This is the mail archive of the mauve-discuss@sourceware.org mailing list for the Mauve project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SecurityException throwpoint audit

Mark Wielaard wrote:
> On Mon, 2005-11-21 at 16:58 +0000, Gary Benson wrote:
> > I've been trying to work out how to test that permissions are
> > checked at every point they ought to be.  There's a table of every
> > such point here:
> > 
> >   http://java.sun.com/j2se/1.4.2/docs/guide/security/permissions.html#PermsAndMethods
> 
> I would not trust that list as the definite guide. I just looked for
> a random method (which I was just working on for GNU Classpath)
> Toolkit.getSystemSelection() and it was not listed.

Ah, thanks for the warning.

> > How would people feel if I numbered the throwpoints on the above
> > list and noted them in their corresponding tests in some easily
> > parsable form (probably in comments like Tags are already).  That
> > way whether a throwpoint is tested (and the location of the test)
> > can be found with a simple grep.
> > 
> > For simplicity I'd probably number the 1.4.2 list from 1-whatever.
> > Checks added in 1.5 can be added at the end of the list.
> 
> I don't really like the numbering. I would propose to actually name
> the tests with somewhat meaningful names. Something like
> <PermissionClassName>_<ClassName>_<MethodName> for each Permission
> and class.method() needing to check for that permission. (example:
> AWTPermission_Toolkit_getSystemSelection)

Yeah, that's better I suppose, I'll use that.

Cheers,
Gary
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]