From: Gary Benson <gbenson@redhat.com>
To: mauve-discuss@sources.redhat.com
Subject: Re: SecurityException throwpoint audit
Date: Tue, 22 Nov 2005 16:27:00 -0000 [thread overview]
Message-ID: <20051122162710.GC4839@redhat.com> (raw)
In-Reply-To: <20051121165809.GB12340@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1542 bytes --]
Hi again,
I take it that nobody minds if I start doing this. The attached
script can be used to create the annotated list of throwpoints so
you can look up IDs I add in comments or whatever. The script
performs some MD5 checks so you can be sure you're looking at the
same page I am.
Cheers,
Gary
Gary Benson wrote:
> Hi all,
>
> I've been trying to work out how to test that permissions are
> checked at every point they ought to be. There's a table of
> every such point here:
>
> http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html#PermsAndMethods
>
> Some of these already have tests, but most probably do not. Before
> I start creating tests I'm thinking that we need some way to
> correlate mauve tests with the throwpoints on this (and future)
> lists.
>
> How would people feel if I numbered the throwpoints on the above
> list and noted them in their corresponding tests in some easily
> parsable form (probably in comments like Tags are already). That
> way whether a throwpoint is tested (and the location of the test)
> can be found with a simple grep.
>
> For simplicity I'd probably number the 1.4.2 list from 1-whatever.
> Checks added in 1.5 can be added at the end of the list.
>
> It would be convenient if we made a version of the above list
> annotated with the throwpoint numbers, but obviously such a thing
> could not be distributed. It should be possible to write a script
> that would download and annotate the list for local use.
>
> Does this sound reasonable?
>
> Cheers,
> Gary
[-- Attachment #2: get-throwpoints.py --]
[-- Type: text/plain, Size: 3886 bytes --]
#!/usr/bin/env python
import md5
import sgmllib
def escape(data, escape_quote = False):
data = data.replace("&", "&")
data = data.replace("<", "<")
if escape_quote:
data = data.replace('"', """)
return data
class Parser(sgmllib.SGMLParser):
from htmlentitydefs import entitydefs
def __init__(self, fp, verbose = False):
sgmllib.SGMLParser.__init__(self, verbose)
self.fp = fp
def reset(self):
sgmllib.SGMLParser.reset(self)
self.hashes = md5.new(), md5.new()
self.passthrough = False
self.row = None
def feed(self, data):
sgmllib.SGMLParser.feed(self, data)
self.hashes[0].update(data)
def write(self, data):
self.fp.write(data)
self.hashes[1].update(data)
def digests(self):
return [hash.hexdigest() for hash in self.hashes]
# handle passthrough in generic overrides
def handle_starttag(self, tag, method, attrs):
sgmllib.SGMLParser.handle_starttag(self, tag, method, attrs)
if self.passthrough:
self.__write_tag(tag, attrs)
def unknown_starttag(self, tag, attrs):
sgmllib.SGMLParser.unknown_starttag(self, tag, attrs)
if self.passthrough:
self.__write_tag(tag, attrs)
def handle_endtag(self, tag, method):
if self.passthrough:
self.__write_tag("/" + tag)
sgmllib.SGMLParser.handle_endtag(self, tag, method)
def unknown_endtag(self, tag):
if self.passthrough:
self.__write_tag("/" + tag)
sgmllib.SGMLParser.unknown_endtag(self, tag)
def handle_data(self, data):
if self.passthrough:
self.write(data)
def __write_tag(self, tag, attrs = ()):
self.write("<%s%s>" % (tag, "".join(
[' %s="%s"' % (name, escape(value, True))
for name, value in attrs])))
# handle everything else in tag-specific overrides
def start_table(self, attrs):
for name, value in attrs:
if name == "summary":
if value == "methods and the premissions they require":
self.passthrough = True
self.row = 0
break
if self.passthrough:
self.write("<html>\n <body>\n ")
def end_table(self):
if self.passthrough:
self.write("\n </body>\n</html>\n")
self.passthrough = False
def start_tr(self, attrs):
if self.passthrough:
if self.row == 29:
self.passthrough = False
self.row_tagged = False
elif self.row == 29:
self.passthrough = True
def end_tr(self):
if self.passthrough:
self.row += 1
def start_th(self, attrs):
if self.passthrough:
if not self.row_tagged:
self.write("<th>ID</th>\n ")
self.row_tagged = True
def start_td(self, attrs):
if self.passthrough:
if not self.row_tagged:
self.write("<td>se%03d</td>\n " % self.row)
self.row_tagged = True
if __name__ == "__main__":
import os
import sys
import urllib
version = "1.4.2"
src = "http://java.sun.com/j2se/" + version \
+ "/docs/guide/security/permissions.html"
dst = "throwpoints-%s.html" % version
if os.path.exists(dst):
print "%s: file exists" % dst
sys.exit(1)
parser = Parser(open(dst, "w"))
parser.feed(urllib.urlopen(src).read())
parser.close()
digests = parser.digests()
if digests[1] == "3c40052647c417dead97068a32f51911":
status = "PASS"
elif digests[0] == "c4b9248859682e65ad71788acfc03b78":
status = "FAIL (processing)"
else:
status = "FAIL (input = %s)" % digests[0]
print "status:", status
next prev parent reply other threads:[~2005-11-22 16:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-21 16:58 Gary Benson
2005-11-22 16:27 ` Gary Benson [this message]
2005-11-25 0:02 ` Mark Wielaard
2005-11-25 19:30 ` Tom Tromey
2005-11-28 14:04 ` Gary Benson
2006-05-17 20:39 Olli Vertanen
2006-05-18 11:40 ` Gary Benson
2006-05-24 12:53 ` Olli Vertanen
2006-06-02 11:55 ` Gary Benson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051122162710.GC4839@redhat.com \
--to=gbenson@redhat.com \
--cc=mauve-discuss@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).