[jira] [Updated] (DERBY-6648) Application code should not be able to call ContextService.getContextOrNull()

[Rick Hillegas (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DERBY-6648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rick Hillegas updated DERBY-6648:
---------------------------------
    Attachment: derby-6741-01-aa-usederbyinternals.diff

Attaching derby-6741-01-aa-usederbyinternals.diff. This patch guards this 
method with a check for usederbyinternals permission. I am running tests now.

I could not make the method private because it is used by EmbedXAResource.

Touches the following files:

-------------

M       java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M       java/engine/org/apache/derby/jdbc/EmbedXAResource.java

Add check for usederbyinternals.

-------------

M       
java/testing/org/apache/derbyTesting/functionTests/tests/lang/ConstraintCharacteristicsTest.java
M       
java/testing/org/apache/derbyTesting/functionTests/tests/lang/NewOptimizerOverridesTest.java
M       
java/testing/org/apache/derbyTesting/functionTests/tests/lang/resultSetReader.policy

Corresponding changes to tests.

-------------

M       
java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java

New test to verify that user code can't call 
EmbedConnection.getContextManager().


> Application code should not be able to call ContextService.getContextOrNull()
> -----------------------------------------------------------------------------
>
>                 Key: DERBY-6648
>                 URL: https://issues.apache.org/jira/browse/DERBY-6648
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.11.1.1
>            Reporter: Rick Hillegas
>         Attachments: derby-6648-01-aa-oneActionList.diff, 
> derby-6648-01-ab-rototill1.diff, derby-6648-01-ad-rototill1.diff, 
> derby-6648-01-ae-regressionTests.diff, 
> derby-6741-01-aa-usederbyinternals.diff, releaseNote.html
>
>
> By calling ContextService.getContextOrNull() (and its relatives), application 
> code can get its hands on all sorts of internal Derby contexts, factories, 
> and managers. This allows application code to bypass SQL authorization checks 
> and perform sensitive or data-corrupting actions.
> For instance, right now an application can use this method to get its hands 
> on the language connection context. From the lcc, the application can get its 
> hands on the data dictionary and the execution transaction. Armed with those 
> objects, the application can bypass authorization checks and create schema 
> objects, users, and permissions.
> Only Derby code should be able to call this powerful method.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)