[
http://issues.apache.org/jira/browse/DERBY-1951?page=comments#action_12441211 ]
Bryan Pendleton commented on DERBY-1951:
----------------------------------------
Your patch seems reasonable to me. If it were me, I would probably write the
additional lines
of code to omit the "extra" separator, something like:
String fileName = System.getProperty("derby.system.home");
if (!fileName.endsWith(FILESEPARATOR))
fileName = fileName + FILESEPARATOR;
fileName = fileName + "serverConsoleOutput.log";
The reason I would do this is that it doesn't seem like that much more code,
and it avoids
the possibility that somebody down the road in the future will be crawling
through things
and see something like /home/bpendleton/derby//serverConsoleOutput.log and
think,
even if just for a second, that "something is missing between 'derby' and
'serverConsoleOutput.log'".
Writing the extra code to avoid this now seems like it might save people time
in the
future by making the fileName string self-evidently correct.
> Missing directory separator in path construction in
> 'NetworkServerTestSetup.setUp'
> ----------------------------------------------------------------------------------
>
> Key: DERBY-1951
> URL: http://issues.apache.org/jira/browse/DERBY-1951
> Project: Derby
> Issue Type: Bug
> Components: Test
> Affects Versions: 10.3.0.0
> Reporter: Kristian Waagan
> Assigned To: Kristian Waagan
> Attachments: derby-1951-1a.diff
>
>
> When constructing the path for the server output file, the directory
> separator (typically '/') is omitted, causing a security violation when
> running under the security manager. Here's a sample stack trace for a JUnit
> run:
> 1) AllPackagesjava.security.AccessControlException: access denied
> (java.io.FilePermission /some/pathserverConsoleOutput.log write)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
> at
> java.security.AccessController.checkPermission(AccessController.java:401)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at java.lang.SecurityManager.checkWrite(SecurityManager.java:954)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:169)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:70)
> at
> org.apache.derbyTesting.junit.NetworkServerTestSetup$1.run(NetworkServerTestSetup.java:72
> )
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.derbyTesting.junit.NetworkServerTestSetup.setUp(NetworkServerTestSetup.java:65
> )
> at junit.extensions.TestSetup$1.protect(TestSetup.java:18)
> at junit.extensions.TestSetup.run(TestSetup.java:23)
> at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
> at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
> at junit.extensions.TestSetup.run(TestSetup.java:23)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
