You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by us...@apache.org on 2019/12/25 12:50:48 UTC
[lucene-solr] branch branch_8x updated: LUCENE-9109: Backport some
changes from master (except StackWalker) to improve TestSecurityManager
This is an automated email from the ASF dual-hosted git repository.
uschindler pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 982797e LUCENE-9109: Backport some changes from master (except StackWalker) to improve TestSecurityManager
982797e is described below
commit 982797e23fcde6f11491e849ba4405d90b3fbfac
Author: Uwe Schindler <us...@apache.org>
AuthorDate: Wed Dec 25 12:45:05 2019 +0100
LUCENE-9109: Backport some changes from master (except StackWalker) to improve TestSecurityManager
---
lucene/CHANGES.txt | 3 +
.../apache/lucene/util/TestSecurityManager.java | 74 ++++++++++------------
2 files changed, 35 insertions(+), 42 deletions(-)
diff --git a/lucene/CHANGES.txt b/lucene/CHANGES.txt
index c50c28e..5d82f80 100644
--- a/lucene/CHANGES.txt
+++ b/lucene/CHANGES.txt
@@ -20,6 +20,9 @@ Improvements
* LUCENE-9091: UnifiedHighlighter HTML escaping should only escape essentials (Nándor Mátravölgyi)
+* LUCENE-9109: Backport some changes from master (except StackWalker) to improve
+ TestSecurityManager (Uwe Schindler)
+
Optimizations
---------------------
(No changes)
diff --git a/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java b/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
index 99c6270..13f3029 100644
--- a/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
+++ b/lucene/test-framework/src/java/org/apache/lucene/util/TestSecurityManager.java
@@ -16,9 +16,6 @@
*/
package org.apache.lucene.util;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
/**
* A {@link SecurityManager} that prevents tests calling {@link System#exit(int)}.
* Only the test runner itself is allowed to exit the JVM.
@@ -28,9 +25,9 @@ import java.security.PrivilegedAction;
*/
public final class TestSecurityManager extends SecurityManager {
- static final String JUNIT4_TEST_RUNNER_PACKAGE = "com.carrotsearch.ant.tasks.junit4.";
- static final String ECLIPSE_TEST_RUNNER_PACKAGE = "org.eclipse.jdt.internal.junit.runner.";
- static final String IDEA_TEST_RUNNER_PACKAGE = "com.intellij.rt.execution.junit.";
+ private static final String JUNIT4_TEST_RUNNER_PACKAGE = "com.carrotsearch.ant.tasks.junit4.";
+ private static final String ECLIPSE_TEST_RUNNER_PACKAGE = "org.eclipse.jdt.internal.junit.runner.";
+ private static final String IDEA_TEST_RUNNER_PACKAGE = "com.intellij.rt.execution.junit.";
/**
* Creates a new TestSecurityManager. This ctor is called on JVM startup,
@@ -49,45 +46,38 @@ public final class TestSecurityManager extends SecurityManager {
*/
@Override
public void checkExit(final int status) {
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
- @Override
- public Void run() {
- final String systemClassName = System.class.getName(),
- runtimeClassName = Runtime.class.getName();
- String exitMethodHit = null;
- for (final StackTraceElement se : Thread.currentThread().getStackTrace()) {
- final String className = se.getClassName(), methodName = se.getMethodName();
- if (
- ("exit".equals(methodName) || "halt".equals(methodName)) &&
- (systemClassName.equals(className) || runtimeClassName.equals(className))
- ) {
- exitMethodHit = className + '#' + methodName + '(' + status + ')';
- continue;
- }
-
- if (exitMethodHit != null) {
- if (className.startsWith(JUNIT4_TEST_RUNNER_PACKAGE) ||
- className.startsWith(ECLIPSE_TEST_RUNNER_PACKAGE) ||
- className.startsWith(IDEA_TEST_RUNNER_PACKAGE)) {
- // this exit point is allowed, we return normally from closure:
- return /*void*/ null;
- } else {
- // anything else in stack trace is not allowed, break and throw SecurityException below:
- break;
- }
- }
- }
-
- if (exitMethodHit == null) {
- // should never happen, only if JVM hides stack trace - replace by generic:
- exitMethodHit = "JVM exit method";
+ final String systemClassName = System.class.getName(),
+ runtimeClassName = Runtime.class.getName();
+ String exitMethodHit = null;
+ for (final StackTraceElement se : (new Exception()).getStackTrace()) {
+ final String className = se.getClassName(), methodName = se.getMethodName();
+ if (
+ ("exit".equals(methodName) || "halt".equals(methodName)) &&
+ (systemClassName.equals(className) || runtimeClassName.equals(className))
+ ) {
+ exitMethodHit = className + '#' + methodName + '(' + status + ')';
+ continue;
+ }
+
+ if (exitMethodHit != null) {
+ if (className.startsWith(JUNIT4_TEST_RUNNER_PACKAGE) ||
+ className.startsWith(ECLIPSE_TEST_RUNNER_PACKAGE) ||
+ className.startsWith(IDEA_TEST_RUNNER_PACKAGE)) {
+ // we passed the stack check, delegate to super, so default policy can still deny permission:
+ super.checkExit(status);
+ return;
+ } else {
+ // anything else in stack trace is not allowed, break and throw SecurityException below:
+ break;
}
- throw new SecurityException(exitMethodHit + " calls are not allowed because they terminate the test runner's JVM.");
}
- });
+ }
- // we passed the stack check, delegate to super, so default policy can still deny permission:
- super.checkExit(status);
+ if (exitMethodHit == null) {
+ // should never happen, only if JVM hides stack trace - replace by generic:
+ exitMethodHit = "JVM exit method";
+ }
+ throw new SecurityException(exitMethodHit + " calls are not allowed because they terminate the test runner's JVM.");
}
}