vhardy 02/05/03 09:42:58
Modified: . build.xml
test-resources/org/apache/batik/bridge IWasLoaded.jar
IWasLoadedToo.jar unitTesting.xml
Added: test-resources/org/apache/batik/bridge IWasLoaded.java
IWasLoaded.mf IWasLoadedToo.java IWasLoadedToo.mf
JarCheckPermissionsDenied.jar
JarCheckPermissionsDenied.java
JarCheckPermissionsDenied.mf
JarCheckPermissionsGranted.jar
JarCheckPermissionsGranted.java
JarCheckPermissionsGranted.mf jarCheckConstrain.svg
jarCheckLoad.svg jarCheckNoConstrain.svg
jarCheckNoLoad.svg jarCheckPermissionsDenied.svg
jarCheckPermissionsGranted.svg
Log:
Added jar security unit testing
Revision Changes Path
1.111 +58 -8 xml-batik/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/xml-batik/build.xml,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- build.xml 3 May 2002 06:52:58 -0000 1.110
+++ build.xml 3 May 2002 16:42:58 -0000 1.111
@@ -47,7 +47,7 @@
[win32] .\build.bat help
- $Id: build.xml,v 1.110 2002/05/03 06:52:58 vhardy Exp $
+ $Id: build.xml,v 1.111 2002/05/03 16:42:58 vhardy Exp $
-->
@@ -248,13 +248,17 @@
</javac>
</target>
- <!-- Builds Jar Files needed for test purposes. This is done in the samples
directory -->
- <target name="testjar" depends="security2.jar" />
+ <!-- Builds Jar Files needed for test purposes. Note that compilation of jars is
done -->
+ <!-- in a different directory than the usual 'classes' directory ({$dest}).
-->
+ <!-- Note that this is needed to avoid having the class files in the classes
-->
+ <!-- subdirectory, which interferes with the tests, because classes in that
directory -->
+ <!-- are loaded first in the development version.
-->
+ <target name="testjars" depends="security2.jar, IWasLoaded.jar,
IWasLoadedToo.jar, JarCheckPermissionsGranted.jar, JarCheckPermissionsDenied.jar" />
- <target name ="compilesamples"
+ <target name ="compiletestjars"
depends ="compile"
- description="Compiles the source files for the samples scripts">
- <mkdir dir="${dest}/tmp"/>
+ description="Compiles the source files for the samples scripts and the
test-resources">
+ <mkdir dir="${testresources}/classes"/>
<echo message="debug ${debug}, optimize ${optimize}, deprecation
${deprecation}"/>
@@ -267,9 +271,19 @@
<path refid="libs-build-classpath"/>
</classpath>
</javac>
+
+ <javac srcdir="${testresources}" destdir="${testresources}/classes"
deprecation="${deprecation}"
+ debug="${debug}" optimize="${optimize}" >
+ <classpath>
+ <pathelement location="${dest}" />
+ <pathelement location="${testresources}/classes" />
+ <path refid="libs-classpath"/>
+ <path refid="libs-build-classpath"/>
+ </classpath>
+ </javac>
</target>
- <target name="security2.jar" depends="compilesamples" >
+ <target name="security2.jar" depends="compiletestjars" >
<jar
manifest="${samples}/tests/resources/java/resources/com/untrusted/script/security2.mf"
jarfile="samples/tests/spec/scripting/security2.jar">
<fileset dir="${samples}/tests/resources/java/classes">
@@ -278,6 +292,42 @@
</jar>
</target>
+ <target name="IWasLoaded.jar" depends="compiletestjars" >
+ <jar manifest="${testresources}/org/apache/batik/bridge/IWasLoaded.mf"
+ jarfile="${testresources}/org/apache/batik/bridge/IWasLoaded.jar">
+ <fileset dir="${testresources}/classes">
+ <include name="org/apache/batik/bridge/IWasLoaded*.class"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="IWasLoadedToo.jar" depends="compiletestjars" >
+ <jar manifest="${testresources}/org/apache/batik/bridge/IWasLoadedToo.mf"
+ jarfile="${testresources}/org/apache/batik/bridge/IWasLoadedToo.jar">
+ <fileset dir="${testresources}/classes">
+ <include name="org/apache/batik/bridge/IWasLoadedToo*.class"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="JarCheckPermissionsDenied.jar" depends="compiletestjars" >
+ <jar
manifest="${testresources}/org/apache/batik/bridge/JarCheckPermissionsDenied.mf"
+
jarfile="${testresources}/org/apache/batik/bridge/JarCheckPermissionsDenied.jar">
+ <fileset dir="${testresources}/classes">
+ <include name="org/apache/batik/bridge/JarCheckPermissionsDenied*.class"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="JarCheckPermissionsGranted.jar" depends="compiletestjars" >
+ <jar
manifest="${testresources}/org/apache/batik/bridge/JarCheckPermissionsGranted.mf"
+
jarfile="${testresources}/org/apache/batik/bridge/JarCheckPermissionsGranted.jar">
+ <fileset dir="${testresources}/classes">
+ <include name="org/apache/batik/bridge/JarCheckPermissionsGranted*.class"/>
+ </fileset>
+ </jar>
+ </target>
+
<target name ="compile"
depends ="init"
@@ -872,7 +922,7 @@
</target>
<target name="regard"
- depends="compiletest, testdirs"
+ depends="compiletest, testdirs, testjars"
description="Runs test suite whose file or uri is passed as an input">
<java fork="yes"
classname="${class-prefix}.test.xml.XMLTestSuiteRunner">
1.2 +15 -11 xml-batik/test-resources/org/apache/batik/bridge/IWasLoaded.jar
<<Binary file>>
1.2 +10 -10
xml-batik/test-resources/org/apache/batik/bridge/IWasLoadedToo.jar
<<Binary file>>
1.2 +29 -1 xml-batik/test-resources/org/apache/batik/bridge/unitTesting.xml
Index: unitTesting.xml
===================================================================
RCS file:
/home/cvs/xml-batik/test-resources/org/apache/batik/bridge/unitTesting.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- unitTesting.xml 3 May 2002 12:28:53 -0000 1.1
+++ unitTesting.xml 3 May 2002 16:42:58 -0000 1.2
@@ -8,7 +8,7 @@
<!-- ========================================================================= -->
<!-- @author [EMAIL PROTECTED] -->
-<!-- @version $Id: unitTesting.xml,v 1.1 2002/05/03 12:28:53 vhardy Exp $ -->
+<!-- @version $Id: unitTesting.xml,v 1.2 2002/05/03 16:42:58 vhardy Exp $ -->
<!-- ========================================================================= -->
<testSuite id="bridge.unitTesting"
name="org.apache.batik.bridge package - Unit Testing">
@@ -42,6 +42,34 @@
</test>
<test id="ecmaCheckNoConstrain">
+ <property name="Constrain" class="java.lang.Boolean"
+ value="false" />
+ </test>
+
+ <test id="jarCheckPermissionsDenied">
+ <property name="Secure" class="java.lang.Boolean" value="true" />
+ </test>
+
+ <test id="jarCheckPermissionsGranted">
+ <property name="Secure" class="java.lang.Boolean" value="false" />
+ </test>
+
+ <test id="jarCheckNoLoad">
+ <property name="Scripts" class="java.lang.String"
+ value="text/ecmascript" />
+ </test>
+
+ <test id="jarCheckLoad">
+ <property name="Scripts" class="java.lang.String"
+ value="application/java-archive" />
+ </test>
+
+ <test id="jarCheckConstrain">
+ <property name="Constrain" class="java.lang.Boolean"
+ value="true" />
+ </test>
+
+ <test id="jarCheckNoConstrain">
<property name="Constrain" class="java.lang.Boolean"
value="false" />
</test>
1.1 xml-batik/test-resources/org/apache/batik/bridge/IWasLoaded.java
Index: IWasLoaded.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import org.w3c.dom.*;
import org.apache.batik.script.ScriptHandler;
import org.apache.batik.script.Window;
/**
* If this script is loaded by jarCheckNoLoad.svg, it will mark
* the test result as failed.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
* @version $Id: IWasLoaded.java,v 1.1 2002/05/03 16:42:58 vhardy Exp $
*/
public class IWasLoaded implements ScriptHandler {
public void run(final Document document, final Window win){
Element result = document.getElementById("testResult");
result.setAttributeNS(null, "result", "failed");
result.setAttributeNS(null, "errorCode", "IWasLoaded.jar should not have
been loaded");
}
}
1.1 xml-batik/test-resources/org/apache/batik/bridge/IWasLoaded.mf
Index: IWasLoaded.mf
===================================================================
Manifest-Version: 1.0
Script-Handler: org.apache.batik.bridge.IWasLoaded
1.1
xml-batik/test-resources/org/apache/batik/bridge/IWasLoadedToo.java
Index: IWasLoadedToo.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import org.w3c.dom.*;
import org.apache.batik.script.ScriptHandler;
import org.apache.batik.script.Window;
/**
* If this script is loaded by jarCheckLoad.svg, it will mark
* the test result as passed.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
* @version $Id: IWasLoadedToo.java,v 1.1 2002/05/03 16:42:58 vhardy Exp $
*/
public class IWasLoadedToo implements ScriptHandler {
public void run(final Document document, final Window win){
Element result = document.getElementById("testResult");
result.setAttributeNS(null, "result", "passed");
}
}
1.1
xml-batik/test-resources/org/apache/batik/bridge/IWasLoadedToo.mf
Index: IWasLoadedToo.mf
===================================================================
Manifest-Version: 1.0
Script-Handler: org.apache.batik.bridge.IWasLoadedToo
1.1
xml-batik/test-resources/org/apache/batik/bridge/JarCheckPermissionsDenied.jar
<<Binary file>>
1.1
xml-batik/test-resources/org/apache/batik/bridge/JarCheckPermissionsDenied.java
Index: JarCheckPermissionsDenied.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import org.apache.batik.script.ScriptHandler;
import org.apache.batik.script.Window;
import org.apache.batik.dom.svg.SVGOMDocument;
import org.w3c.dom.*;
import org.w3c.dom.events.*;
import java.awt.AWTPermission;
import java.io.FilePermission;
import java.io.SerializablePermission;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AllPermission;
import java.security.Permission;
import java.security.SecurityPermission;
import java.sql.SQLPermission;
import java.util.PropertyPermission;
import java.util.Vector;
import javax.sound.sampled.AudioPermission;
/**
* @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
* @version $Id: JarCheckPermissionsDenied.java,v 1.1 2002/05/03 16:42:58 vhardy Exp
$
*/
public class JarCheckPermissionsDenied implements ScriptHandler {
public static final String svgNS = "http://www.w3.org/2000/svg";;
public static final String testNS = "http://xml.apache.org/batik/test";;
/**
* Path for the file tested with FilePermission
*/
public static final String testedPath = "build.sh";
/**
* Host which is used for testing
*/
public static final String testedHost = "nagoya.apache.org:8080";
/**
* Table of Permissions which will be tested.
*/
protected static Object[][] basePermissions = {
{"AllPermission", new AllPermission()},
{"FilePermission read", new FilePermission(testedPath, "read")},
{"FilePermission write", new FilePermission(testedPath, "write")},
{"FilePermission execute", new FilePermission(testedPath, "execute")},
{"FilePermission delete", new FilePermission(testedPath, "delete")},
// 1.4 {"ServicePermission", new
ServicePermission("[EMAIL PROTECTED]", "initiate")},
{"SocketPermission accept", new SocketPermission(testedHost, "accept")},
{"SocketPermission connect", new SocketPermission(testedHost, "connect")},
{"SocketPermission listen", new SocketPermission(testedHost, "listen")},
{"SocketPermission resolve", new SocketPermission(testedHost, "resolve")},
{"AudioPermission play", new AudioPermission("play")},
{"AudioPermission record", new AudioPermission("record")},
{"AWTPermission accessClipboard", new AWTPermission("accessClipboard")},
{"AWTPermission accessEventQueue", new AWTPermission("accessEventQueue")},
{"AWTPermission listenToAllAWTEvents", new
AWTPermission("listenToAllAWTEvents")},
{"AWTPermission showWindowWithoutWarningBanner", new
AWTPermission("showWindowWithoutWarningBanner")},
{"AWTPermission readDisplayPixels", new AWTPermission("readDisplayPixels")},
{"AWTPermission createRobot", new AWTPermission("createRobot")},
{"AWTPermission fullScreenExclusive", new
AWTPermission("fullScreenExclusive")},
// 1.4 {"DelegationPermission", new DelegationPermission()},
// 1.4 {"LoggingPermission", new LoggingPermission("control")},
{"NetPermission setDefaultAuthenticator", new
NetPermission("setDefaultAuthenticator")},
{"NetPermission requestPasswordAuthentication", new
NetPermission("requestPasswordAuthentication")},
{"NetPermission specifyStreamHandler", new
NetPermission("specifyStreamHandler")},
{"PropertyPermission java.home read", new PropertyPermission("java.home",
"read")},
{"PropertyPermission java.home write", new PropertyPermission("java.home",
"write")},
{"ReflectPermission", new ReflectPermission("suppressAccessChecks")},
{"RuntimePermission createClassLoader", new
RuntimePermission("createClassLoader")},
{"RuntimePermission getClassLoader", new
RuntimePermission("getClassLoader")},
{"RuntimePermission setContextClassLoader", new
RuntimePermission("setContextClassLoader")},
{"RuntimePermission setSecurityManager", new
RuntimePermission("setSecurityManager")},
{"RuntimePermission createSecurityManager", new
RuntimePermission("createSecurityManager")},
{"RuntimePermission exitVM", new RuntimePermission("exitVM")},
{"RuntimePermission shutdownHooks", new RuntimePermission("shutdownHooks")},
{"RuntimePermission setFactory", new RuntimePermission("setFactory")},
{"RuntimePermission setIO", new RuntimePermission("setIO")},
{"RuntimePermission modifyThread", new RuntimePermission("modifyThread")},
{"RuntimePermission stopThread", new RuntimePermission("stopThread")},
{"RuntimePermission modifyThreadGroup", new
RuntimePermission("modifyThreadGroup")},
{"RuntimePermission getProtectionDomain", new
RuntimePermission("getProtectionDomain")},
{"RuntimePermission readFileDescriptor", new
RuntimePermission("readFileDescriptor")},
{"RuntimePermission writeFileDescriptor", new
RuntimePermission("writeFileDescriptor")},
{"RuntimePermission loadLibrary.{library name}", new
RuntimePermission("loadLibrary.{library name}")},
{"RuntimePermission accessClassInPackage.java.security", new
RuntimePermission("accessClassInPackage.java.security")},
{"RuntimePermission defineClassInPackage.java.lang", new
RuntimePermission("defineClassInPackage.java.lang")},
{"RuntimePermission accessDeclaredMembers", new
RuntimePermission("accessDeclaredMembers")},
{"RuntimePermission queuePrintJob", new RuntimePermission("queuePrintJob")},
{"SecurityPermission createAccessControlContext", new
SerializablePermission("createAccessControlContext")},
{"SecurityPermission getDomainCombiner", new
SerializablePermission("getDomainCombiner")},
{"SecurityPermission getPolicy", new SerializablePermission("getPolicy")},
{"SecurityPermission setPolicy", new SerializablePermission("setPolicy")},
{"SecurityPermission setSystemScope", new
SerializablePermission("setSystemScope")},
{"SecurityPermission setIdentityPublicKey", new
SerializablePermission("setIdentityPublicKey")},
{"SecurityPermission setIdentityInfo", new
SerializablePermission("setIdentityInfo")},
{"SecurityPermission addIdentityCertificate", new
SerializablePermission("addIdentityCertificate")},
{"SecurityPermission removeIdentityCertificate", new
SerializablePermission("removeIdentityCertificate")},
{"SecurityPermission printIdentity", new
SerializablePermission("printIdentity")},
{"SecurityPermission getSignerPrivateKey", new
SerializablePermission("getSignerPrivateKey")},
{"SecurityPermission setSignerKeyPair", new
SerializablePermission("setSignerKeyPair")},
{"SerializablePermission enableSubclassImplementation", new
SerializablePermission("enableSubclassImplementation")},
{"SerializablePermission enableSubstitution", new
SerializablePermission("enableSubstitution")},
{"SQLPermission", new SQLPermission("setLog")},
// 1.4 {"SSLPermission setHostnameVerifier", new
SSLPermission("setHostnameVerifier")}
// 1.4{"SSLPermission getSSLSessionContext", new
SSLPermission("getSSLSessionContext")}
};
/**
* Set of Permissions to test. One is added if the Document is loaded from a
host
*/
private Object[][] permissions;
/**
* Reference to the rectangles which show the test status
*/
private Element[] statusRects;
/**
* Runs this handler.
* @param doc The current document.
* @param win An object which represents the current viewer.
*/
public void run(final Document document, final Window win){
int nGrantedTmp = 0;
//
// If the document is loaded over the network, check that the
// class has permission to access the server
//
URL docURL = ((SVGOMDocument)document).getURLObject();
if (docURL != null && docURL.getHost() != null &&
!"".equals(docURL.getHost())) {
permissions = new Object[basePermissions.length + 3][2];
System.arraycopy(basePermissions, 0,
permissions, 3, basePermissions.length);
String docHost = docURL.getHost();
if (docURL.getPort() != -1) {
docHost += ":" + docURL.getPort();
}
permissions[0][0] = "SocketPermission accept " + docHost;
permissions[0][1] = new SocketPermission(docHost, "accept");
permissions[1][0] = "SocketPermission connect " + docHost;
permissions[1][1] = new SocketPermission(docHost, "connect");
permissions[2][0] = "SocketPermission resolve " + docHost;
permissions[2][1] = new SocketPermission(docHost, "resolve");
nGrantedTmp = 3;
} else {
permissions = basePermissions;
}
final int nGranted = nGrantedTmp;
EventTarget root = (EventTarget)document.getDocumentElement();
root.addEventListener("SVGLoad", new EventListener() {
public void handleEvent(Event evt){
SecurityManager sm = System.getSecurityManager();
int successCnt = 0;
Vector unexpectedGrants = new Vector();
Vector unexpectedDenial = new Vector();
int unexpectedDenialCnt = 0;
int unexpectedGrantsCnt = 0;
if (sm == null){
for (int i=0; i<nGranted; i++) {
successCnt++;
}
for (int i=nGranted; i<permissions.length; i++) {
unexpectedGrants.add(permissions[i][0]);
unexpectedGrantsCnt++;
}
}
else {
for (int i=0; i<nGranted; i++) {
Permission p = (Permission)permissions[i][1];
try {
sm.checkPermission(p);
System.out.println(">>>> Permision : " + p + " was
granted");
successCnt++;
} catch (SecurityException se){
unexpectedDenial.add(permissions[i][0]);
unexpectedDenialCnt++;
}
}
for (int i=nGranted; i<permissions.length; i++) {
Permission p = (Permission)permissions[i][1];
try {
sm.checkPermission(p);
System.out.println(">>>> Permision : " + p + " was
granted");
unexpectedGrants.add(permissions[i][0]);
unexpectedGrantsCnt++;
} catch (SecurityException se){
successCnt++;
}
}
}
// Update the test's metadata
Element result = document.getElementById("testResult");
if ( successCnt == permissions.length ) {
result.setAttributeNS(null, "result", "passed");
} else {
System.out.println("test failed: " + unexpectedGrantsCnt + "
/ " + unexpectedDenialCnt);
result.setAttributeNS(null, "result", "failed");
result.setAttributeNS(null, "errorCode",
"unexpected.grants.or.denials");
String unexpectedGrantsString = "";
String unexpectedDenialString = "";
for (int i=0; i<unexpectedGrantsCnt; i++) {
unexpectedGrantsString +=
unexpectedGrants.elementAt(i).toString();
}
for (int i=0; i<unexpectedDenialCnt; i++) {
unexpectedDenialString +=
unexpectedDenial.elementAt(i).toString();
}
System.out.println("unexpected.grants : " +
unexpectedGrantsString);
Element entry = null;
entry = document.createElementNS(testNS,
"errorDescriptiongEntry");
entry.setAttributeNS(null, "id", "unexpected.grants.count");
entry.setAttributeNS(null, "value", "" +
unexpectedGrantsCnt);
result.appendChild(entry);
entry = document.createElementNS(testNS,
"errorDescriptionEntry");
entry.setAttributeNS(null, "id", "unexpected.grants");
entry.setAttributeNS(null, "value", unexpectedGrantsString);
result.appendChild(entry);
entry = document.createElementNS(testNS,
"errorDescriptiongEntry");
entry.setAttributeNS(null, "id",
"unexpected.denials.count");
entry.setAttributeNS(null, "value", "" +
unexpectedDenialCnt);
result.appendChild(entry);
System.out.println("unexpected.denials : " +
unexpectedDenialString);
entry = document.createElementNS(testNS,
"errorDescriptionEntry");
entry.setAttributeNS(null, "id", "unexpected.denials");
entry.setAttributeNS(null, "value", unexpectedDenialString);
result.appendChild(entry);
}
} }, false);
}
}
1.1
xml-batik/test-resources/org/apache/batik/bridge/JarCheckPermissionsDenied.mf
Index: JarCheckPermissionsDenied.mf
===================================================================
Manifest-Version: 1.0
Script-Handler: org.apache.batik.bridge.JarCheckPermissionsDenied
1.1
xml-batik/test-resources/org/apache/batik/bridge/JarCheckPermissionsGranted.jar
<<Binary file>>
1.1
xml-batik/test-resources/org/apache/batik/bridge/JarCheckPermissionsGranted.java
Index: JarCheckPermissionsGranted.java
===================================================================
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights reserved. *
* ------------------------------------------------------------------------- *
* This software is published under the terms of the Apache Software License *
* version 1.1, a copy of which has been included with this distribution in *
* the LICENSE file. *
*****************************************************************************/
package org.apache.batik.bridge;
import org.apache.batik.script.ScriptHandler;
import org.apache.batik.script.Window;
import org.apache.batik.dom.svg.SVGOMDocument;
import org.w3c.dom.*;
import org.w3c.dom.events.*;
import java.awt.AWTPermission;
import java.io.FilePermission;
import java.io.SerializablePermission;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AllPermission;
import java.security.Permission;
import java.security.SecurityPermission;
import java.sql.SQLPermission;
import java.util.PropertyPermission;
import java.util.Vector;
import javax.sound.sampled.AudioPermission;
/**
* @author <a href="mailto:[EMAIL PROTECTED]";>Vincent Hardy</a>
* @version $Id: JarCheckPermissionsGranted.java,v 1.1 2002/05/03 16:42:58 vhardy
Exp $
*/
public class JarCheckPermissionsGranted implements ScriptHandler {
public static final String svgNS = "http://www.w3.org/2000/svg";;
public static final String testNS = "http://xml.apache.org/batik/test";;
/**
* Path for the file tested with FilePermission
*/
public static final String testedPath = "build.sh";
/**
* Host which is used for testing
*/
public static final String testedHost = "nagoya.apache.org:8080";
/**
* Table of Permissions which will be tested.
*/
protected static Object[][] basePermissions = {
{"AllPermission", new AllPermission()},
{"FilePermission read", new FilePermission(testedPath, "read")},
{"FilePermission write", new FilePermission(testedPath, "write")},
{"FilePermission execute", new FilePermission(testedPath, "execute")},
{"FilePermission delete", new FilePermission(testedPath, "delete")},
// 1.4 {"ServicePermission", new
ServicePermission("[EMAIL PROTECTED]", "initiate")},
{"SocketPermission accept", new SocketPermission(testedHost, "accept")},
{"SocketPermission connect", new SocketPermission(testedHost, "connect")},
{"SocketPermission listen", new SocketPermission(testedHost, "listen")},
{"SocketPermission resolve", new SocketPermission(testedHost, "resolve")},
{"AudioPermission play", new AudioPermission("play")},
{"AudioPermission record", new AudioPermission("record")},
{"AWTPermission accessClipboard", new AWTPermission("accessClipboard")},
{"AWTPermission accessEventQueue", new AWTPermission("accessEventQueue")},
{"AWTPermission listenToAllAWTEvents", new
AWTPermission("listenToAllAWTEvents")},
{"AWTPermission showWindowWithoutWarningBanner", new
AWTPermission("showWindowWithoutWarningBanner")},
{"AWTPermission readDisplayPixels", new AWTPermission("readDisplayPixels")},
{"AWTPermission createRobot", new AWTPermission("createRobot")},
{"AWTPermission fullScreenExclusive", new
AWTPermission("fullScreenExclusive")},
// 1.4 {"DelegationPermission", new DelegationPermission()},
// 1.4 {"LoggingPermission", new LoggingPermission("control")},
{"NetPermission setDefaultAuthenticator", new
NetPermission("setDefaultAuthenticator")},
{"NetPermission requestPasswordAuthentication", new
NetPermission("requestPasswordAuthentication")},
{"NetPermission specifyStreamHandler", new
NetPermission("specifyStreamHandler")},
{"PropertyPermission java.home read", new PropertyPermission("java.home",
"read")},
{"PropertyPermission java.home write", new PropertyPermission("java.home",
"write")},
{"ReflectPermission", new ReflectPermission("suppressAccessChecks")},
{"RuntimePermission createClassLoader", new
RuntimePermission("createClassLoader")},
{"RuntimePermission getClassLoader", new
RuntimePermission("getClassLoader")},
{"RuntimePermission setContextClassLoader", new
RuntimePermission("setContextClassLoader")},
{"RuntimePermission setSecurityManager", new
RuntimePermission("setSecurityManager")},
{"RuntimePermission createSecurityManager", new
RuntimePermission("createSecurityManager")},
{"RuntimePermission exitVM", new RuntimePermission("exitVM")},
{"RuntimePermission shutdownHooks", new RuntimePermission("shutdownHooks")},
{"RuntimePermission setFactory", new RuntimePermission("setFactory")},
{"RuntimePermission setIO", new RuntimePermission("setIO")},
{"RuntimePermission modifyThread", new RuntimePermission("modifyThread")},
{"RuntimePermission stopThread", new RuntimePermission("stopThread")},
{"RuntimePermission modifyThreadGroup", new
RuntimePermission("modifyThreadGroup")},
{"RuntimePermission getProtectionDomain", new
RuntimePermission("getProtectionDomain")},
{"RuntimePermission readFileDescriptor", new
RuntimePermission("readFileDescriptor")},
{"RuntimePermission writeFileDescriptor", new
RuntimePermission("writeFileDescriptor")},
{"RuntimePermission loadLibrary.{library name}", new
RuntimePermission("loadLibrary.{library name}")},
{"RuntimePermission accessClassInPackage.java.security", new
RuntimePermission("accessClassInPackage.java.security")},
{"RuntimePermission defineClassInPackage.java.lang", new
RuntimePermission("defineClassInPackage.java.lang")},
{"RuntimePermission accessDeclaredMembers", new
RuntimePermission("accessDeclaredMembers")},
{"RuntimePermission queuePrintJob", new RuntimePermission("queuePrintJob")},
{"SecurityPermission createAccessControlContext", new
SerializablePermission("createAccessControlContext")},
{"SecurityPermission getDomainCombiner", new
SerializablePermission("getDomainCombiner")},
{"SecurityPermission getPolicy", new SerializablePermission("getPolicy")},
{"SecurityPermission setPolicy", new SerializablePermission("setPolicy")},
{"SecurityPermission setSystemScope", new
SerializablePermission("setSystemScope")},
{"SecurityPermission setIdentityPublicKey", new
SerializablePermission("setIdentityPublicKey")},
{"SecurityPermission setIdentityInfo", new
SerializablePermission("setIdentityInfo")},
{"SecurityPermission addIdentityCertificate", new
SerializablePermission("addIdentityCertificate")},
{"SecurityPermission removeIdentityCertificate", new
SerializablePermission("removeIdentityCertificate")},
{"SecurityPermission printIdentity", new
SerializablePermission("printIdentity")},
{"SecurityPermission getSignerPrivateKey", new
SerializablePermission("getSignerPrivateKey")},
{"SecurityPermission setSignerKeyPair", new
SerializablePermission("setSignerKeyPair")},
{"SerializablePermission enableSubclassImplementation", new
SerializablePermission("enableSubclassImplementation")},
{"SerializablePermission enableSubstitution", new
SerializablePermission("enableSubstitution")},
{"SQLPermission", new SQLPermission("setLog")},
// 1.4 {"SSLPermission setHostnameVerifier", new
SSLPermission("setHostnameVerifier")}
// 1.4{"SSLPermission getSSLSessionContext", new
SSLPermission("getSSLSessionContext")}
};
/**
* Set of Permissions to test. One is added if the Document is loaded from a
host
*/
private Object[][] permissions;
/**
* Reference to the rectangles which show the test status
*/
private Element[] statusRects;
/**
* Runs this handler.
* @param doc The current document.
* @param win An object which represents the current viewer.
*/
public void run(final Document document, final Window win){
int nGrantedTmp = 0;
//
// If the document is loaded over the network, check that the
// class has permission to access the server
//
URL docURL = ((SVGOMDocument)document).getURLObject();
if (docURL != null && docURL.getHost() != null &&
!"".equals(docURL.getHost())) {
permissions = new Object[basePermissions.length + 3][2];
System.arraycopy(basePermissions, 0,
permissions, 3, basePermissions.length);
String docHost = docURL.getHost();
if (docURL.getPort() != -1) {
docHost += ":" + docURL.getPort();
}
permissions[0][0] = "SocketPermission accept " + docHost;
permissions[0][1] = new SocketPermission(docHost, "accept");
permissions[1][0] = "SocketPermission connect " + docHost;
permissions[1][1] = new SocketPermission(docHost, "connect");
permissions[2][0] = "SocketPermission resolve " + docHost;
permissions[2][1] = new SocketPermission(docHost, "resolve");
nGrantedTmp = 3;
} else {
permissions = basePermissions;
}
final int nGranted = nGrantedTmp;
EventTarget root = (EventTarget)document.getDocumentElement();
root.addEventListener("SVGLoad", new EventListener() {
public void handleEvent(Event evt){
SecurityManager sm = System.getSecurityManager();
int successCnt = 0;
Vector unexpectedGrants = new Vector();
Vector unexpectedDenial = new Vector();
int unexpectedDenialCnt = 0;
int unexpectedGrantsCnt = 0;
if (sm == null){
for (int i=0; i<permissions.length; i++) {
successCnt++;
}
}
else {
for (int i=0; i<permissions.length; i++) {
Permission p = (Permission)permissions[i][1];
try {
sm.checkPermission(p);
successCnt++;
} catch (SecurityException se){
unexpectedDenial.add(permissions[i][0]);
unexpectedDenialCnt++;
}
}
}
// Update the test's metadata
Element result = document.getElementById("testResult");
if ( successCnt == permissions.length ) {
result.setAttributeNS(null, "result", "passed");
} else {
System.out.println("test failed: " + unexpectedGrantsCnt + "
/ " + unexpectedDenialCnt);
result.setAttributeNS(null, "result", "failed");
result.setAttributeNS(null, "errorCode",
"unexpected.grants.or.denials");
String unexpectedDenialString = "";
for (int i=0; i<unexpectedDenialCnt; i++) {
unexpectedDenialString +=
unexpectedDenial.elementAt(i).toString();
}
Element entry = null;
entry = document.createElementNS(testNS,
"errorDescriptiongEntry");
entry.setAttributeNS(null, "id",
"unexpected.denials.count");
entry.setAttributeNS(null, "value", "" +
unexpectedDenialCnt);
result.appendChild(entry);
System.out.println("unexpected.denials : " +
unexpectedDenialString);
entry = document.createElementNS(testNS,
"errorDescriptionEntry");
entry.setAttributeNS(null, "id", "unexpected.denials");
entry.setAttributeNS(null, "value", unexpectedDenialString);
result.appendChild(entry);
}
} }, false);
}
}
1.1
xml-batik/test-resources/org/apache/batik/bridge/JarCheckPermissionsGranted.mf
Index: JarCheckPermissionsGranted.mf
===================================================================
Manifest-Version: 1.0
Script-Handler: org.apache.batik.bridge.JarCheckPermissionsGranted
1.1
xml-batik/test-resources/org/apache/batik/bridge/jarCheckConstrain.svg
Index: jarCheckConstrain.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd";>
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
<!-- @version $Id: jarCheckConstrain.svg,v 1.1 2002/05/03 16:42:58 vhardy Exp $
-->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:test="http://xml.apache.org/batik/test";
width="450" height="500" viewBox="0 0 450 500">
<test:testResult id="testResult" result="passed" />
<script type="application/java-archive"
xlink:href="http://cvs.apache.org/viewcvs.cgi/~checkout~/xml-batik/test-resources/org/apache/batik/bridge/IWasLoaded.jar";
/>
</svg>
1.1
xml-batik/test-resources/org/apache/batik/bridge/jarCheckLoad.svg
Index: jarCheckLoad.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd";>
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
<!-- @version $Id: jarCheckLoad.svg,v 1.1 2002/05/03 16:42:58 vhardy Exp $ -->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:test="http://xml.apache.org/batik/test";
width="450" height="500" viewBox="0 0 450 500">
<test:testResult id="testResult" result="failed" errorCode="IWasLoadedToo.jar
should have been loaded"/>
<script type="application/java-archive" xlink:href="IWasLoadedToo.jar" />
</svg>
1.1
xml-batik/test-resources/org/apache/batik/bridge/jarCheckNoConstrain.svg
Index: jarCheckNoConstrain.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd";>
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
<!-- @version $Id: jarCheckNoConstrain.svg,v 1.1 2002/05/03 16:42:58 vhardy Exp $
-->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:test="http://xml.apache.org/batik/test";
width="450" height="500" viewBox="0 0 450 500">
<test:testResult id="testResult" result="failed" errorCode="IWasLoadedToo.jar
should have been loaded"/>
<script type="application/java-archive"
xlink:href="http://cvs.apache.org/viewcvs.cgi/~checkout~/xml-batik/test-resources/org/apache/batik/bridge/IWasLoadedToo.jar";
/>
</svg>
1.1
xml-batik/test-resources/org/apache/batik/bridge/jarCheckNoLoad.svg
Index: jarCheckNoLoad.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd";>
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
<!-- @version $Id: jarCheckNoLoad.svg,v 1.1 2002/05/03 16:42:58 vhardy Exp $ -->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:test="http://xml.apache.org/batik/test";
width="450" height="500" viewBox="0 0 450 500" >
<test:testResult id="testResult" result="passed"/>
<script type="application/java-archive" xlink:href="IWasLoaded.jar" />
</svg>
1.1
xml-batik/test-resources/org/apache/batik/bridge/jarCheckPermissionsDenied.svg
Index: jarCheckPermissionsDenied.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd";>
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- Checks that access to critical functions is not allowed. -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
<!-- @version $Id: jarCheckPermissionsDenied.svg,v 1.1 2002/05/03 16:42:58 vhardy
Exp $ -->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:test="http://xml.apache.org/batik/test";
width="450" height="500" viewBox="0 0 450 500">
<test:testResult id="testResult" />
<script type="application/java-archive"
xlink:href="jarCheckPermissionsDenied.jar" />
</svg>
1.1
xml-batik/test-resources/org/apache/batik/bridge/jarCheckPermissionsGranted.svg
Index: jarCheckPermissionsGranted.svg
===================================================================
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd";>
<!-- ========================================================================= -->
<!-- Copyright (C) The Apache Software Foundation. All rights reserved. -->
<!-- -->
<!-- This software is published under the terms of the Apache Software License -->
<!-- version 1.1, a copy of which has been included with this distribution in -->
<!-- the LICENSE file. -->
<!-- ========================================================================= -->
<!-- ========================================================================= -->
<!-- -->
<!-- @author [EMAIL PROTECTED] -->
<!-- @version $Id: jarCheckPermissionsGranted.svg,v 1.1 2002/05/03 16:42:58 vhardy
Exp $ -->
<!-- ========================================================================= -->
<svg xmlns="http://www.w3.org/2000/svg";
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:test="http://xml.apache.org/batik/test";
width="450" height="500" viewBox="0 0 450 500">
<test:testResult id="testResult" result="failure"/>
<script type="application/java-archive"
xlink:href="jarCheckPermissionsGranted.jar" />
</svg>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
