1
2
3
4
5
6
7
8
9
10 package org.eclipse.jgit.api;
11
12 import static org.junit.Assert.assertEquals;
13 import static org.junit.Assert.assertNotNull;
14 import static org.junit.Assert.assertTrue;
15
16 import java.io.File;
17 import java.io.FilePermission;
18 import java.io.IOException;
19 import java.lang.reflect.ReflectPermission;
20 import java.nio.file.Files;
21 import java.security.Permission;
22 import java.security.SecurityPermission;
23 import java.util.ArrayList;
24 import java.util.List;
25 import java.util.PropertyPermission;
26 import java.util.logging.LoggingPermission;
27
28 import javax.security.auth.AuthPermission;
29
30 import org.eclipse.jgit.api.errors.GitAPIException;
31 import org.eclipse.jgit.junit.JGitTestUtil;
32 import org.eclipse.jgit.junit.MockSystemReader;
33 import org.eclipse.jgit.junit.SeparateClassloaderTestRunner;
34 import org.eclipse.jgit.revwalk.RevCommit;
35 import org.eclipse.jgit.treewalk.TreeWalk;
36 import org.eclipse.jgit.util.FileUtils;
37 import org.eclipse.jgit.util.SystemReader;
38 import org.junit.After;
39 import org.junit.Before;
40 import org.junit.Test;
41 import org.junit.runner.RunWith;
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73 @RunWith(SeparateClassloaderTestRunner.class)
74 public class SecurityManagerTest {
75 private File root;
76
77 private SecurityManager originalSecurityManager;
78
79 private List<Permission> permissions = new ArrayList<>();
80
81 @Before
82 public void setUp() throws Exception {
83
84 SystemReader.setInstance(new MockSystemReader());
85 root = Files.createTempDirectory("jgit-security").toFile();
86
87
88 permissions.add(new RuntimePermission("*"));
89 permissions.add(new SecurityPermission("*"));
90 permissions.add(new AuthPermission("*"));
91 permissions.add(new ReflectPermission("*"));
92 permissions.add(new PropertyPermission("*", "read,write"));
93 permissions.add(new LoggingPermission("control", null));
94
95 permissions.add(new FilePermission(
96 System.getProperty("java.home") + "/-", "read"));
97
98 String tempDir = System.getProperty("java.io.tmpdir");
99 permissions.add(new FilePermission(tempDir, "read,write,delete"));
100 permissions
101 .add(new FilePermission(tempDir + "/-", "read,write,delete"));
102
103
104 String classPath = System.getProperty("java.class.path");
105 if (classPath != null) {
106 for (String path : classPath.split(File.pathSeparator)) {
107 permissions.add(new FilePermission(path, "read"));
108 }
109 }
110
111 String jgitSourcesRoot = new File(System.getProperty("user.dir"))
112 .getParent();
113 permissions.add(new FilePermission(jgitSourcesRoot + "/-", "read"));
114
115
116
117 permissions.add(new FilePermission(root.getPath() + "/-",
118 "read,write,delete,execute"));
119
120
121 originalSecurityManager = System.getSecurityManager();
122 System.setSecurityManager(new SecurityManager() {
123
124 @Override
125 public void checkPermission(Permission requested) {
126 for (Permission permission : permissions) {
127 if (permission.implies(requested)) {
128 return;
129 }
130 }
131
132 super.checkPermission(requested);
133 }
134 });
135 }
136
137 @After
138 public void tearDown() throws Exception {
139 System.setSecurityManager(originalSecurityManager);
140
141
142
143
144 FileUtils.delete(root, FileUtils.RECURSIVE | FileUtils.RETRY);
145 }
146
147 @Test
148 public void testInitAndClone() throws IOException, GitAPIException {
149 File remote = new File(root, "remote");
150 File local = new File(root, "local");
151
152 try (Git git = Git.init().setDirectory(remote).call()) {
153 JGitTestUtil.write(new File(remote, "hello.txt"), "Hello world!");
154 git.add().addFilepattern(".").call();
155 git.commit().setMessage("Initial commit").call();
156 }
157
158 try (Git git = Git.cloneRepository().setURI(remote.toURI().toString())
159 .setDirectory(local).call()) {
160 assertTrue(new File(local, ".git").exists());
161
162 JGitTestUtil.write(new File(local, "hi.txt"), "Hi!");
163 git.add().addFilepattern(".").call();
164 RevCommit commit1 = git.commit().setMessage("Commit on local repo")
165 .call();
166 assertEquals("Commit on local repo", commit1.getFullMessage());
167 assertNotNull(TreeWalk.forPath(git.getRepository(), "hello.txt",
168 commit1.getTree()));
169 }
170
171 }
172
173 }