| <?xml version="1.0" standalone="no"?> |
| <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" |
| "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd"> |
| |
| <!-- |
| |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| |
| --> |
| <!-- ========================================================================= --> |
| <!-- This test checks that ECMAScript code run from a "Function" instance does --> |
| <!-- not have unexpected access to VM features. --> |
| <!-- --> |
| <!-- @author vhardy@apache.org --> |
| <!-- @version $Id$ --> |
| <!-- ========================================================================= --> |
| |
| <svg xmlns="http://www.w3.org/2000/svg" |
| xmlns:xlink="http://www.w3.org/1999/xlink" |
| xmlns:test="http://xml.apache.org/batik/test" |
| id="body" width="640" height="480" viewBox="0 0 640 480"> |
| |
| <test:testResult id="testResult" /> |
| |
| <title>Check Security Settings on Load</title> |
| |
| <!-- ============================================================= --> |
| <!-- Test content --> |
| <!-- ============================================================= --> |
| <rect x="5" y="5" width="630" height="470" stroke="black" fill="none" /> |
| <g id="testContent"> |
| <text x="320" y="30" class="title" text-anchor="middle"> |
| ECMA Script Security Check - Function() usage |
| </text> |
| |
| <!-- ============================================ --> |
| <!-- Text string where result is displayed. --> |
| <!-- ============================================ --> |
| <text id="successRatio" x="50%" y="60%" text-anchor="middle">not run</text> |
| |
| </g> |
| |
| <desc id="dynamicEval"><![CDATA[ |
| importPackage(Packages.java.awt); |
| importPackage(Packages.java.io); |
| importPackage(Packages.java.lang.reflect); |
| importPackage(Packages.java.net); |
| importPackage(Packages.java.security); |
| importPackage(Packages.java.sql); |
| importPackage(Packages.java.util); |
| importPackage(Packages.javax.sound.sampled); |
| |
| var svgNS = "http://www.w3.org/2000/svg"; |
| var testNS = "http://xml.apache.org/batik/test"; |
| var testedPath = "build.sh"; |
| var testedHost = "nagoya.apache.org:8080"; |
| |
| var basePermissions = [ |
| ["AllPermission", new AllPermission()], |
| ["FilePermission read", new FilePermission(testedPath, "read")], |
| ["FilePermission write", new FilePermission(testedPath, "write")], |
| ["FilePermission execute", new FilePermission(testedPath, "execute")], |
| ["FilePermission delete", new FilePermission(testedPath, "delete")], |
| ["SocketPermission accept", new SocketPermission(testedHost, "accept")], |
| ["SocketPermission connect", new SocketPermission(testedHost, "connect")], |
| ["SocketPermission listen", new SocketPermission(testedHost, "listen")], |
| ["SocketPermission resolve", new SocketPermission(testedHost, "resolve")], |
| ["AudioPermission play", new AudioPermission("play")], |
| ["AudioPermission record", new AudioPermission("record")], |
| ["AWTPermission accessClipboard", new AWTPermission("accessClipboard")], |
| ["AWTPermission accessEventQueue", new AWTPermission("accessEventQueue")], |
| ["AWTPermission listenToAllAWTEvents", new AWTPermission("listenToAllAWTEvents")], |
| ["AWTPermission showWindowWithoutWarningBanner", new AWTPermission("showWindowWithoutWarningBanner")], |
| ["AWTPermission readDisplayPixels", new AWTPermission("readDisplayPixels")], |
| ["AWTPermission createRobot", new AWTPermission("createRobot")], |
| ["AWTPermission fullScreenExclusive", new AWTPermission("fullScreenExclusive")], |
| ["NetPermission setDefaultAuthenticator", new NetPermission("setDefaultAuthenticator")], |
| ["NetPermission requestPasswordAuthentication", new NetPermission("requestPasswordAuthentication")], |
| ["NetPermission specifyStreamHandler", new NetPermission("specifyStreamHandler")], |
| ["PropertyPermission java.home read", new PropertyPermission("java.home", "read")], |
| ["PropertyPermission java.home write", new PropertyPermission("java.home", "write")], |
| ["ReflectPermission", new ReflectPermission("suppressAccessChecks")], |
| ["RuntimePermission createClassLoader", new RuntimePermission("createClassLoader")], |
| ["RuntimePermission getClassLoader", new RuntimePermission("getClassLoader")], |
| ["RuntimePermission setContextClassLoader", new RuntimePermission("setContextClassLoader")], |
| ["RuntimePermission setSecurityManager", new RuntimePermission("setSecurityManager")], |
| ["RuntimePermission createSecurityManager", new RuntimePermission("createSecurityManager")], |
| ["RuntimePermission exitVM", new RuntimePermission("exitVM")], |
| ["RuntimePermission shutdownHooks", new RuntimePermission("shutdownHooks")], |
| ["RuntimePermission setFactory", new RuntimePermission("setFactory")], |
| ["RuntimePermission setIO", new RuntimePermission("setIO")], |
| ["RuntimePermission modifyThread", new RuntimePermission("modifyThread")], |
| ["RuntimePermission modifyThreadGroup", new RuntimePermission("modifyThreadGroup")], |
| ["RuntimePermission getProtectionDomain", new RuntimePermission("getProtectionDomain")], |
| ["RuntimePermission readFileDescriptor", new RuntimePermission("readFileDescriptor")], |
| ["RuntimePermission writeFileDescriptor", new RuntimePermission("writeFileDescriptor")], |
| ["RuntimePermission loadLibrary.{library name}", new RuntimePermission("loadLibrary.{library name}")], |
| ["RuntimePermission accessClassInPackage.java.security", new RuntimePermission("accessClassInPackage.java.security")], |
| ["RuntimePermission defineClassInPackage.java.lang", new RuntimePermission("defineClassInPackage.java.lang")], |
| ["RuntimePermission accessDeclaredMembers", new RuntimePermission("accessDeclaredMembers")], |
| ["RuntimePermission queuePrintJob", new RuntimePermission("queuePrintJob")], |
| ["SecurityPermission createAccessControlContext", new SerializablePermission("createAccessControlContext")], |
| ["SecurityPermission getDomainCombiner", new SerializablePermission("getDomainCombiner")], |
| ["SecurityPermission getPolicy", new SerializablePermission("getPolicy")], |
| ["SecurityPermission setPolicy", new SerializablePermission("setPolicy")], |
| ["SecurityPermission setSystemScope", new SerializablePermission("setSystemScope")], |
| ["SecurityPermission setIdentityPublicKey", new SerializablePermission("setIdentityPublicKey")], |
| ["SecurityPermission setIdentityInfo", new SerializablePermission("setIdentityInfo")], |
| ["SecurityPermission addIdentityCertificate", new SerializablePermission("addIdentityCertificate")], |
| ["SecurityPermission removeIdentityCertificate", new SerializablePermission("removeIdentityCertificate")], |
| ["SecurityPermission printIdentity", new SerializablePermission("printIdentity")], |
| ["SecurityPermission getSignerPrivateKey", new SerializablePermission("getSignerPrivateKey")], |
| ["SecurityPermission setSignerKeyPair", new SerializablePermission("setSignerKeyPair")], |
| ["SerializablePermission enableSubclassImplementation", new SerializablePermission("enableSubclassImplementation")], |
| ["SerializablePermission enableSubstitution", new SerializablePermission("enableSubstitution")], |
| ["SQLPermission", new SQLPermission("setLog")], |
| ]; |
| |
| var permissions = null; |
| var statusRects = null; |
| var nGranted = 0; |
| function init(){ |
| var docURL = document.getURLObject(); |
| if (docURL != null |
| && (docURL.getHost() != null) |
| && !( "" == docURL.getHost()) |
| ) { |
| permissions = new Array(); |
| |
| var docHost = docURL.getHost(); |
| if (docURL.getPort() != -1) { |
| docHost += ":" + docURL.getPort(); |
| } |
| |
| nGranted = 0; |
| permissions[nGranted++] = ["SocketPermission accept " + docHost, |
| new SocketPermission(docHost, "accept")]; |
| permissions[nGranted++] = ["SocketPermission connect " + docHost, |
| new SocketPermission(docHost, "connect")]; |
| permissions[nGranted++] = ["SocketPermission resolve " + docHost, |
| new SocketPermission(docHost, "resolve")]; |
| permissions[nGranted++] = ["RuntimePermission stopThread", |
| new RuntimePermission("stopThread")]; |
| |
| for (var i=0; i<basePermissions.length; i++){ |
| permissions[nGranted+i] = basePermissions[i]; |
| } |
| } else { |
| permissions = basePermissions; |
| } |
| } |
| |
| init(); |
| |
| function runTest(){ |
| var sm = System.getSecurityManager(); |
| var successCnt = 0; |
| var unexpectedGrants = new Array(); |
| var unexpectedDenial = new Array(); |
| var unexpectedDenialCnt = 0; |
| var unexpectedGrantsCnt = 0; |
| |
| if (sm == null){ |
| for (var i=0; i<nGranted; i++) { |
| successCnt++; |
| } |
| for (var i=nGranted; i<permissions.length; i++) { |
| unexpectedGrants[unexpectedGrantsCnt] = permissions[i][0]; |
| unexpectedGrantsCnt++; |
| } |
| } |
| else { |
| for (var i=0; i<nGranted; i++) { |
| var p = permissions[i][1]; |
| var success = true; |
| try { |
| sm.checkPermission(p); |
| successCnt++; |
| } catch (se){ |
| unexpectedDenial[unexpectedDenialCnt] = permissions[i][0]; |
| unexpectedDenialCnt++; |
| } |
| } |
| for (var i=nGranted; i<permissions.length; i++) { |
| var p = permissions[i][1]; |
| var success = true; |
| try { |
| sm.checkPermission(p); |
| unexpectedGrants[unexpectedGrantsCnt] = permissions[i][0]; |
| unexpectedGrantsCnt++; |
| } catch (se){ |
| successCnt++; |
| } |
| } |
| } |
| |
| // Update the test's metadata |
| var result = document.getElementById("testResult"); |
| if ( successCnt == permissions.length ) { |
| result.setAttributeNS(null, "result", "passed"); |
| } else { |
| System.out.println("test failed: " + unexpectedGrantsCnt + " / " + unexpectedDenialCnt); |
| result.setAttributeNS(null, "result", "failed"); |
| result.setAttributeNS(null, "errorCode", "unexpected.grants.or.denials"); |
| |
| var unexpectedGrantsString = ""; |
| var unexpectedDenialString = ""; |
| |
| for (var i=0; i<unexpectedGrantsCnt; i++) { |
| unexpectedGrantsString += unexpectedGrants[i]; |
| } |
| |
| for (var i=0; i<unexpectedDenialCnt; i++) { |
| unexpectedDenialString += unexpectedDenial[i]; |
| } |
| |
| System.out.println("unexpected.grants : " + unexpectedGrantsString); |
| var entry = null; |
| |
| entry = document.createElementNS(testNS, "errorDescriptiongEntry"); |
| entry.setAttributeNS(null, "id", "unexpected.grants.count"); |
| entry.setAttributeNS(null, "value", "" + unexpectedGrantsCnt); |
| result.appendChild(entry); |
| |
| entry = document.createElementNS(testNS, "errorDescriptionEntry"); |
| entry.setAttributeNS(null, "id", "unexpected.grants"); |
| entry.setAttributeNS(null, "value", unexpectedGrantsString); |
| result.appendChild(entry); |
| |
| entry = document.createElementNS(testNS, "errorDescriptiongEntry"); |
| entry.setAttributeNS(null, "id", "unexpected.denials.count"); |
| entry.setAttributeNS(null, "value", "" + unexpectedDenialCnt); |
| result.appendChild(entry); |
| |
| System.out.println("unexpected.denials : " + unexpectedDenialString); |
| entry = document.createElementNS(testNS, "errorDescriptionEntry"); |
| entry.setAttributeNS(null, "id", "unexpected.denials"); |
| entry.setAttributeNS(null, "value", unexpectedDenialString); |
| result.appendChild(entry); |
| |
| } |
| } |
| |
| runTest(); |
| |
| /* |
| var successRatioString = "Test Result: " + successCnt + " / " + permissions.length; |
| System.err.println("Success Ratio : " + successRatioString); |
| |
| var successRatio = document.getElementById("successRatio"); |
| if (successRatio == null) { |
| alert("Error : no 'successRatio' element"); |
| } else { |
| if (successCnt == permissions.length) { |
| successRatio.firstChild.data = "Success: " + successRatioString; |
| } else { |
| successRatio.firstChild.data = "Failed: " + successRatioString; |
| } |
| } |
| */ |
| ]]></desc> |
| |
| <script type="text/ecmascript"><![CDATA[ |
| System.err.println(">>>>>>>>>>>>>> Evaluating embeded script "); |
| var scriptContent = document.getElementById("dynamicEval").firstChild.data; |
| var f = new Function(scriptContent); |
| document.documentElement.addEventListener('SVGLoad', f, false); |
| ]]></script> |
| |
| </svg> |