eolivelli commented on a change in pull request #240: [SUREFIRE-1658] TCP/IP
Channel for forked Surefire JVM. Extensions API and SPI. Polymorphism for
remote and local process communication.
URL: https://github.com/apache/maven-surefire/pull/240#discussion_r382900334
##########
File path:
surefire-booter/src/main/java/org/apache/maven/surefire/booter/BooterDeserializer.java
##########
@@ -58,6 +60,18 @@ public BooterDeserializer( InputStream inputStream )
properties = SystemPropertyManager.loadProperties( inputStream );
}
+ /**
+ * Describes the current connection channel used by the client in the
forked JVM
+ * in order to connect to the plugin process.
+ *
+ * @return connection string (must not be null)
+ */
+ @Nonnull
+ public String getConnectionString()
+ {
+ return properties.getProperty( FORK_NODE_CONNECTION_STRING );
Review comment:
Any program (even a virus) can connect to all ports on 127.0.0.1 and mess
up the maven process.
If you add a minimal auth you will mitigate this security issue
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
