You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by ch...@apache.org on 2017/07/11 17:55:41 UTC

[11/50] commons-collections git commit: [COLLECTIONS-538] Use AccessController to read system properties in ExtendedProperties, use File.separator in case of a security exception.

[COLLECTIONS-538] Use AccessController to read system properties in ExtendedProperties, use File.separator in case of a security exception.

git-svn-id: https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X@1713233 13f79535-47bb-0310-9956-ffa450edef68


Project: http://git-wip-us.apache.org/repos/asf/commons-collections/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-collections/commit/c0da312f
Tree: http://git-wip-us.apache.org/repos/asf/commons-collections/tree/c0da312f
Diff: http://git-wip-us.apache.org/repos/asf/commons-collections/diff/c0da312f

Branch: refs/heads/COLLECTIONS_3_2_X
Commit: c0da312f34de79f90ea44de52c250e0d6d88b0b0
Parents: eb693a7
Author: Thomas Neidhart <tn...@apache.org>
Authored: Sun Nov 8 15:05:59 2015 +0000
Committer: Thomas Neidhart <tn...@apache.org>
Committed: Sun Nov 8 15:05:59 2015 +0000

----------------------------------------------------------------------
 src/changes/changes.xml                         |  6 +++++
 .../commons/collections/ExtendedProperties.java | 17 +++++++++++--
 .../collections/TestExtendedProperties.java     | 26 ++++++++++++++++++++
 3 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/commons-collections/blob/c0da312f/src/changes/changes.xml
----------------------------------------------------------------------
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 66cee68..683723b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -23,6 +23,12 @@
 
   <release version="3.2.2" date="20XX-XX-XX" description="This is a bugfix release.">
 
+    <action issue="COLLECTIONS-538" dev="tn" type="fix" due-to="Trejkaz">
+      "ExtendedProperties" will now use a privileged action to access the
+      "file.separator" system property. In case the class does not have
+      permission to read system properties, the "File#separator" field will
+      be used instead.
+    </action>
     <action issue="COLLECTIONS-350" dev="bayard" type="fix" due-to="Michael Akerman">
       Removed debug output in "MapUtils#getNumber(Map)".
     </action>

http://git-wip-us.apache.org/repos/asf/commons-collections/blob/c0da312f/src/java/org/apache/commons/collections/ExtendedProperties.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/commons/collections/ExtendedProperties.java b/src/java/org/apache/commons/collections/ExtendedProperties.java
index da420bc..194670e 100644
--- a/src/java/org/apache/commons/collections/ExtendedProperties.java
+++ b/src/java/org/apache/commons/collections/ExtendedProperties.java
@@ -26,6 +26,7 @@ import java.io.OutputStream;
 import java.io.PrintWriter;
 import java.io.Reader;
 import java.io.UnsupportedEncodingException;
+import java.security.AccessController;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -165,10 +166,22 @@ public class ExtendedProperties extends Hashtable {
     /**
      * File separator.
      */
-    protected String fileSeparator = System.getProperty("file.separator");
+    protected String fileSeparator;
+    {
+        try {
+            fileSeparator = (String) AccessController.doPrivileged(
+                new java.security.PrivilegedAction() {
+                    public Object run() {
+                        return System.getProperty("file.separator");
+                    }
+                });
+        } catch (SecurityException ex) {
+            fileSeparator = File.separator;
+        }
+    }
 
     /**
-     * Has this configuration been intialized.
+     * Has this configuration been initialized.
      */
     protected boolean isInitialized = false;
 

http://git-wip-us.apache.org/repos/asf/commons-collections/blob/c0da312f/src/test/org/apache/commons/collections/TestExtendedProperties.java
----------------------------------------------------------------------
diff --git a/src/test/org/apache/commons/collections/TestExtendedProperties.java b/src/test/org/apache/commons/collections/TestExtendedProperties.java
index 856c0dd..1fd2195 100644
--- a/src/test/org/apache/commons/collections/TestExtendedProperties.java
+++ b/src/test/org/apache/commons/collections/TestExtendedProperties.java
@@ -19,6 +19,7 @@ package org.apache.commons.collections;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.security.Permission;
 import java.util.Properties;
 
 import junit.framework.Test;
@@ -314,4 +315,29 @@ public class TestExtendedProperties extends TestCase {
         assertEquals("class", extended.getString("resource.loader"));
     }
 
+    public void testActiveSecurityManager() {
+        SecurityManager manager = new SecurityManager() {
+
+            public void checkPropertyAccess(String key) {
+                throw new SecurityException();
+            }
+
+            public void checkPermission(Permission perm) {
+            }
+            
+        };
+
+        System.setSecurityManager(manager);
+
+        try {
+            ExtendedProperties properties = new ExtendedProperties();
+            assertNotNull(properties);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            fail("failed to instantiate ExtendedProperties");
+        } finally {
+            System.setSecurityManager(null);
+        }
+    }
+
 }