1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/test/script/sandbox/NASHORN-525.js Wed Apr 27 01:36:41 2016 +0800 1.3 @@ -0,0 +1,54 @@ 1.4 +/* 1.5 + * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. 1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.7 + * 1.8 + * This code is free software; you can redistribute it and/or modify it 1.9 + * under the terms of the GNU General Public License version 2 only, as 1.10 + * published by the Free Software Foundation. 1.11 + * 1.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 1.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1.15 + * version 2 for more details (a copy is included in the LICENSE file that 1.16 + * accompanied this code). 1.17 + * 1.18 + * You should have received a copy of the GNU General Public License version 1.19 + * 2 along with this work; if not, write to the Free Software Foundation, 1.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 1.21 + * 1.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 1.23 + * or visit www.oracle.com if you need additional information or have any 1.24 + * questions. 1.25 + */ 1.26 + 1.27 +/** 1.28 + * NASHORN-525 : nashorn misses security access checks 1.29 + * 1.30 + * @test 1.31 + * @run 1.32 + */ 1.33 + 1.34 +function check(code) { 1.35 + try { 1.36 + eval(code); 1.37 + fail("SecurityException expected for : " + code); 1.38 + } catch (e) { 1.39 + if (! (e instanceof java.lang.SecurityException)) { 1.40 + fail("SecurityException expected, but got " + e); 1.41 + } 1.42 + } 1.43 +} 1.44 + 1.45 +// if security manager is absent, pass the test vacuously. 1.46 +if (java.lang.System.getSecurityManager() != null) { 1.47 + // try accessing class from 'sun.*' packages 1.48 + check("Packages.sun.misc.Unsafe"); 1.49 + check("Java.type('sun.misc.Unsafe')"); 1.50 + 1.51 + // TODO this works in Java8 but not in Java8, disabling for now 1.52 + check("java.lang.Class.forName('sun.misc.Unsafe')"); 1.53 + 1.54 + // try System.exit and System.loadLibrary 1.55 + check("java.lang.System.exit(0)"); 1.56 + check("java.lang.System.loadLibrary('foo')"); 1.57 +}