SOLR-4195: Further restrict security policy of tests to disallow writing to files outside the test's work dir (e.g. disallow writing to build/test-files)

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1422368 13f79535-47bb-0310-9956-ffa450edef68
2012-12-15 21:50:57 +00:00 · 2012-12-15 21:50:57 +00:00 · a9e41d20a3
parent 6af24c8866
commit a9e41d20a3
4 changed files with 55 additions and 9 deletions
--- a/lucene/analysis/stempel/src/java/org/egothor/stemmer/Compile.java
+++ b/lucene/analysis/stempel/src/java/org/egothor/stemmer/Compile.java
@ -148,6 +148,7 @@ public class Compile {
          // no base token (stem) on a line
        }
      }
+      in.close();
      
      Optimizer o = new Optimizer();
      Optimizer2 o2 = new Optimizer2();
--- a/lucene/analysis/stempel/src/test/org/egothor/stemmer/TestCompile.java
+++ b/lucene/analysis/stempel/src/test/org/egothor/stemmer/TestCompile.java
@ -60,7 +60,9 @@ import java.io.BufferedReader;
 import java.io.DataInputStream;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.LineNumberReader;
 import java.net.URI;
@ -69,12 +71,18 @@ import java.util.StringTokenizer;

 import org.apache.lucene.util.IOUtils;
 import org.apache.lucene.util.LuceneTestCase;
+import org.apache.lucene.util._TestUtil;

 public class TestCompile extends LuceneTestCase {
  
  public void testCompile() throws Exception {
-    URI uri = getClass().getResource("testRules.txt").toURI();
-    String path = uri.getPath();
+    File dir = _TestUtil.getTempDir("testCompile");
+    dir.mkdirs();
+    InputStream input = getClass().getResourceAsStream("testRules.txt");
+    File output = new File(dir, "testRules.txt");
+    copy(input, output);
+    input.close();
+    String path = output.getAbsolutePath();
    Compile.main(new String[] {"test", path});
    String compiled = path + ".out";
    Trie trie = loadTrie(compiled);
@ -84,8 +92,13 @@ public class TestCompile extends LuceneTestCase {
  }
  
  public void testCompileBackwards() throws Exception {
-    URI uri = getClass().getResource("testRules.txt").toURI();
-    String path = uri.getPath();
+    File dir = _TestUtil.getTempDir("testCompile");
+    dir.mkdirs();
+    InputStream input = getClass().getResourceAsStream("testRules.txt");
+    File output = new File(dir, "testRules.txt");
+    copy(input, output);
+    input.close();
+    String path = output.getAbsolutePath();
    Compile.main(new String[] {"-test", path});
    String compiled = path + ".out";
    Trie trie = loadTrie(compiled);
@ -95,8 +108,13 @@ public class TestCompile extends LuceneTestCase {
  }
  
  public void testCompileMulti() throws Exception {
-    URI uri = getClass().getResource("testRules.txt").toURI();
-    String path = uri.getPath();
+    File dir = _TestUtil.getTempDir("testCompile");
+    dir.mkdirs();
+    InputStream input = getClass().getResourceAsStream("testRules.txt");
+    File output = new File(dir, "testRules.txt");
+    copy(input, output);
+    input.close();
+    String path = output.getAbsolutePath();
    Compile.main(new String[] {"Mtest", path});
    String compiled = path + ".out";
    Trie trie = loadTrie(compiled);
@ -151,5 +169,20 @@ public class TestCompile extends LuceneTestCase {
        // no base token (stem) on a line
      }
    }
+    
+    in.close();
+  }
+  
+  private static void copy(InputStream input, File output) throws IOException {
+    FileOutputStream os = new FileOutputStream(output);
+    try {
+      byte buffer[] = new byte[1024];
+      int len;
+      while ((len = input.read(buffer)) > 0) {
+        os.write(buffer, 0, len);
+      }
+    } finally {
+      os.close();
+    }
  }
 }
--- a/lucene/common-build.xml
+++ b/lucene/common-build.xml
@ -896,7 +896,7 @@
            <sysproperty key="java.io.tmpdir" value="." />

            <!-- Restrict access to certain Java features and install security manager: -->
-            <sysproperty key="tests.sandbox.dir" value="${build.dir}" />
+            <sysproperty key="tests.sandbox.dir" value="${tests.tempDir}" />
            <sysproperty key="clover.db.dir" value="${clover.db.dir}" />
            <sysproperty key="java.security.manager" value="org.apache.lucene.util.TestSecurityManager" />
            <sysproperty key="java.security.policy" value="${common.dir}/tools/junit4/tests.policy" />
--- a/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestNonWritablePersistFile.java
+++ b/solr/contrib/dataimporthandler/src/test/org/apache/solr/handler/dataimport/TestNonWritablePersistFile.java
@ -16,6 +16,8 @@
 */
 package org.apache.solr.handler.dataimport;

+import org.apache.commons.io.FileUtils;
+import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;

@ -46,12 +48,22 @@ public class TestNonWritablePersistFile extends AbstractDataImportHandlerTestCas
    "    </entity>\n" +
    "  </document>\n" +
    "</dataConfig>\n";
+  private static String tmpSolrHome;

  @BeforeClass
-  public static void beforeClass() throws Exception {
-    initCore("dataimport-solrconfig.xml", "dataimport-schema.xml");
+  public static void createTempSolrHomeAndCore() throws Exception {
+    createTempDir();
+    tmpSolrHome = TEMP_DIR + File.separator + TestNonWritablePersistFile.class.getSimpleName() + System.currentTimeMillis();
+    FileUtils.copyDirectory(getFile("dih/solr"), new File(tmpSolrHome).getAbsoluteFile());
+    initCore("dataimport-solrconfig.xml", "dataimport-schema.xml", 
+             new File(tmpSolrHome).getAbsolutePath());
  }  
  
+  @AfterClass
+  public static void destroyTempSolrHomeAndCore() throws Exception {
+    FileUtils.deleteDirectory(new File(tmpSolrHome).getAbsoluteFile());
+  }
+
  @Test
  @SuppressWarnings("unchecked")
  public void testNonWritablePersistFile() throws Exception {