Weijun Wang 640a2afda3 8267184: Add -Djava.security.manager=allow to tests calling System.setSecurityManager
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Reviewed-by: dholmes, alanb, dfuchs, mchung, mullan, prr
2021-05-24 16:55:55 +00:00

139 lines
4.3 KiB
Java

/*
* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 4311940
* @summary Verify that unauthorized ObjectOutputStream and ObjectInputStream
* cannot be constructed if they override security-sensitive non-final
* methods.
* @build AuditStreamSubclass
* @run main/othervm -Djava.security.manager=allow AuditStreamSubclass
*/
import java.io.*;
class GoodOOS1 extends ObjectOutputStream {
GoodOOS1(OutputStream out) throws IOException { super(out); }
}
class GoodOOS2 extends GoodOOS1 {
GoodOOS2(OutputStream out) throws IOException { super(out); }
}
class BadOOS1 extends ObjectOutputStream {
BadOOS1(OutputStream out) throws IOException { super(out); }
public PutField putFields() throws IOException { return null; }
}
class BadOOS2 extends ObjectOutputStream {
BadOOS2(OutputStream out) throws IOException { super(out); }
public void writeUnshared(Object obj) throws IOException {}
}
class BadOOS3 extends GoodOOS1 {
BadOOS3(OutputStream out) throws IOException { super(out); }
public void writeUnshared(Object obj) throws IOException {}
}
class GoodOIS1 extends ObjectInputStream {
GoodOIS1(InputStream in) throws IOException { super(in); }
}
class GoodOIS2 extends GoodOIS1 {
GoodOIS2(InputStream in) throws IOException { super(in); }
}
class BadOIS1 extends ObjectInputStream {
BadOIS1(InputStream in) throws IOException { super(in); }
public GetField readFields() throws IOException, ClassNotFoundException {
return null;
}
}
class BadOIS2 extends ObjectInputStream {
BadOIS2(InputStream in) throws IOException { super(in); }
public Object readUnshared() throws IOException, ClassNotFoundException {
return null;
}
}
class BadOIS3 extends GoodOIS1 {
BadOIS3(InputStream in) throws IOException { super(in); }
public Object readUnshared() throws IOException, ClassNotFoundException {
return null;
}
}
public class AuditStreamSubclass {
public static void main(String[] args) throws Exception {
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
ByteArrayOutputStream bout = new ByteArrayOutputStream();
ObjectOutputStream oout = new ObjectOutputStream(bout);
oout.flush();
byte[] buf = bout.toByteArray();
new GoodOOS1(bout);
new GoodOOS2(bout);
new GoodOIS1(new ByteArrayInputStream(buf));
new GoodOIS2(new ByteArrayInputStream(buf));
try {
new BadOOS1(bout);
throw new Error();
} catch (SecurityException ex) {
}
try {
new BadOOS2(bout);
throw new Error();
} catch (SecurityException ex) {
}
try {
new BadOOS3(bout);
throw new Error();
} catch (SecurityException ex) {
}
try {
new BadOIS1(new ByteArrayInputStream(buf));
throw new Error();
} catch (SecurityException ex) {
}
try {
new BadOIS2(new ByteArrayInputStream(buf));
throw new Error();
} catch (SecurityException ex) {
}
try {
new BadOIS3(new ByteArrayInputStream(buf));
throw new Error();
} catch (SecurityException ex) {
}
}
}