deweese 2004/02/20 08:34:52
Modified: sources/org/apache/batik/ext/awt/image/rendered
ColorMatrixRed.java
sources/org/apache/batik/script/rhino
BatikSecurityController.java RhinoClassLoader.java
RhinoInterpreter.java
xdocs index.xml mail-lists.xml
Added: sources/org/apache/batik/script/rhino RhinoClassShutter.java
Log:
1) fixed colorspace error in ColorMatrixRed.
2) Some Rhino improvements.
3) some documentation updates.
Revision Changes Path
1.6 +15 -2
xml-batik/sources/org/apache/batik/ext/awt/image/rendered/ColorMatrixRed.java
Index: ColorMatrixRed.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/ext/awt/image/rendered/ColorMatrixRed.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ColorMatrixRed.java 8 Aug 2003 11:39:07 -0000 1.5
+++ ColorMatrixRed.java 20 Feb 2004 16:34:52 -0000 1.6
@@ -50,6 +50,7 @@
package org.apache.batik.ext.awt.image.rendered;
+import java.awt.color.ColorSpace;
import java.awt.image.ColorModel;
import java.awt.image.DataBufferInt;
import java.awt.image.SampleModel;
@@ -111,7 +112,19 @@
public ColorMatrixRed(CachableRed src, float[][] matrix){
setMatrix(matrix);
- ColorModel cm = GraphicsUtil.Linear_sRGB_Unpre;
+ ColorModel srcCM = src.getColorModel();
+ ColorSpace srcCS = null;
+ if (srcCM != null)
+ srcCS = srcCM.getColorSpace();
+ ColorModel cm;
+ if (srcCS == null)
+ cm = GraphicsUtil.Linear_sRGB_Unpre;
+ else {
+ if (srcCS == ColorSpace.getInstance(ColorSpace.CS_LINEAR_RGB))
+ cm = GraphicsUtil.Linear_sRGB_Unpre;
+ else
+ cm = GraphicsUtil.sRGB_Unpre;
+ }
SampleModel sm =
cm.createCompatibleSampleModel(src.getWidth(),
1.4 +46 -6
xml-batik/sources/org/apache/batik/script/rhino/BatikSecurityController.java
Index: BatikSecurityController.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/script/rhino/BatikSecurityController.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- BatikSecurityController.java 8 Aug 2003 11:39:20 -0000 1.3
+++ BatikSecurityController.java 20 Feb 2004 16:34:52 -0000 1.4
@@ -57,6 +57,12 @@
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.SecurityController;
+import java.security.AccessController;
+import java.security.AccessControlContext;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
+
/**
* This implementation of the Rhino <tt>SecurityController</tt> interface is
* meant for use within the context of Batik only. It is a partial
@@ -71,9 +77,15 @@
/**
* Default constructor
*/
- public GeneratedClassLoader createClassLoader(final ClassLoader parentLoader,
- Object securityDomain) {
- return (RhinoClassLoader)securityDomain;
+ public GeneratedClassLoader createClassLoader
+ (final ClassLoader parentLoader, Object securityDomain) {
+ if (securityDomain instanceof RhinoClassLoader) {
+ return (RhinoClassLoader)securityDomain;
+ }
+
+ // FIXX: This should be supported by intersecting perms.
+ // Calling var script = Script(source); script(); is not supported
+ throw new RuntimeException("NOT SUPPORTED");
}
/**
@@ -83,7 +95,16 @@
* allowed by the current stack.
*/
public Object getDynamicSecurityDomain(Object securityDomain) {
- return securityDomain;
+ ClassLoader loader = (RhinoClassLoader)securityDomain;
+ // Already have a rhino loader in place no need to
+ // do anything (normally you would want to union the
+ // the current stack with the loader's context but
+ // in our case no one has lower privledges than a
+ // rhino class loader).
+ if (loader != null)
+ return loader;
+
+ return AccessController.getContext();
}
/**
@@ -99,6 +120,25 @@
public Object execWithDomain(final Context cx, final Scriptable scope,
final Script script, Object securityDomain)
throws JavaScriptException {
- return script.exec(cx, scope);
+
+ AccessControlContext acc;
+ if (securityDomain instanceof AccessControlContext)
+ acc = (AccessControlContext)securityDomain;
+ else {
+ RhinoClassLoader loader = (RhinoClassLoader)securityDomain;
+ acc = loader.rhinoAccessControlContext;
+ }
+
+ try {
+ return AccessController.doPrivileged
+ (new PrivilegedExceptionAction() {
+ public Object run() throws JavaScriptException {
+ return script.exec(cx, scope);
+ }
+ }, acc );
+ } catch (Exception e) {
+ throw new JavaScriptException(e);
+ }
+
}
}
1.9 +19 -1
xml-batik/sources/org/apache/batik/script/rhino/RhinoClassLoader.java
Index: RhinoClassLoader.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/script/rhino/RhinoClassLoader.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- RhinoClassLoader.java 8 Aug 2003 11:39:20 -0000 1.8
+++ RhinoClassLoader.java 20 Feb 2004 16:34:52 -0000 1.9
@@ -55,11 +55,13 @@
import java.io.IOException;
import java.net.URL;
import java.net.URLClassLoader;
+import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.ProtectionDomain;
+import java.security.PrivilegedAction;
import org.mozilla.javascript.GeneratedClassLoader;
@@ -113,6 +115,22 @@
rhinoAccessControlContext
= new AccessControlContext(new ProtectionDomain[]{
rhinoProtectionDomain});
+ }
+
+ /**
+ * Helper, returns the URL array from the parent loader
+ */
+ static URL[] getURL(ClassLoader parent) {
+ if (parent instanceof RhinoClassLoader) {
+ URL documentURL = ((RhinoClassLoader)parent).documentURL;
+ if (documentURL != null) {
+ return new URL[] {documentURL};
+ } else {
+ return new URL[] {};
+ }
+ } else {
+ return new URL[] {};
+ }
}
/**
1.37 +4 -2
xml-batik/sources/org/apache/batik/script/rhino/RhinoInterpreter.java
Index: RhinoInterpreter.java
===================================================================
RCS file:
/home/cvs/xml-batik/sources/org/apache/batik/script/rhino/RhinoInterpreter.java,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- RhinoInterpreter.java 25 Jan 2004 01:49:46 -0000 1.36
+++ RhinoInterpreter.java 20 Feb 2004 16:34:52 -0000 1.37
@@ -218,6 +218,7 @@
ctx = new ExtendedContext();
ctx.setWrapFactory(wrapFactory);
ctx.setSecurityController(securityController);
+ ctx.setClassShutter(new RhinoClassShutter());
}
ctx = Context.enter(ctx);
@@ -225,7 +226,8 @@
}
/**
- * This method returns the ECMAScript global object used by this interpreter.
+ * This method returns the ECMAScript global object used by this
+ * interpreter.
*/
protected ScriptableObject getGlobalObject() {
return globalObject;
1.1
xml-batik/sources/org/apache/batik/script/rhino/RhinoClassShutter.java
Index: RhinoClassShutter.java
===================================================================
/*
============================================================================
The Apache Software License, Version 1.1
============================================================================
Copyright (C) 1999-2003 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modifica-
tion, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must
include the following acknowledgment: "This product includes software
developed by the Apache Software Foundation (http://www.apache.org/)."
Alternately, this acknowledgment may appear in the software itself, if
and wherever such third-party acknowledgments normally appear.
4. The names "Batik" and "Apache Software Foundation" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
[EMAIL PROTECTED]
5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the
Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU-
DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals
on behalf of the Apache Software Foundation. For more information on the
Apache Software Foundation, please see <http://www.apache.org/>.
*/
package org.apache.batik.script.rhino;
import org.mozilla.javascript.ClassShutter;
/**
* One line Class Desc
*
* Complete Class Desc
*
* @author <a href="mailto:[EMAIL PROTECTED]>deweese</a>
* @version $Id: RhinoClassShutter.java,v 1.1 2004/02/20 16:34:52 deweese Exp $
*/
public class RhinoClassShutter implements ClassShutter {
public RhinoClassShutter() {
// I suspect that we might want to initialize this
// from a resource file.
// test();
}
/*
public void test() {
test("org.mozilla.javascript.Context");
test("org.mozilla.javascript");
test("org.apache.batik.dom.SVGOMDocument");
test("org.apache.batik.script.rhino.RhinoInterpreter");
test("org.apache.batik.apps.svgbrowser.JSVGViewerFrame");
test("org.apache.batik.bridge.BridgeContext");
test("org.apache.batik.bridge.BaseScriptingEnvironment");
test("org.apache.batik.bridge.ScriptingEnvironment");
}
public void test(String cls) {
System.err.println("Test '" + cls + "': " +
visibleToScripts(cls));
}
*/
public boolean visibleToScripts(String fullClassName) {
// Don't let them mess with script engine's internals.
if (fullClassName.startsWith("org.mozilla.javascript"))
return false;
if (fullClassName.startsWith("org.apache.batik.")) {
// Just get packge within batik.
String batikPkg = fullClassName.substring(17);
// Don't let them mess with Batik script internals.
if (batikPkg.startsWith("script"))
return false;
// Don't let them get global structures.
if (batikPkg.startsWith("apps"))
return false;
// Don't let them get Scripting stuff from bridge.
if (batikPkg.startsWith("bridge.")) {
if (batikPkg.indexOf(".BaseScriptingEnvironment")!=-1)
return false;
if (batikPkg.indexOf(".ScriptingEnvironment")!=-1)
return false;
}
}
return true;
}
};
1.53 +18 -5 xml-batik/xdocs/index.xml
Index: index.xml
===================================================================
RCS file: /home/cvs/xml-batik/xdocs/index.xml,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- index.xml 18 Feb 2004 00:14:06 -0000 1.52
+++ index.xml 20 Feb 2004 16:34:52 -0000 1.53
@@ -29,10 +29,11 @@
<figure src="images/splash.png" alt="Batik release 1.5beta3" />
<p>
- Batik is a Java(tm) technology based toolkit for applications or applets
that want
- to use images in the <link href="http://www.w3.org/TR/SVG/";>Scalable Vector
- Graphics (SVG)</link> format for various purposes, such as
- viewing, generation or manipulation.
+ Batik is a Java(tm) technology based toolkit for applications
+ or applets that want to use images in the <link
+ href="http://www.w3.org/TR/SVG/";>Scalable Vector Graphics
+ (SVG)</link> format for various purposes, such as viewing,
+ generation or manipulation.
</p>
<ul>
<li><link href="#BatikApplications">Applications of Batik</link></li>
@@ -41,6 +42,18 @@
<li><link href="#DownloadBatik">Downloading the Batik
distribution (source and binary)</link></li>
<li><link href="#projectAndProductExamples">Examples of projects and
products using Batik</link></li>
</ul>
+ <p>
+ This is a warning that a security issue was reported in the
+ Batik Squiggle browser. Squiggle uses the Rhino scripting
+ engine and some features of that engine can be leveraged by
+ malicious scripts to gain access to otherwise protected
+ resources (like the file system).
+
+ The Batik team has worked with the Rhino team to fix the isssue
+ that was reported and the Batik 1.5.1 patch release addresses
+ the issue:
+ </p>
+
<p>
The project's ambition is to give developers a set of
<link href="architecture.html#coreComponents">core
1.7 +3 -3 xml-batik/xdocs/mail-lists.xml
Index: mail-lists.xml
===================================================================
RCS file: /home/cvs/xml-batik/xdocs/mail-lists.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- mail-lists.xml 8 Jan 2004 12:05:24 -0000 1.6
+++ mail-lists.xml 20 Feb 2004 16:34:52 -0000 1.7
@@ -30,8 +30,8 @@
mailing list, please first look at the following resources in this order:</p>
<ol>
<li><link href="faqs.html">Batik FAQs</link></li>
- <li><link href="http://mail-archives.apache.org/eyebrowse/[EMAIL
PROTECTED]">Batik-Users Archive</link>
- <li><link href="http://mail-archives.apache.org/eyebrowse/[EMAIL
PROTECTED]">Batik-Dev Archive</link>
+ <li><link href="http://mail-archives.apache.org/eyebrowse/[EMAIL
PROTECTED]">Batik-Users Archive</link></li>
+ <li><link href="http://mail-archives.apache.org/eyebrowse/[EMAIL
PROTECTED]">Batik-Dev Archive</link></li>
</ol>
</s1>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
