Matthias Sohn
5 years ago
committed by
Gerrit Code Review @ Eclipse.org
7 changed files with 364 additions and 51 deletions
@ -0,0 +1,94 @@
|
||||
/* |
||||
* Copyright (C) 2019 Nail Samatov <sanail@yandex.ru> |
||||
* and other copyright owners as documented in the project's IP log. |
||||
* |
||||
* This program and the accompanying materials are made available |
||||
* under the terms of the Eclipse Distribution License v1.0 which |
||||
* accompanies this distribution, is reproduced below, and is |
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
* |
||||
* All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or |
||||
* without modification, are permitted provided that the following |
||||
* conditions are met: |
||||
* |
||||
* - Redistributions of source code must retain the above copyright |
||||
* notice, this list of conditions and the following disclaimer. |
||||
* |
||||
* - Redistributions in binary form must reproduce the above |
||||
* copyright notice, this list of conditions and the following |
||||
* disclaimer in the documentation and/or other materials provided |
||||
* with the distribution. |
||||
* |
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the |
||||
* names of its contributors may be used to endorse or promote |
||||
* products derived from this software without specific prior |
||||
* written permission. |
||||
* |
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND |
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, |
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||||
*/ |
||||
package org.eclipse.jgit.junit; |
||||
|
||||
import static java.lang.ClassLoader.getSystemClassLoader; |
||||
|
||||
import java.net.URL; |
||||
import java.net.URLClassLoader; |
||||
|
||||
import org.junit.runners.BlockJUnit4ClassRunner; |
||||
import org.junit.runners.model.InitializationError; |
||||
|
||||
/** |
||||
* This class is used when it's required to load jgit classes in separate |
||||
* classloader for each test class. It can be needed to isolate static field |
||||
* initialization between separate tests. |
||||
*/ |
||||
public class SeparateClassloaderTestRunner extends BlockJUnit4ClassRunner { |
||||
|
||||
/** |
||||
* Creates a SeparateClassloaderTestRunner to run {@code klass}. |
||||
* |
||||
* @param klass |
||||
* test class to run. |
||||
* @throws InitializationError |
||||
* if the test class is malformed or can't be found. |
||||
*/ |
||||
public SeparateClassloaderTestRunner(Class<?> klass) |
||||
throws InitializationError { |
||||
super(loadNewClass(klass)); |
||||
} |
||||
|
||||
private static Class<?> loadNewClass(Class<?> klass) |
||||
throws InitializationError { |
||||
try { |
||||
URL[] urls = ((URLClassLoader) getSystemClassLoader()).getURLs(); |
||||
ClassLoader testClassLoader = new URLClassLoader(urls) { |
||||
|
||||
@Override |
||||
public Class<?> loadClass(String name) |
||||
throws ClassNotFoundException { |
||||
if (name.startsWith("org.eclipse.jgit.")) { |
||||
return super.findClass(name); |
||||
} |
||||
|
||||
return super.loadClass(name); |
||||
} |
||||
}; |
||||
return Class.forName(klass.getName(), true, testClassLoader); |
||||
} catch (ClassNotFoundException e) { |
||||
throw new InitializationError(e); |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,206 @@
|
||||
/* |
||||
* Copyright (C) 2019 Nail Samatov <sanail@yandex.ru> |
||||
* and other copyright owners as documented in the project's IP log. |
||||
* |
||||
* This program and the accompanying materials are made available |
||||
* under the terms of the Eclipse Distribution License v1.0 which |
||||
* accompanies this distribution, is reproduced below, and is |
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
* |
||||
* All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or |
||||
* without modification, are permitted provided that the following |
||||
* conditions are met: |
||||
* |
||||
* - Redistributions of source code must retain the above copyright |
||||
* notice, this list of conditions and the following disclaimer. |
||||
* |
||||
* - Redistributions in binary form must reproduce the above |
||||
* copyright notice, this list of conditions and the following |
||||
* disclaimer in the documentation and/or other materials provided |
||||
* with the distribution. |
||||
* |
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the |
||||
* names of its contributors may be used to endorse or promote |
||||
* products derived from this software without specific prior |
||||
* written permission. |
||||
* |
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND |
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, |
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||||
*/ |
||||
package org.eclipse.jgit.api; |
||||
|
||||
import static org.junit.Assert.assertEquals; |
||||
import static org.junit.Assert.assertNotNull; |
||||
import static org.junit.Assert.assertTrue; |
||||
|
||||
import java.io.File; |
||||
import java.io.FilePermission; |
||||
import java.io.IOException; |
||||
import java.lang.reflect.ReflectPermission; |
||||
import java.nio.file.Files; |
||||
import java.security.Permission; |
||||
import java.security.SecurityPermission; |
||||
import java.util.ArrayList; |
||||
import java.util.List; |
||||
import java.util.PropertyPermission; |
||||
import java.util.logging.LoggingPermission; |
||||
|
||||
import javax.security.auth.AuthPermission; |
||||
|
||||
import org.eclipse.jgit.api.errors.GitAPIException; |
||||
import org.eclipse.jgit.junit.JGitTestUtil; |
||||
import org.eclipse.jgit.junit.MockSystemReader; |
||||
import org.eclipse.jgit.junit.SeparateClassloaderTestRunner; |
||||
import org.eclipse.jgit.revwalk.RevCommit; |
||||
import org.eclipse.jgit.treewalk.TreeWalk; |
||||
import org.eclipse.jgit.util.FileUtils; |
||||
import org.eclipse.jgit.util.SystemReader; |
||||
import org.junit.After; |
||||
import org.junit.Before; |
||||
import org.junit.Test; |
||||
import org.junit.runner.RunWith; |
||||
|
||||
/** |
||||
* <p> |
||||
* Tests if jgit works if SecurityManager is enabled. |
||||
* </p> |
||||
* |
||||
* <p> |
||||
* Note: JGit's classes shouldn't be used before SecurityManager is configured. |
||||
* If you use some JGit's class before SecurityManager is replaced then part of |
||||
* the code can be invoked outside of our custom SecurityManager and this test |
||||
* becomes useless. |
||||
* </p> |
||||
* |
||||
* <p> |
||||
* For example the class {@link org.eclipse.jgit.util.FS} is used widely in jgit |
||||
* sources. It contains DETECTED static field. At the first usage of the class
|
||||
* FS the field DETECTED is initialized and during initialization many system |
||||
* operations that SecurityManager can forbid are invoked. |
||||
* </p> |
||||
* |
||||
* <p> |
||||
* For this reason this test doesn't extend LocalDiskRepositoryTestCase (it uses |
||||
* JGit's classes in setUp() method) and other JGit's utility classes. It's done |
||||
* to affect SecurityManager as less as possible. |
||||
* </p> |
||||
* |
||||
* <p> |
||||
* We use SeparateClassloaderTestRunner to isolate FS.DETECTED field |
||||
* initialization between different tests run. |
||||
* </p> |
||||
*/ |
||||
@RunWith(SeparateClassloaderTestRunner.class) |
||||
public class SecurityManagerTest { |
||||
private File root; |
||||
|
||||
private SecurityManager originalSecurityManager; |
||||
|
||||
private List<Permission> permissions = new ArrayList<>(); |
||||
|
||||
@Before |
||||
public void setUp() throws Exception { |
||||
// Create working directory
|
||||
SystemReader.setInstance(new MockSystemReader()); |
||||
root = Files.createTempDirectory("jgit-security").toFile(); |
||||
|
||||
// Add system permissions
|
||||
permissions.add(new RuntimePermission("*")); |
||||
permissions.add(new SecurityPermission("*")); |
||||
permissions.add(new AuthPermission("*")); |
||||
permissions.add(new ReflectPermission("*")); |
||||
permissions.add(new PropertyPermission("*", "read,write")); |
||||
permissions.add(new LoggingPermission("control", null)); |
||||
|
||||
permissions.add(new FilePermission( |
||||
System.getProperty("java.home") + "/-", "read")); |
||||
|
||||
String tempDir = System.getProperty("java.io.tmpdir"); |
||||
permissions.add(new FilePermission(tempDir, "read,write,delete")); |
||||
permissions |
||||
.add(new FilePermission(tempDir + "/-", "read,write,delete")); |
||||
|
||||
// Add permissions to dependent jar files.
|
||||
String classPath = System.getProperty("java.class.path"); |
||||
if (classPath != null) { |
||||
for (String path : classPath.split(File.pathSeparator)) { |
||||
permissions.add(new FilePermission(path, "read")); |
||||
} |
||||
} |
||||
// Add permissions to jgit class files.
|
||||
String jgitSourcesRoot = new File(System.getProperty("user.dir")) |
||||
.getParent(); |
||||
permissions.add(new FilePermission(jgitSourcesRoot + "/-", "read")); |
||||
|
||||
// Add permissions to working dir for jgit. Our git repositories will be
|
||||
// initialized and cloned here.
|
||||
permissions.add(new FilePermission(root.getPath() + "/-", |
||||
"read,write,delete,execute")); |
||||
|
||||
// Replace Security Manager
|
||||
originalSecurityManager = System.getSecurityManager(); |
||||
System.setSecurityManager(new SecurityManager() { |
||||
|
||||
@Override |
||||
public void checkPermission(Permission requested) { |
||||
for (Permission permission : permissions) { |
||||
if (permission.implies(requested)) { |
||||
return; |
||||
} |
||||
} |
||||
|
||||
super.checkPermission(requested); |
||||
} |
||||
}); |
||||
} |
||||
|
||||
@After |
||||
public void tearDown() throws Exception { |
||||
System.setSecurityManager(originalSecurityManager); |
||||
|
||||
// Note: don't use this method before security manager is replaced in
|
||||
// setUp() method. The method uses FS.DETECTED internally and can affect
|
||||
// the test.
|
||||
FileUtils.delete(root, FileUtils.RECURSIVE | FileUtils.RETRY); |
||||
} |
||||
|
||||
@Test |
||||
public void testInitAndClone() throws IOException, GitAPIException { |
||||
File remote = new File(root, "remote"); |
||||
File local = new File(root, "local"); |
||||
|
||||
try (Git git = Git.init().setDirectory(remote).call()) { |
||||
JGitTestUtil.write(new File(remote, "hello.txt"), "Hello world!"); |
||||
git.add().addFilepattern(".").call(); |
||||
git.commit().setMessage("Initial commit").call(); |
||||
} |
||||
|
||||
try (Git git = Git.cloneRepository().setURI(remote.toURI().toString()) |
||||
.setDirectory(local).call()) { |
||||
assertTrue(new File(local, ".git").exists()); |
||||
|
||||
JGitTestUtil.write(new File(local, "hi.txt"), "Hi!"); |
||||
git.add().addFilepattern(".").call(); |
||||
RevCommit commit1 = git.commit().setMessage("Commit on local repo") |
||||
.call(); |
||||
assertEquals("Commit on local repo", commit1.getFullMessage()); |
||||
assertNotNull(TreeWalk.forPath(git.getRepository(), "hello.txt", |
||||
commit1.getTree())); |
||||
} |
||||
|
||||
} |
||||
|
||||
} |
||||
Loading…
Reference in new issue