1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package org.xwiki.velocity.introspection

File SecureUberspector.java

 

Coverage histogram

../../../../img/srcFileCovDistChart8.png
54% of files have more coverage

Code metrics

4
10
3
1
82
39
5
0.5
3.33
3
1.67

Classes

Class Line # Actions
SecureUberspector 38 10 0% 5 4
0.764705976.5%
 

Contributing tests

This file is covered by 48 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package org.xwiki.velocity.introspection;
21   
22    import java.util.Iterator;
23   
24    import org.apache.velocity.runtime.RuntimeConstants;
25    import org.apache.velocity.runtime.RuntimeServices;
26    import org.apache.velocity.util.RuntimeServicesAware;
27    import org.apache.velocity.util.introspection.Info;
28    import org.apache.velocity.util.introspection.SecureIntrospectorControl;
29    import org.apache.velocity.util.introspection.UberspectImpl;
30   
31    /**
32    * {@link org.apache.velocity.util.introspection.SecureUberspector} is way too restrictive regarding {@link Class}
33    * methods allowed.
34    *
35    * @version $Id: b6a1585aa309df4b34a89f0f1bff19180a9e749c $
36    * @since 5.4RC1
37    */
 
38    public class SecureUberspector extends UberspectImpl implements RuntimeServicesAware
39    {
40    private RuntimeServices runtimeServices;
41   
 
42  98 toggle @Override
43    public void init()
44    {
45  98 String[] badPackages =
46    this.runtimeServices.getConfiguration().getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_PACKAGES);
47   
48  98 String[] badClasses =
49    this.runtimeServices.getConfiguration().getStringArray(RuntimeConstants.INTROSPECTOR_RESTRICT_CLASSES);
50   
51  98 this.introspector = new SecureIntrospector(badClasses, badPackages, this.log);
52    }
53   
54    /**
55    * Get an iterator from the given object. Since the superclass method this secure version checks for execute
56    * permission.
57    *
58    * @param obj object to iterate over
59    * @param i line, column, template info
60    * @return Iterator for object
61    * @throws Exception when failing to get iterator
62    */
 
63  46890 toggle @Override
64    public Iterator getIterator(Object obj, Info i) throws Exception
65    {
66  46888 if (obj != null) {
67  46890 SecureIntrospectorControl sic = (SecureIntrospectorControl) this.introspector;
68  46890 if (sic.checkObjectExecutePermission(obj.getClass(), null)) {
69  46890 return super.getIterator(obj, i);
70    } else {
71  0 this.log.warn("Cannot retrieve iterator from " + obj.getClass() + " due to security restrictions.");
72    }
73    }
74  0 return null;
75    }
76   
 
77  98 toggle @Override
78    public void setRuntimeServices(RuntimeServices rs)
79    {
80  98 this.runtimeServices = rs;
81    }
82    }