: " + successCnt + " /
" + statusRects.length;
+ Element successRatio = doc.getElementById("successRatio");
+
successRatio.replaceChild(doc.createTextNode(successRatioString),
+ successRatio.getFirstChild());
+
}
}, false);
- fileAccessTest.addEventListener("mouseover", new EventListener() {
- public void handleEvent(Event evt){
- ((Element)fileAccessTest).setAttributeNS(null, "fill", "gray");
- }
- }, false);*/
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
