Uploaded image for project: 'Calcite'
  1. Calcite
  2. CALCITE-1830

ProcessBuilder is security sensitive; move it to test suite to prevent accidents

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.13.0
    • Component/s: None
    • Labels:
      None

      Description

      The java.lang.ProcessBuilder class is security-sensitive because it creates operating system processes. It would be a security concern only if Calcite called it with user data, and that is not and never has been the case.

      It is currently only used by the test suite. This change moves use of the method into the test module, to prevent developers accidentally introducing security issues in future.

      Public method Util.runAppProcess is removed without notice; two methods named Util.newAppProcess and one named Util.runApplication were previously marked "deprecated, to be removed before 2.0" and are also removed.

        Attachments

          Activity

            People

            • Assignee:
              julianhyde Julian Hyde
              Reporter:
              julianhyde Julian Hyde
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: