OpenJDK / jdk / jdk
changeset 57695:7530f0e28000
8231422: Setting JEP 290 Filter via System Property May Be Ignored
Reviewed-by: smarks, rhalade
| author | rriggs |
|---|---|
| date | Tue, 15 Oct 2019 09:52:44 -0400 |
| parents | 4c13ae80aa8e |
| children | bf6bb6ddbda3 |
| files | src/java.base/share/classes/java/io/ObjectInputFilter.java src/java.base/share/classes/jdk/internal/util/StaticProperty.java test/jdk/java/io/Serializable/serialFilter/GlobalFilterTest.java test/jdk/java/io/Serializable/serialFilter/security.policy |
| diffstat | 4 files changed, 49 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java Wed Oct 09 17:42:38 2019 +0800 +++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java Tue Oct 15 09:52:44 2019 -0400 @@ -35,6 +35,7 @@ import java.util.function.Function; import jdk.internal.access.SharedSecrets; +import jdk.internal.util.StaticProperty; /** * Filter classes, array lengths, and graph metrics during deserialization. @@ -205,15 +206,17 @@ * <p> * The filter is configured during the initialization of the {@code ObjectInputFilter.Config} * class. For example, by calling {@link #getSerialFilter() Config.getSerialFilter}. - * If the system property {@systemProperty jdk.serialFilter} is defined, it is used - * to configure the filter. - * If the system property is not defined, and the {@link java.security.Security} - * property {@code jdk.serialFilter} is defined then it is used to configure the filter. - * Otherwise, the filter is not configured during initialization. + * If the system property {@systemProperty jdk.serialFilter} is defined on the command line, + * it is used to configure the filter. + * If the system property is not defined on the command line, and the + * {@link java.security.Security} property {@code jdk.serialFilter} is defined + * then it is used to configure the filter. + * Otherwise, the filter is not configured during initialization and + * can be set with {@link #setSerialFilter(ObjectInputFilter) Config.setSerialFilter}. + * Setting the {@code jdk.serialFilter} with {@link System#setProperty(String, String) + * System.setProperty} <em>does not set the filter</em>. * The syntax for each property is the same as for the * {@link #createFilter(String) createFilter} method. - * If a filter is not configured, it can be set with - * {@link #setSerialFilter(ObjectInputFilter) Config.setSerialFilter}. * * @since 9 */ @@ -256,7 +259,7 @@ static { configuredFilter = AccessController .doPrivileged((PrivilegedAction<ObjectInputFilter>) () -> { - String props = System.getProperty(SERIAL_FILTER_PROPNAME); + String props = StaticProperty.jdkSerialFilter(); if (props == null) { props = Security.getProperty(SERIAL_FILTER_PROPNAME); }
--- a/src/java.base/share/classes/jdk/internal/util/StaticProperty.java Wed Oct 09 17:42:38 2019 +0800 +++ b/src/java.base/share/classes/jdk/internal/util/StaticProperty.java Tue Oct 15 09:52:44 2019 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,6 +42,7 @@ private static final String USER_HOME = initProperty("user.home"); private static final String USER_DIR = initProperty("user.dir"); private static final String USER_NAME = initProperty("user.name"); + private static final String JDK_SERIAL_FILTER = System.getProperty("jdk.serialFilter"); private StaticProperty() {} @@ -104,4 +105,17 @@ public static String userName() { return USER_NAME; } + + /** + * Return the {@code jdk.serialFilter} system property. + * + * <strong>{@link SecurityManager#checkPropertyAccess} is NOT checked + * in this method. The caller of this method should take care to ensure + * that the returned property is not made accessible to untrusted code.</strong> + * + * @return the {@code user.name} system property + */ + public static String jdkSerialFilter() { + return JDK_SERIAL_FILTER; + } }
--- a/test/jdk/java/io/Serializable/serialFilter/GlobalFilterTest.java Wed Oct 09 17:42:38 2019 +0800 +++ b/test/jdk/java/io/Serializable/serialFilter/GlobalFilterTest.java Tue Oct 15 09:52:44 2019 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,9 +41,11 @@ import org.testng.annotations.DataProvider; /* @test + * @bug 8231422 * @build GlobalFilterTest SerialFilterTest * @run testng/othervm GlobalFilterTest - * @run testng/othervm -Djdk.serialFilter=java.** GlobalFilterTest + * @run testng/othervm -Djdk.serialFilter=java.** + * -Dexpected-jdk.serialFilter=java.** GlobalFilterTest * @run testng/othervm/policy=security.policy GlobalFilterTest * @run testng/othervm/policy=security.policy * -Djava.security.properties=${test.src}/java.security-extra1 @@ -53,6 +55,10 @@ */ @Test public class GlobalFilterTest { + private static final String serialPropName = "jdk.serialFilter"; + private static final String badSerialFilter = "java.lang.StringBuffer;!*"; + private static final String origSerialFilterProperty = + System.setProperty(serialPropName, badSerialFilter); /** * DataProvider of patterns and objects derived from the configured process-wide filter. @@ -61,8 +67,8 @@ @DataProvider(name="globalPatternElements") Object[][] globalPatternElements() { String globalFilter = - System.getProperty("jdk.serialFilter", - Security.getProperty("jdk.serialFilter")); + System.getProperty("expected-" + serialPropName, + Security.getProperty(serialPropName)); if (globalFilter == null) { return new Object[0][]; } @@ -99,12 +105,20 @@ */ @Test() static void globalFilter() { + ObjectInputFilter filter = ObjectInputFilter.Config.getSerialFilter(); + + // Check that the System.setProperty(jdk.serialFilter) DOES NOT affect the filter. + String asSetSystemProp = System.getProperty(serialPropName, + Security.getProperty(serialPropName)); + Assert.assertNotEquals(Objects.toString(filter, null), asSetSystemProp, + "System.setProperty(\"jdk.serialfilter\", ...) should not change filter: " + + asSetSystemProp); + String pattern = - System.getProperty("jdk.serialFilter", - Security.getProperty("jdk.serialFilter")); - ObjectInputFilter filter = ObjectInputFilter.Config.getSerialFilter(); + System.getProperty("expected-" + serialPropName, + Security.getProperty(serialPropName)); System.out.printf("global pattern: %s, filter: %s%n", pattern, filter); - Assert.assertEquals(pattern, Objects.toString(filter, null), + Assert.assertEquals(Objects.toString(filter, null), pattern, "process-wide filter pattern does not match"); }
--- a/test/jdk/java/io/Serializable/serialFilter/security.policy Wed Oct 09 17:42:38 2019 +0800 +++ b/test/jdk/java/io/Serializable/serialFilter/security.policy Tue Oct 15 09:52:44 2019 -0400 @@ -4,7 +4,7 @@ permission java.io.SerializablePermission "serialFilter"; // Permissions needed to run the test - permission java.util.PropertyPermission "*", "read"; + permission java.util.PropertyPermission "*", "read,write"; permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.security.SecurityPermission "*";