On 06.07.2017 15:33, Rony G. Flatscher wrote:
>
> Hi there,
>
> in the past days I have come up with a testGroup to test the ooRexx security
> manager in a way such
> that the tests can be run under ooRexx 3.2, 4.x and 5.0beta, cf.
> <https://sourceforge.net/p/oorexx/patches/202/>, where also the output of
> running the testGroup on
> all three ooRexx versions got supplied to ease inspection.
>
> Analyzing the behaviour of ooRexx 3.2 the following can be observed: one
> needs to create a method
> object from Rexx code. If that Rexx code contains a "::REQUIRES" directive
> then the security
> manager will get the message "REQUIRES" sent to it, when the code gets run,
> *not* when the code is
> used to create the method object!
>
> ooRexx 4.0 introduced the classes .routine and .package. A routine object
> from Rexx code that
> contains a "::requires" directive will cause the "REQUIRES" message to be
> sent to the security
> manager, when the routine object gets executed by sending it the call
> message, not when creating
> the routine object. For a package object the code gets executed at creation
> time (.package~time)
> and when the code contains a "::requires" directive a security manager gets
> the "REQUIRES" message
> sent to it.
>
> In ooRexx 4.0 creating a method object executes the "::requires" directive,
> if present, but does
> *not* send the REQUIRES message to the security manager.
>
> In ooRexx 5.0beta the security manager does not get the "REQUIRES" message
> sent to it when
> running/calling method and routine objects, nor for package objects that
> created!
>
> Here is a table trying to summarize these findings:
>
>
> ooRexx 3.2.0 ooRexx 4.2.0 ooRexx 5.0.0beta
>
>
> ::requires triggers SecMan? ::requires
> triggers SecMan? ::requires triggers SecMan?
>
> m=.method~new not run no *runs!* no *runs!*
> no
> m~run runs *yes* *not run* *no!* *not run* *no!*
>
> r=.routine~new n/a n/a not run no *runs!*
> no
> r~call n/a n/a runs *yes* *not run* n*o!*
>
> p=.package~new n/a n/a runs *yes* runs *no!*
>
Please remove the last line above ("p=.package~new"), which I did not test
against REQUIRES.
A package is run at creation time as there is not explicit "run", "call"
available with it in ooRexx
4.x (in ooRexx 5.x one could distinguish and have the prolog-code called in the
case an "::options
noprolog" was in effect).
For the purpose of employing the ooRexx security manager it is sufficient to
use a method or routine
object for it (the REQUIRES message needs to be sent appropriately in ooRexx
5.x).
> All other security manager messages get sent by ooRexx 3.2.0 and ooRexx 4.2.0.
>
> On ooRexx 5.0beta all other security manager messages get sent with the
> exception of some of the
> "ENVIRONMENT" (for a method and a routine object) and "STREAM" (for a package
> object) messages in
> certain circumstances that the testgroup uncovers.
>
> Hoping that these findings help identify the locations in ooRexx 5.0beta
> where adjustments are
> needed for fixing the missing security manager messages, notably the REQUIRES
> messages.
>
---rony
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Oorexx-devel mailing list
Oorexx-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
