You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@groovy.apache.org by "Paul King (JIRA)" <ji...@apache.org> on 2017/02/01 23:19:06 UTC
[jira] [Closed] (GROOVY-7842) MarkupTemplateEngine totally broken
when used with a Security Manager
[ https://issues.apache.org/jira/browse/GROOVY-7842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul King closed GROOVY-7842.
-----------------------------
> MarkupTemplateEngine totally broken when used with a Security Manager
> ---------------------------------------------------------------------
>
> Key: GROOVY-7842
> URL: https://issues.apache.org/jira/browse/GROOVY-7842
> Project: Groovy
> Issue Type: Bug
> Components: Templating
> Affects Versions: 2.4.5, 2.4.6
> Reporter: Scott Murphy
> Assignee: John Wagenleitner
> Priority: Critical
> Fix For: 2.4.8
>
>
> {code:title=TemplateServlet.java|borderStyle=solid}
> TemplateServer.createAndStoreTemplate(String key, InputStream inputStream, File file)
> // ...
> Template template = engine.createTemplate(reader);
> {code}
> {code:title=MarkupTemplateEngine.java|borderStyle=solid}
> public Template createTemplate(final Reader reader) throws CompilationFailedException, ClassNotFoundException, IOException {
> return new MarkupTemplateMaker(reader, null, null);
> }
> {code}
> Calls MarkupTemplateEngine.MarkupTemplateMaker
> {code:title=MarkupTemplateEngine.java|borderStyle=solid}
> public MarkupTemplateMaker(final Reader reader, String sourceName, Map<String, String> modelTypes) {
> String name = sourceName != null ? sourceName : "GeneratedMarkupTemplate" + counter.getAndIncrement();
> templateClass = groovyClassLoader.parseClass(new GroovyCodeSource(reader, name, ""), modelTypes);
> this.modeltypes = modelTypes;
> }
> {code}
> Note: GroovyCodeSource(reader, name, "")
> {code:title=GroovyCodeSource.java|borderStyle=solid}
> public GroovyCodeSource(Reader reader, String name, String codeBase) {
> this.name = name;
> this.codeSource = createCodeSource(codeBase);
> {code}
> Note: createCodeSource(codeBase); -> createCodeSource("");
> {code:title=GroovyCodeSource.java|borderStyle=solid}
> private static CodeSource createCodeSource(final String codeBase) {
> SecurityManager sm = System.getSecurityManager();
> if (sm != null) {
> sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
> }
> {code}
> Note: GroovyCodeSourcePermission(codeBase) -> GroovyCodeSourcePermission("")
> {code:title=GroovyCodeSourcePermission.java|borderStyle=solid}
> public final class GroovyCodeSourcePermission extends BasicPermission {
> public GroovyCodeSourcePermission(String name) {
> super(name);
> }
> public BasicPermission(String name)
> {
> super(name);
> init(name);
> }
> /**
> * initialize a BasicPermission object. Common to all constructors.
> *
> */
> private void init(String name)
> {
> if (name == null)
> throw new NullPointerException("name can't be null");
> int len = name.length();
> if (len == 0) {
> throw new IllegalArgumentException("name can't be empty");
> }
> {code}
> BOOM -> IllegalArgumentException
> In summary: MarkupTemplateMaker creates a GroovyCodeSource where codeBase is equal to "". BasicPermission does not allow names to have zero length thus causing an exception.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)