• file
• revisions
• annotate
• diff
• comparison
• raw

test/script/sandbox/unsafe.js@da1e581c933b (annotated)

test/script/sandbox/unsafe.js

Fri, 21 Dec 2012 16:36:24 -0400

author

jlaskey

date

Fri, 21 Dec 2012 16:36:24 -0400

changeset 3

da1e581c933b

child 7

5a1b0714df0e

permissions

-rw-r--r--

8005403: Open-source Nashorn
Reviewed-by: attila, hannesw, lagergren, sundar
Contributed-by: james.laskey@oracle.com, akhil.arora@oracle.com, andreas.woess@jku.at, attila.szegedi@oracle.com, hannes.wallnoefer@oracle.com, henry.jen@oracle.com, marcus.lagergren@oracle.com, pavel.semenov@oracle.com, pavel.stepanov@oracle.com, petr.hejl@oracle.com, petr.pisl@oracle.com, sundararajan.athijegannathan@oracle.com

jlaskey@3	1	/*
jlaskey@3	2	* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
jlaskey@3	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
jlaskey@3	4	*
jlaskey@3	5	* This code is free software; you can redistribute it and/or modify it
jlaskey@3	6	* under the terms of the GNU General Public License version 2 only, as
jlaskey@3	7	* published by the Free Software Foundation.
jlaskey@3	8	*
jlaskey@3	9	* This code is distributed in the hope that it will be useful, but WITHOUT
jlaskey@3	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
jlaskey@3	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
jlaskey@3	12	* version 2 for more details (a copy is included in the LICENSE file that
jlaskey@3	13	* accompanied this code).
jlaskey@3	14	*
jlaskey@3	15	* You should have received a copy of the GNU General Public License version
jlaskey@3	16	* 2 along with this work; if not, write to the Free Software Foundation,
jlaskey@3	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
jlaskey@3	18	*
jlaskey@3	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
jlaskey@3	20	* or visit www.oracle.com if you need additional information or have any
jlaskey@3	21	* questions.
jlaskey@3	22	*/
jlaskey@3	23
jlaskey@3	24	/**
jlaskey@3	25	* Try to access sensitive class like Unsafe.
jlaskey@3	26	*
jlaskey@3	27	* @test
jlaskey@3	28	* @security
jlaskey@3	29	* @run
jlaskey@3	30	*/
jlaskey@3	31
jlaskey@3	32	function check(e) {
jlaskey@3	33	if (e instanceof java.lang.SecurityException) {
jlaskey@3	34	print(e);
jlaskey@3	35	} else {
jlaskey@3	36	fail("expected SecurityException, got " + e);
jlaskey@3	37	}
jlaskey@3	38	}
jlaskey@3	39
jlaskey@3	40	try {
jlaskey@3	41	var unsafe = java.lang.Class.forName("sun.misc.Unsafe");
jlaskey@3	42	fail("No SecurityException for Class.forName sun.misc.Unsafe");
jlaskey@3	43	} catch (e) {
jlaskey@3	44	check(e);
jlaskey@3	45	}
jlaskey@3	46
jlaskey@3	47	try {
jlaskey@3	48	var unsafe = Java.type("sun.misc.Unsafe");
jlaskey@3	49	fail("No SecurityException for Java.type sun.misc.Unsafe");
jlaskey@3	50	} catch (e) {
jlaskey@3	51	check(e);
jlaskey@3	52	}
jlaskey@3	53
jlaskey@3	54	try {
jlaskey@3	55	var unsafe = Packages.sun.misc.Unsafe;
jlaskey@3	56	fail("No SecurityException for Packages.sun.misc.Unsafe");
jlaskey@3	57	} catch (e) {
jlaskey@3	58	check(e);
jlaskey@3	59	}
jlaskey@3	60
jlaskey@3	61	try {
jlaskey@3	62	var cl = Packages.jdk.nashorn.internal.runtime.Context.class;
jlaskey@3	63	var unsafe = cl.getClassLoader().loadClass("sun.misc.Unsafe");
jlaskey@3	64	} catch (e) {
jlaskey@3	65	check(e);
jlaskey@3	66	}