1 package groovy.security;
2
3 import groovy.lang.GroovyCodeSource;
4
5 import java.io.File;
6 import java.io.IOException;
7 import java.net.URL;
8 import java.security.Security;
9 import java.util.PropertyPermission;
10
11 import org.codehaus.groovy.control.CompilationFailedException;
12
13 import junit.framework.Test;
14 import junit.framework.TestSuite;
15 import junit.textui.TestRunner;
16
17 /***
18 * Test the effects of enabling security in Groovy. Some tests below check for proper framework
19 * behavior (e.g. ensuring that GroovyCodeSources may only be created for which proper permissions exist).
20 * Other tests run .groovy scripts under a secure environment and ensure that the proper permissions
21 * are required for success.
22 *
23 * @author Steve Goetze
24 */
25 public class SecurityTest extends SecurityTestSupport {
26
27 public static void main(String[] args) {
28 TestRunner.run( suite() );
29 }
30
31 public static Test suite() {
32 return new TestSuite(SecurityTest.class);
33 }
34
35 public void testForbiddenProperty() {
36 String script = "System.getProperty(\"user.home\")";
37 assertExecute(script, null, new PropertyPermission("user.home", "read"));
38 }
39
40 public void testForbiddenPackage() {
41 String script = "import sun.net.*; s = new NetworkClient()";
42 assertExecute(script, "/groovy/security/testForbiddenPackage", new RuntimePermission("accessClassInPackage.sun.*"));
43 }
44
45 public void testForbiddenCodebase() {
46 assertExecute(new File("src/test/groovy/security/forbiddenCodeBase.gvy"), new GroovyCodeSourcePermission("/groovy/security/forbiddenCodeBase"));
47 }
48
49
50 public void testPackageAccess() {
51 String script = "new javax.print.PrintException();";
52 Security.setProperty("package.access", "javax.print");
53
54 assertExecute(script, "/groovy/security/javax/print/deny", new RuntimePermission("accessClassInPackage.javax.print"));
55
56 assertExecute(script, "/groovy/security/javax/print/allow", null);
57 }
58
59 public void testBadScriptNameBug() {
60 assertExecute(new File("src/test/groovy/bugs/BadScriptNameBug.groovy"), null);
61 }
62
63 public void testClosureListenerTest() {
64 assertExecute(new File("src/test/groovy/ClosureListenerTest.groovy"), null);
65 }
66
67 public void testClosureMethodTest() {
68 assertExecute(new File("src/test/groovy/ClosureMethodTest.groovy"), null);
69 }
70
71 public void testGroovyMethodsTest() {
72 assertExecute(new File("src/test/groovy/GroovyMethodsTest.groovy"), null);
73 }
74
75 public void testClosureWithDefaultParamTest() {
76 assertExecute(new File("src/test/groovy/ClosureWithDefaultParamTest.groovy"), null);
77 }
78
79 public void testGroovy303_Bug() {
80 assertExecute(new File("src/test/groovy/bugs/Groovy303_Bug.groovy"), null);
81 }
82
83 public void testScriptTest() {
84 assertExecute(new File("src/test/groovy/script/ScriptTest.groovy"), null);
85 }
86
87
88
89
90 public void testSqlCompleteWithoutDataSourceTest() {
91 assertExecute(new File("src/test/groovy/sql/SqlCompleteWithoutDataSourceTest.groovy"), null);
92 }
93
94
95
96 public void testMetaClassTest() {
97 Security.setProperty("package.access", "org.codehaus.groovy");
98 assertExecute(new File("src/test/org/codehaus/groovy/classgen/MetaClassTest.groovy"), new RuntimePermission("accessClassInPackage.org.codehaus.groovy"));
99 }
100
101
102
103 public void testCodeSource() throws IOException, CompilationFailedException {
104 URL script = loader.getResource("groovy/ArrayTest.groovy");
105 GroovyCodeSource gcs = new GroovyCodeSource(script);
106 Class result = loader.parseClass(gcs);
107 }
108
109 }