You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by dj...@apache.org on 2006/11/02 18:26:45 UTC
svn commit: r470434 - in
/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests:
tests/lang/RoutineSecurityTest.java tests/lang/_Suite.java
util/derby_tests.policy
Author: djd
Date: Thu Nov 2 09:26:44 2006
New Revision: 470434
URL: http://svn.apache.org/viewvc?view=rev&rev=470434
Log:
DERBY-467 Add a new test for tesing security issues related to server side Java procedures and functions.
New test is lang.RoutineSecurityTest.
Added:
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java (with props)
Modified:
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java?view=auto&rev=470434
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java Thu Nov 2 09:26:44 2006
@@ -0,0 +1,188 @@
+/*
+
+ Derby - Class org.apache.derbyTesting.functionTests.tests.lang.RoutineSecurityTest
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License
+*/
+package org.apache.derbyTesting.functionTests.tests.lang;
+
+import java.sql.CallableStatement;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import junit.framework.Test;
+
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.CleanDatabaseTestSetup;
+import org.apache.derbyTesting.junit.TestConfiguration;
+
+/**
+ * Set of tests that ensure SQL routines implemented in Java are
+ * correctly restricted in their actions when a security manager
+ * is in place. Assumption is that the standard running of this
+ * test will setup a security manager.
+ *
+ */
+public class RoutineSecurityTest extends BaseJDBCTestCase {
+
+ public RoutineSecurityTest(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * Test only runs in embedded as it is testing server
+ * side SQL routines implemented in Java.
+ */
+ public static Test suite()
+ {
+ Test suite = TestConfiguration.embeddedSuite(RoutineSecurityTest.class);
+
+ // Create all the routines we need up front.
+ return new CleanDatabaseTestSetup(suite)
+ {
+ protected void decorateSQL(Statement s) throws SQLException {
+ s.executeUpdate(
+ "CREATE FUNCTION GET_SYS_PROP(PROPERTY_KEY VARCHAR(60)) " +
+ "RETURNS VARCHAR(255) " +
+ "EXTERNAL NAME 'java.lang.System.getProperty' " +
+ "LANGUAGE JAVA PARAMETER STYLE JAVA");
+
+ s.executeUpdate(
+ "CREATE PROCEDURE DENIAL_OF_SERVICE(RC INT) " +
+ "EXTERNAL NAME 'java.lang.System.exit' " +
+ "LANGUAGE JAVA PARAMETER STYLE JAVA");
+
+ s.executeUpdate(
+ "CREATE PROCEDURE FORCEGC() " +
+ "EXTERNAL NAME 'java.lang.System.gc' " +
+ "LANGUAGE JAVA PARAMETER STYLE JAVA");
+
+ }
+ };
+ }
+
+ /**
+ * Test obtaining a system property using the Java library
+ * method System.getProperty() directly. Note that since
+ * the system method is called directly there is no
+ * privilege block and so to read a property the permission
+ * must have been granted all the way up the stack *including*
+ * the generated class. This can only occur for a generic
+ * grant entry in the policy file (with no code URL).
+ *
+ * @throws SQLException
+ */
+ public void testGetSystemProperty() throws SQLException
+ {
+ PreparedStatement ps = prepareStatement("VALUES GET_SYS_PROP(?)");
+
+ String[] restricted = {
+ "derby.system.home", // not granted to all code on the stack
+ "user.dir", // restricted by jvm
+ // "user.home", // restricted by jvm
+ "java.class.path", // restricted by jvm
+ "java.home", // restricted by jvm
+ "derbyRoutineSecurityTest.no", // not granted at all
+ "derbyTesting.fred" // only granted to derbyTesting.jar
+ };
+
+ for (int i = 0; i < restricted.length; i++)
+ {
+ ps.setString(1, restricted[i]);
+ try {
+ ResultSet rs =ps.executeQuery();
+ rs.next();
+ fail("Succeeded reading " + restricted[i] + rs.getString(1));
+ } catch (SQLException e) {
+ assertSecurityException(e);
+ }
+ }
+
+ // Should be ok to read these unrestricted or
+ // granted_to_all_code properties.
+ String[] notRestrictedAndGranted = {
+ "java.version", // open to all readers
+ "java.specification.name", // open to all readers
+ "derbyRoutineSecurityTest.yes" // granted to all code in the policy file
+ };
+ for (int i = 0; i < notRestrictedAndGranted.length; i++)
+ {
+ ps.setString(1, notRestrictedAndGranted[i]);
+ ResultSet rs =ps.executeQuery();
+ rs.next();
+ rs.getString(1);
+ rs.close();
+ }
+ ps.close();
+ }
+
+ /**
+ * Check that System.exit() cannot be called directly from a procedure.
+ * @throws SQLException
+ */
+ public void testSystemExit() throws SQLException
+ {
+ CallableStatement cs = prepareCall("CALL DENIAL_OF_SERVICE(?)");
+
+ cs.setInt(1, -1);
+ try {
+ cs.executeUpdate();
+ fail("Tough to get here since exit would have been called.");
+ } catch (SQLException e) {
+ assertSecurityException(e);
+ }
+ cs.setInt(1, 0);
+ try {
+ cs.executeUpdate();
+ fail("Tough to get here since exit would have been called.");
+ } catch (SQLException e) {
+ assertSecurityException(e);
+ }
+ cs.close();
+ }
+ /**
+ * Check that System.gc() can be called directly from a procedure.
+ * @throws SQLException
+ */
+ public void testSystemGC() throws SQLException
+ {
+ CallableStatement cs = prepareCall("CALL FORCEGC()");
+ cs.executeUpdate();
+ cs.close();
+ }
+
+ /**
+ * Test for a security exception within a routine.
+ * Current test is that the SQLException returned
+ * to the client has SQLState 38000 and wraps a
+ * SQLException with SQLState XJ001 which corresponds
+ * to wrapped Java exception.
+ * @param e
+ */
+ private void assertSecurityException(SQLException e)
+ {
+ assertSQLState("38000", e);
+ e = e.getNextException();
+ assertNotNull(e);
+ assertSQLState("XJ001", e);
+}
+
+}
Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/RoutineSecurityTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java?view=diff&rev=470434&r1=470433&r2=470434
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java Thu Nov 2 09:26:44 2006
@@ -58,10 +58,13 @@
// the nightly runs.
// suite.addTest(largeCodeGen.suite());
- suite.addTest(PrepareExecuteDDL.suite());
- suite.addTest(LangScripts.suite());
+
suite.addTest(GroupByExpressionTest.suite());
+ suite.addTest(LangScripts.suite());
suite.addTest(MathTrigFunctionsTest.suite());
+ suite.addTest(PrepareExecuteDDL.suite());
+ suite.addTest(RoutineSecurityTest.suite());
+ suite.addTest(SQLAuthorizationPropTest.suite());
suite.addTest(TimeHandlingTest.suite());
suite.addTest(VTITest.suite());
suite.addTest(XMLTypeAndOpsTest.suite());
@@ -70,12 +73,7 @@
// Add the NIST suite in from the nist package since
// it is a SQL language related test.
suite.addTest(NistScripts.suite());
-
- // This test internally sets derby.database.sqlAuthorization to true
- // This property is not resettable and hence may affect other tests
- // using it and sharing the same database.
- suite.addTest(SQLAuthorizationPropTest.suite());
-
+
// Tests that are compiled using 1.4 target need to
// be added this way, otherwise creating the suite
// will throw an invalid class version error
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?view=diff&rev=470434&r1=470433&r2=470434
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Thu Nov 2 09:26:44 2006
@@ -168,3 +168,10 @@
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
};
+
+// functionTests.tests.lang.RoutineSecurityTest requires this grant
+// to check to see if permissions are granted through generated code
+// through this mechanism.
+grant {
+ permission java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read";
+};