On Tue, 10 May 2022 16:30:01 GMT, Lance Andersen <lan...@openjdk.org> wrote:
>>> @LanceAndersen @AlanBateman do you think adding the entry name in the >>> exception in ZipFileSystem is ok? If so, should it maybe go into a >>> different patch? >> >> It should be okay as this is the name of an entry in the zip file. It might >> be a bit cleaner to add a method to IndexNode to return the name as String. >> Alternatively maybe its toString could be changed to drop the index (I would >> need to dig into the history to find out if there is really any use for the >> index in the String representation). > >> > @LanceAndersen @AlanBateman do you think adding the entry name in the >> > exception in ZipFileSystem is ok? If so, should it maybe go into a >> > different patch? >> >> It should be okay as this is the name of an entry in the zip file. It might >> be a bit cleaner to add a method to IndexNode to return the name as String. >> Alternatively maybe its toString could be changed to drop the index (I would >> need to dig into the history to find out if there is really any use for the >> index in the String representation). > > I think this would be OK, but would get to get someone from our security team > to bless it. > > It might not be a bad idea to add a method to return the name as a String. > There are a couple of places where we do a new String(name) so would > economize any future changes > > > > @LanceAndersen @AlanBateman do you think adding the entry name in the > > > > exception in ZipFileSystem is ok? If so, should it maybe go into a > > > > different patch? > > > > > > > > > It should be okay as this is the name of an entry in the zip file. It > > > might be a bit cleaner to add a method to IndexNode to return the name as > > > String. Alternatively maybe its toString could be changed to drop the > > > index (I would need to dig into the history to find out if there is > > > really any use for the index in the String representation). > > > > > > I think this would be OK, but would get to get someone from our security > > team to bless it. > > It might not be a bad idea to add a method to return the name as a String. > > There are a couple of places where we do a new String(name) so would > > economize any future changes > > Sounds fair. @LanceAndersen, can you please ask the security team about their > ok then and let me know? In case their answer is a yes, I'll work on > implementing the suggestion to return the name as String. Shall I maybe do > the zipfs change in a different PR then? The more important change in the > context of javac is printing out the jar name in javac itself. Already did ;-) so hopefully they will share their thoughts soon. ------------- PR: https://git.openjdk.java.net/jdk/pull/8616
