8231422: Setting JEP 290 Filter via System Property May Be Ignored

Reviewed-by: smarks, rhalade
openjdk · Oct 15, 2019 · 24a7ba0c619d26dcc37074d7aa852e8aa4c1f3d7 · 24a7ba0
1 parent f3815c8
commit 24a7ba0c619d26dcc37074d7aa852e8aa4c1f3d7
diff --git a/src/java.base/share/classes/java/io/ObjectInputFilter.java b/src/java.base/share/classes/java/io/ObjectInputFilter.java
@@ -35,6 +35,7 @@
 import java.util.function.Function;
 
 import jdk.internal.access.SharedSecrets;
+import jdk.internal.util.StaticProperty;
 
 /**
  * Filter classes, array lengths, and graph metrics during deserialization.
@@ -205,15 +206,17 @@
      * <p>
      * The filter is configured during the initialization of the {@code ObjectInputFilter.Config}
      * class. For example, by calling {@link #getSerialFilter() Config.getSerialFilter}.
-     * If the system property {@systemProperty jdk.serialFilter} is defined, it is used
-     * to configure the filter.
-     * If the system property is not defined, and the {@link java.security.Security}
-     * property {@code jdk.serialFilter} is defined then it is used to configure the filter.
-     * Otherwise, the filter is not configured during initialization.
+     * If the system property {@systemProperty jdk.serialFilter} is defined on the command line,
+     * it is used to configure the filter.
+     * If the system property is not defined on the command line, and the
+     * {@link java.security.Security} property {@code jdk.serialFilter} is defined
+     * then it is used to configure the filter.
+     * Otherwise, the filter is not configured during initialization and
+     * can be set with {@link #setSerialFilter(ObjectInputFilter) Config.setSerialFilter}.
+     * Setting the {@code jdk.serialFilter} with {@link System#setProperty(String, String)
+     * System.setProperty} <em>does not set the filter</em>.
      * The syntax for each property is the same as for the
      * {@link #createFilter(String) createFilter} method.
-     * If a filter is not configured, it can be set with
-     * {@link #setSerialFilter(ObjectInputFilter) Config.setSerialFilter}.
      *
      * @since 9
      */
@@ -256,7 +259,7 @@ static void filterLog(System.Logger.Level level, String msg, Object... args) {
         static {
             configuredFilter = AccessController
                     .doPrivileged((PrivilegedAction<ObjectInputFilter>) () -> {
-                        String props = System.getProperty(SERIAL_FILTER_PROPNAME);
+                        String props = StaticProperty.jdkSerialFilter();
                         if (props == null) {
                             props = Security.getProperty(SERIAL_FILTER_PROPNAME);
                         }

diff --git a/src/java.base/share/classes/jdk/internal/util/StaticProperty.java b/src/java.base/share/classes/jdk/internal/util/StaticProperty.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
     private static final String USER_HOME = initProperty("user.home");
     private static final String USER_DIR  = initProperty("user.dir");
     private static final String USER_NAME = initProperty("user.name");
+    private static final String JDK_SERIAL_FILTER = System.getProperty("jdk.serialFilter");
 
     private StaticProperty() {}
 
@@ -104,4 +105,17 @@ public static String userDir() {
     public static String userName() {
         return USER_NAME;
     }
+
+    /**
+     * Return the {@code jdk.serialFilter} system property.
+     *
+     * <strong>{@link SecurityManager#checkPropertyAccess} is NOT checked
+     * in this method. The caller of this method should take care to ensure
+     * that the returned property is not made accessible to untrusted code.</strong>
+     *
+     * @return the {@code user.name} system property
+     */
+    public static String jdkSerialFilter() {
+        return JDK_SERIAL_FILTER;
+    }
 }
diff --git a/test/jdk/java/io/Serializable/serialFilter/GlobalFilterTest.java b/test/jdk/java/io/Serializable/serialFilter/GlobalFilterTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,9 +41,11 @@
 import org.testng.annotations.DataProvider;
 
 /* @test
+ * @bug 8231422
  * @build GlobalFilterTest SerialFilterTest
  * @run testng/othervm GlobalFilterTest
- * @run testng/othervm -Djdk.serialFilter=java.** GlobalFilterTest
+ * @run testng/othervm -Djdk.serialFilter=java.**
+ *          -Dexpected-jdk.serialFilter=java.** GlobalFilterTest
  * @run testng/othervm/policy=security.policy GlobalFilterTest
  * @run testng/othervm/policy=security.policy
  *        -Djava.security.properties=${test.src}/java.security-extra1
@@ -53,6 +55,10 @@
  */
 @Test
 public class GlobalFilterTest {
+    private static final String serialPropName = "jdk.serialFilter";
+    private static final String badSerialFilter = "java.lang.StringBuffer;!*";
+    private static final String origSerialFilterProperty =
+            System.setProperty(serialPropName, badSerialFilter);
 
     /**
      * DataProvider of patterns and objects derived from the configured process-wide filter.
@@ -61,8 +67,8 @@
     @DataProvider(name="globalPatternElements")
     Object[][] globalPatternElements() {
         String globalFilter =
-                System.getProperty("jdk.serialFilter",
-                        Security.getProperty("jdk.serialFilter"));
+                System.getProperty("expected-" + serialPropName,
+                        Security.getProperty(serialPropName));
         if (globalFilter == null) {
             return new Object[0][];
         }
@@ -99,12 +105,20 @@
      */
     @Test()
     static void globalFilter() {
-        String pattern =
-                System.getProperty("jdk.serialFilter",
-                        Security.getProperty("jdk.serialFilter"));
         ObjectInputFilter filter = ObjectInputFilter.Config.getSerialFilter();
+
+        // Check that the System.setProperty(jdk.serialFilter) DOES NOT affect the filter.
+        String asSetSystemProp = System.getProperty(serialPropName,
+                Security.getProperty(serialPropName));
+        Assert.assertNotEquals(Objects.toString(filter, null), asSetSystemProp,
+                "System.setProperty(\"jdk.serialfilter\", ...) should not change filter: " +
+                asSetSystemProp);
+
+        String pattern =
+                System.getProperty("expected-" + serialPropName,
+                        Security.getProperty(serialPropName));
         System.out.printf("global pattern: %s, filter: %s%n", pattern, filter);
-        Assert.assertEquals(pattern, Objects.toString(filter, null),
+        Assert.assertEquals(Objects.toString(filter, null), pattern,
                 "process-wide filter pattern does not match");
     }
 

diff --git a/test/jdk/java/io/Serializable/serialFilter/security.policy b/test/jdk/java/io/Serializable/serialFilter/security.policy
@@ -4,7 +4,7 @@ grant {
         permission java.io.SerializablePermission "serialFilter";
 
         // Permissions needed to run the test
-        permission java.util.PropertyPermission "*", "read";
+        permission java.util.PropertyPermission "*", "read,write";
         permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
         permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
         permission java.security.SecurityPermission "*";