Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-7396

JavaBeanAccessorMethodAuthorizer does not authorize methods on java.io classes

    XMLWordPrintableJSON

Details

    Description

      The following test failed using an authorizer with java.lang and java.io packages specified as allowed. It's unclear at this time if the problem is related specifically to the java.io package or if it is a problem with how the JavaBeanAccessorMethodAuthorizer handles multiple parameters.

       
@Test
  public void test() throws NoSuchMethodException {
    Method disallowedJavaIOMethod = File.class.getMethod("getPath");
    assertThat(authorizerWithStringAndIOPackageSpecified.authorize(allowedJavaIOMethod, new File(""))).isTrue();
  }

      Attachments

        Issue Links

          is a child of

          New Feature - A new feature of the product, which has yet to be developed. GEODE-6983 Epic for OQL Method Invocation Security

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #4263

          Activity

            People

              donalevans Donal Evans
              donalevans Donal Evans
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h
                  1h