8021189: Prevent access to constructors of restricted classes
Reviewed-by: lagergren, sundar
--- a/nashorn/src/jdk/internal/dynalink/beans/AbstractJavaLinker.java Tue Jul 23 18:28:58 2013 +0200
+++ b/nashorn/src/jdk/internal/dynalink/beans/AbstractJavaLinker.java Wed Jul 24 11:13:24 2013 +0200
@@ -292,8 +292,6 @@
return new SimpleDynamicMethod(unreflectSafely(m), member.getDeclaringClass(), member.getName());
}
- private static final Lookup publicLookup = new Lookup(MethodHandles.publicLookup());
-
/**
* Unreflects a method handle from a Method or a Constructor using safe (zero-privilege) unreflection. Should be
* only used for methods and constructors that are not caller sensitive. If a caller sensitive method were
@@ -305,13 +303,13 @@
private static MethodHandle unreflectSafely(AccessibleObject m) {
if(m instanceof Method) {
final Method reflMethod = (Method)m;
- final MethodHandle handle = publicLookup.unreflect(reflMethod);
+ final MethodHandle handle = Lookup.PUBLIC.unreflect(reflMethod);
if(Modifier.isStatic(reflMethod.getModifiers())) {
return StaticClassIntrospector.editStaticMethodHandle(handle);
}
return handle;
}
- return StaticClassIntrospector.editConstructorMethodHandle(publicLookup.unreflectConstructor((Constructor<?>)m));
+ return StaticClassIntrospector.editConstructorMethodHandle(Lookup.PUBLIC.unreflectConstructor((Constructor<?>)m));
}
private static DynamicMethod mergeMethods(SingleDynamicMethod method, DynamicMethod existing, Class<?> clazz, String name) {
--- a/nashorn/src/jdk/internal/dynalink/beans/FacetIntrospector.java Tue Jul 23 18:28:58 2013 +0200
+++ b/nashorn/src/jdk/internal/dynalink/beans/FacetIntrospector.java Wed Jul 24 11:13:24 2013 +0200
@@ -84,7 +84,6 @@
package jdk.internal.dynalink.beans;
import java.lang.invoke.MethodHandle;
-import java.lang.invoke.MethodHandles;
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
@@ -101,8 +100,6 @@
* @author Attila Szegedi
*/
abstract class FacetIntrospector {
- private static final Lookup publicLookup = new Lookup(MethodHandles.publicLookup());
-
private final Class<?> clazz;
private final boolean instance;
private final boolean isRestricted;
@@ -164,11 +161,11 @@
MethodHandle unreflectGetter(Field field) {
- return editMethodHandle(publicLookup.unreflectGetter(field));
+ return editMethodHandle(Lookup.PUBLIC.unreflectGetter(field));
}
MethodHandle unreflectSetter(Field field) {
- return editMethodHandle(publicLookup.unreflectSetter(field));
+ return editMethodHandle(Lookup.PUBLIC.unreflectSetter(field));
}
/**
--- a/nashorn/src/jdk/internal/dynalink/beans/StaticClassLinker.java Tue Jul 23 18:28:58 2013 +0200
+++ b/nashorn/src/jdk/internal/dynalink/beans/StaticClassLinker.java Wed Jul 24 11:13:24 2013 +0200
@@ -132,7 +132,9 @@
return new SimpleDynamicMethod(StaticClassIntrospector.editConstructorMethodHandle(
boundArrayCtor.asType(boundArrayCtor.type().changeReturnType(clazz))), clazz, "<init>");
}
-
+ if(CheckRestrictedPackage.isRestrictedClass(clazz)) {
+ return null;
+ }
return createDynamicMethod(Arrays.asList(clazz.getConstructors()), clazz, "<init>");
}
--- a/nashorn/test/script/trusted/JDK-8006529.js Tue Jul 23 18:28:58 2013 +0200
+++ b/nashorn/test/script/trusted/JDK-8006529.js Wed Jul 24 11:13:24 2013 +0200
@@ -51,6 +51,7 @@
var UnaryNode = Java.type("jdk.nashorn.internal.ir.UnaryNode")
var BinaryNode = Java.type("jdk.nashorn.internal.ir.BinaryNode")
var ThrowErrorManager = Java.type("jdk.nashorn.internal.runtime.Context$ThrowErrorManager")
+var ErrorManager = Java.type("jdk.nashorn.internal.runtime.ErrorManager")
var Debug = Java.type("jdk.nashorn.internal.runtime.Debug")
var parseMethod = Parser.class.getMethod("parse");
@@ -111,18 +112,22 @@
var getContextMethod = Context.class.getMethod("getContext")
var getEnvMethod = Context.class.getMethod("getEnv")
+var SourceConstructor = Source.class.getConstructor(java.lang.String.class, java.lang.String.class)
+var ParserConstructor = Parser.class.getConstructor(ScriptEnvironment.class, Source.class, ErrorManager.class)
+var CompilerConstructor = Compiler.class.getConstructor(ScriptEnvironment.class)
+
// compile(script) -- compiles a script specified as a string with its
// source code, returns a jdk.nashorn.internal.ir.FunctionNode object
// representing it.
function compile(source) {
- var source = new Source("<no name>", source);
+ var source = SourceConstructor.newInstance("<no name>", source);
var env = getEnvMethod.invoke(getContextMethod.invoke(null))
- var parser = new Parser(env, source, new ThrowErrorManager());
+ var parser = ParserConstructor.newInstance(env, source, new ThrowErrorManager());
var func = parseMethod.invoke(parser);
- var compiler = new Compiler(env);
+ var compiler = CompilerConstructor.newInstance(env);
return compileMethod.invoke(compiler, func);
};
--- a/nashorn/test/script/trusted/JDK-8021129.js Tue Jul 23 18:28:58 2013 +0200
+++ b/nashorn/test/script/trusted/JDK-8021129.js Wed Jul 24 11:13:24 2013 +0200
@@ -29,7 +29,9 @@
* @test
* @run
*/
-var r1 = new (Java.type("jdk.nashorn.internal.test.models.InternalRunnable"))
+var R = Java.type("jdk.nashorn.internal.test.models.InternalRunnable")
+var r1 = R.class.newInstance()
+
r1.run() // Can execute method from an implemented non-restricted interface
print(r1.toString()) // Can execute public method from a superclass
@@ -40,4 +42,4 @@
print(r1.canNotSeeThisField === undefined) // Can't see its own fields
var r2 = new (Java.type("jdk.nashorn.test.models.InternalRunnableSuperclass"))
-print(r2.canSeeThisField) // Superclass field works fine on its own
\ No newline at end of file
+print(r2.canSeeThisField) // Superclass field works fine on its own
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/trusted/JDK-8021189.js Wed Jul 24 11:13:24 2013 +0200
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8021189: Prevent access to constructors of restricted classes
+ *
+ * @test
+ * @run
+ */
+try {
+ new (Java.type("jdk.nashorn.internal.test.models.InternalRunnable"))
+} catch(e) {
+ print(e)
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/trusted/JDK-8021189.js.EXPECTED Wed Jul 24 11:13:24 2013 +0200
@@ -0,0 +1,1 @@
+TypeError: Can not construct jdk.nashorn.internal.test.models.InternalRunnable with the passed arguments; they do not match any of its constructor signatures.