You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@calcite.apache.org by "Julian Hyde (JIRA)" <ji...@apache.org> on 2017/06/05 18:31:04 UTC

[jira] [Updated] (CALCITE-1830) ProcessBuilder is security sensitive; move it to test suite to prevent accidents

     [ https://issues.apache.org/jira/browse/CALCITE-1830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Julian Hyde updated CALCITE-1830:
---------------------------------
    Description: 
The {{java.lang.ProcessBuilder}} class is security-sensitive because it creates operating system processes. It would be a security concern only if Calcite called it with user data, and that is not and never has been the case.

It is currently only used by the test suite. This change moves use of the method into the test module, to prevent developers accidentally introducing security issues in future.

Public method {{Util.runAppProcess}} is removed without notice; two methods named {{Util.newAppProcess}} were previously marked "deprecated, to be removed before 2.0" and are also removed.

  was:
Guava's {{ProcessBuilder}} class is security sensitive because it creates operating system processes. It would be a security concern only if Calcite called it with user data, and that is not and never has been the case.

It is currently only used by the test suite. This change moves use of the method into the test module, to prevent developers accidentally introducing security issues in future.

Public method {{Util.runAppProcess}} is removed without notice; two methods named {{Util.newAppProcess}} were previously marked "deprecated, to be removed before 2.0" and are also removed.


> ProcessBuilder is security sensitive; move it to test suite to prevent accidents 
> ---------------------------------------------------------------------------------
>
>                 Key: CALCITE-1830
>                 URL: https://issues.apache.org/jira/browse/CALCITE-1830
>             Project: Calcite
>          Issue Type: Bug
>            Reporter: Julian Hyde
>            Assignee: Julian Hyde
>
> The {{java.lang.ProcessBuilder}} class is security-sensitive because it creates operating system processes. It would be a security concern only if Calcite called it with user data, and that is not and never has been the case.
> It is currently only used by the test suite. This change moves use of the method into the test module, to prevent developers accidentally introducing security issues in future.
> Public method {{Util.runAppProcess}} is removed without notice; two methods named {{Util.newAppProcess}} were previously marked "deprecated, to be removed before 2.0" and are also removed.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)