1 /*Copyright (C) 2014 Red Hat, Inc. 2 3 This file is part of IcedTea. 4 5 IcedTea is free software; you can redistribute it and/or 6 modify it under the terms of the GNU General Public License as published by 7 the Free Software Foundation, version 2. 8 9 IcedTea is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with IcedTea; see the file COPYING. If not, write to 16 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 17 02110-1301 USA. 18 19 Linking this library statically or dynamically with other modules is 20 making a combined work based on this library. Thus, the terms and 21 conditions of the GNU General Public License cover the whole 22 combination. 23 24 As a special exception, the copyright holders of this library give you 25 permission to link this library with independent modules to produce an 26 executable, regardless of the license terms of these independent 27 modules, and to copy and distribute the resulting executable under 28 terms of your choice, provided that you also meet, for each linked 29 independent module, the terms and conditions of the license of that 30 module. An independent module is a module which is not derived from 31 or based on this library. If you modify this library, you may extend 32 this exception to your version of the library, but you are not 33 obligated to do so. If you do not wish to do so, delete this 34 exception statement from your version. 35 */ 36 package net.sourceforge.jnlp.security.policyeditor; 37 38 import java.io.File; 39 import java.util.Map; 40 import net.sourceforge.jnlp.annotations.KnownToFail; 41 import net.sourceforge.jnlp.util.FileUtils; 42 import static org.junit.Assert.assertFalse; 43 import static org.junit.Assert.assertTrue; 44 import org.junit.Before; 45 import org.junit.Test; 46 47 public class PolicyEditorParsingTest { 48 49 private File file; 50 private PolicyFileModel policyFileModel = new PolicyFileModel(); 51 private Map<PolicyEditorPermissions, Boolean> permissions; 52 53 private static final String LINEBREAK = System.getProperty("line.separator"); 54 55 private static final String READ_PERMISSION = "permission java.io.FilePermission \"${user.home}\", \"read\";"; 56 private static final String WRITE_PERMISSION = "permission java.io.FilePermission \"${user.home}\", \"write\";"; 57 private static final String COMMENT_HEADER = "/* TEST COMMENT */" + LINEBREAK; 58 59 private static final String NORMAL_POLICY = "grant {" + LINEBREAK 60 + "\t" + READ_PERMISSION + LINEBREAK 61 + "};" + LINEBREAK; 62 63 private static final String NORMAL_POLICY_CRLF = "grant {" + "\r\n" 64 + "\t" + READ_PERMISSION + "\r\n" 65 + "};" + "\r\n"; 66 67 private static final String NORMAL_POLICY_LF = "grant {" + "\n" 68 + "\t" + READ_PERMISSION + "\n" 69 + "};" + "\n"; 70 71 private static final String NORMAL_POLICY_MIXED_ENDINGS = "grant {" + "\n\n" 72 + "\t" + READ_PERMISSION + "\r\n" 73 + "};" + "\n"; 74 75 private static final String NORMAL_POLICY_WITH_HEADER = COMMENT_HEADER + NORMAL_POLICY; 76 77 private static final String CODEBASE_POLICY = "grant codeBase \"http://example.com\" {" + LINEBREAK 78 + "\t" + READ_PERMISSION + LINEBREAK 79 + "};" + LINEBREAK; 80 81 private static final String MULTIPLE_PERMISSION_POLICY = "grant {" + LINEBREAK 82 + "\t" + READ_PERMISSION + LINEBREAK 83 + "\t" + WRITE_PERMISSION + LINEBREAK 84 + "};" + LINEBREAK; 85 86 private static final String COMMENT_BLOCKED_PERMISSION = "grant {" + LINEBREAK 87 + "\t/*" + READ_PERMISSION + "*/" + LINEBREAK 88 + "};" + LINEBREAK; 89 90 private static final String COMMENT_BLOCKED_POLICY = "/*" + NORMAL_POLICY + "*/" + LINEBREAK; 91 92 private static final String COMMENTED_PERMISSION = "grant {" + LINEBREAK 93 + "\t//" + READ_PERMISSION + LINEBREAK 94 + "};" + LINEBREAK; 95 96 private static final String COMMENT_AFTER_PERMISSION = "grant {" + LINEBREAK 97 + "\t" + READ_PERMISSION + " // comment" + LINEBREAK 98 + "};" + LINEBREAK; 99 100 private static final String MISSING_WHITESPACE_POLICY = "grant { " + READ_PERMISSION + " };"; 101 102 private static final String MULTIPLE_PERMISSIONS_PER_LINE = "grant {" + LINEBREAK 103 + "\t" + READ_PERMISSION + " " + WRITE_PERMISSION + LINEBREAK 104 + "};" + LINEBREAK; 105 106 @Before createTempFile()107 public void createTempFile() throws Exception { 108 file = File.createTempFile("PolicyEditor", ".policy"); 109 file.deleteOnExit(); 110 } 111 setupTest(final String policyContents, final String codebase)112 private void setupTest(final String policyContents, final String codebase) throws Exception { 113 FileUtils.saveFile(policyContents, file); 114 policyFileModel = new PolicyFileModel(file.getCanonicalFile()); 115 policyFileModel.openAndParsePolicyFile(); 116 policyFileModel.addCodebase(""); 117 policyFileModel.addCodebase(codebase); 118 permissions = policyFileModel.getCopyOfPermissions().get(codebase); 119 } 120 121 @Test testNormalPolicy()122 public void testNormalPolicy() throws Exception { 123 setupTest(NORMAL_POLICY, ""); 124 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 125 for (final PolicyEditorPermissions perm : permissions.keySet()) { 126 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 127 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 128 } 129 } 130 } 131 132 @Test testNormalPolicyWithCRLFEndings()133 public void testNormalPolicyWithCRLFEndings() throws Exception { 134 // This is the same test as testNormalPolicy on systems where the line separator is \r\n 135 setupTest(NORMAL_POLICY_CRLF, ""); 136 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 137 for (final PolicyEditorPermissions perm : permissions.keySet()) { 138 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 139 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 140 } 141 } 142 } 143 144 @Test testNormalPolicyWithLFEndings()145 public void testNormalPolicyWithLFEndings() throws Exception { 146 // This is the same test as testNormalPolicy on systems where the line separator is \n 147 setupTest(NORMAL_POLICY_LF, ""); 148 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 149 for (final PolicyEditorPermissions perm : permissions.keySet()) { 150 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 151 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 152 } 153 } 154 } 155 156 @Test testNormalPolicyWithMixedEndings()157 public void testNormalPolicyWithMixedEndings() throws Exception { 158 // This is the same test as testNormalPolicy on systems where the line separator is \n 159 setupTest(NORMAL_POLICY_MIXED_ENDINGS, ""); 160 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 161 for (final PolicyEditorPermissions perm : permissions.keySet()) { 162 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 163 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 164 } 165 } 166 } 167 168 @Test testCommentHeaders()169 public void testCommentHeaders() throws Exception { 170 setupTest(COMMENT_HEADER, ""); 171 for (final PolicyEditorPermissions perm : permissions.keySet()) { 172 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 173 } 174 } 175 176 @Test testCommentBlockedPermission()177 public void testCommentBlockedPermission() throws Exception { 178 setupTest(COMMENT_BLOCKED_PERMISSION, ""); 179 for (final PolicyEditorPermissions perm : permissions.keySet()) { 180 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 181 } 182 } 183 184 @Test testCommentBlockedPolicy()185 public void testCommentBlockedPolicy() throws Exception { 186 setupTest(COMMENT_BLOCKED_POLICY, ""); 187 for (final PolicyEditorPermissions perm : permissions.keySet()) { 188 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 189 } 190 } 191 192 @Test testCommentedLine()193 public void testCommentedLine() throws Exception { 194 setupTest(COMMENTED_PERMISSION, ""); 195 for (final PolicyEditorPermissions perm : permissions.keySet()) { 196 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 197 } 198 } 199 200 @Test testMultiplePermissions()201 public void testMultiplePermissions() throws Exception { 202 setupTest(MULTIPLE_PERMISSION_POLICY, ""); 203 204 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 205 assertTrue("Permissions should include WRITE_LOCAL_FILES", permissions.get(PolicyEditorPermissions.WRITE_LOCAL_FILES)); 206 for (final PolicyEditorPermissions perm : permissions.keySet()) { 207 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES) && !perm.equals(PolicyEditorPermissions.WRITE_LOCAL_FILES)) { 208 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 209 } 210 } 211 } 212 213 @KnownToFail 214 @Test testMultiplePermissionsPerLine()215 public void testMultiplePermissionsPerLine() throws Exception { 216 setupTest(MULTIPLE_PERMISSIONS_PER_LINE, ""); 217 218 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 219 assertTrue("Permissions should include WRITE_LOCAL_FILES", permissions.get(PolicyEditorPermissions.WRITE_LOCAL_FILES)); 220 for (final PolicyEditorPermissions perm : permissions.keySet()) { 221 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES) && !perm.equals(PolicyEditorPermissions.WRITE_LOCAL_FILES)) { 222 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 223 } 224 } 225 } 226 227 @KnownToFail 228 @Test testMissingWhitespace()229 public void testMissingWhitespace() throws Exception { 230 setupTest(MISSING_WHITESPACE_POLICY, ""); 231 232 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 233 for (final PolicyEditorPermissions perm : permissions.keySet()) { 234 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 235 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 236 } 237 } 238 } 239 240 @Test testPolicyWithCodebase()241 public void testPolicyWithCodebase() throws Exception { 242 setupTest(CODEBASE_POLICY, "http://example.com"); 243 244 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 245 for (final PolicyEditorPermissions perm : permissions.keySet()) { 246 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 247 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 248 } 249 } 250 } 251 252 @Test testCodebaseTrailingSlashesDoNotMatch()253 public void testCodebaseTrailingSlashesDoNotMatch() throws Exception { 254 // note the trailing '/' - looks like the same URL but is not. JDK PolicyTool considers these as 255 // different codeBases, so so does PolicyEditor 256 setupTest(CODEBASE_POLICY, "http://example.com/"); 257 258 for (final PolicyEditorPermissions perm : permissions.keySet()) { 259 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 260 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 261 } 262 } 263 } 264 265 @Test testCommentAfterPermission()266 public void testCommentAfterPermission() throws Exception { 267 setupTest(COMMENT_AFTER_PERMISSION, ""); 268 269 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 270 for (final PolicyEditorPermissions perm : permissions.keySet()) { 271 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 272 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 273 } 274 } 275 } 276 277 @Test testNormalPolicyWithHeader()278 public void testNormalPolicyWithHeader() throws Exception { 279 setupTest(NORMAL_POLICY_WITH_HEADER, ""); 280 assertTrue("Permissions should include READ_LOCAL_FILES", permissions.get(PolicyEditorPermissions.READ_LOCAL_FILES)); 281 for (final PolicyEditorPermissions perm : permissions.keySet()) { 282 if (!perm.equals(PolicyEditorPermissions.READ_LOCAL_FILES)) { 283 assertFalse("Permission " + perm + " should not be granted", permissions.get(perm)); 284 } 285 } 286 } 287 288 } 289