1 package groovy.security;
2
3 import groovy.lang.GroovyClassLoader;
4 import groovy.lang.GroovyCodeSource;
5
6 import java.io.File;
7 import java.io.IOException;
8 import java.io.InputStream;
9 import java.net.URL;
10 import java.security.Security;
11 import java.util.PropertyPermission;
12
13 import org.codehaus.groovy.control.CompilationFailedException;
14
15 import junit.framework.Test;
16 import junit.framework.TestSuite;
17 import junit.textui.TestRunner;
18
19 /***
20 * Test the effects of enabling security in Groovy. Some tests below check for proper framework
21 * behavior (e.g. ensuring that GroovyCodeSources may only be created for which proper permissions exist).
22 * Other tests run .groovy scripts under a secure environment and ensure that the proper permissions
23 * are required for success.
24 *
25 * @author Steve Goetze
26 */
27 public class SecurityTest extends SecurityTestSupport {
28
29 public static void main(String[] args) {
30 TestRunner.run( suite() );
31 }
32
33 public static Test suite() {
34 return new TestSuite(SecurityTest.class);
35 }
36
37 public void testForbiddenProperty() {
38 String script = "System.getProperty(\"user.home\")";
39 assertExecute(script, null, new PropertyPermission("user.home", "read"));
40 }
41
42 public void testForbiddenPackage() {
43 String script = "import sun.net.*; s = new NetworkClient()";
44 assertExecute(script, "/groovy/security/testForbiddenPackage", new RuntimePermission("accessClassInPackage.sun.*"));
45 }
46
47 public void testForbiddenCodebase() {
48 assertExecute(new File("src/test/groovy/security/forbiddenCodeBase.gvy"), new GroovyCodeSourcePermission("/groovy/security/forbiddenCodeBase"));
49 }
50
51
52 public void testPackageAccess() {
53 String script = "new javax.print.PrintException();";
54 Security.setProperty("package.access", "javax.print");
55
56 assertExecute(script, "/groovy/security/javax/print/deny", new RuntimePermission("accessClassInPackage.javax.print"));
57
58 assertExecute(script, "/groovy/security/javax/print/allow", null);
59 }
60
61 public void testBadScriptNameBug() {
62 assertExecute(new File("src/test/groovy/bugs/BadScriptNameBug.groovy"), null);
63 }
64
65 public void testClosureListenerTest() {
66 assertExecute(new File("src/test/groovy/ClosureListenerTest.groovy"), null);
67 }
68
69 public void testClosureMethodTest() {
70 assertExecute(new File("src/test/groovy/ClosureMethodTest.groovy"), null);
71 }
72
73 public void testGroovyMethodsTest() {
74 assertExecute(new File("src/test/groovy/GroovyMethodsTest.groovy"), null);
75 }
76
77 public void testClosureWithDefaultParamTest() {
78 assertExecute(new File("src/test/groovy/ClosureWithDefaultParamTest.groovy"), null);
79 }
80
81 public void testGroovy303_Bug() {
82 assertExecute(new File("src/test/groovy/bugs/Groovy303_Bug.groovy"), null);
83 }
84
85 public void testScriptTest() {
86 assertExecute(new File("src/test/groovy/script/ScriptTest.groovy"), null);
87 }
88
89
90
91
92 public void testSqlCompleteWithoutDataSourceTest() {
93 assertExecute(new File("src/test/groovy/sql/SqlCompleteWithoutDataSourceTest.groovy"), null);
94 }
95
96
97
98 public void testMetaClassTest() {
99 Security.setProperty("package.access", "org.codehaus.groovy");
100 assertExecute(new File("src/test/org/codehaus/groovy/classgen/MetaClassTest.groovy"), new RuntimePermission("accessClassInPackage.org.codehaus.groovy"));
101 }
102
103
104
105 public void testCodeSource() throws IOException, CompilationFailedException {
106 URL script = loader.getResource("groovy/ArrayTest.groovy");
107 GroovyCodeSource gcs = new GroovyCodeSource(script);
108 Class result = loader.parseClass(gcs);
109 }
110
111 }