95 lines
3.6 KiB
Java
95 lines
3.6 KiB
Java
|
/*
|
||
|
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||
|
*
|
||
|
* This code is free software; you can redistribute it and/or modify it
|
||
|
* under the terms of the GNU General Public License version 2 only, as
|
||
|
* published by the Free Software Foundation.
|
||
|
*
|
||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||
|
* accompanied this code).
|
||
|
*
|
||
|
* You should have received a copy of the GNU General Public License version
|
||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||
|
*
|
||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||
|
* or visit www.oracle.com if you need additional information or have any
|
||
|
* questions.
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* @test
|
||
|
* @summary Verifies security checks are performed before existence checks
|
||
|
* in pre-defined body processors APIs
|
||
|
* @run testng/othervm SecurityBeforeFile
|
||
|
* @run testng/othervm/java.security.policy=nopermissions.policy SecurityBeforeFile
|
||
|
*/
|
||
|
|
||
|
import java.io.FileNotFoundException;
|
||
|
import java.nio.file.Files;
|
||
|
import java.nio.file.OpenOption;
|
||
|
import java.nio.file.Path;
|
||
|
import java.nio.file.Paths;
|
||
|
import java.net.http.HttpRequest.BodyPublishers;
|
||
|
import java.net.http.HttpResponse.BodyHandlers;
|
||
|
import org.testng.annotations.DataProvider;
|
||
|
import org.testng.annotations.Test;
|
||
|
import static java.lang.System.out;
|
||
|
import static java.nio.file.StandardOpenOption.*;
|
||
|
import static org.testng.Assert.*;
|
||
|
|
||
|
public class SecurityBeforeFile {
|
||
|
|
||
|
static final boolean hasSecurityManager = System.getSecurityManager() != null;
|
||
|
static final boolean hasNoSecurityManager = !hasSecurityManager;
|
||
|
|
||
|
@Test
|
||
|
public void BodyPublishersOfFile() {
|
||
|
Path p = Paths.get("doesNotExist.txt");
|
||
|
if (hasNoSecurityManager && Files.exists(p))
|
||
|
throw new AssertionError("Unexpected " + p);
|
||
|
|
||
|
try {
|
||
|
BodyPublishers.ofFile(p);
|
||
|
fail("UNEXPECTED, file " + p.toString() + " exists?");
|
||
|
} catch (SecurityException se) {
|
||
|
assertTrue(hasSecurityManager);
|
||
|
out.println("caught expected security exception: " + se);
|
||
|
} catch (FileNotFoundException fnfe) {
|
||
|
assertTrue(hasNoSecurityManager);
|
||
|
out.println("caught expected file not found exception: " + fnfe);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
@DataProvider(name = "handlerOpenOptions")
|
||
|
public Object[][] handlerOpenOptions() {
|
||
|
return new Object[][] {
|
||
|
{ new OpenOption[] { } },
|
||
|
{ new OpenOption[] { CREATE } },
|
||
|
{ new OpenOption[] { CREATE, WRITE } },
|
||
|
};
|
||
|
}
|
||
|
|
||
|
@Test(dataProvider = "handlerOpenOptions")
|
||
|
public void BodyHandlersOfFileDownload(OpenOption[] openOptions) {
|
||
|
Path p = Paths.get("doesNotExistDir");
|
||
|
if (hasNoSecurityManager && Files.exists(p))
|
||
|
throw new AssertionError("Unexpected " + p);
|
||
|
|
||
|
try {
|
||
|
BodyHandlers.ofFileDownload(p, openOptions);
|
||
|
fail("UNEXPECTED, file " + p.toString() + " exists?");
|
||
|
} catch (SecurityException se) {
|
||
|
assertTrue(hasSecurityManager);
|
||
|
out.println("caught expected security exception: " + se);
|
||
|
} catch (IllegalArgumentException iae) {
|
||
|
assertTrue(hasNoSecurityManager);
|
||
|
out.println("caught expected illegal argument exception: " + iae);
|
||
|
}
|
||
|
}
|
||
|
}
|