Uploaded image for project: 'Calcite'
  1. Calcite
  2. CALCITE-1830

ProcessBuilder is security sensitive; move it to test suite to prevent accidents

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.13.0
    • Component/s: None
    • Labels:
      None

      Description

      The java.lang.ProcessBuilder class is security-sensitive because it creates operating system processes. It would be a security concern only if Calcite called it with user data, and that is not and never has been the case.

      It is currently only used by the test suite. This change moves use of the method into the test module, to prevent developers accidentally introducing security issues in future.

      Public method Util.runAppProcess is removed without notice; two methods named Util.newAppProcess and one named Util.runApplication were previously marked "deprecated, to be removed before 2.0" and are also removed.

        Activity

        Show
        julianhyde Julian Hyde added a comment - Fixed in http://git-wip-us.apache.org/repos/asf/calcite/commit/d393cab2 .
        Hide
        jcamachorodriguez Jesus Camacho Rodriguez added a comment -

        Resolved in release 1.13.0 (2017-06-26).

        Show
        jcamachorodriguez Jesus Camacho Rodriguez added a comment - Resolved in release 1.13.0 (2017-06-26).

          People

          • Assignee:
            julianhyde Julian Hyde
            Reporter:
            julianhyde Julian Hyde
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development