1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 8210496 27 * @modules java.base/jdk.internal.reflect 28 * @run testng Filtering 29 * @summary Test that security sensitive fields that filtered by core reflection 30 */ 31 32 import java.lang.reflect.*; 33 import java.lang.invoke.MethodHandles.Lookup; 34 import org.testng.annotations.DataProvider; 35 import org.testng.annotations.Test; 36 import static org.testng.Assert.assertTrue; 37 38 public class Filtering { 39 40 @DataProvider(name = "sensitiveClasses") 41 private Object[][] sensitiveClasses() { 42 return new Object[][]{ 43 { jdk.internal.reflect.Reflection.class, null }, 44 { AccessibleObject.class, null }, 45 { ClassLoader.class, null }, 46 { Constructor.class, null }, 47 { Field.class, null }, 48 { Method.class, null }, 49 }; 50 } 51 52 @DataProvider(name = "sensitiveFields") 53 private Object[][] sensitiveFields() { 54 return new Object[][]{ 55 { AccessibleObject.class, "override" }, 56 { Class.class, "classLoader" }, 57 { Class.class, "classData" }, 58 { ClassLoader.class, "parent" }, 59 { Field.class, "clazz" }, 60 { Field.class, "modifiers" }, 61 { Lookup.class, "lookupClass" }, 62 { Lookup.class, "allowedModes" }, 63 { Method.class, "clazz" }, 64 { Method.class, "modifiers" }, 65 { Module.class, "name" }, 66 { Module.class, "loader" }, 67 { System.class, "security" }, 68 }; 69 } 70 71 @Test(dataProvider = "sensitiveClasses") 72 public void testClass(Class<?> clazz, Object ignore) throws Exception { 73 Field[] fields = clazz.getDeclaredFields(); 74 assertTrue(fields.length == 0); 75 } 76 77 @Test(dataProvider = "sensitiveFields", 78 expectedExceptions = NoSuchFieldException.class) 79 public void testField(Class<?> clazz, String name) throws Exception { 80 clazz.getDeclaredField(name); 81 } 82 83 }