changeset 8938:bd2168874bbd

8231422: Better serial filter handling Reviewed-by: andrew
author alvdavi
date Thu, 23 Jan 2020 04:45:42 +0000
parents e4a2c0311287
children 657fcd374e89
files src/share/classes/java/lang/System.java src/share/classes/jdk/internal/util/StaticProperty.java src/share/classes/sun/misc/ObjectInputFilter.java src/share/lib/security/java.security-linux src/share/lib/security/java.security-macosx src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows test/java/io/Serializable/serialFilter/GlobalFilterTest.java test/java/io/Serializable/serialFilter/security.policy
diffstat 9 files changed, 95 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/lang/System.java	Wed Jan 22 07:12:03 2020 +0000
+++ b/src/share/classes/java/lang/System.java	Thu Jan 23 04:45:42 2020 +0000
@@ -40,6 +40,8 @@
 import sun.security.util.SecurityConstants;
 import sun.reflect.annotation.AnnotationType;
 
+import jdk.internal.util.StaticProperty;
+
 /**
  * The <code>System</code> class contains several useful class fields
  * and methods. It cannot be instantiated.
@@ -1136,6 +1138,7 @@
 
 
         lineSeparator = props.getProperty("line.separator");
+        StaticProperty.jdkSerialFilter();   // Load StaticProperty to cache the property values
         sun.misc.Version.init();
 
         FileInputStream fdIn = new FileInputStream(FileDescriptor.in);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/jdk/internal/util/StaticProperty.java	Thu Jan 23 04:45:42 2020 +0000
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.util;
+
+/**
+ * System Property access for internal use only.
+ * Read-only access to System property values initialized during Phase 1
+ * are cached.  Setting, clearing, or modifying the value using
+ * {@link System#setProperty) or {@link System#getProperties()} is ignored.
+ * <strong>{@link SecurityManager#checkPropertyAccess} is NOT checked
+ * in these access methods. The caller of these methods should take care to ensure
+ * that the returned property is not made accessible to untrusted code.</strong>
+ */
+public final class StaticProperty {
+
+    // The class static initialization is triggered to initialize these final
+    // fields during init Phase 1 and before a security manager is set.
+    private static final String JDK_SERIAL_FILTER = System.getProperty("jdk.serialFilter");
+
+    private StaticProperty() {}
+
+    /**
+     *
+     * Return the {@code jdk.serialFilter} system property.
+     *
+     * <strong>{@link SecurityManager#checkPropertyAccess} is NOT checked
+     * in this method. The caller of this method should take care to ensure
+     * that the returned property is not made accessible to untrusted code.</strong>
+     *
+     * @return the {@code user.name} system property
+     */
+    public static String jdkSerialFilter() {
+        return JDK_SERIAL_FILTER;
+    }
+}
--- a/src/share/classes/sun/misc/ObjectInputFilter.java	Wed Jan 22 07:12:03 2020 +0000
+++ b/src/share/classes/sun/misc/ObjectInputFilter.java	Thu Jan 23 04:45:42 2020 +0000
@@ -36,6 +36,8 @@
 
 import sun.util.logging.PlatformLogger;
 
+import jdk.internal.util.StaticProperty;
+
 /**
  * Filter classes, array lengths, and graph metrics during deserialization.
  * If set on an {@link ObjectInputStream}, the {@link #checkInput checkInput(FilterInfo)}
@@ -247,7 +249,7 @@
                     .doPrivileged(new PrivilegedAction<ObjectInputFilter>() {
                         @Override
                         public ObjectInputFilter run() {
-                            String props = System.getProperty(SERIAL_FILTER_PROPNAME);
+                            String props = StaticProperty.jdkSerialFilter();
                             if (props == null) {
                                 props = Security.getProperty(SERIAL_FILTER_PROPNAME);
                             }
--- a/src/share/lib/security/java.security-linux	Wed Jan 22 07:12:03 2020 +0000
+++ b/src/share/lib/security/java.security-linux	Thu Jan 23 04:45:42 2020 +0000
@@ -794,8 +794,8 @@
 # Patterns are separated by ";" (semicolon).
 # Whitespace is significant and is considered part of the pattern.
 #
-# If the system property jdk.serialFilter is also specified, it supersedes
-# the security property value defined here.
+# If the system property jdk.serialFilter is also specified on the command
+# line, it supersedes the security property value defined here.
 #
 # If a pattern includes a "=", it sets a limit.
 # If a limit appears more than once the last value is used.
--- a/src/share/lib/security/java.security-macosx	Wed Jan 22 07:12:03 2020 +0000
+++ b/src/share/lib/security/java.security-macosx	Thu Jan 23 04:45:42 2020 +0000
@@ -799,8 +799,8 @@
 # Patterns are separated by ";" (semicolon).
 # Whitespace is significant and is considered part of the pattern.
 #
-# If the system property jdk.serialFilter is also specified, it supersedes
-# the security property value defined here.
+# If the system property jdk.serialFilter is also specified on the command
+# line, it supersedes the security property value defined here.
 #
 # If a pattern includes a "=", it sets a limit.
 # If a limit appears more than once the last value is used.
--- a/src/share/lib/security/java.security-solaris	Wed Jan 22 07:12:03 2020 +0000
+++ b/src/share/lib/security/java.security-solaris	Thu Jan 23 04:45:42 2020 +0000
@@ -798,8 +798,8 @@
 # Patterns are separated by ";" (semicolon).
 # Whitespace is significant and is considered part of the pattern.
 #
-# If the system property jdk.serialFilter is also specified, it supersedes
-# the security property value defined here.
+# If the system property jdk.serialFilter is also specified on the command
+# line, it supersedes the security property value defined here.
 #
 # If a pattern includes a "=", it sets a limit.
 # If a limit appears more than once the last value is used.
--- a/src/share/lib/security/java.security-windows	Wed Jan 22 07:12:03 2020 +0000
+++ b/src/share/lib/security/java.security-windows	Thu Jan 23 04:45:42 2020 +0000
@@ -799,8 +799,8 @@
 # Patterns are separated by ";" (semicolon).
 # Whitespace is significant and is considered part of the pattern.
 #
-# If the system property jdk.serialFilter is also specified, it supersedes
-# the security property value defined here.
+# If the system property jdk.serialFilter is also specified on the command
+# line, it supersedes the security property value defined here.
 #
 # If a pattern includes a "=", it sets a limit.
 # If a limit appears more than once the last value is used.
--- a/test/java/io/Serializable/serialFilter/GlobalFilterTest.java	Wed Jan 22 07:12:03 2020 +0000
+++ b/test/java/io/Serializable/serialFilter/GlobalFilterTest.java	Thu Jan 23 04:45:42 2020 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,9 +42,11 @@
 import sun.misc.ObjectInputFilter;
 
 /* @test
+ * @bug 8231422
  * @build GlobalFilterTest SerialFilterTest
  * @run testng/othervm GlobalFilterTest
- * @run testng/othervm -Djdk.serialFilter=java.** GlobalFilterTest
+ * @run testng/othervm -Djdk.serialFilter=java.**
+ *          -Dexpected-jdk.serialFilter=java.** GlobalFilterTest
  * @run testng/othervm/policy=security.policy GlobalFilterTest
  * @run testng/othervm/policy=security.policy
  *        -Djava.security.properties=${test.src}/java.security-extra1
@@ -54,6 +56,10 @@
  */
 @Test
 public class GlobalFilterTest {
+    private static final String serialPropName = "jdk.serialFilter";
+    private static final String badSerialFilter = "java.lang.StringBuffer;!*";
+    private static final String origSerialFilterProperty =
+            System.setProperty(serialPropName, badSerialFilter);
 
     /**
      * DataProvider of patterns and objects derived from the configured process-wide filter.
@@ -62,8 +68,8 @@
     @DataProvider(name="globalPatternElements")
     Object[][] globalPatternElements() {
         String globalFilter =
-                System.getProperty("jdk.serialFilter",
-                        Security.getProperty("jdk.serialFilter"));
+                System.getProperty("expected-" + serialPropName,
+                        Security.getProperty(serialPropName));
         if (globalFilter == null) {
             return new Object[0][];
         }
@@ -100,12 +106,20 @@
      */
     @Test()
     static void globalFilter() {
+        ObjectInputFilter filter = ObjectInputFilter.Config.getSerialFilter();
+
+        // Check that the System.setProperty(jdk.serialFilter) DOES NOT affect the filter.
+        String asSetSystemProp = System.getProperty(serialPropName,
+                Security.getProperty(serialPropName));
+        Assert.assertNotEquals(Objects.toString(filter, null), asSetSystemProp,
+                "System.setProperty(\"jdk.serialfilter\", ...) should not change filter: " +
+                asSetSystemProp);
+
         String pattern =
-                System.getProperty("jdk.serialFilter",
-                        Security.getProperty("jdk.serialFilter"));
-        ObjectInputFilter filter = ObjectInputFilter.Config.getSerialFilter();
+               System.getProperty("expected-" + serialPropName,
+                       Security.getProperty(serialPropName));
         System.out.printf("global pattern: %s, filter: %s%n", pattern, filter);
-        Assert.assertEquals(pattern, Objects.toString(filter, null),
+        Assert.assertEquals(Objects.toString(filter, null), pattern,
                 "process-wide filter pattern does not match");
     }
 
--- a/test/java/io/Serializable/serialFilter/security.policy	Wed Jan 22 07:12:03 2020 +0000
+++ b/test/java/io/Serializable/serialFilter/security.policy	Thu Jan 23 04:45:42 2020 +0000
@@ -3,7 +3,7 @@
         // Specific permission under test
         permission java.security.SerializablePermission "serialFilter";
         // Permissions needed to run the test
-        permission java.util.PropertyPermission "*", "read";
+        permission java.util.PropertyPermission "*", "read,write";
         permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
         permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
         permission java.security.SecurityPermission "*";