* FYI: Serialization throwpoint tests
@ 2006-01-04 12:44 Gary Benson
0 siblings, 0 replies; only message in thread
From: Gary Benson @ 2006-01-04 12:44 UTC (permalink / raw)
To: mauve-patches
[-- Attachment #1: Type: text/plain, Size: 228 bytes --]
Hi again,
I just added throwpoint checks for java.io.ObjectInputStream and
java.io.ObjectOutputStream. With this patch all throwpoints in
java.io.* are annotated, and all but a couple in java.io.File have
tests.
Cheers,
Gary
[-- Attachment #2: patch --]
[-- Type: text/plain, Size: 7660 bytes --]
Index: ChangeLog
===================================================================
RCS file: /cvs/mauve/mauve/ChangeLog,v
retrieving revision 1.1331
diff -u -r1.1331 ChangeLog
--- ChangeLog 4 Jan 2006 11:20:48 -0000 1.1331
+++ ChangeLog 4 Jan 2006 12:37:54 -0000
@@ -1,5 +1,10 @@
2006-01-04 Gary Benson <gbenson@redhat.com>
+ * gnu/testlet/java/io/ObjectInputStream/security.java: New test.
+ * gnu/testlet/java/io/ObjectOutputStream/security.java: Likewise.
+
+2006-01-04 Gary Benson <gbenson@redhat.com>
+
* gnu/testlet/TestSecurityManager2.java (TestSecurityManager2):
Preload some classes to avoid infinite loops when in force.
Index: gnu/testlet/java/io/ObjectInputStream/security.java
===================================================================
RCS file: gnu/testlet/java/io/ObjectInputStream/security.java
diff -N gnu/testlet/java/io/ObjectInputStream/security.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ gnu/testlet/java/io/ObjectInputStream/security.java 4 Jan 2006 12:37:54 -0000
@@ -0,0 +1,106 @@
+// Copyright (C) 2006 Red Hat, Inc.
+// Written by Gary Benson <gbenson@redhat.com>
+
+// This file is part of Mauve.
+
+// Mauve is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2, or (at your option)
+// any later version.
+
+// Mauve is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Mauve; see the file COPYING. If not, write to
+// the Free Software Foundation, 59 Temple Place - Suite 330,
+// Boston, MA 02111-1307, USA.
+
+package gnu.testlet.java.io.ObjectInputStream;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.SerializablePermission;
+import java.security.Permission;
+
+import gnu.testlet.Testlet;
+import gnu.testlet.TestHarness;
+import gnu.testlet.TestSecurityManager2;
+
+public class security implements Testlet
+{
+ public void test(TestHarness harness)
+ {
+ try {
+ TestObjectInputStream teststream = new TestObjectInputStream();
+
+ Permission[] enableSubclassImplementation = new Permission[] {
+ new SerializablePermission("enableSubclassImplementation")};
+
+ Permission[] enableSubstitution = new Permission[] {
+ new SerializablePermission("enableSubstitution")};
+
+ Permission[] noPerms = new Permission[] {};
+
+ TestSecurityManager2 sm = new TestSecurityManager2(harness);
+ try {
+ sm.install();
+
+ // security: java.io.ObjectInputStream-ObjectInputStream
+ harness.checkPoint("constructor");
+ try {
+ sm.prepareChecks(enableSubclassImplementation, noPerms);
+ new TestObjectInputStream();
+ sm.checkAllChecked(harness);
+ }
+ catch (SecurityException ex) {
+ harness.debug(ex);
+ harness.check(false, "unexpected check");
+ }
+
+ // security: java.io.ObjectInputStream-enableResolveObject
+ harness.checkPoint("enableResolveObject");
+ try {
+ sm.prepareChecks(noPerms, noPerms);
+ teststream.testEnableResolveObject(false);
+ sm.checkAllChecked(harness);
+ }
+ catch (SecurityException ex) {
+ harness.debug(ex);
+ harness.check(false, "unexpected check");
+ }
+ try {
+ sm.prepareChecks(enableSubstitution, noPerms);
+ teststream.testEnableResolveObject(true);
+ sm.checkAllChecked(harness);
+ }
+ catch (SecurityException ex) {
+ harness.debug(ex);
+ harness.check(false, "unexpected check");
+ }
+ }
+ finally {
+ sm.uninstall();
+ }
+ }
+ catch (Throwable ex) {
+ harness.debug(ex);
+ harness.check(false, "Unexpected exception");
+ }
+ }
+
+ private static class TestObjectInputStream extends ObjectInputStream
+ {
+ public TestObjectInputStream() throws IOException
+ {
+ super();
+ }
+
+ public boolean testEnableResolveObject(boolean enable)
+ {
+ return enableResolveObject(enable);
+ }
+ }
+}
Index: gnu/testlet/java/io/ObjectOutputStream/security.java
===================================================================
RCS file: gnu/testlet/java/io/ObjectOutputStream/security.java
diff -N gnu/testlet/java/io/ObjectOutputStream/security.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ gnu/testlet/java/io/ObjectOutputStream/security.java 4 Jan 2006 12:37:54 -0000
@@ -0,0 +1,106 @@
+// Copyright (C) 2006 Red Hat, Inc.
+// Written by Gary Benson <gbenson@redhat.com>
+
+// This file is part of Mauve.
+
+// Mauve is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2, or (at your option)
+// any later version.
+
+// Mauve is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Mauve; see the file COPYING. If not, write to
+// the Free Software Foundation, 59 Temple Place - Suite 330,
+// Boston, MA 02111-1307, USA.
+
+package gnu.testlet.java.io.ObjectOutputStream;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.io.SerializablePermission;
+import java.security.Permission;
+
+import gnu.testlet.Testlet;
+import gnu.testlet.TestHarness;
+import gnu.testlet.TestSecurityManager2;
+
+public class security implements Testlet
+{
+ public void test(TestHarness harness)
+ {
+ try {
+ TestObjectOutputStream teststream = new TestObjectOutputStream();
+
+ Permission[] enableSubclassImplementation = new Permission[] {
+ new SerializablePermission("enableSubclassImplementation")};
+
+ Permission[] enableSubstitution = new Permission[] {
+ new SerializablePermission("enableSubstitution")};
+
+ Permission[] noPerms = new Permission[] {};
+
+ TestSecurityManager2 sm = new TestSecurityManager2(harness);
+ try {
+ sm.install();
+
+ // security: java.io.ObjectOutputStream-ObjectOutputStream
+ harness.checkPoint("constructor");
+ try {
+ sm.prepareChecks(enableSubclassImplementation, noPerms);
+ new TestObjectOutputStream();
+ sm.checkAllChecked(harness);
+ }
+ catch (SecurityException ex) {
+ harness.debug(ex);
+ harness.check(false, "unexpected check");
+ }
+
+ // security: java.io.ObjectOutputStream-enableReplaceObject
+ harness.checkPoint("enableReplaceObject");
+ try {
+ sm.prepareChecks(noPerms, noPerms);
+ teststream.testEnableReplaceObject(false);
+ sm.checkAllChecked(harness);
+ }
+ catch (SecurityException ex) {
+ harness.debug(ex);
+ harness.check(false, "unexpected check");
+ }
+ try {
+ sm.prepareChecks(enableSubstitution, noPerms);
+ teststream.testEnableReplaceObject(true);
+ sm.checkAllChecked(harness);
+ }
+ catch (SecurityException ex) {
+ harness.debug(ex);
+ harness.check(false, "unexpected check");
+ }
+ }
+ finally {
+ sm.uninstall();
+ }
+ }
+ catch (Throwable ex) {
+ harness.debug(ex);
+ harness.check(false, "Unexpected exception");
+ }
+ }
+
+ private static class TestObjectOutputStream extends ObjectOutputStream
+ {
+ public TestObjectOutputStream() throws IOException
+ {
+ super();
+ }
+
+ public boolean testEnableReplaceObject(boolean enable)
+ {
+ return enableReplaceObject(enable);
+ }
+ }
+}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-01-04 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-01-04 12:44 FYI: Serialization throwpoint tests Gary Benson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).