Bugfix: Fixed security flaw with the Event Dispatch Thread, where rob…

…ots could use the SwingUtilities.invokeLater() for running any code they should like
robo-code · Dec 11, 2007 · 2f2867d · 2f2867d
1 parent 1653bc7
commit 2f2867d
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/robocode/robocode/security/RobocodeSecurityManager.java b/robocode/robocode/security/RobocodeSecurityManager.java
@@ -205,9 +205,21 @@ public void checkPermission(Permission perm) {
 			return;
 		} catch (SecurityException e) {}
 
-		// Allow the Event Dispatch Thread
+		// Check if it was one of the tools for Robocode that was invoked by the Event Dispatch Thread
 		if (javax.swing.SwingUtilities.isEventDispatchThread()) {
-			return;
+			StackTraceElement[] stackTrace = new Throwable().getStackTrace();
+
+			for (StackTraceElement element : stackTrace) {
+				String classname = element.getClassName();
+				String method = element.getMethodName();
+
+				if (classname.equals("codesize.Codesize") && method.equals("processZipFile")) {
+					return;
+				}
+				if (classname.equals("ar.robocode.cachecleaner.CacheCleaner") && method.equals("clean")) {
+					return;
+				}
+			}
 		}
 
 		// For development purposes, allow read any file if override is set.