JBIDE-14843 - arquillian validator security concerns #6

snjeza · 2013-06-12T21:30:32Z

maxandersen · 2013-06-13T23:59:08Z

...an.core/src/org/jboss/tools/arquillian/core/internal/util/xpl/ArquillianSecurityManager.java

+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation


where is this from originally ?

This is originally from org.eclipse.ant.internal.core.AntSecurityManager
I have updated the PR.

maxandersen · 2013-06-14T20:56:02Z

...rquillian.core/src/org/jboss/tools/arquillian/core/internal/util/ArquillianSearchEngine.java

+					} catch (ArquillianSecurityException e) {
+						ArquillianCoreActivator.log(e);
+					} finally {
+						System.setSecurityManager(orig);


This is dangerous if for example the AntRunner was run - since they have a securitymanager too.....not sure how to avoid this though.

maxandersen · 2013-06-14T21:04:02Z

i've applied this since it is better than what we got before which was unprotected,

maxandersen reviewed Jun 13, 2013
View reviewed changes

JBIDE-14843 - arquillian validator security concerns

56bbaa9

maxandersen reviewed Jun 14, 2013
View reviewed changes

maxandersen closed this Jun 14, 2013

Provide feedback