Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Environmentvariableextension securitymanager tests #242

Merged
merged 14 commits into from Jul 14, 2020
Merged

Environmentvariableextension securitymanager tests #242

merged 14 commits into from Jul 14, 2020

Conversation

Hancho2009
Copy link
Contributor

resolves #241

I hereby agree to the terms of the JUnit Pioneer Contributor License Agreement.

@Bukama
Copy link
Member

Bukama commented Apr 25, 2020

For documentation:

Task :test FAILED
2020-04-25 14:51:44,487 pool-1-thread-1 ERROR Unable to unregister MBeans java.security.AccessControlException: access denied ("javax.management.MBeanServerPermission" "createMBeanServer")

@sonarcloud
Copy link

sonarcloud bot commented Apr 25, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Hancho2009
Hancho2009 commented Apr 25, 2020
View reviewed changes
src/test/java/org/junitpioneer/jupiter/EnvironmentVariableUtilsTests.java Outdated
* because junit uses reflection and the default SecurityManager prevents that.
*/
private void executeWithSecurityManager(Runnable runnable) {
Policy.getPolicy().refresh();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does something like that needs to be called after the SystemProperty java.security.policy is reverted after the test?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the official Oracle Java SE documentation

The refresh method causes the policy object to refresh/reload its data. This operation is implementation-dependent. For example, if the policy object stores its data in configuration files, calling refresh will cause it to re-read the configuration policy files. If a refresh operation is not supported, this method does nothing. Note that refreshed policy may not have an effect on classes in a particular ProtectionDomain. This is dependent on the Policy provider's implementation of the implies method and its PermissionCollection caching strategy.

To me, this reads like you should call it to properly reset the policy?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to test if resetting the policy works as expected, you should probably add a new test for that and add @Order to your suite. Here is a blog post from Baeldung on that topic.

@Hancho2009
Copy link
Contributor Author

Hancho2009 commented Apr 25, 2020
edited

I am very inexperienced with the SecurityManager. If someone has better ideas how to handle this please share it with me.
I do not really like the *.policy files and how I can only give a certain code base permission but what I really want is to remove a certain (or all) permission(s) from the code base I am testing and not effect the others like gradles or junits.
I thought about implementing a SecurityManager for that but it seems a little to much for this small case. it would be cool if there where an junit extension to control policy permissions without files in the contex of a test i.e. like the @SetSystemProperty annotation.

@aepfli
Copy link
Member

aepfli commented Apr 28, 2020

sidenote: i think this security thingy quiet interesting, and i am curious, beside this usecase with the policy - do you/we think that this might be a possible junit extension? we could generate a ticket out of that, and evaluate options, but it looks like something which could be useful. just an idea i came up while reading through this

@Hancho2009
Copy link
Contributor Author

sidenote: i think this security thingy quiet interesting, and i am curious, beside this usecase with the policy - do you/we think that this might be a possible junit extension? we could generate a ticket out of that, and evaluate options, but it looks like something which could be useful. just an idea i came up while reading through this

In general I could imagine such an extension but as I stated above I do not have much experience with the SecurityManager so I hope someone with more of a grasp on the topic can give some input. I think it would be good to create a ticket/issues for that to have a place for discussions if this PR will go away.

Bukama
Bukama reviewed May 9, 2020
View reviewed changes
Copy link
Member

@Bukama Bukama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest I don't know anything about this topic and I don't know if I find time to read into it. So I ask @aepfli and @nicolaiparlog for their review.

@aepfli
Copy link
Member

aepfli commented May 12, 2020

To be honest I don't know anything about this topic and I don't know if I find time to read into it. So I ask @aepfli and @nicolaiparlog for their review.

haha me neither - i will try to check today

@Bukama Bukama requested a review from aepfli June 6, 2020 08:25
Michael1993
Michael1993 reviewed Jul 11, 2020
View reviewed changes
src/test/java/org/junitpioneer/jupiter/EnvironmentVariableUtilsTests.java Outdated
*/
private void executeWithSecurityManager(Runnable runnable) {
Policy.getPolicy().refresh();
SecurityManager securityManager = System.getSecurityManager();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd have named this variable original. Everywhere it is used it is clear that it's a SecurityManager, so naming it securityManager is redundant - however System.setSecurityManager(original) clearly communicates that we reset (and not modify) the SecurityManager.
This is just a sidenote, don't feel the need to modify the PR just for this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd have named this variable original. Everywhere it is used it is clear that it's a SecurityManager, so naming it securityManager is redundant - however System.setSecurityManager(original) clearly communicates that we reset (and not modify) the SecurityManager.
This is just a sidenote, don't feel the need to modify the PR just for this.

I would not rename the variable! It only seems redundant because of Java 8. With 10+, using var at this section it would not be clear what a variable with the name original holds.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, even with var it would look like this:

var original = System.getSecurityManager();
// ... other code ...
System.setSecurityManager(original);

Seems clear to me?

Hancho2009 and others added 8 commits July 11, 2020 21:31
@Hancho2009
renamed local variable CR
6c46b87
@Hancho2009
Merge pull request #2 from junit-pioneer/master
d668163 
Update
@Hancho2009
Merge remote-tracking branch 'origin/master' into environmentvariable…
41edd0d 
…extension-securitymanager-tests

# Conflicts:
#	src/test/java/org/junitpioneer/jupiter/EnvironmentVariableUtilsTests.java
@Hancho2009
- class should not be public api
e726aca 
- changed exception handling so no exception is hidden if could not modify environment variables
- adjust comment setInSystemEnvClass because it also works on osx
@Hancho2009
format block comment
50ea8ee
@Hancho2009
format block comment
c391d1f
Reorder code and add comment
fdd498d
Add contribution to README
c4599f4
@sonarcloud
Copy link

sonarcloud bot commented Jul 14, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@nipafx
Copy link
Member

nipafx commented Jul 14, 2020

Finally took some time to look at this, @Hancho2009. Sorry for letting it sit for nigh three months. Looks good to me! 😃

Proposed commit message:

Add tests with enabled SecurityManager to env extension (#241 / #242)

The documentation mentions that without proper permissions an enabled
security manager will not give access to the internals we need to
change environment variables. These tests confirm that.

Closes: #241
PR: #242

Bukama
Bukama approved these changes Jul 14, 2020
View reviewed changes
Copy link
Member

@Bukama Bukama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nipafx nipafx merged commit bc4d50b into junit-pioneer:master Jul 14, 2020
@Hancho2009
Copy link
Contributor Author

@nicolaiparlog no problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Michael1993 Michael1993 Michael1993 left review comments

@Bukama Bukama Bukama approved these changes

@aepfli aepfli Awaiting requested review from aepfli

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No EnvironmentVariableUtils Tests if a SecurityManager is set
5 participants
@Hancho2009 @Bukama @aepfli @nipafx @Michael1993