Fix classpath security checks for external tests. (#33066)

This commit checks that when we manually add a class to
the codebase map, that it does in-fact not exist on the classpath
in a jar.  This will only be true if we are using the test framework
externally such as when a user develops a plugin.
This commit is contained in:
Matt Weber 2018-08-29 12:19:58 -07:00 committed by Ryan Ernst
parent cfc003d485
commit 92bd7242a3
1 changed files with 5 additions and 2 deletions

View File

@ -177,8 +177,11 @@ public class BootstrapForTesting {
private static void addClassCodebase(Map<String, URL> codebases, String name, String classname) { private static void addClassCodebase(Map<String, URL> codebases, String name, String classname) {
try { try {
Class<?> clazz = BootstrapForTesting.class.getClassLoader().loadClass(classname); Class<?> clazz = BootstrapForTesting.class.getClassLoader().loadClass(classname);
if (codebases.put(name, clazz.getProtectionDomain().getCodeSource().getLocation()) != null) { URL location = clazz.getProtectionDomain().getCodeSource().getLocation();
throw new IllegalStateException("Already added " + name + " codebase for testing"); if (location.toString().endsWith(".jar") == false) {
if (codebases.put(name, location) != null) {
throw new IllegalStateException("Already added " + name + " codebase for testing");
}
} }
} catch (ClassNotFoundException e) { } catch (ClassNotFoundException e) {
// no class, fall through to not add. this can happen for any tests that do not include // no class, fall through to not add. this can happen for any tests that do not include