/*
* Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.jfr.internal;
import java.io.BufferedWriter;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.Callable;
/**
* Purpose of this class is to simplify analysis of security risks.
* <p>
* Paths in the public API should be wrapped in this class so we
* at all time know what kind of paths we are dealing with.
* <p>
* A user supplied path must never be used in an unsafe context, such as a
* shutdown hook or any other thread created by JFR.
* <p>
* All operation using this path must happen in {@link #doPriviligedIO(Callable)}
*/
public final class WriteableUserPath {
private final AccessControlContext controlContext;
private final Path original;
private final Path real;
private final String realPathText;
private final String originalText;
// Not to ensure security, but to help
// against programming errors
private volatile boolean inPrivileged;
public WriteableUserPath(Path path) throws IOException {
controlContext = AccessController.getContext();
// verify that the path is writeable
if (Files.exists(path) && !Files.isWritable(path)) {
// throw same type of exception as FileOutputStream
// constructor, if file can't be opened.
throw new FileNotFoundException("Could not write to file: " + path.toAbsolutePath());
}
// will throw if non-writeable
BufferedWriter fw = Files.newBufferedWriter(path);
fw.close();
this.original = path;
this.originalText = path.toString();
this.real = path.toRealPath();
this.realPathText = real.toString();
}
/**
* Returns a potentially malicious path where the user may have implemented
* their own version of Path. This method should never be called in an
* unsafe context and the Path value should never be passed along to other
* methods.
*
* @return path from a potentially malicious user
*/
public Path getPotentiallyMaliciousOriginal() {
return original;
}
/**
* Returns a string representation of the real path.
*
* @return path as text
*/
public String getRealPathText() {
return realPathText;
}
/**
* Returns a string representation of the original path.
*
* @return path as text
*/
public String getOriginalText() {
return originalText;
}
/**
* Returns a potentially malicious path where the user may have implemented
* their own version of Path. This method should never be called in an
* unsafe context and the Path value should never be passed along to other
* methods.
*
* @return path from a potentially malicious user
*/
public Path getReal() {
if (!inPrivileged) {
throw new InternalError("A user path was accessed outside the context it was supplied in");
}
return real;
}
public void doPriviligedIO(Callable<?> function) throws IOException {
try {
inPrivileged = true;
/**代码未完, 请加载全部代码(NowJava.com).**/