254 255 e.put("name", ScriptEngineSecurityTest.class.getName()); 256 e.put("cl", ScriptEngineSecurityTest.class.getClassLoader()); 257 e.put("intfs", new Class[] { Runnable.class }); 258 259 final String getClass = "Java.type(name + '$FakeProxy').makeProxyClass(cl, intfs);"; 260 261 // Should not be able to call static methods of Proxy via fake subclass 262 try { 263 final Class<?> c = (Class<?>)e.eval(getClass); 264 fail("should have thrown SecurityException"); 265 } catch (final Exception exp) { 266 if (! (exp instanceof SecurityException)) { 267 fail("SecurityException expected, got " + exp); 268 } 269 } 270 } 271 272 @Test 273 public static void proxyStaticAccessCheckTest() throws ScriptException { 274 final ScriptEngineManager m = new ScriptEngineManager(); 275 final ScriptEngine e = m.getEngineByName("nashorn"); 276 final Runnable r = (Runnable)Proxy.newProxyInstance( 277 ScriptEngineTest.class.getClassLoader(), 278 new Class[] { Runnable.class }, 279 new InvocationHandler() { 280 @Override 281 public Object invoke(final Object p, final Method m, final Object[] a) { 282 return null; 283 } 284 }); 285 286 e.put("rc", r.getClass()); 287 e.put("cl", ScriptEngineSecurityTest.class.getClassLoader()); 288 e.put("intfs", new Class[] { Runnable.class }); 289 290 // make sure static methods of Proxy is not accessible via subclass 291 try { 292 e.eval("rc.static.getProxyClass(cl, intfs)"); 293 fail("Should have thrown SecurityException"); 294 } catch (final Exception exp) { 295 if (! (exp instanceof SecurityException)) { 296 fail("SecurityException expected, got " + exp); 297 } 298 } 299 } 300 } | 254 255 e.put("name", ScriptEngineSecurityTest.class.getName()); 256 e.put("cl", ScriptEngineSecurityTest.class.getClassLoader()); 257 e.put("intfs", new Class[] { Runnable.class }); 258 259 final String getClass = "Java.type(name + '$FakeProxy').makeProxyClass(cl, intfs);"; 260 261 // Should not be able to call static methods of Proxy via fake subclass 262 try { 263 final Class<?> c = (Class<?>)e.eval(getClass); 264 fail("should have thrown SecurityException"); 265 } catch (final Exception exp) { 266 if (! (exp instanceof SecurityException)) { 267 fail("SecurityException expected, got " + exp); 268 } 269 } 270 } 271 272 @Test 273 public static void proxyStaticAccessCheckTest() throws ScriptException { 274 if (System.getSecurityManager() == null) { 275 // pass vacuously 276 return; 277 } 278 279 final ScriptEngineManager m = new ScriptEngineManager(); 280 final ScriptEngine e = m.getEngineByName("nashorn"); 281 final Runnable r = (Runnable)Proxy.newProxyInstance( 282 ScriptEngineTest.class.getClassLoader(), 283 new Class[] { Runnable.class }, 284 new InvocationHandler() { 285 @Override 286 public Object invoke(final Object p, final Method m, final Object[] a) { 287 return null; 288 } 289 }); 290 291 e.put("rc", r.getClass()); 292 e.put("cl", ScriptEngineSecurityTest.class.getClassLoader()); 293 e.put("intfs", new Class[] { Runnable.class }); 294 295 // make sure static methods of Proxy is not accessible via subclass 296 try { 297 e.eval("rc.static.getProxyClass(cl, intfs)"); 298 fail("Should have thrown SecurityException"); 299 } catch (final Exception exp) { 300 if (! (exp instanceof SecurityException)) { 301 fail("SecurityException expected, got " + exp); 302 } 303 } 304 } 305 306 307 @Test 308 public void nashornConfigSecurityTest() { 309 if (System.getSecurityManager() == null) { 310 // pass vacuously 311 return; 312 } 313 314 final NashornScriptEngineFactory fac = new NashornScriptEngineFactory(); 315 try { 316 fac.getScriptEngine(new ClassFilter() { 317 @Override 318 public boolean exposeToScripts(final String name) { 319 return true; 320 } 321 }); 322 fail("SecurityException should have been thrown"); 323 } catch (final SecurityException exp) {} 324 } 325 326 @Test 327 public void nashornConfigSecurityTest2() { 328 if (System.getSecurityManager() == null) { 329 // pass vacuously 330 return; 331 } 332 333 final NashornScriptEngineFactory fac = new NashornScriptEngineFactory(); 334 try { 335 fac.getScriptEngine(new String[0], null, new ClassFilter() { 336 @Override 337 public boolean exposeToScripts(final String name) { 338 return true; 339 } 340 }); 341 fail("SecurityException should have been thrown"); 342 } catch (final SecurityException exp) {} 343 } 344 } |