[jira] [Updated] (CALCITE-1830) ProcessBuilder is security sensitive; move it to test suite to prevent accidents

[Julian Hyde (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CALCITE-1830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Hyde updated CALCITE-1830:
---------------------------------
    Description: 
The {{java.lang.ProcessBuilder}} class is security-sensitive because it creates 
operating system processes. It would be a security concern only if Calcite 
called it with user data, and that is not and never has been the case.

It is currently only used by the test suite. This change moves use of the 
method into the test module, to prevent developers accidentally introducing 
security issues in future.

Public method {{Util.runAppProcess}} is removed without notice; two methods 
named {{Util.newAppProcess}} were previously marked "deprecated, to be removed 
before 2.0" and are also removed.

  was:
Guava's {{ProcessBuilder}} class is security sensitive because it creates 
operating system processes. It would be a security concern only if Calcite 
called it with user data, and that is not and never has been the case.

It is currently only used by the test suite. This change moves use of the 
method into the test module, to prevent developers accidentally introducing 
security issues in future.

Public method {{Util.runAppProcess}} is removed without notice; two methods 
named {{Util.newAppProcess}} were previously marked "deprecated, to be removed 
before 2.0" and are also removed.


> ProcessBuilder is security sensitive; move it to test suite to prevent 
> accidents 
> ---------------------------------------------------------------------------------
>
>                 Key: CALCITE-1830
>                 URL: https://issues.apache.org/jira/browse/CALCITE-1830
>             Project: Calcite
>          Issue Type: Bug
>            Reporter: Julian Hyde
>            Assignee: Julian Hyde
>
> The {{java.lang.ProcessBuilder}} class is security-sensitive because it 
> creates operating system processes. It would be a security concern only if 
> Calcite called it with user data, and that is not and never has been the case.
> It is currently only used by the test suite. This change moves use of the 
> method into the test module, to prevent developers accidentally introducing 
> security issues in future.
> Public method {{Util.runAppProcess}} is removed without notice; two methods 
> named {{Util.newAppProcess}} were previously marked "deprecated, to be 
> removed before 2.0" and are also removed.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)