Commit Graph

13 Commits

Author SHA1 Message Date
Simon Willnauer 7ad138e17b [TEST] allow to read from lig/sigar 2015-04-20 18:15:51 +02:00
Ryan Ernst a3f078985b Tests: Forbid tests from writing to CWD
Allowing tests writing to the working directory can mask problems.
For example, multiple tests running in the same jvm, and using the
same relative path, may cause issues if the first test to run
leaves data in the directory, and the second test does not remember
to cleanup the path before using it.

This change adds security manager rules to disallow tests writing
to the working directory. Instead, tests create a temp dir with
the existing test framework.

closes #10605
2015-04-15 12:45:20 -07:00
Simon Willnauer 67b48da15f [BUILD] Fix m2.repository path permission in tests.policy 2015-04-14 10:40:31 +02:00
Simon Willnauer fe411a9295 [BUILD] Restrict read permission to project.basedir/target if security manager is used 2015-04-14 09:35:40 +02:00
Simon Willnauer c13e604697 [BUILD] Restrict read permission to project.basedir
This prevents reads from anywhere outside of the elasticsearch
clone when running tests with security manager enabled.
2015-04-13 16:44:31 +02:00
Robert Muir b936ec9a25 allow reflection of MXBean for file descriptor stats 2015-04-10 11:28:30 -04:00
Tanguy Leroux c457499cb2 [Native] Use direct mapping call in Kernel32Library
This commit modifies the Kernel32Library to use direct mapping instead of a proxy class when doing native calls on Windows platforms. It also adds the "createSecurityManager" permission to the tests.policy file, and adds unit tests that should have failed when the Java security manager is enabled.

Closes #9802
2015-03-02 09:48:18 +01:00
Robert Muir b7e49f11ed fix comment 2015-02-25 15:32:45 -05:00
Robert Muir 99714ee1bd Reduce tests.policy a bit more
Remove some more wildcard permissions and replace with just what we need.

Closes #9868.
2015-02-25 11:22:02 -05:00
Robert Muir 7dad162377 tests: minimize tests.policy a bit.
Closes #9765
2015-02-19 13:27:04 -05:00
Simon Willnauer 164853fd0b [TEST] Fix Link permission to create symoblic links in temp dirs 2014-12-04 15:11:34 +01:00
Lee Hinman c70f6d0171 Add Groovy as a scripting language, add sandboxing for Groovy
Sandboxes the groovy scripting language with multiple configurable
whitelists:

`script.groovy.sandbox.receiver_whitelist`: comma-separated list of string
classes for objects that may have methods invoked.
`script.groovy.sandbox.package_whitelist`: comma-separated list of
packages under which new objects may be constructed.
`script.groovy.sandbox.class_whitelist` comma-separated list of classes
that are allowed to be constructed.

As well as a method blacklist:

`script.groovy.sandbox.method_blacklist`: comma-separated list of
methods that are never allowed to be invoked, regardless of target
object.

The sandbox can be entirely disabled by setting:

`script.groovy.sandbox.enabled: false`
2014-06-20 10:20:16 +02:00
Simon Willnauer 7f51fbc5ab Add SecurityManger / policy when running tests.
This commit adds a security manager to the test JVMs
that prevents mainly writing files outside of the JVMs
current test directory.
2014-01-17 15:15:10 +01:00