21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package jdk.nashorn.api.scripting.test;
27
28 import static org.testng.Assert.fail;
29 import java.lang.reflect.InvocationHandler;
30 import java.lang.reflect.Method;
31 import java.lang.reflect.Proxy;
32 import javax.script.ScriptEngine;
33 import javax.script.ScriptEngineManager;
34 import javax.script.ScriptException;
35 import jdk.nashorn.api.scripting.ClassFilter;
36 import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
37 import org.testng.annotations.Test;
38
39 /**
40 * jsr223 tests for security access checks.
41 */
42 @SuppressWarnings("javadoc")
43 public class ScriptEngineSecurityTest {
44
45 private static void log(final String msg) {
46 org.testng.Reporter.log(msg, true);
47 }
48
49 @Test
50 public void securityPackagesTest() {
51 if (System.getSecurityManager() == null) {
52 // pass vacuously
53 return;
54 }
55
56 final ScriptEngineManager m = new ScriptEngineManager();
57 final ScriptEngine e = m.getEngineByName("nashorn");
58 try {
59 e.eval("var v = Packages.sun.misc.Unsafe;");
60 fail("should have thrown SecurityException");
227 try {
228 e.eval(getClass);
229 fail("should have thrown SecurityException");
230 } catch (final Exception exp) {
231 if (! (exp instanceof SecurityException)) {
232 fail("SecurityException expected, got " + exp);
233 }
234 }
235 }
236
237 @Test
238 public static void proxyStaticAccessCheckTest() {
239 if (System.getSecurityManager() == null) {
240 // pass vacuously
241 return;
242 }
243
244 final ScriptEngineManager m = new ScriptEngineManager();
245 final ScriptEngine e = m.getEngineByName("nashorn");
246 final Runnable r = (Runnable)Proxy.newProxyInstance(
247 ScriptEngineTest.class.getClassLoader(),
248 new Class[] { Runnable.class },
249 new InvocationHandler() {
250 @Override
251 public Object invoke(final Object p, final Method mtd, final Object[] a) {
252 return null;
253 }
254 });
255
256 e.put("rc", r.getClass());
257 e.put("cl", ScriptEngineSecurityTest.class.getClassLoader());
258 e.put("intfs", new Class[] { Runnable.class });
259
260 // make sure static methods of Proxy is not accessible via subclass
261 try {
262 e.eval("rc.static.getProxyClass(cl, intfs)");
263 fail("Should have thrown SecurityException");
264 } catch (final Exception exp) {
265 if (! (exp instanceof SecurityException)) {
266 fail("SecurityException expected, got " + exp);
267 }
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package jdk.nashorn.api.scripting.test;
27
28 import static org.testng.Assert.fail;
29 import java.lang.reflect.InvocationHandler;
30 import java.lang.reflect.Method;
31 import java.lang.reflect.Proxy;
32 import javax.script.ScriptEngine;
33 import javax.script.ScriptEngineManager;
34 import javax.script.ScriptException;
35 import jdk.nashorn.api.scripting.ClassFilter;
36 import jdk.nashorn.api.scripting.NashornScriptEngineFactory;
37 import org.testng.annotations.Test;
38
39 /**
40 * jsr223 tests for security access checks.
41 *
42 * @test
43 * @run testng/othervm jdk.nashorn.api.scripting.test.ScriptEngineSecurityTest
44 */
45 @SuppressWarnings("javadoc")
46 public class ScriptEngineSecurityTest {
47
48 private static void log(final String msg) {
49 org.testng.Reporter.log(msg, true);
50 }
51
52 @Test
53 public void securityPackagesTest() {
54 if (System.getSecurityManager() == null) {
55 // pass vacuously
56 return;
57 }
58
59 final ScriptEngineManager m = new ScriptEngineManager();
60 final ScriptEngine e = m.getEngineByName("nashorn");
61 try {
62 e.eval("var v = Packages.sun.misc.Unsafe;");
63 fail("should have thrown SecurityException");
230 try {
231 e.eval(getClass);
232 fail("should have thrown SecurityException");
233 } catch (final Exception exp) {
234 if (! (exp instanceof SecurityException)) {
235 fail("SecurityException expected, got " + exp);
236 }
237 }
238 }
239
240 @Test
241 public static void proxyStaticAccessCheckTest() {
242 if (System.getSecurityManager() == null) {
243 // pass vacuously
244 return;
245 }
246
247 final ScriptEngineManager m = new ScriptEngineManager();
248 final ScriptEngine e = m.getEngineByName("nashorn");
249 final Runnable r = (Runnable)Proxy.newProxyInstance(
250 ScriptEngineSecurityTest.class.getClassLoader(),
251 new Class[] { Runnable.class },
252 new InvocationHandler() {
253 @Override
254 public Object invoke(final Object p, final Method mtd, final Object[] a) {
255 return null;
256 }
257 });
258
259 e.put("rc", r.getClass());
260 e.put("cl", ScriptEngineSecurityTest.class.getClassLoader());
261 e.put("intfs", new Class[] { Runnable.class });
262
263 // make sure static methods of Proxy is not accessible via subclass
264 try {
265 e.eval("rc.static.getProxyClass(cl, intfs)");
266 fail("Should have thrown SecurityException");
267 } catch (final Exception exp) {
268 if (! (exp instanceof SecurityException)) {
269 fail("SecurityException expected, got " + exp);
270 }
|